Jernej Simončič �

@jernej__s@infosec.exchange
249 Followers
147 Following
21.2K Posts
Websitehttps://eternallybored.org/
Show threadJernej Simončič �23m ago
@britt Was this in Office, or Print to PDF? If it was in Office, would you mind showing the version number (visible in File → Account → About, it should say something like Version 2506 (build 18925.20138 click-to-run), Current channel?
Show threadJernej Simončič �28m ago
@veroandi @kateyagi https://www.xda-developers.com/brave-most-overrated-browser-dont-recommend/
Brave Browser is the most overrated browser out there, and I don't recommend using it

When it comes to browsers, Brave is touted as one of the best when it comes to privacy, even though it shouldn't be.

XDA
Jernej Simončič �1h ago
Eniko Fox11h ago
Jernej Simončič �1h ago
Asahi Lina (朝日リナ) // nullptr::live13h ago

Yes, a file full of zero bits transfers faster over USB2.0 than a file full of one bits.

I've known this forever but it still feels ridiculous when you actually test it and it's true!

USB truly is cursed.

Jernej Simončič �1h ago
The Icarian7h ago
Jernej Simončič �4h ago
Cactuar Joe2d ago
Happy horse on Mars day!
Show threadJernej Simončič �5h ago
@flowxy @Aedius Still better than using <div> and javascript to simulate buttons and links.
Jernej Simončič �7h ago
lcamtuf   1d ago
It is sometimes difficult to decide if a particular site is worth your time. This is why it's important for authors to include endorsements from other experts in the field.
Jernej Simončič �7h ago
Neil Craig11h ago
Yeah, thanks Jira.
Jernej Simončič �7h ago
Frederik Braun �12h ago

"Belgium is unsafe for CVD" - https://floort.net/posts/belgium-unsafe-for-cvd/ by @floort

Do you want full disclosure, Belgium?
This is how you get full disclosure.

(cf. https://mastodon.social/@floort/114806039846236450)

Belgium is unsafe for CVD

This post is about the reason I will probably never try to warn any organisation in Belgium about any vulnerability again. Recently I have been dealing with an attempt at coordinated vulnerability disclosure (CVD) with an organisation in Belgium. This post is not about that, because I’m not allowed to write about it. This post explains why I believe Belgium is unsafe for people trying to do CVD. I believe it’s important to warn others so that they know what to expect and can decide for themselves.

Floort.net
×
Bob Young2d ago

Adobe is now processing all your PDFs in the cloud, by default. The setting to “Enable generative AI features in Acrobat” was on, and I didn’t know it until I opened a document and Adobe asked me if I wanted a document summary. It’s annoying to have to click “No,” so I opened settings to disable the prompt.

THE PROBLEM
I sign Non-Disclosure Agreements for many of my clients. Adobe is a potential leak of protected information. I don’t know what Adobe does with this information. I don’t know what they store, or for how long. I don’t know what country (or countries) the data is stored in. I don’t know what LLMs are trained with this data. And I don’t need to know. What I need to know is that they won’t use default opt-in as a legal excuse to wiretap my information.

I recommend that you check your Adobe settings on all devices, for all Adobe accounts.

#CallMeIfYouNeedMe #FIFONetworks

#cybersecurity

Show threadbesselj2d ago
@fifonetworks I didn't see the option in Adobe reader because I reverted to the classic UI the day they first introduced the AI assistant. Maybe it's also because I don't sign in to Adobe
Show threadtsk2d ago

@fifonetworks But there is something you now know, that you didn't before...

Adobe is yet another data-felching rat bastard corp.

This is why, as you may recall, I take issue with the lack of clear local-remote boundaries in how IT products are presented. A FOSS app store like F-Droid will make the distinction clear, but that appears to be the exception.

Show threadtsk2d ago

@fifonetworks IIRC, #Adobe was considered the no. 3 adtech platform circa late-2010s, and their magic vehicle for tracking ad exposure was #Acrobat.

AI is a new justification to turbo-charge the process of grabbing users' private information.

Show threadBert Koorengevel2d ago
@tasket @fifonetworks
Wasn't it Flash on half of the web pages?
Show threadMartin Vermeer FCD2d ago
@tasket @fifonetworks One approach is to just bring down your Internet connection while working. If that doesn't work, you know that that is not software you should be using.
Show threadCaleb Maclennan2d ago
@martinvermeer @tasket @fifonetworks Abolutely insufficient protection. That only weeds out the poorly coded things that assume synchronous always on connections, not the much more robust and insidious ones that have background asynchronous attempts to make connections, gracfully degrade features when unavailable, and may queue up telemetry or data exfiltration for when the network comes up.
Show threadSu_G2d ago

@fifonetworks

It's too bad Adobe is alienating some of their most influential customers like this. What do they gain? A reputation for stupidity (failure to understand customers, customer needs; treating all the same, 'one size fits all" & all that) & evil (do the worst that will offend the most by default). It's not as if there's that much 'customer loyalty' left in the bag... & equivalent or better s/w exists In many cases (hello Affinity!). You have to hope Adobe will get better advice/ advisors at some stage. But don't hold your breath. 😐

Show threadVassil Nikolov2d ago

> What do they gain?

One possibility is a feeling they have jumped on the right bandwagon, illusory though it may be.

@Su_G @fifonetworks

Show threadRoman Oswald2d ago
@fifonetworks I recommend to use other software. Ditch Adobe.
Show threadElectron Wizard2d ago
@roman78 @fifonetworks And in addition to simply saying 'ditch Adobe', check out https://m.youtube.com/watch?v=lm51xZHZI6g James Lee did a great video on switching to a different work flow! And for a simple and dumb (Windows based) PDF Reader: Sumatra PDF Viewer
How I Broke up with Adobe

YouTube
Show threadAxel Leroy2d ago
@electron_wizard @roman78 @fifonetworks or just your your web browser, they all read PDFs by default and most of them can annotate and modify documents now.
Show threadD. B. Stuck2d ago

@electron_wizard @roman78 @fifonetworks

I forgot about Sumatra. It was my go to in my Windows days. There's even a portable app version. Throw it on a USB drive or a dropbox account and take it wherever.

Show threadElectron Wizard2d ago
@MyWoolyMastadon @roman78 @fifonetworks It's used a lot by the professors at the university I work at, since it can open up 1000 page PDFs with ease!
Show threadHannah Steenbock2d ago

@electron_wizard

Thank you. I just switched out the Adobe PDF Reader for Sumatra, because of your post.

One less big tech program on my computer.

@roman78 @fifonetworks

Show threadElectron Wizard2d ago
@Firlefanz @roman78 @fifonetworks Glad to hear. Although forms can't be filled out, it can open up 1000 page PDFs without any issues. It has some simple annotation stuff, although the user experience is a bit rocky in that regards.
Show threadHannah Steenbock2d ago

@electron_wizard

Truth is, I mostly need something to look at my receipts and stuff when I do bookkeeping. Can't remember the last time I filled in a form.

I'm sure there are other options if I ever have to.

Show threadjoël11h ago

@Firlefanz @electron_wizard Foxit is okay-ish if you need to fill out form or want to use a lot annotations. most browsers can deal with pdf forms, too.

But Sumatra is really really good for reading.

Show threadsanpan2d ago
@electron_wizard @roman78 @fifonetworks I´ve been using PDF Xchange editor for 15 years now. The first thing I do with a new PC at work is deinstalling Adobe. I used to hate them for being bloated, than for their pricing (I know their PDF reader is free, I couldn´t break my habit though), now for their AI slob.
Show threadMartin2d ago
@roman78 @fifonetworks I use PDFGear and got rid of all Adobe things.
Show threadWolf Munroe ☎2d ago

@fifonetworks

Adobe is a trash company. I'm surprised there's an option to disable the AI feature.

Years ago I wanted Acrobat Reader to stop putting a shortcut on my desktop every time it updated (roughly monthly). AdobeCare told me to install another Adobe software (an administrative policy editor, basically) to make the change as I couldn't do it in Acrobat Reader itself. I couldn't make heads or tails of that program.

I'm on Linux now though, so I should be safe. No Adobe here.

Show threadDeManiak 🇿🇦2d ago

@munroe @fifonetworks gotta say - moving to linux to esape Adobe... that is a whole mood.

I do understand it tho!

Show threadWolf Munroe ☎2d ago

@kaasbaas @fifonetworks

Oh, I didn't move to Linux to escape Adobe, it's just a side benefit.

I just jumped off Windows 10 early (mid-2023) when they announced End-of-Life. I had kind of wanted to switch when I bought this PC in 2019 but I wasn't ready to commit at that point. In 2019 I got this PC and it came with Windows 10. I had used WindowsXP before that, long past its End-of-Life. Now I don't remember why it took me so long to commit to the switch to Linux.

Show threadDeManiak 🇿🇦2d ago

@munroe @fifonetworks nice.

for me, I took one whiff of that stupid Win8, and I made the jump.

Been dual booting for a while before that with the Last Good Windows (7).

I feel for folks trapped in windows by some obscure software requirements (or work compliance reasons)

Show threadWolf Munroe ☎1d ago

@kaasbaas @fifonetworks

I stuck with XP for so long because I had to use Vista at work for awhile and really did not like it. (I always ran XP in the gray/boxy Win9x desktop mode, as I also think the green/blue XP is garish.)

When Win7 came out, I heard good things, but the turn-over to Win8 was so fast that I was still on XP. When Win10 came out and I heard it was "the last version of Windows" I was like "Well, they're going to a subscription model" so I avoided it for many years.

Show threadWolf Munroe ☎1d ago

@kaasbaas @fifonetworks

I wanted to go to Linux rather than Win10, but I did want to use the computer for games and in 2019 I don't know if Linux+Proton was ready yet. So I stayed on Windows.

So with Windows11, when I was finally on Windows10 (which turned out to be relatively OK aside from all the online integration), I couldn't see any benefit to the consumer for the upgrade. All the benefit was to Microsoft with a new money grab and more telemetry.

So I finally got to Linux. Yay!

Show threadDan Gordillo2d ago

@kaasbaas @munroe @fifonetworks anyway, you can use the most of free software alternatives also with Windows.

Therefore, gnu/Linux is better option ;P

Show threadslembcke2d ago

(Edit! I thought Adobe bought Figma a few years ago, but apparently the merger failed. My bad…)

@fifonetworks They’ve also been training AI on user documents for Figma for almost a year now. It’s opt out! https://help.figma.com/hc/en-us/articles/17725942479127-Control-AI-features-and-content-training-settings

Honestly it’s merely a matter of time before they do it with Creative Cloud too. Too few seems to care… :-/

Control AI features and content training settings

Who can use this feature Available on all paid plans  Note: Figma’s AI features are currently free while in beta, but usage limits may apply. When made generally available, Figma AI will be...

Figma Learn - Help Center
Show threadEivind A. Johansen2d ago
@slembcke
Figma is not Adobe.
Show threadHanneke2d ago
@Arnstein @slembcke I thought Adobe bought them, but I looked it up and apparently the deal was cancelled. (posting this for other people having the same thought)
Show threadslembcke2d ago
@h5e @Arnstein Same. Whoops. My bad.
Show threadDimitris2d ago
@fifonetworks Use pdf x-change editor. It's faster and without AI crap.
Show threadDr Neenah Estrella-Luna2d ago
@Eglaf @fifonetworks Jumping in to second this. If you're using Windows, PDF exchange is a perfect replacement.
Show threadDr Neenah Estrella-Luna2d ago
@Eglaf @fifonetworks To add, I too have a lot of cybersecurity concerns, including NDAs that I have with my clients. PDF X-change does everything I need without the AI and surveillance BS.
Show threadK4mpfie2d ago
@fifonetworks But this is only happening when you log in?
Show threadBert Koorengevel2d ago
@K4mpfie @fifonetworks
I don't think so.
NB: logged in to what? My own PC, that is?
Never knew reading a PDF required an account somewhere...
Show threadK4mpfie2d ago
@bertkoor @fifonetworks No 🙈 I meant logged into an Adobe Account. The question really is: Does Adobe use your files to train it's AI even if you just use the PDF Viewer without an Adobe account
Edit: I know it's not required to have an Adobe Account to open Adobe PDF Viewer, but this vulnerability gets way worse if Adobe scan every PDF that you open it in their program
Show threadOS-SCI2d ago
@fifonetworks I stopped using Adobe products many years ago. For Pdfs I use LibreOffice Draw and i am quite satisfied with it. May the Foss be with you.
Show threadOliver Schafeld2d ago

I don't need advanced PDF editing options so I'm quite happy with using Skim instead of Acrobat Reader.

https://skim-app.sourceforge.io

I switched from Adobe Creative Suite to Affinity (one-time purchase instead of monthly subscription). Occasional Photoshop users could even try this free web app: https://www.photopea.com

Skim | Home

Skim project web page

Show threadCHB2d ago
@fifonetworks Thank you for highlighting this. Have to check those settings!
Show threadUlrike Walter-Lipow2d ago
@fifonetworks Thank you for this!
Show threadBobDevney2d ago

@fifonetworks

Yikes.

Although all three Generative AI boxes were unchecked (set to off) when I looked in my settings, so apparently not on by default in the case of my account. Whew. But thanks, will look again every so often.

Show threadAndreas Fink2d ago
@fifonetworks the solution is to not use any Adobe products at all. I have uninstalled all from Adobe once they moved to rental. And my adobe account was leaked as well (I only used it once when installing Photoshop because there was no other option). Adobe is not trustworthy. Period!
Show threadstaringatclouds2d ago
@afink @fifonetworks Would gimp do ?
Show threadMrGrumpyMonkey2d ago
@staringatclouds @afink @fifonetworks Add Krita to this as an alternative option.
Show threadMvRiederberg2d ago
@fifonetworks @inthehands I used Adobe since Illustrator 4.0. Leaved now.
Show threadMillenial Witch2d ago
@fifonetworks The unfortunate thing is that you can assume that they will use whatever data they can get and/or infer about you, and then sell it under the guise of anonimization to a company/companies that will later use it in a way that's impossible the predict now, but which for sure will coax you into buying a future product/service that you most likely don't really need 
Show threadKarl Heinz Häsliprinz2d ago
@fifonetworks PDF was a bad idea since a veryyyy long time. Maybe people can stop using it now?
Show threadEzekiel 2d ago
@KarlHeinzHasliP i don’t think this post has anything to do with PDF being a good or bad product
Show threadMillenial Witch2d ago
@fifonetworks and the idea that it's a default setting is outrageous in and of itself. Just think about it: a corporation that only purpose is to make more money to stakeholders, gets access to your data (and everyone else) because they decided that they have the right to it. And it's not only Adobe, but all of them: Google, Meta, Apple and the lot.
Show threademily, blinkenlight witch2d ago
@fifonetworks The "your documents will be processed in the cloud" sentence you have that line pointing at says that happens *when you use generative AI features on them*. It doesn't say they'll preemptively process things before you've done so.

Still worth turning off to prevent misclicks, but "every document you view" is a mischaracterization of what's described in that text.
Show threadTom_Huth2d ago

@fifonetworks What will this mean to Adobes business with European customers, which currently seeking a independence and sovereign place for their processing and data?
At least AWS and Microsoft have reacted by announcing a more independent data-center in the EU. Now Adobe is constructing a short cut for (sensible) data? For AI Learning?

WTF Adobe 😡.
We should advise not to use their products anymore!
This kind of hidden feature is just impudence.
Trusting Adobe? 🤪 A joke

Show threadTom_Huth2d ago

@fifonetworks Just a second aspect for everyone.

Have you implemented it (data loss prevention tool) and you using it effectively and company-wide for data loss prevention?
May you have to think again, thanks to the Adobe short circuit.
Ultimately, if you read AI in the product description, you should proceed as you would with medication: Ask your doctor or pharmacist about risks and side effects.
(Security doctor and Professor privacy)😉

AI does not forget!

Show threadShred1d ago
@Tom_Huth I'm so old that I still remember the Adobe Flash Player. When it comes to "trust", Adobe isn't exactly the first company that springs to my mind. 😆 @fifonetworks
Show threadTom_Huth1d ago
@shred @fifonetworks Exactly, and yes I remember Adobe Flash as well.
Show threadAlbert Cardona2d ago
@fifonetworks Given such practices from Adobe, there's no expectation that they'll respect the setting, or come up with a new way to undermine the user's choice in the future. The only sensible path forward is to stop using Adobe products altogether. There are plenty of alternatives.
Show threadEl Duvelle2d ago

@albertcardona @fifonetworks ...what's a good Adobe alternative for reading and signing PDFs? 🥹

Edit: on windows

Show threadDan Goodman2d ago
@elduvelle @albertcardona @fifonetworks Firefox is pretty good. Probably can't do digital signing but you can draw a signature with it.
Show threadIris Young (he/they/she) (PhD)2d ago
@neuralreckoning @elduvelle @albertcardona @fifonetworks I love Xodo for all things pdf. I use it for annotation on ipad and it's supported across mac, windows, linux and android as well.
Show threadDan Goodman2d ago
@iris @elduvelle @albertcardona @fifonetworks expensive though!
Show threadEl Duvelle2d ago
@neuralreckoning @iris @albertcardona @fifonetworks indeed!!