tfm

cross-posted from: https://lemmy.today/post/25826615

For those not familiar, there are numerous messages containing images being repeatedly spammed to many Threadiverse users talking about a Polish girl named "Nicole". This has been ongoing for some time now.

Lemmy permits external inline image references to be embedded in messages. This means that if a unique image URL or set of image URLs are sent to each user, it's possible to log the IP addresses that fetch these images; by analyzing the log, one can determine the IP address that a user has.

In some earlier discussion, someone had claimed that local lemmy instances cache these on their local pict-rs instance and rewrite messages to reference the local image.

It does appear that there is a closed issue on the lemmy issue tracker referencing such a deanonymization attack:

https://github.com/LemmyNet/lemmy/issues/1036

I had not looked into these earlier, but it looks like such rewriting and caching intending to avoid this attack is not occurring, at least on my home instance. I hadn't looked until the most-recent message, but the image embedded here is indeed remote:

https://lemmy.doesnotexist.club/pictrs/image/323899d9-79dd-4670-8cf9-f6d008c37e79.png

I haven't stored and looked through a list of these, but as I recall, the user sending them is bouncing around different instances. They certainly are not using the same hostname for their lemmy instance as the pict-rs instance; this message was sent from nicole92 on lemmy.latinlok.com, though the image is hosted on lemmy.doesnotexist.club. I don't know whether they are moving around where the pict-rs instance is located from message to message. If not, it might be possible to block the pict-rs instance in your browser. That will only be a temporary fix, since I see no reason that they couldn't also be moving the hostname on the pict-rs instance.

Another mitigation would be to route one's client software or browser through a VPN.

I don't know if there are admins working on addressing the issue; I'd assume so, but I wanted to at least mention that there might be privacy implications to other users.

In any event, regardless of whether the "Nicole" spammer is aiming to deanonymize users, as things stand, it does appear that someone could do so.

My own take is that the best fix here on the lemmy-and-other-Threadiverse-software-side would be to disable inline images in messages. Someone who wants to reference an image can always link to an external image in a messages, and permit a user to click through. But if remote inline image references can be used, there's no great way to prevent a user's IP address from being exposed.

If anyone has other suggestions to mitigate this (maybe a Greasemonkey snippet to require a click to load inline images as a patch for the lemmy Web UI?), I'm all ears.

cross-posted from: https://europe.pub/post/14898

cross-posted from: https://programming.dev/post/27143191

Why I recommend against Bluesky.

Have you ever heard of the term federation-washing?

cross-posted from: https://feddit.org/post/9366710

Deutsche Version: https://www.heise.de/news/Industrie-fordert-EU-Kommission-zu-Buy-European-Initiative-auf-10318660.html

cross-posted from: https://feddit.nl/post/30597344

cross-posted from: https://lemmy.ca/post/40877641

Originally posted on Reddit

cross-posted from: https://lemm.ee/post/58733629

Heyho! Last few days I've been working on leaving Amazon and in particular Kindle for ebooks, so I've been looking for alternatives for my reading needs. While I can't recommend a specific book shop yet I'd like to recommend checking if your country's or city's public libraries allow you to take out ebooks online.

I'm living in Germany and found that there's an app called Onleihe which lets you read books from German public libraries as ebook for basically free, you just pay a tiny fee for your library card which you can get online as well. I registered with VÖBB Berlin for example which is some kind of union of all public libraries in Berlin.

Pros:

• Flat rate reading – library card costs 10€ per year, discounts available for students, unemployed or disabled people etc.
• Huge selection of not only books but also audio books, magazines and even movies.

Cons:

• If you don't like the built-in reader of the Onleihe app there's an option to read ebooks in an external app, however that app as to support DRM and as far as I can tell that limits the options to PocketBook Reader (which isn't too shabby though and made in Switzerland). You also have to register with Adobe to get some kind of DRM decoding account or whatever, which is an annoyance but free.
• Taking out ebooks works the same as with physical books, meaning you can only take out books for a limited duration (maximum 21 days) before it's "returned", and for a lot of new or very popular books you have to wait until someone else has "returned" their ebook before you can have it. Yes that's stupid given were talking about ebooks, I assume it's due to licensing stuff or whatever.

My conclusion: if you need a specific book NOW, you might be out of luck and better off buying it somewhere. If you just wanna browse a huge selection and look for something for entertainment then a reading flat rate for 10€ per year is a great deal.

Either way, might be worth it checking out if there's something similar available where you live. If there is please share!

cross-posted from: https://lemm.ee/post/58718431

Hey there, I wanted to get away from Amazon Kindle but of course take all my ebooks with me, I paid for them after all. Unfortunately Amazon tries really hard to stop you from doing this by introducing new file formats, DRM and encryption, disabling functionality on their website and so on, making this endeavor quite a hassle, but I finally managed to liberate my books so I can use them with other ebook readers. There's a bunch of different tutorials for this out there, but I found each of them lacks one or two crucial points that prevent it from working, so I thought I'd write up a short tutorial with all the bits of information collected from all over the web and save you some frustration and time (took me a couple of hours to make this work).

I'm not sure if this is the best community to post this to, if you know a better one please let me know or feel free to cross-post it there.

So here's how to get all your ebooks out of Amazon, strip them of DRM/copy protection and convert them to EPUB for use with other ebook readers:

1. Install Calibre (available for Linux, Windows and Mac) using whatever method works best for your operating system. I'm using Arch Linux and running "sudo pacman -S calibre" did the trick.

2. Download the latest release CANDIDATE! of the DeDRM plugin, NOT! the latest release! All tutorials I found referred to the stable release v10.0.3, which does NOT work with Amazon's latest DRM shit. At the time of writing this "RC1 v10.0.9" was the latest available version. You'll find it here: https://github.com/noDRM/DeDRM_tools/releases/tag/v10.0.9

3. Download the plugin "KFX Input.zip" at the bottom of this forum post: https://www.mobileread.com/forums/showthread.php?t=291290

4. Unzip the DeDRM release you downloaded, inside you'll find a file "DeDRM_plugin.zip" which is the actual plugin. The KFX Input plugin does NOT need to be unzipped.

5. Start Calibre, go to "Preferences / Advanced / Plugins" and with the button "Load plugin from file" install the two plugins you downloaded. For the DeDRM plugin make sure you select the unzipped file "DeDRM_plugin.zip", not the downloaded release package.

6. Restart Calibre.

7. Go to your "My Devices" page on Amazon (I can't provide a direct link here because it's different for every country, but you should be able to find it). Select your Kindle device and copy its serial number. Alternatively you can look it up on your Kindle itself in the device information in the settings, however you obivously can't copy/paste it from there and I found it hard tell letter O and digit 0 apart, so the first method is probably less error prone.

8. Back in Calibre open the plugins section in the preferences again, search for the DeDRM plugin and double-click it. In the new dialog click "Kindle eInk ebooks", then the green plus icon and paste your Kindle's serial number. The fact that you need the serial number was also missing in most tutorials, took me ages to figure that out.

9. Optional step: Go to your "My Content" page on Amazon where all your purchased ebooks are listed. Select all and click "deliver to device" or whatever it's called in your localized Amazon, and select your Kindle. Hit sync on your Kindle device. This is to make sure that all your purchased ebooks are actually saved on the device as we're gonna copy the files from there in the next step. You can skip this if all your books are already downloaded to your Kindle or if you only want those that are.

10. Connect your Kindle to your computer via USB. Calibre should automatically detect it. Make sure your Kindle is in "USB Drive Mode", not "Charging Mode", so Calibre can access the files on it. For me this was the default when plugging the USB cable in.

11. In the top menu in Calibre click on "Device", this should give you a list of all books on your Kindle.

12. Select all or some books you want to liberate, right click and click "Add books to library" in the context menu. Your books should now be all be copied to your library on your computer, but they're still in Amazon's proprietary AZW or KFX format

13. To make them usable with other ebook readers switch back to your local library ("Libary" button in the top menu) where you should now find all the books you just copied. Again select all books in the list and click "Convert" in the top menu. In the new dialog tweak the options as you wish or just hit "OK" to start. Depending on how many books you got this may take a little while.

14. Done! You now got a bunch of DRM-free EPUB files in your library that you can use with whatever ebook reader you want.

Few notes:

• If you get errors like "books can't be converted because of DRM" in step 13, make sure that the correct version of the DeDRM plugin is properly installed and you configured the correct serial number and start over from step 11.

• A bunch of sites tell you that you can download AZW directly from your "My Content" page on Amazon, but they removed that function in February 2025.

• If you've tried this before you probably stumbled upon a tool called "epubor" quite often which is trash and tries to make you pay for liberating the ebooks you already own, it doesn't offer anything that Calibre doesn't do for free.

cross-posted from: https://programming.dev/post/27088970

• [PDF] Letter.

Nearly 100 orgs plead for homegrown lifeline amid geopolitical tensions

Originally posted on Reddit