kyub @ kyub @discuss.tchncs.de

Posts

1

Comments

205

Joined

2 yr. ago

I get that it's a nice daydream to think of open source projects as existing in some kind of independent, ethereal vacuum just because the code is out there and accessible from any place on Earth. But every software project is (mostly?) dependent on the jurisdiction in one country, in this case it's the US, and so their laws about sanctions and so on apply. And yes, this means that unless conflicts/wars between nations happen to cease, that we will eventually have completely separated blocks of politics/culture/military and also IT. Globalization is over. China will have their own stuff, Russia will have their own stuff, and US+EU will have their own stuff. And none of those countries should continue using high-tech products made by the other because they could be sabotaged and it might be hard to find, so it's best to not use them at all and just cook your own stuff. It's unfortunate, but bound to happen in the current state of the political world.

No.

Communication/Social Media isn't for corporations to do what they want with it, or to manipulate their users. It needs a neutral, open platform. That means open source servers and clients and protocols.

I find it worrying how so many people noticed the decline of Twitter happening live and now continue to move to the next corporate, closed-down platform. Until the next time, I guess...

In that case, you probably have to:

• Use Tor respectively Tor Browser (without any additional extensions, and set the default security level to "Safer" if possible with Facebook) to create a completely new, anonymous account on Facebook. Don't enter any data there that could be linked to your person, e.g. no real mail address (use an alias, ideally a completely new one), no real names, no real data, also no real billing or delivery address. Literally nothing that could be linked to your person. Only ever use Facebook's site within the Tor Browser, to ensure that your real IP address and browser data aren't leaked. Never use their apps, never use your regular browser for it, also don't use PWAs because that's similar to using a regular browser, which reveals your real current IP address to the site. Unless you use a VPN to have a different IP, but you'd have to minimize your VPN usage just for that app interaction. If you continue to use the same VPN IP for other stuff as well, you could de-anonymize yourself later on. Mullvad or Proton are commonly regarded as good choices for trustworthy VPNs which don't log or sell any user data, or at least there are no known cases for it (yet).
• Don't add any friends on the site, try to limit your interactions with the site so that it can't create a big psychological profile from you and try to link that behavioral data to existing persons (the more you use the site the easier this method might become for them). Behave slightly differently than you would normally.
• When you buy something, remember that you'd have to conceal your real delivery and billing data/addresses as well. Which is hard to do when you actually want to buy and receive something. Your payment data and/or address data can EASILY and instantly de-anonymize you, also in front of Facebook. So my suggestion for something still practical would be to have a relative or friend buy it after you arrange that with them, have it delivered to their address, and you pay them for it and gather it from their place. So in essence you need a proxy person to do the receiving and paying for you. If you want to sell something, that's more inconvenient of course, but you'd also have to do it similarly.

The most problematic de-anonymizing data about you is going to be your real current IP address (which is revealed when you use a regular browser, PWA or their app, all with a non-VPN or non-Tor IP address) as well as billing or address data. In case you're using their app, they'll be able to gather even more data to de-anonymize you more easily.

• Pomodoro timers (hit a keybinding, a 25min timer will start. Within that time, do something productive. After that time, you can do a 5min "break". Then probably start the next timer. You can also adjust the timings of course)
• Treat the thing you want to do instead of your task as the thing you can do as the reward after having done the task first (kind of a gamification mechanism maybe)
• Develop a habit of always doing something productive (from your backlog) each day, unless you're sick or so
• If the task seems so big or hard that you don't even start, split it in parts. You rarely have to do everything at once. Splitting it into parts also allows you to not over-exert yourself, so you'll have more time for the things you'd rather want to do afterwards

Experience with relatives who had no prior experience with Windows or Linux: installing Linux for them was great, painless and also facilitates troubleshooting for me. No problems here. Mostly using Linux Mint for those purposes, it's a great distro for non-techy people.

Experience with relatives with prior Windows experience (but no Linux experience): a mixed bag. Some use Linux happily now (thankfully), some returned to Windows because they couldn't change their habits or have weird specific incompatibility issues with niche hardware which they also don't want to solve in a different way. I've kind of stopped giving support to those, since I don't want to give Windows support in my free time. I sometimes have to do it work-related, that's more than enough Windows contact for me. I also refuse to give buying advice on any products by Microsoft, Apple, Meta, Amazon or Google, with only very few exceptions (e.g. Pixel phones, because they're very secure and with GrapheneOS installed they're the best general mobile phone option). It's a bit of an ethical dilemma because I'd like to help the people but also don't want to directly or indirectly support those companies. I always offer them help if they use Linux or the things I recommend.

Normally, no.

You'd have to set up a completely new account which you only ever access via e.g. Tor, then use Tor Browser on iOS to log into that account and only ever use your account exactly like this or else you'll leak your current IP address as well as related data about you or your device to Meta. Also you'd have to never give any kind of personally-identifiable info to them. Then you'd have an anonymous account, but the goal of Facebook is to connect to other people you know. Once you add and talk to friends on Facebook, they might already know who's behind that account, especially if you already had a different account in the past which pretty much had the same set of friends already. Also, remember that many people use WhatsApp (also by Meta), and WhatsApp collects among other things the whole address book or contacts list from the phone of each user. And most normal users don't use contact scopes or things like that to spoof their contacts to Meta, so they'll most likely get the real contacts list. That means if let's say you have 5 friends named A, B, C, D, and E, and those 5 friends all use WhatsApp and have each other and you saved as a contact in their address book, then it's even easier for Meta to guess with high precision that you are this person that knows those 5 people and/or who is known by those 5 people. So there are even other factors to consider, some of which are outside of your own control, because all the persons you know and want to add to Facebook give a lot of data to Facebook themselves as well, and that data also might be used to identify you in various circumstances. So you'd also have to behave anonymously when using your anonymous account. Which kind of goes against the whole thing of social media like Facebook. Since they monitor every user's interaction on their website or apps, it's likely that they'll be able to eventually identify you once they've gathered enough data about your usage patterns, visited links on Facebook, contacts you added or which have added you, messages to contacts or from contacts to you, and so on. Simply using Facebook means you're actively giving tons of data based on your usage alone to Facebook. It's even theoretically possible for them to guess who you are based on your usage patterns alone, e.g. what you look at, what you type, how fast you type, and so on.

So yes it's possible to get an anonymous account on Facebook, but it's inconvenient, and probably runs contrary to your goals on that platform. Which is why I recommend to not use such platforms at all, and instead keep in touch with your friends via secure and private open source based messengers like Signal or Threema (Libre?) or any Matrix client. After all, services like Facebook are mainly for Meta to sell data about their users, that's their primary business model (they almost don't sell any products or services, they almost solely sell data about their users, that is basically the only way they make (a lot of) money. Well, and ads of course, but that's closely linked together because the ad industry wants personally targetable ads, so it needs user data to better place targeted ads). There also isn't a real need for such platforms anymore, because you can connect to friends in other ways on various other platforms, the only hard part is getting your friends to stop being lazy and switch to something more secure or private. When Facebook got big, it might have been the only social network of its kind, but these days tons of other, better options exist. So get your friends and contacts to move to something else. Or if they don't want to move with you, then maybe they aren't that important to you to keep in contact with.

Using Facebook in any other way, shape or form (e.g., using their app, or using their website with your real IP address) is very likely not going to be anonymous to Meta. They'll automatically receive your current IP address (which on its own might already be enough for them to establish a link to your person, since they also have trackers in place in lots of other apps and websites), and on top of that various information about your device or browser (which, again, can be a key factor to link your current usage data to your person), if you use their app (which you shouldn't ever do) they get even more data on you (not just you, also your contact list, nearby devices, and things like that), because those apps require so many permissions and have so much tracking integrated that it's a whole treasure trove of information that's being sent about you and your device, and they'll interconnect all that data with the other data they've gathered about you or your device(s) in the past (which, as a rule of thumb, will always be much more than you think they'd have). An app with integrated tracking is always more harmful to your privacy than using their service from within a web browser, because the app can read much more data about your device compared to the web browser. (But be mindful that some web browsers (especially the proprietary ones like Chrome, Edge and Opera) also have quite a lot of tracking capabilities inside them.) So using Facebook in a somewhat normal or convenient way and at the same time wanting to remain anonymous to them is basically impossible.

Also, you'll never be anonymous to government-based mass surveillance (who are collecting almost all network traffic, constantly) when you use your real IP address online. Anywhere. Your real IP is always connectable to your real person for them (also in retrospect). Even if they can't look into encrypted communication data, like the contents of chat messages or what you did on a specific website, they can see the metadata, among that is which hosts you contacted, and when, as well as more unencrypted details, and such metadata can already be very revealing. To quote the ex NSA chief "we kill based on metadata". Protecting yourself against commercial-based surveillance by companies like Meta is more realistic to achive (at least partially), because it's easier to avoid or evade commercial tracking (by blocking all or most of their tracking methods like app-integrated trackers, tracking Javascripts and cookies on countless of websites, and so on) than it is to evade someone who's sitting directly at all relevant network cables AND buys additional data from companies. Lots of easy-to-use tools exist to counter or limit commercial surveillance, like ad/content blockers, blocking host lists, PiHole, ad-blocking DNS servers, open source software and operating systems (because they are almost always free of trackers and surveillance tech), and things like that. It all minimizes your exposure to these data hoarding companies. And the less data you transmit overall to such companies, the better. But if you also want to protect yourself against any government-based mass surveillance, you'll have a much harder time than that. You'd need to always use different IP addresses (again, via Tor or VPN etc.) and avoid having anything leak out that can connect your other IP to your real IP. Which is hard.

At this point, right-wing lunatics are already so far removed from reality that it's safe to call them a sect.

It's an important milestone as it's the only effective way to make PC gaming available on operating systems other than Windows (i.e., reduce one of the Windows monopolies). Still, Linux gamers shouldn't take it too far. I'd advise everyone to still not support game studios which are openly hostile towards Linux gamers. This especially includes the ones who rely on client-side anticheat tools and then use those to block Linux gamers even though the game would run perfectly fine on Linux as well. Please do not support such games or studios (e.g.: Epic Games, EA, Bungie, Riot). Thanks to Proton, there is still a massive number of Windows games that can be played instead.

Noroi - The Curse (2005, Japan) Supernatural first-person video documentary style POV, but with higher image quality than Blair Witch Project for example. No jump scares, just very creepy and unsettling. Slow burn, but good pacing IMHO. No weaknesses IMHO, hence on top of my list. Just a very unsettling and disturbing, almost real-feeling, horror movie.

Also good:

• A Tale of Two Sisters (2003, South Korea): less horror, more artistic, intelligent and original. Great story
• Shutter (2004, Thailand): my favorite jump-scare horror with cool effects
• Incantation (2022, Taiwan): great supernatural slow-burn horror with a cool twist
• Hereditary (2018, USA): great supernatural slow-burn horror, original as well
• Sinister (2012, USA/UK/CAN): great supernatural horror
• Event Horizon (1997, USA/UK/CAN): great sci-fi horror, very unsettling
• REC (2007, Spain): one of the best zombie style movies and also one of the most horror-like ones
• It Follows (2014, USA): kind of a stupid plot but it works. It's original, well executed and unsettling (supernatural)
• Smile (2022, USA): an even more stupid plot, but also well executed. The ending is bad. But it still terrified me so it works at its core, and that's all that horror films need to do (supernatural)
• As Above, So Below (2014, USA/France): the weakest one on this list but it's very original as well, I like it because of that

There are some generally great small(!) / low budget movies, especially sci-fi. Here's one example, this one's basically zero budget but it's a great one (12min): https://tube.instellate.xyz/watch?v=GhDlV9PDw3Y

Winter is on its way out due to climate change. In around the year 2100, it's estimated that there will only be 3 seasons left, no winter. And summer will be much longer and much hotter. So the 3 seasons will be spring, then a 2-season long summer basically, then fall. That's it.

But you can already see the disappearance of winter today because there's much less snow and it's much warmer than like 30 years ago. (Speaking for Germany)

There's a perceived unpopularity with these genres. However, some truly great games like Baldur's Gate 3 are living proof that you can make a niche genre very popular. It's just that almost no one tries, or doesn't like the risk involved. That's why you don't see a lot of these genres anymore. Well, you DO see them, if you look close enough and include indie and A/AA titles, but a massive AAA title with big budget and advertising for those genres is pretty much non-existant (I'm not familiar of any other exception like BG3). I think big studios are unlikely to risk such things. Look for smaller game studios, they're much more innovative and either keep "dead" genres alive or they try mixing genres in innovative ways.

Yes, it's a dangerous combination of media/IT illiteracy/incompetence within the general public and profit-driven proprietary social media algorithms that only aim to keep people engaged for the longest time, no matter the content they are being served. And usually, the more extreme the content is, the higher the engagement, the more revenue to be made from serving ads to the users and selling their collected data. This currently leads to a rise of misinformation, anti-scientific thinking, and so on. Which just so happens to align with extreme right-wing ideologies.

Linux for gaming Linux for servers Linux for desktops/notebooks Linux at work Linux for mobile

Well with food something unusual at first feels weird but once you try it it might actually be good. I've had this experience quite a lot. Probably shows how much you're conditioned to liking certain foods just because you're used to them and grew up with them. So I'm not gonna judge how this would taste. But the first impression was like "ugh".

• GUI: Thunderbird
• TUI: neomutt
• Android: K-9 (soon to be Thunderbird)

• No good operating system preinstalled by default
• No headphone jack anymore

I'm barely still a Millenial. Which is kind of cool. I don't like the "generation names" before or after that much, and I liked that I grew up with non-invasive tech and non-existent smartphones during school. I was able to grow up with tech but none of the tech I dislike today. Also, tech was still easier to understand back then. I was able to learn how to create web sites for example when HTML, CSS, JavaScript and CGI was still in its infancy and not very complex yet. Of course I learned the growing complexitty as it all developed but the point is that it kind of grew with me. Which probably made several things easier to get into in the first place. Also, I still grew up with almost forgotten values such as privacy, and my whole youth life (as well as dumb things you did when young) isn't available online and therefore "gone". I kind of like it that way.

If you use Google's Play Services and/or other Google proprietary apps and services (they are standard on all commercial Android phones), then your battery will be drained slightly more due to it having spyware (euphemism: "telemetry") integrated. The Google Play services app, for example, does transmit at the minimum this data roughly every 20 minutes to Google:

        Phone #
    SIM Card #
    IMEI (world-wide unique device ID)
    S/N of your device
    WIFI MAC address
    Android ID
    Mail Address of your  logged in Google account
    IP address


  

And that is just if you have disabled ALL telemetry in ALL of the options, even the most hidden ones. So this is the minimum amount they are always gathering from every Android user, no matter what you selected. To make matters worse, the Google Play services is typically installed as a "system critical app" which means you as the owner of the phone can't even uninstall it or reduce some of its permissions.

(If you have an iPhone instead, and think you're safe from this, no you aren't. Apple also collects a minimum amount of telemetry data which you cannot ever completely disable, it just does it slightly less frequently (IIRC, it was like every hour or so, compared to Google's every 20min at the minimum).

And then there's also the advertisement ID, a world-wide unique identifier set in all commercial Androids as well as iOS, for apps to track you. You can only reset it to a new random ID but never disable it fully.

To stop all of this bullsh!t, and also to stop the additional battery/resource drain caused by this, I recommend getting a Pixel phone and replacing the proprietary stock Android OS with GrapheneOS and then not installing any Google apps/services on top of it. You can get apps via F-Droid, Obtainium, Aurora store (those are the convenient methods). You can use ntfy as an alternative to the Google firebase messaging (notification) service that you won't have access to when not having Google Play services running.

Dumb user friendly (having no particular background): yes

Dumb user friendly (having Windows background): no

Windows knowledge makes learning other OS harder because Windows is the weirdest OS out there.