mox @ mox @lemmy.sdf.org

Posts

229

Comments

1,552

Joined

1 yr. ago

There is no privacy-focused PayPal alternative in the US, in part because US money transfer laws and policies (e.g. Know Your Customer) directly oppose privacy.

However, there are a couple of new projects that might eventually lead to something less bad for privacy than PayPal is:

• GNU Taler, if they ever get any exchanges, and they either figure out how to mitigate the high fees for wire transfers or use some other settlement method when people on different exchanges make small payments. (Their plan to use batch wire transfers won't help until the exchanges get a lot of adoption and frequent use. Of course, high fees discourage adoption and use, so this might not ever happen.)
• FedNow, if banks ever use it to offer appealing person-to-person payment services instead of just using it for themselves and their business customers.

"It was a derelict spacecraft. It was an alien ship. It was not from there. Do you get it?"

https://www.youtube.com/watch?v=NiXGpT1IUgQ&t=78s

The rest of the sentence you truncated points out forwarding services. Yes, others exist beyond the four I mentioned, of course.

Edit to clarify: Your "it doesn't" argument is that you can use forwarding from other domains that you own. Indeed you can, but that's not a counterargument, because those are forwarding services. They do exactly what I described: the same thing as the example forwarding services in my original comment. You still have to maintain the them, as well as maintain the extra domains.

I don't know if Element Web/Desktop was affected by the vulnerabilities in the title, but another one (also announced today) is fixed in Element Web/Desktop v1.11.81.

https://github.com/element-hq/element-web/security/advisories/GHSA-3jm3-x98c-r34x

The correct fix is to get the site maintainers to stop rejecting email addresses based on the characters they contain. They shouldn't be doing that. Sadly, some developers believe it's an appropriate way to deter bots, and it can be difficult to educate them.

If they won't fix it, the workarounds are to either not use those sites, or to give them a different address. Unfortunately, the latter means having to maintain multiple email accounts, or forwarding services like Addy.io, SimpleLogin, Firefox Relay, or DuckDuckGo Email.

For those who don't know, Chicago was the code name for the 32-bit successor to Windows for Workgroups 3.11, eventually released as Windows 95. It was also a departure from Microsoft's earlier desktop interface style, introducing the start button, task bar, and system tray.

https://www.cgmagonline.com/news/steam-purchase-license-california-law/

https://digitaldemocracy.calmatters.org/bills/ca_202320240ab2426

The distro doesn't matter.

Historically, your choice of desktop environment could affect FPS due to interference from desktop compositors, but most desktops these days are smart enough to disable compositing when full-screen apps (games) are active, or have a very fast compositor, or don't have one at all.

I no longer consider any email app to be okay for privacy if I can't build it from source code. There are just too many opportunities and incentives for someone to exploit it. That could be the developer, or the maintainer of some obscure code library, or a company that buys one of them out, or an attacker who found a vulnerability. We no longer live in a world where it's reasonable to think we'll get privacy from communications software that we can't inspect.

Thankfully, we also no longer live in a world without options. There are more than a few email apps with nothing to hide. :)

The Last of Us Part I.

I generally dislike games on rails, but I loved this one.

I think their concern is not data retention, but data collection/exfiltration.

What is that white enclosure with the vent on top?

idk how you spare the effort.

When you've been building networked systems for longer than JavaScript has existed, it no longer takes effort to spot design choices that put users at risk. When you've watched endless vulnerabilities be exploited over the years, it's not paranoia, but a real-world problem that impacts real people. At that point, the flaws are impossible to responsibly ignore.

Spreading awareness and showing people how to build safer systems does sometimes get tiring, but I think it's important.

I love this in principle.

I just wish Mastodon instances were viewable without JavaScript. Opening the door to many types of browser exploit and fingerprinting shouldn't be required just for reading.

People in privacy circles do talk about phone numbers, but it's usually about them being collected in the first place. Most of us realize that corporate promises to delete them later are easily reneged and impossible to verify, and therefore next to worthless. We need laws forbidding data collection. We don't have them yet.

By the way, that title is useless to people who are browsing Lemmy to see which posts might interest them.

I was told that it was convention to use the highest government title that a person received once they leave government.

I have heard of that convention, but only in formal address (not in journalism or casual conversation). I don't know if it's official protocol anywhere or just an urban legend.

In this context, I think it's important to realize that he is not the president, that he was impeached twice, and that he is a convicted felon. His opinion does not and should not be given the same weight as that of The President of the United States.

Also, I don't see any reference to him at all in the article. It looks like OP is editorializing.

I don’t know why VPN providers promote themselves as like they are going to make your connection more private, everything is already encrypted (except DNS).

It's true that most popular web sites have moved to HTTPS, but even if all of them had, not all network traffic is web traffic. Also, even if someone uses the network only for web browsing, DNS is not the only privacy-relevant data that gets exchanged outside the HTTPS connection.

You are just shifting the trust from your ISP to the people that run the VPN.

Some people have reason to distrust their ISP more than their VPN provider, so this is a valid use case.

VPN isn't really comparable to HTTPS. The former protects all traffic, and with a relatively small attack surface, but only up to the VPN edge. The latter protects all the way to the network peer (the web server), but only web traffic, and with a massive attack surface: scores of certificate authorities in countries all over the world, any of which could be compromised to nullify the protection. They address different problems.

"This is the stupidest thing I've ever made with my engineering degree." 😆

“I just want to create, Dad.” – Remy

Last time I read something from her on the topic, she seemed to like Shenzhen too much to want to get out.

That was before things took a turn in her life, though. I wonder if that has changed.

All online storefronts doing business in California will soon be forbidden by law to lie to customers with words like "buy" when they really mean "license". GOG is no exception.

https://digitaldemocracy.calmatters.org/bills/ca_202320240ab2426