Mastodawn

RE: https://infosec.exchange/@SecurityWriter/116305873092655616

if people stopped giving all these corporations their age or id/kyc info and just canceled their subscriptions or accounts for 4 months we'd see how fast they stop asking once those next quarter results show up.

governments would wake up pretty fast with less VAT, GST, and Tax revenue, too. you give them an inch and they will take a mile. cut that inch and cut their source of revenue, and they will all fall in line.

that is the only solution to all these stupid laws.

nixCraft 🐧4h ago

the only time you should hand over your ID like a passport or stuff like that is when you absolutely need to. for example like crossing international borders, opening or operating a bank account or applying for a driver's license. those are all valid cases and highly regulated.

but this for profit corporation will just use your data to target you for profit. they even sold mobile phone numbers used for 2FA to advertisers. can you really trust them now with this nonsense?

Toot Terrorist 4h ago

@nixCraft Why? Don't you want to be next?

https://www.voicemedia.global/article/sweden-s-digital-id-system-hacked-public-s-data-sold-on-dark-web

Sweden’s Digital ID System Hacked, Public’s Data Sold on Dark Web

Frank Bergman Sweden’s sweeping national digital ID system has been hacked, with the public’s sensitive data already being sold on the dark web...

txtx 🇪🇺4h ago

@twit_terrorist @nixCraft Click bait.

"CGI also stated that the attackers accessed an older version of the source code and insisted there was “currently no indication of any impact on customers’ production environments, production data, or operational services. Information to the contrary is not accurate.”

The Swedish Tax Agency echoed that position.

“We take all incidents seriously, but we don’t see anything that affects us right now,” IT Director Peder Sjölander said."

Robin Palotai 3h ago

@txtx @twit_terrorist @nixCraft

> However, cybersecurity experts warn that exposure of source code, even from test environments, can provide attackers with a roadmap to exploit live systems, including authentication flows and security architecture.

This always bugged me.. just as we say open-source is better for security due to the many eyes, shouldn't we say open architecture is better for the same reason?

Yeah, while your arch is closed it is more likely crappy, but that would change fast.

Robin Palotai 2h ago

@txtx @twit_terrorist @nixCraft

I imagine if sufficiently many arch were open, this would fly. It might be a problem for you to be the first one to open up your arch. It could be an invitation for bad actors (or those with incentive to keep security bad) to prove your idea wrong.

txtx 🇪🇺4h ago

@nixCraft I should be able to walk to a post office or bank where, after presenting an ID card, they give me a single use token I can use to prove to an organization I'm a real human — or that I'm of a certain age, etc.

I think this should work well enough even if no personal information is stored on that token.

I would happily join a Mastodon server that only accepts authentic users...kind of like the "blue checkmark" of Twitter but democratized so it's not just celebrities.

nathanael 4h ago

i give the token to a bot...

CC: @[email protected]

txtx 🇪🇺3h ago

@nathanael And there are people who hire a kidnapper, assassin, human trafficker...

I don't need to live in a crime filled world because someone found a clever way to abuse a system.

txtx 🇪🇺3h ago

@nathanael and anyway, who said there's no way to prevent or curtail abuse?

For example: a hypothetical Mastodon server can be set to never accept more than one token per individual. So, ok, some jerk enables one bot. That's not a great success right? The fewer bots there are, the easier they are to fight.

nathanael 3h ago

no i wouldn't. i wanted to show you, that your solution doesn't work like you intend it to work. you don't prove with a token that you are a certain age or are a real human. you just prove that the token was obtained by a real human

CC: @[email protected]

txtx 🇪🇺3h ago

@nathanael To stop 99.9% of bots, this is enough, so it works.

Russians working at a troll factory are creating millions of accounts. Having a few accounts isn't doing much for them.

It should be possible to ban future tokens from an individual as well. Like any good bar, you ban someone from ever coming again if they are a nasty jerk.

txtx 🇪🇺3h ago

@nathanael Every social media site is already or is in danger of becoming infested with propaganda agents, nazis, scammers, etc.

Mastodon hasn't been hit as hard yet because it's not as popular — but from what I've read from server owners, it's heading in a bad direction now.

txtx 🇪🇺3h ago

@nathanael It's no wonder that age verification is so popular amongst the general population. People don't want their kids to turn into nazi q-anon weirdos, as it turns out.

Unfortunately, because much of the tech community is only pushing to maintain the broken status quo, politicians are responding without guidelines from the people who have the knowledge to change things for the better.

This is what happens when we point our fingers while burying our head in the sand.

txtx 🇪🇺3h ago

@nathanael Anyway sorry for the reply deluge. You are not wrong that there are possibilities to abuse this kind of hypothetical system.

I will admit I get a little bit frustrated since I do think that there are valid uses for authentication. I don't like how it's done now, or many of the current proposals.

But if we don't bother brainstorming better solutions, we'll be stuck with whatever is given to us.

nathanael 3h ago

all good. it seems to me that age verification doesn't work. it didn't work when i wasn't allowed to drink alcohol and i can't see it working online...

txtx 🇪🇺2h ago

@nathanael I edited my post to be a little bit friendlier, hope you don't mind 🙏

Justin Crozer 3h ago

@txtx @nixCraft that would work in theory however you will need to trust the vendor for authentication and there would need to be a link from said token to the ID in someway or another even if it’s not on the token itself.

Martin Vermeer FCD 2h ago

@txtx @nixCraft

> I would happily join a Mastodon server that only accepts authentic users

fediscience does that for people who are plausibly research scientists.

@nixCraft I resent having to provide ID for a bank account. I didn't need to when I was 12, why should I need to now (Some 40 odd years later)

Martin Vermeer FCD 2h ago

@hypostase @nixCraft But, you could be a terrorist. Anybody could be a terrorist. Heck, I am probably a terrorist, judging by my posting history 🍉

Darwin Woodka 2h ago

@martinvermeer @hypostase @nixCraft

According to Trump we're all terrorists anyway, so what's the point?

@darwinwoodka o In this household we prefer the term ”freedom fighter”

Darwin Woodka 2h ago

Cool. I'm more of a freedom nonfighter. I don't fight them, I just wait for them to fail miserably so everyone hates them forever.

I already spent all my energy warning everyone what these fuckers were gonna do, nobody believed us so now everyone is finding out.

And I'll expend more energy helping the people who fix things on the way back up.

But I'm too tired to argue with clowns any more.

Brayd 🚩4h ago

@nixCraft true, but most people will never collectively do that.

haui ☭ 🇵🇸3h ago

@brayd
Correct. That is why we have groups like BDS to do it. The "no authority," movement is a fed op.
@nixCraft

Darwin Woodka 2h ago

@brayd @nixCraft

80% of people are just basically sheep who will do whatever they're told. It's up to the 20% of us who are stubborn assholes to fix things for everyone else.

@darwinwoodka @brayd @nixCraft

80%? Thats quite generous.

I'd say its more like 95% :D

Darwin Woodka 2h ago

@ItsePerkele @brayd @nixCraft

You would think, but no. There's a lot more weirdos out there that you think! Most of us are just masking.

@darwinwoodka @brayd @nixCraft

Sure, theres a lot of us. But how many? 2 million? 5 million? 10 million? That's nothing compared to the billions who don't give a shit :D

Maybe its just my pessimism blinding me, I dunno.

Out of curiosity I had a look at firefox add-on numbers. 10 million have installed ublock, less than 2 have installed privacy badger... I know those numbers don't really mean much but I see those as the minimum of what one should have. Those numbers should have a zero or two more

Darwin Woodka 1h ago

@ItsePerkele @brayd @nixCraft

Yeah, most people don't know how to protect their privacy. I think more people would if they understood how.

@darwinwoodka @brayd @nixCraft Aye, I think the problem is that they don't even realize they could. Not that they don't know how.

The amount of times I've been asked "you can block ads on youtube?!" is quite alarming.

Darwin Woodka 1h ago

@ItsePerkele @brayd @nixCraft

Yeah. I use duckduckgo and al the Youtube stuff gets filtered through Duckplayer which strips out all the ads.

@darwinwoodka @brayd @nixCraft ooh didn't know about that. Thanks for informing me.

I recently downloaded the Freetube app, because I changed from Ubuntu to Debian, youtube didn't let me sign in to my account without a phone number. So I decided that I don't need to sign in then. Luckily, Freetube lets me make subscription lists without having a account. As a bonus it doesn't send info to google.

So thanks google for being such a nosy bitch and obsessed with my phone number!<3

Crunchyrice 1h ago

@ItsePerkele @darwinwoodka @brayd @nixCraft
I mean, include me into the list of people who don't use privacy badger. I primarily use a combo of strict u-block, no-script and temp containers.
But to be honest I never looked too far into how well privacy badger works in practice in comparison to blanket blocking scripts and cross site connections or if it's worth the overhead of managing another extension.
Sounds like something for me to look into later, thanks.

@krunchyrice @darwinwoodka @brayd @nixCraft yeah I mean privacybadger is not the only way to go about it. I also just realised that I don't have the badger installed at the moment either lol. I changed browser to Librewolf recently, I guess I forgot some things. But, I think I'll do what you said, look into how useful privacybadger is, on top of everything else I have on.

Darwin Woodka 1h ago

@ItsePerkele @krunchyrice @brayd @nixCraft

Loved the badger but it didn't work well with ublock so I don't use it these days.

@darwinwoodka @krunchyrice @brayd @nixCraft yeah I think I had to tinker with it a bit to get them play nice with each others. I may skip it for now. I'll have to look into how useful it really is if I add it to my current set up.

ItsComplicated 3h ago

People could just make thousands of copies of their secret writings and journals,
personal photos,
maps of every place they go, every place they have been,
license numbers,
social security numbers,
all banking and social accounts, complete contact list of every person ever met,
where they have been employed,
and anything else that makes them who they are.

Box it up and rent a truck.

Take the box of, "what makes you, you", and go the nearest, largest building packed with the most people you have never met and will never see again.

Hand them copies of everything from the box and walk off.

ItsComplicated 1h ago

People wouldn’t actually do this because it’s crazy sounding.

For some reason the equivalent is fine in a digital environment.

Coleen Walter 3h ago

@nixCraft wanting less, buying less. Capitalist economies usually prefer that we don’t reassess our needs vs our wants. It’s very effective for many other issues like environmental impacts of consumption for example.

RantingCanuck 3h ago

@coleenwalter @nixCraft

You've nailed it.

When I was a kid the mantra was 'Reduce, Reuse, Recycle' but corporate pressure has removed the Reduce & Reuse part (which honestly are the most effective, recycling should be the last resort)

Nu Modular 2h ago

@RantingCanuck @coleenwalter Unfortunately, the wealthiest Capitalists have effectively infiltrated educational systems, to further entrench 'single-solve mindsets', that help deter the scalable behavioral ranges required to achieve eloquent civilization.

This is why Democratic Socialist movements are building. It's that 'sustainable middle'.

@nixCraft Puts hand up. Anyone else?

Bruno BEAUFILS 3h ago

If only we started by just denying them the use of all these data we give.

Why the fucking hell do we accept to have so much accounts?

Darwin Woodka 2h ago

@beaufils @nixCraft

It's all backwards, WE should own our data and be charging THEM for access to it.

el Celio 🇪🇺 🇺🇦3h ago

@nixCraft
people are not even able to quit twitter🤣

Sassinake!2h ago

abiding proves you are a 'Good Citizen'™️, which gives you a 1 minute head-start when they purge your neighbourhood of 'useless eaters'.

Toot Ωncommon - SHUT 🇺🇸 DOWN 2h ago

@nixCraft Too bad it will never happen #screenaddiction

Mr. Bitterness 2h ago

Thinkb4u 52m ago

@nixCraft Voting with your wallet is always a good choice. The problem is that the majority of people are so addicted to some products that it is impossible for them to stop using them. They get such a rush such a dopamine hit from various social media or games…

BoloMKXXVIII 35m ago

@nixCraft Everyone is talking like they only use one browser. I use five. All have some kind of extra protection added. I rotate around which browser I use to confuse the bast--ds a bit more.

Amselbock 9m ago

@nixCraft that would be cool but it’ll never happen.
Just like people were complaining about graphics cards costing thousands of moneys but ultimately buying them in droves.

Consumerism is a hell of a drug.