resist1984 @resist1984@social.privacytools.io
Joined Mar 2019
@theprivacyfoundation
Telling #TwitterExodusScotland ppl to join mastodon.social is poor advice & it's ironic that it comes from a #privacy foundation. mastodon.social is #centralized on #CloudFlare. It's an abuse of privacy & #netneutrality.
You should be embarrassed to be on that node and you shouldn't be suggesting it to others.
@wizzwizz4
That's a mistake. It's likely that fosstodon.org was on #CloudFlare at one point in time - but they are no longer. I also checked to see if fosstodon was hosted by another harmful entity (AWS, MS, Google, or Apple), and the site is clean. I see no ethical problem with it ATM.
@wizzwizz4
You've still not mentioned which list you're talking about. If you're talking about the bash code I posted, one list is populated with all nodes in the network, the other list is just CloudFlared sites. The command I posted suppresses the intersection of both lists, resulting in non-CloudFlared sites.
@wizzwizz4
Use this to test whether a site is compromised by #cloudflare:
http://searxes.nmqnkngye4ct7bgss4bmv5ca3wpa55yugvxen5kz2bbq67lwy6ps54yd.onion/collab/sxes/tool_ismitm.php
I don''t know what cf.mastohost.com is or what list you're talking about.
@wizzwizz4
fosstodon.org is not on #CloudFlare
Also, it was "unwitting" for Twentyfivebux - not you hereafter if you've become aware of how CF works.
BTW, it doesn't matter who your CA is, the tunnel between outsiders & CF's site always terminates at CF. So, for example, if you were a mastodon.social user, CF would see your username & unhashed pw full stop.
@wizzwizz4
#CloudFlare blocks from the reader's side, not the author. If Alice blogs on a CF site then Bob is blocked from reading it if CF objects to Bob's IP address-browser pair. And that's not theoretical -- it's certain.
CF dictates who can reach who. CF also pushes #surveillanceCapitalism via a forced #Google-served #CAPTCHA (depending on IP-browser pair). Using a CF service gives them power. @Twentyfivebux unwittingly supports #centralization & empowers CF by using mastodon.social.
resist1984
boosted
A #Belgian bank decides to force all customers to:
* buy an #iPhone or #Android
* subscribe to GSM svc
* give the ph# to Apple or Google
* tell #Apple or #Google where they bank (by downloading the app)
* install & execute proprietary #nonfreesoftware
Money is trapped in the accounts- held hostage until customers take the above steps.
Why is no one talking about this? #Aion (#MontePaschi) forces ppl into #surveillanceCapitalism w/Google/Apple patronage & no one seems to notice.
resist1984
boosted
@kensanata @Gargron @Twentyfivebux I suppose I should also say how to avoid #CloudFlare #Mastodon nodes. Run this command to find CloudFlare-free Mastodon nodes: comm -13 <(torsocks curl https://codeberg.org/crimeflare/cloudflare-tor/raw/branch/master/tool/example.mdn_basedom_list.txt | sort) <(torsocks lynx -dump -nolist https://instances.social/list/old | awk '/%/{print $3}' | sort)
@Twentyfivebux @Gargron @kensanata hmm.. it's a little flawed b/c some #pleroma nodes end up in the output, but it's a good start.
@kensanata @Gargron @Twentyfivebux I suppose I should also say how to avoid #CloudFlare #Mastodon nodes. Run this command to find CloudFlare-free Mastodon nodes: comm -13 <(torsocks curl https://codeberg.org/crimeflare/cloudflare-tor/raw/branch/master/tool/example.mdn_basedom_list.txt | sort) <(torsocks lynx -dump -nolist https://instances.social/list/old | awk '/%/{print $3}' | sort)
@kensanata @Twentyfivebux @Gargron there was like a flood of Indians joining #Mastodon a couple weeks ago due to some oppression. It's a shame this only happens when #Twitter does a large scale oppression. BTW, you've chosen yet another #centralized service using repressive technology. mastodon.social is a #CloudFlare site. You should switch to a #decentralized node before building followers.
@wiktor @rysiek #Hushmail has foolishly given up the one advantage it had over #Protonmail: that non-users could interact with the keyring so dumb users need not bother. Both HM & PM impose key management burdens on low-tech users now.
@wiktor @rysiek the steriod bust is well known, & what most ppl fail to realize is that #Protonmail has the same vulnerability. PM will cooperate with demands from relevant courts. Also, Swiss law has changed in the past couple yrs such that LEAs can compel subpoenas.
@mplammers
there would be potential to fix the brain-dead #climatedenial nonsense, as it's simply facts & science vs. propaganda. No contest.
But w.r.t neonazi.. that's a write off. You can't fix that.
Trump brought racists out of the woodwork. Now what? We can only outcast them.
@rysiek
In any case, I appreciate the link. It's indeed useful info.
@rysiek
The presenter's recommendation "stop using fax" is haphazard, as it neglects to account for how over-zealous anti-spam techniques have destroyed email. Convincing admins to understand & avoid collateral damage or to use PGP is a non-starter. Thick skulls.
I use fax as a protest statement. The crudeness of fax serves to spotlight that recipients aren't doing email right. And fax /just works/.
@rysiek
Regarding the vulnerability: it's a legit find and I applaud CCC for their work. But I think they overstate the popularity of T.30. And certainly color faxes are rare. JPG buffer overflow is a classic problem; interesting that they are still finding instances of that.
Of course the simple fix is to have the RX fax be standalone, not a LAN-attached MFD. For TX, it can be LAN-attached w/out inbound calls, or it can be a fax card.
Joined Mar 2019
