kravietz boosted

Remember, one of the many benefits of speaking Welsh is that you can walk faster than non-Welsh speakers.
(Via CPS Homes on FB)

kravietz boosted
kravietz boosted

Can DuckDuckGo replace Google search while offering better privacy?

The alternative search engine markets itself on protecting users’ privacy, but is it worth using?
So is DuckDuckGo no good? Surprised you did not mention it. Murray
Following last week’s article about privacy and surveillance capitalism, several readers wrote in about the absence of DuckDuckGo, and it was mentioned a dozen times in the comments. I have suggested this privacy-oriented search engine a few times since 2012, and I think it’s worth a go. However, I’m answering Murray’s earlier query along the same lines because I can use his email verbatim rather than cobbling together a joint question from multiple sources.
Continue reading...

kravietz boosted

I watched and Vimeo yesterday in solidarity with the #youtubewalkout . When I first got on there wasn't much there, but it's certainly grown. I found this fun animated vid, 'Copying is Not Theft.' . Vidcommons also posts documentaries on . No ads either. That's really cool! If you are a You Tube content creator, please consider backing up your channel onto, like @ChrisWere and

kravietz boosted

Beyond evil: This month Facebook started to scrape sites that use 'pixel' for all kinds of information. Including personal information about the visitors. People could be identified even without cookies by name or email. This affects also non FB Users.


Seems to be currently live on and Here personal information like name, email and phone number is sent to facebook during registration at airbnb.

is one of the most recognised (not necessarily attributed...) products of Russian IT industry, powering most of the Internet as we know today.

Today police raidet Nginx office in Moscow due to a Russian portal Rambler filing a copyright violation claim on Nginx code.

Granted that Nginx was just acquired by F5 and in parallel Sberbank acquired large share of Rambler, it looks like a regular business-class extortion attempt to me.

kravietz boosted

Tested the ENS, which is a name resolution protocol that lives fully in the ETH blockchain and allows using names like webcookies.eth instead of hex addresses. There's also DNS -> ENS feature that imports DNSSEC-protected ETH addresses declared in regular DNS (currently only .xyz TLD).

If you're using MetaMask or other ENS enabled wallet, you can try to enter webcookes.eth or in the Send form (no need to send anything) and you'll see it resolved into my 0xDA... address.

kravietz boosted

@kravietz That of course. Standard BIOS setup should include:

- BIOS update

- BIOS password for accessing settings and changing boot options,

- Changing boot order and disable not needed boot devices

- Reset TPM and change to 2.0 mode

- Enable Secureboot and reset Secureboot keys

- Disable unneeded devices

- Explore further features in BIOS/firmware (like enable temper detection, disable Intel device mangement, …)

kravietz boosted

Twitter just invented the fediverse "Twitter is funding a small independent team of up to five open source architects, engineers, and designers to develop an open and decentralized standard for social media. The goal is for Twitter to ultimately be a client of this standard. "

kravietz boosted

@kravietz The main goal of using a grub password is preventing someone from booting, pressing e setting /bin/bash as init and use vi to write nasty little scripts around your boot partition. It rasies the bar to "I have to open the device" which that again can be made visible using nail polish:

At least when you are paranoid enough.

Also of course you should use secureboot as you mentioned.

kravietz boosted
kravietz boosted

@kravietz Set a grub password!

Use OpenSCAP Workbench with the proper profile for Ubuntu, Fedora or CentOS to check compliance.

Full set of instructions (one might want to select just a few, but still):

I guess that should already help a lot :)

3) When there's choice between .deb and Snap/Flatpak version available (there is for Firefox, Brave and many other popular programs) always go for Snap/Flatpak version as it runs in a much more effective sandbox.

This doesn't come completely free either because with Snaps your profile file move to the sandbox but it's quite a simple operation.

2) Always run the latest available Linux distro - so in case of Ubuntu go for 19.10 - and always have all updates installed.

My answers in random order:

1) Make sure you have Secure Boot enabled in BIOS, and BIOS password set.

That's pretty much all you can do to prevent backdooring & keysniffing of your bootloader today when someone covertly gets physical acces to your laptop.

If this is a viable threat, go for QubesOS, but be aware of its limitations (e.g. inability to access GPU by the operating system, so no games or 3D graphics)

Just had an interesting question from a colleague who has a notebook and works remotely from random places:

> I've got full-disk (FDE), what else I can do for ?

One reason why 's resolver is so fast is that it seems to be making a tradeoff between speed and freshness of responses. Specifically it seems to cache RRs for as long as allowed, while other public resolvers will recheck much earlier.

Show more
Mastodon 🔐

Fast, secure and up-to-date instance. provides knowledge and tools to protect your privacy against global mass surveillance.

Matrix Chat:
Support us on OpenCollective, your contributions are tax deductible!