splendoruranium @ splendoruranium @infosec.pub

Posts

1

Comments

134

Joined

2 yr. ago

Some of the things mentioned in the OP don’t actually happen in real life, though. Bitlocker is only automatically activated if you use a Microsoft account to log in, and why wouldn’t you know the account credentials if it’s what you use to log in?

Maybe I'm misunderstanding something here, but does this whole thing not mean that the moment you use your Microsoft account for logging in, you immediately tie the permanent accessibility of your local files to you retaining access to a cloud account?

TPM is optional (but recommended) for Bitlocker. Practically every computer released in the past 10 years has TPM support. Secure boot is needed to ensure that the boot is secure and thus it’s okay to load the encryption key. Without it, a rootkit could be injected that steals the encryption key. You generally want to use TPM and secure boot on Linux too, not just on Windows. You need secure boot to prevent an “evil maid attack”

You have different opinions on TPM and the prevalence of evil maids than me, fair. But please don't disregard the central premise of my last comment: One is already using a different encryption solution. Say, Veracrypt is churning away in the background. Why would one leave Bitlocker activated?

Could you elaborate?

I know, I just meant why would someone willingly disable Bitlocker?

I mean... the premise of the thread seems like a good enough reason, doesn't it?
And even if it doesn't, if one is already using a different encryption solution that doesn't rely on TPM and secureboot silliness, what possible reason could there be not to disable Bitlocker?

Not using Bitlocker is not the same as not encrypting your stuff.

So, uh, what’s wrong with that?

... with damaging infrastructure? Well, presumably the infrastructure will no longer be as good at serving its original purpose once it is damaged.

Why do people host LLMs at home when processing the same amount of data from the internet to train their LLM will never be even a little bit as efficient as sending a paid prompt to some high quality official model?
inb4 privacy concerns or a proof of concept this is out of discussion, I want someone to prove his LLM can be as insightful and accurate as paid one. I don’t care about anything else than quality of generated answers

If you ask other people for their reasoning and opinions, it doesn't really make any sense to put something "out of the discussion", does it? :P

But no, if you have no qualms about sharing your innermost feelings, sexual preference or illegal plans with those that have an explicit desire to exploit that information then there is little reason to attempt something as complicated and wasteful as self-hosting your own LLMs.

I meant that in the sense of "At least that young". Yes naturally the age of first contact gets lower as computers become more commonplace. Then again I think true desktop computers are very much on the downturn once more.

I’d say it’s more like your hairdresser tracking how long you are in their store and what haircut you get- but you do you!

I'm not married to the analogy, just totally flabbergasted that "Using your own software on your own computer when and how you see fit without being watched" appears to be a slightly controversial aspiration for no (to me) apparent reason. Evidently I'm missing something, not explaining myself very clearly or both.

I run all my games in Linux and everything but Steam goes via Lutris which I configured to, by default, launch them inside a Firejail sandbox with no network access (plus a bunch of other security related limitations) something which I can override for specific games if needed.

That sounds like a neat setup! And no messing around with firewall rules either. I'll have to look into it.

That’s the thing, though. I respect the analogy, but the equivalent here would be if the game was also checking your drive for other games, for financial apps, scanning your browser’s cookies to see which sites you visit, etc.

If, while playing a singleplayer game, they’re recording what actions you take within that singleplayer game, it’s understandable some people wouldn’t even want that - but I also don’t see that as nearly so invasive as other data travesties. Worse, highlighting it here feels like a “cry wolf” situation where you’d desensitize people to the most harmful privacy breaches.

Again, I don't doubt that you do not see it as an incredibly invasive thing. I'm lamenting that you (and many) don't.
You're doing something on your computer. Locally. In your own time. With a thing that is - ostensibly - yours. Why is it even remotely acceptable that some corporate entity is watching you over your shoulder while you do it? I'm running out of words to express how nuts this seems to me.

I’m sorry, but that’s a terrible analogy. In the gaming scenario, Ubisoft is collecting the data on their own product usage

Well, in the corporate software-as-a-service insane troll logic hellscape in which we live that could indeed make sense. Mind you, that's not meant to be a rant against you but against the fact that this train of thought has indeed been completely normalized.
In the fantasy world of the past into which I'd like to go back to live happily it is precisely not Ubisoft's product. It's mine. I bought it - none of what I do with it is any of Ubisoft's business. The business transaction has been concluded. If they want to know what I do with my game then they can ask me nicely about it. I'll certainly not allow them to install a proverbial camera over the executable.

It's not a good analogy, I agree, but I'm too angry to come up with a better one right now.

Nah a lot of people now think screen time is bad without evidence. Never would be allowed to get on a computer at 3-4.

You had your own computer before you could read...?

Based on the article text, it’s only citing things like how long you play. I thought most games collected telemetry like this?

A commonplace travesty is still a travesty and metadata is still data. If my hairdresser asked me "Hey, in addition to me cutting your hair and you giving me money I'd also like you to constantly keep me updated on your sleep schedule, your vacation plans, marital status changes and the myriad of other things that can be directly gleaned from aggregate timeline data - all the other hairdressers have started doing it as well!", I'd likely look at them incredulously for a few seconds while silently imagining stabbing them with their own scissors.

Calling it "telemetry" has somehow normalized it over the past decades, I suppose? I just don't understand how anyone could ever accept this as normal.

jesus I feel old, and I am only in my 30s. I remember not having apt. How young are linux users nowadays?

Well... how old were you when you got your first computer? That young.

In the age of distributed databases and the dark web and the block chain and federation surely we can figure out a way to archive media that doesn’t put people or organisations at risk of litigation

That limits and gatekeeps access to an enormous degree. The IA wants to be useful to everyone, not just the tiny fraction of the world population savvy enough to use the internet for more than opening a browser and a chat client.

don’t institutionalise the perpetration of rights violations?

Counterpoint: The perpetration of this kind of rights violation precisely needs to be normalized to the point of meaninglessness. Intellectual property can either go away top-down (which considering the way things went over the past century is never going to happen) or it can go away bottom up - it has to be flaunted and disregarded by everybody via continued large-scale disobedience.

Or, of course, it could just never go away.

I still don’t see the big deal, takes seconds to drag them into the bin and move on.

When you recall that, as a person who knows what a browser is, you'll likely be in the global minority, you'll realize it's a tremendous deal.
And don't even pretend that running an Android phone without a GooglePlay store is easy :P

There are far bigger problems that they should be going after - irreplaceable batteries, locked bootloader, lack of root access on a device you own would be three of the biggest ones.

You will find that all those issues, in the end, come down to the same anti-trust problem - single companies being allowed too much control and too much vertical integration. Regulating small issues away piecemeal is pointless when the question "Why should a single entity even be allowed to, at the same time, control OS development, browser development, package management gatekeeping and thousands of other different things?" looms in the background.

If users are too stupid/lazy to change defaults that’s on them.

Nothing of what's written about in the article is "on the user".

Japan’s antitrust watchdog has ordered Google to stop pressuring smartphone makers to promote its apps like Google Search and Chrome. (...) The recent order issued on Tuesday follows an investigation that began in October 2023. The JFTC found that Google required at least six Android phone makers to preinstall its search engine and Chrome browser, and show them on the home screen. These conditions were tied to licensing the Google Play Store, which is essential for selling Android phones in Japan. According to Nikkei Asia, around 80% of Android phones sold in Japan were affected.
Japan also said Google offered ad revenue-sharing deals to some manufacturers and telecom operators. In return, these companies agreed not to preinstall rival apps or search services. This, the watchdog said, reduced competition and limited user choice.

Global anti-trust efforts are simply not very strong and never have been. They make for boring political platforms and are constantly under attack by corporate actors.

Ideally no business should ever be allowed to grow to the point of being able to exert political influence at all let alone rival the power of small nations, but here we are.

Any rational enterprise will employ all and any anti-competitive practices that it can come up with - if it can get away with them. And the more influence the business exerts, the more it can get away with.

Okay, here’s a slightly hot take.

I’d rather the price go up and the games remain ad free and high quality (not you, pokemon, you can get fucked) than become enshittified with micro transactions, ads, etc

I don’t like it. But it’s much more acceptable to me

That's absolutely a false dichotomy. In a world where games exist that are ad-free, high-quality and affordable, there's absolutely no reason to believe any notion of high prices or in-game ads being a requirement for development. It's just not true. Don't fall for it.

They block VPN exit nodes. Why bother hosting a web site if you don’t want anyone to read your content?

Fuck that noise. My privacy is more important to me than your blog.

It's a minimalist private blog that sets no 3rd party cookies and loads no 3rd party resources. I presume that alleviates your concerns? 😜