• 0 Posts
  • 81 Comments
Joined 3 years ago
cake
Cake day: January 17th, 2022

help-circle
  • Indeed. That being said I have a (sigh) Android video projector (Nebula Mars II Pro, by Anker) and even though it does comes with its bloatware (namely “trying” to force installation, without actually doing it, of e.g. YouTube or NetFlix apps) attempts one can ignore that, install F-Droid, install VLC and Launch on Boot from there then boot straight to VLC without have to interact with the stock launcher. Also remote adb works by default so one can tinker quite a bit without even having to active a kind of developer mode.






  • Depends entirely what they are doing with it. If they are using services with DRM, e.g. Netflix or Disney+ I bet you will be out of luck because that pulls out an entire ecosystem, driven by Google, which is based on selling ads.

    “not realistic to propose rpi and more complex systems”

    If they have to install it, probably not. If they have to plug it on the HDMI port, power and optionally Ethernet honestly things like LibreElec or Kodi are pretty well done. Heck even a very young kid (talking not even 5y/o) can manage that (I’ve seen it, repetitively) or even start VLC to connect to DLNA server as long as it’s properly setup.



  • What’s driving me nuts is that people will focus on the glasses.

    Yes, the glasses ARE a problem because Meta, despite being warned by experts like AccessNow to SHOW when a camera is recording, you know with a bright red LED as it’s been the case with others devices before, kept it “stealthy” because it’s… cool I guess?

    Anyway, the glasses themselves are but the tip of the iceberg. They are the end of the surveillance apparatus that people WILLINGLY decide to contribute to. What do I mean? Well that people who are “shocked” by this kind of demonstrations (because that’s what it is, not actual revelations) will be whining about it on Thread or X after sending a WhatsApp message to their friends and sending GMail to someone else on their Google, I mean Android, phone and testing the latest version of ChatGPT. Maybe the worst part in all this? They paid to get a Google Nest inside their home and an Amazon Ring video doorbell outside. They ARE part of the surveillance.

    Those people are FUELING surveillance capitalism by pouring their private data to large corporations earning money on their usage.

    Come on… be shocked yes, be horrified yes, but don’t pretend that you are not part of the problem. You ARE wearing those “glasses” in other form daily, you are paying for it with money and usage. Stop and buy actual products, software and hardware, from companies who do not make money with ads, directly or indirectly. Make sure the products you use do NOT rely on “the cloud” and siphon all your data elsewhere, for profit. Change today.


  • I’m curious, any advice on that? How does one do “good” telemetry? I’m the first to complain about Microsoft, Apple, (even worst) Google, Meta and now OpenAI collecting data to sell me stuff… but it’s true that also some data is needed to get some kind of introspection in terms of usage. Developers need to understand what is actually happening with the software they develop.

    Now I’m wondering specifically about 2 side :

    • how to do the data collection correctly (e.g local only, only send on crash, only send without PII, store only aggregate)
    • how to get informed consent from users (e.g off by default, UX that supports understanding of why it’s done and how)

    I’m genuinely glad that the mindset around privacy have changed since the last few years but I’m wondering how, when it’s a genuinely positive good case (to truly make better products), to do it.


  • I forgot the exact number but while installing Debian (Bookworm and Sid) this weekend I was shocked by how small the base install, with a window manager (“big” one by your standards, i.e KDE), was. Maybe 2Gb, definitely less than 4Gb. It all worked fine, I could browse the Web, print, edit rich text, watch video, etc.

    I installed a ton more stuff since, e.g Steam, Inkscape, Python libraries for computer vision, etc and it’s still not even 10Gb.

    So… my suggestion is the same as I shared earlier in https://lemmy.ml/post/20673461/13899831 namely do NOT install preemptively! Assuming you have a fast and stable connection I would argue stick to the bare minimum and all add as you need.

    In fact… if you want to be minimalist I would suggest to do another fresh install (it’s fast, less than 1hr and you can do something else at the same time) and stick to the bare minimum right away.

    TL;DR: don’t get rid of, just avoid adding from the first place.


  • It’s a tricky situation to navigate.

    There is the technical aspect, namely is it actually feasible, but itself wrapped within an economical and political context, as I’ve highlighted in another thread on this post.

    On one hand we learn from Snowden’s leaks about an entire surveillance apparatus, we might also have a conceptual understand of limitations via articles like “On trusting trust”, plain incompetence and shortcuts for large companies, so all that and more invite us to be very prudent. Those are actual justifications for questioning what hardware, if any, can be trusted.

    Yet… one can’t go from those justifications to speculate. Yes there might be flaws, intentional or not, in both the design or the production or both of chips. Still, it’s not because it’s conceptually possible, or even that it happened before, that it does happen today and at scale.

    Your System76 is an interesting example and it’s a bit like my Banana Pi tinkering, or even more limited (yet exciting IMHO) the Precursor. Namely it’s a very costly trade off today to “work” with hardware one can (at least try to) understand better, hopefully itself leading to better privacy and security. In the end most of us believe the trade off for more affordable performances trumps that deeper understanding.


  • I must express myself quite poorly. It is not a point about technical knowledge, in fact if you were to know more about the topic than I do, I would expect you to even more be upheld to higher standards and thus not promote a bad solution, even more so assume it’s the only one. I can’t imagine that even a PhD student who is supposedly at the frontier of knowledge in their very narrow field would assume no alternative is possible, or will ever be. This even more the case without having both a complete understand of the landscape but also about OP’s actual needs, which is probably hard to express clearly and thus leading to a lot of assumption. Here maybe a simple loud alarm from a BT speaker going out of range might be enough.

    My whole point is that abandoning hope, and leading others to do so, is worst than actively finding for a good compromise.

    Anyway I don’t want to invest more energy on this discussion unfortunately so simply wishing you the best, thanks for the clarifications.


  • I imagine it’s like everything else, you can only realistically verify against a random sample. It’s like trucks passing a border, they should ALL be checked but in practice only few gets checked and punished with the hope that punishment will deter others.

    Here if 1 chip is checked for 1 million produced and there is a single problem with it, being a backdoor or “just” a security flaw that is NOT present due to the original design, then the trust in the company producing them is shattered. Nobody who can afford alternatives will want to work with them.

    I imagine in a lot of situations the economical risk is not worth it. Even if say a state actor does commission a backdoor to be added and thus tell the producing company they’ll cover their losses, as soon as the news is out nobody will even use the chips so even for a state actor it doesn’t work.


  • They asked for an alternative to airtags. I provided one.

    And even though I’m not OP I’m genuinely grateful for that.

    Doesn’t matter if they were compromised because like I said, everyone is eventually.

    No! That’s the whole point of this Privacy community! If someone is using, using home automation as an example, Apple HomeKit or Roomba or Google Home they will eventually get compromised BUT if they are using something local, e.g Zigbee with HomeAssistant they WILL never get compromised because by the very local only architecture of that solution no data is leaving the home and thus can NOT be compromised.

    The ENTIRE reason d’etre of this community is not to say “Oh well… the default solutions are imperfect, we have to shrug and accept the statu quo” but rather provide genuinely alternative.

    I understand a lot of people can enter into a learned helplessness mindset imagining that only poor solutions exist and thus, better pick the least worst one, but by doing that we are giving power to Big Tech, surveillance capitalism, etc.

    Please do NOT say that “everybody gets compromised” when you actually mean that “the vast majority of people who accept to use a popular solution with trade offs that are not good for privacy”. It sounds like a finicky difference but it’s actually totally different because it shows that it’s not inevitable.

    By taking shortcut in your language you limit what’s conceived as possible by others who are asking for help, again, in a Privacy focused community.


  • True yet still not OK.

    That’s also why a lot of us do try to avoid, as much as is realistically feasible, to provide any data to any company that should store it. Hence why a lot of questions here are about self hosting, no cloud, etc. It’s not paranoia, it’s because companies cut corners and as you correctly point out, fail to keep us safe. So it’s not about Tile specifically, they are just yet another poor example. Let’s not defend them nor this kind of practices. If people in the Privacy community are OK with that, we have a rather deep problem.


  • The same way you would do it with a black box while optionally taking as many shortcuts as one is comfortable with by virtue of assuming having a better understanding of it’s been built?

    Get it audited by tools, e.g OneSpin, or people, e.g Bunnie, that one trusts?

    I’m not saying it’s intrinsically safer than other architectures but it is at least more inspectable and, for people who do value trust for whatever, can be again federated.

    I assume if you do ask the question you are skeptical about it so curious to know what you believe is a better alternative and why.


  • Buying other hardware that you (well… not me ;) can inspect and verify, e.g RISC?

    For now the performances are pretty terrible BUT one can imagine, assuming they have the right discipline and mental model doing what’s actually personal on a verifiable processor, e.g browsing and reading emails, and what’s not, e.g watching a TV show on another machine with CPU/GPU with an unverifiable architecture.

    PS: I have a Precursor and a Banana Pi BPI-F3 with SpacemiT K1 8 core RISC-V chip and that’s the main idea behind them both, i.e knowing, as a community, how it works all the way down.


  • Neat.

    Warning disclaimer : I’m not a cryptographer.

    I actually tinkered with https://github.com/open-quantum-safe and it’s actually quite simple to become “post-quantum” whatever. The main idea being that one “just” have to switch their cryptographic algorithm, what one uses to encrypt/decrypt a message, from whatever they are using to a quantum-resistant (validated by NIST or whomever you trust to evaluate them) and… voila! The only test I did was setting up Apache httpd and querying that server with Chromium and curl, all with oqs, while disabling cryptographic algorithms that were not post-quantum and I was able (I think ;) to be “safe” relative to this kind of attacks.

    Obviously this is assuming a lot, e.g that there are not other flaw in the design of the application, but my point being that becoming quantum-resistant is conceptually at least quite simple.

    Anyway, I find it great to demystify this kind of progress and to realize how our stack can indeed, if we do believe it’s worth it now, become resistant to more threats.