Keyoxide: aspe:keyoxide.org:KI5WYVI3WGWSIGMOKOOOGF4JAE (think PGP key but modern and easier to use)

  • 0 Posts
  • 92 Comments
Joined 1 year ago
cake
Cake day: June 18th, 2023

help-circle
  • That isn’t really going out of your way, it is the base mode of how the fediverse works. Looking at something on a different instance.
    Plenty of people just use mbin and see this, without any action at all.
    The point is that as it stands right now, there are already basically no restrictions. The only thing perhaps missing is the knowledge that you can simply copy paste a link into fedia or another mbin instance to view upvotes.

    You can open an issue on mbin about it, to restore a semblance of restriction. But currently as it stands, all restrictions are about as fallen as they could be.

    You can ofc argue that we shouldn’t open another equivalent hole in lemmys webui and api, so that you can in the future remove the ability from mbin.

    I would in turn argue that this system has always been egregious, and that in the same sense as banning encryption you never hit those you want to hit using incomplete restrictions. Regular users are led to believe their votes are private, while the worst dataminers or trolls will always have their instances to query all of that info.
    And how could you inform people that their votes are public without at the same time telling them how to get access to that info?

    If mbin removes the info, you will get another fediverse software showing it. You will get fediverse activity pub log info pages, specific vote info pages, it will never end.
    Has reddit ever managed to kill the 200ᵗʰ removeddit clone?

    Please instead put your effort into changing the way lemmy federates, the only way to fix this is to make vote details private, between only a select few instances. An mbin dev in the other thread mentioned PeerTube as an example implementation where you could remove vote details like that.


  • This would solve some of the problems. If only 2 instances know about the votes, post instance and sublemmy instance, you can reasonably expect to get most instances to never release that info. It would allow either the sublemmy or post instance to manipulate around in the votes, but most manipulation would be detectable by the respective other instance.

    It would open the door however to manipulating around with internal posts made from the instance in a sublemmy on the instance. And it would allow the post instance to drop votes selectively, though I think that is possible currently all the same.

    Votes being sent to both the sublemmy and the post instance simultaneously would make manipulation a lot harder. And for cases like internal posts, you could add another involved “judge instance” that receives the vote details directly from source, and is merely there to confirm the total. Instances that hand out non-independent “judge instances” could be labeled as untrustworthy in the lemmy community.

    So you end up with a list of instances per post that votes are reported to, to which you add the post instance, sublemmy instance, judge instance, and maybe some more.

    In terms of implementation, I think the activitypub protocol needs an origin for votes, right? I would say an instance can just report the votes coming from a stock of obviously fake accounts, like “masked_upvote_1” to _999999 … and “masked_downvote_1” to _XYZ.
    About the votes, I am not sure. It could be done as a lemmy-internal feature where lemmy instances and other instances knowing of the lemmy protocol send the info to all the relevant instances, while any votes from external instances only arrive at I guess the post instance and that then forwards it on to all other instances. This way the checking doesn’t work for software unaware of that lemmy specific vote implementation, but everything is still compatible.

    You could then even for those lemmy-external votes add an interface on the judge instance, that would confirm via pm if your vote has arrived.

    Do you think this could work?


  • In my case I would like them to be private, but currently they are not. I don’t think it is good to try to hinder the visibility into a fundamentally transparent system.

    I don’t see a technical way to make votes private either, that doesn’t prevent bad actor instances abusing the vote system. As an admin of an instance I could just add 5-10 votes to all of my interactions whenever I feel like it, and noone would be able to tell it didn’t come from legitimate users on my instance. The accounts of vote origin are needed as proof, hence moderators on lemmy having access to them.

    Do you perhaps have any idea how this could be accomplished?









  • Careful, Google is currently forcing apps to migrate from SafetyNet to PlayProtect!
    SafetyNet is used by tons of security theater apps like banking 2FA. It is an API of play services.
    PlayProtect is basically the same but you have to talk to it though google play. This is a blatant move by google to make exactly what OP is suggesting impossible, and means that if you do this, you may soon see many apps break that you are forced to use.


  • Yes, those could be detected.
    Ill see how large that portion is on my system in a bit, but I would expect it to come out as the minority.

    Non-detectible ones I can think of rn:

    • Tab muting manager
    • VPN manager
    • link redirect skippers
    • stats printers, like a tab counter
    • dynamic shortcuts, like opening the archived version of the current page on archive.org
    • old reddit redirect
    • cookie managers

    Many more of the ones you listed won’t be detectable on most websites.

    userscript managers (grease/tamper/violentmonkey etc.)

    A userscript manager is by definition detectible only on pages you define or install a userscript for. Even then, modern userscript managers like tampermonkey are running scripts in a separate scope that is completely sandboxed from the actual websites js context, you can’t even pass an object or function to the website and access it there, it will fail.
    Youtube has actively fought some userscripts and failed, which they probably wouldn’t have if those userscripts were detectible.

    User theme managers should be similar, but I can’t comment on them as I don’t use any.

    page translators

    Translators are only detectible when enabled.

    addons serving in-browser ads

    Why would you have an addon that serves ads?

    site-specific UI improvements (RES, SponsorBlock, youtube/SNS tweaks)

    Are site-specific, i.e. not detectible anywhere else

    privacy blockers (CanvasBlocker/JShelter/etc.)

    Please don’t use those anymore, use only uBo. Same for uMatrix.
    uBo is pretty good about not being detected, for obvious reasons.




  • TPM isn’t all that reliable. You will have people upgrading their pc, or windows update updating their bios, or any number of other reasons reset their tpm keys, and currently nothing will happen. In effect people would see Signal completely break and loose all their data, often seemingly for no reason.

    Talking to windows or through it to the TPM also seems sketchy.

    In the current state of Windows, the sensible choice is to leave hardware-based encryption to the OS in the form of disk encryption, unfortunate as it is. The great number of people who loose data or have to recover their backup disk encryption key from their Microsoft account tells how easily that system is disturbed (And that Microsoft has the decryption keys for your encrypted date).





  • Syncthing is excellent for phone sync.
    What I did was have it running on a system in the network of the nas, mount the nas on that system, and place the backups folder in the nas.

    If you have a system that reliably runs, or can get syncthing running on the nas, I recommend doing that.
    Synology has docker iirc, there aught to be a syncthing container.
    Else, slapping a pi zero into the nas’ network should do the trick and be fully independent of what the nas is.