beefee's comments

beefee | 2 years ago | on: Privacy is priceless, but Signal is expensive

A service that requires a telephone number simply shouldn't be called an Internet service. It can't be used purely over the Internet.

Telephone numbers are fundamentally incompatible with privacy. Signal's leadership knows this, but they don't appear to care.

beefee | 2 years ago | on: Show HN: FlakeHub – Discover and publish Nix flakes

Me too. Several teams are trying to land grab by "wrapping" Nix with extra stuff.

But as good as flakes are, they still have big problems. flake.lock size explosion, UI hassles, no cross compiling support.

beefee | 2 years ago | on: Proton Pass end-to-end encrypted password manager is here and free for everyone

Please put your apps on F-Droid.

beefee | 2 years ago | on: Toyota: Car location data and videos of 2M customers exposed for ten years

Owners may want to disable this in hardware rather than relying on a sketchy opt-out mechanism. The relevant part is the "data communications module". It has an LTE modem and a backup battery, so it's able to transmit even if the car battery is disconnected. It requires a little bit of dashboard disassembly to access. You can either remove it or disconnect the LTE and GPS antennas. Toyota has technical documents available for $25 at https://techinfo.toyota.com.

It would be great if there was some website that collected all the detailed instructions for removing the spy devices from different car models.

beefee | 2 years ago | on: Ask Wirecutter: Can you recommend a not-smart TV for me?

Here are some reasons.

1. Cost. I'd rather not pay for hardware and software I won't use.

2. Environmental impact. Unused and unwanted hardware is waste.

3. Unauthorized users connecting to WiFi. TVs are often in common areas. The settings menus have no authentication. So an unauthorized user might connect the TV to a WiFi network.

4. Automatic WiFi connections. TVs might connect to open or partnered WiFi networks without telling the user. Hard to know without an audit.

5. Accidental WiFi connections. Settings menus might be unintuitive (or deceptive) enough to trick users into joining WiFi networks accidentally.

6. Future data leaks. TVs might be recording data and saving it to internal storage. The next owner of the TV could connect it to a network, and years of stored data would be leaked. Again, hard to know without an audit.

beefee | 3 years ago | on: Turnstile: privacy-preserving alternative to CAPTCHA by Cloudflare

Will any of this be available on Linux or owner controlled systems?

beefee | 3 years ago | on: Twilio incident: What Signal users need to know

Please, stop using phone numbers. There is no reliable way to hold a phone number. The messaging protocols are insecure. If your service uses phone numbers or SMS, that means it's not secure or reliable.

beefee | 3 years ago | on: Oracle Suspended My Account

I was never even able to sign up. "Customer service" just repeats the same thing on a loop.

Tech companies will slowly put themselves out of business with fraud detection algorithms.

beefee | 3 years ago | on: Google now deleting health clinic searches from location history automatically

I wonder how hard it would be to have my personal residence classified as one of these protected places. Incorporate some kind of business or non-profit, make sure it shows up the right way in Google Maps, then enjoy freedom from Google surveillance.

beefee | 3 years ago | on: Feeling uncomfortable when leaving phone at home shouldn't be normal

The loss of pay phones over the last 20 years is a loss to society. We used to have widespread access to cheap and anonymous emergency calling.

beefee | 3 years ago | on: Apple, Google and Microsoft Commit to Expanded Support for FIDO Standard

I fear services will force the use of certain devices, like those on the FIDO certified products list [0]. Will there be a way to use open hardware, open firmware, and user-controlled hardware attestation keys? Or will that be considered a fraud/bot risk?

[0] https://fidoalliance.org/certification/fido-certified-produc...

beefee | 3 years ago | on: Apple, Google and Microsoft Commit to Expanded Support for FIDO Standard

The services I interact with that support WebAuthn usually only allow you to register one key. Backup and recovery is a confusing puzzle for most of these services.

beefee | 4 years ago | on: Newegg has a bit of a scandal on its hands

Yes, and there are surveillance companies dedicated to tracking people and the returns they make [0]. Many retailers now demand personal information like ID cards to make returns. If their secret fraud detection algorithms flag you, you can find yourself suddenly unable to make returns.

[0] https://www.theretailequation.com/

beefee | 4 years ago | on: Mozilla Rally

Mozilla is big tech. They are funded by big tech and they support big tech's censorship ideology.

If they want to actually break with big tech, they can retract and apologize for this pro-censorship advocacy piece: https://blog.mozilla.org/en/mozilla/we-need-more-than-deplat...

beefee | 4 years ago | on: Systemd, 10 years later (2020)

This is an important document and the best piece of writing I've ever seen on the topic of systemd.

beefee | 4 years ago | on: Overview of alternative open source front-ends for popular internet platforms

It's best to run it yourself. On NixOS it's a one-liner: "services.invidious.enable = true". Then it will be up at http://127.0.0.1:3000.

Blazing fast and zero annoyances.

beefee | 5 years ago | on: Capitol Attack Was Months in the Making on Facebook

It's chilling how quickly the tech industry has coalesced around oppressive and biased social media censorship policies. A scant few years ago, the tech industry was a beacon of free expression.

beefee | 5 years ago | on: The platforms have acted, raising hard questions about technology and democracy

Are there any companies or organizations working to protect Internet freedom?

beefee | 5 years ago | on: Getting Started with Brave

Here's the telemetry documentation: https://github.com/brave/brave-browser/wiki/P3A

So it's sending some amount of telemetry, but it's not so bad compared to mainstream browsers. A more detailed comparison is available in this report linked by another commenter: https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf

beefee | 5 years ago | on: Getting Started with Brave

It's a matter of preference and threat models. Brave isn't perfect, and has had some controversy in their business practices. They also have some telemetry and cryptocurrency ads. For non-technical users I still think Brave is the best overall bet, especially on mobile devices. There's a great privacy comparison linked in a different thread.

For more technical people, ungoogled-chromium [1] is probably the cleanest option. It's completely free from ads, telemetry, "pings", "experiments", and the like.

[1] https://github.com/Eloston/ungoogled-chromium