Was this some glitch in the matrix, then? (For reference: attack happened on 2024-04-14)

Via is indeed a wrapper for WebView, and i used it on an old device for its small memory footprint. Then kept using it for some features which the non-Chromium alternatives (Firefox but also Mull) have dumbed away.
That’s mainly navigation buttons in the address bar, drop-down tab switcher, the ability to export settings and bookmarks (never liked to have yet another “cloud” account that tracks my usage…), and saving webpages for offline use. Among other features such as code and resource-file viewer, network log. – It’s just a a lean and convenient UI.

Lately, i started to run it together with DuckDuckGo-browser’s tracking protection. That does take care of Via’s own built-in trackers.

Privacy means that you can talk/act safely in your own closed-off space while no-one knows what you do. The opposite of private is public.
Anonymity means that you can safely talk/act in public space while no-one knows who does it. The opposite of anonymous is … identified.

If you want your talk be private while doing it in public or via an untrusted service, you can use obfuscation/encryption of the content/payload data of your talk (still anyone could receive it and know it’s from you and if they have the key they can decipher it).

If you want to be anonymous in public space, you have to obfuscate the metadata of your talk (so that no-one knows who said it but anyone can still receive it).

*And here is a bit of an overlap depending on where we want to draw the boundary of our privacy realm. In some cases, the knowledge about metadata like location and time of a message can be breach privacy while in other cases this is irrelevant.

You could also do both, meaning you’d have an anonymous appearance in a public/untrusted space, having a conversation with only those people who have the key to your messages. That’s a stunt which is not easily accomplished, as obviously you’ll need a way to let others know how to reach you, and exchange keys (in other words, you’ll have to first make an appointment in private and in a trusted space).

[wanted to write two sentences, no so much text :-D]

You forget to mention, a constitution that is written (and properly commented) in such a way that it doesn’t require any interpretation; and that will receive periodic review and updating according to cultural and historical development; and that holds actual punishment for lawmakers who violate the constitution. Not saying that i know of any such thing.

All the power that an advertisement network can buy. Especially youtube since it’s owned by google. And advertisers will be happy to have a way of forcing site visitors to run ads/malware or else they will not get served the content.
It’s similar to certain bank apps refusing to function on Android devices with an unlocked bootloader: you want the convenience of an e-banking application (/ad-driven corporate website)? – Your device (/web browser) “security” must be verified by the “authority” who actually owns your operating system, else you won’t. Everyone* will “be loving” their secure devices, because they “just work”.

^{*who is a potential customer buyer and therefore relevant}

Google is trying to use their dominance to actually own the www. The comment/issue section of the github site of the proposal is quite enlightening, if you have the time … especially their reactions on the general dismissal and condemnation of the proposal as unethical.

Relevant link: https://interpeer.io/blog/2023/07/google-vs-the-open-web/
Bottom line: Google want to introduce a live certification process for web clients so that webservers can potentially discriminate against specific configurations.

@[email protected]

https://github.com/LemmyNet/lemmy-ui/issues/1048
In a nutshell, many people are bringing in more or less useful comments although it has already been suggested how this could work; the changes required would touch some core functionality in the way federation is done/ links are handled, thus none of the new devs take the initiative; the two main devs are occupied with other serious stuff.

Apart from the list of items being somewhat generic and IP address just being unobtainable as someone else pointed out, it’s just saying that they get data about users by means of the normal functioning of federation. It’s ok in the same way as the server that originally hosts this community we are posting to (lemmy.ml) necessarily getting user data from our “home” servers we are posting from (feddit.de, sopuli.xyz), is ok. This is how we want it to work.

They would have to modify it for the other, “third party” server through which the user interacts with theirs, though.

Oh, i never experienced this. My thought is rather, “nobody will call anyway” … that said, perhaps it’s because i’m largely living outside of online buseness. Location: Europe mostly. What busenesses are you talking about, out of interest?

Obviously, never enter your real number in a web form unless the service depends on you getting called back … in which case you likely would have called the company by phone anyway.

This is true for practically every online service ever.

Sorry i have to correct this statement. Unless all encryption can be broken one day (which is a different discussion), end-to-end encryption can be seen as private … if both parties can trust each other to keep it so.
One can see if a service/app does e2ee if they (best) ask you to enter your public key (and only that) which will be shared to others to enable them to encrypt messages to you (such PMs can only get decrypted with your private key which is stored nowhere but on your own devices), and verify signatures done using your privkey. In the second-best case, an application will generate a key pair on your device and instruct you to store away the private key it just generated somewhere safe and protected by a long passphrase because if you lose it your PMs can not be recovered.

Interestingly, the ActivityPub protocol and IIRC also the Lemmy database have a “public key” field which could be used for e2ee purposes but the functionality is just not implemented.

That’s a feature not a bug!
Actually, users should not be required to trust the browser storage or in-app key generation, but be enabled to enter their own pgp key.

a.“i”. generated cancer* for ad-driven bladder cancer test scam. Thing went awry with the left hand. Had to paste over something bladder-laboratory.
* may cause brain cancer.

Thanks for the link. Graphic scrolling explainer but perhaps good if anyone still asked. Key takeaway: “Privacy is the right to be human. Privacy is the right to be imperfect.” – love that one.

I guess it means the DuckDuckGo Browser?
… Answer: Yes! Other comment in this same thread: https://sopuli.xyz/comment/864701
@[email protected] @[email protected]

zero comment-information [0] ⚔ [1] zero-information comment

Aha that’s a postgres default? I was looking into the code to see some of the DB structure. And i thought, well i made over 100 comments in 2 weeks so it wouldn’t take too long until that 32-bit space is used up (in normal operation with some more users).

… How many comments would each of 5M bot accounts need to make to overflow an i32 db key … I also think it looks as if someone is testing disruptive stuff. It may be kids playing, or it may be the chatbot army in preparation.

Perhaps cool down a bit. You can always block a community that you don’t want to see. Taking the nuke out on a whole instance (which is btw. about to install full democracy), just because you dont like a fringe group on there? That’s just not the purpose of the defed tool. – And TD is definitely fringe there and constantly mocked. Sh.itjust.works buddies are making a sport of it, just going there and trying to get thrown out as quickly as possible. They did not break the rules yet so there was no reason to kick them off. If cou want to start a discussion on the topic, you can do so at https://sh.itjust.works/c/agora