Whoa - @Waffle_Real has open-sourced MDXfind!

https://github.com/Cynosureprime/mdxfind

#MDXfind

🏆 Nominations are OPEN for the 2026 Caspar Bowden Award!

Do you know a groundbreaking paper in Privacy-Enhancing Technologies? We want to see it.

- Eligibility: Papers published between April 1, 2024 – March 31, 2026.

- Deadline: May 08, 2026

- Nominate: https://submit.petsymposium.org/award2026/

More details: https://petsymposium.org/award/cfn.php
#PETS2026 #CasparBowdenAward

I know that bad news is coming when a co-worker messages me with "You're gonna be so mad..."

Grammarly has rolled out an AI-powered "expert review" feature where its simulacrum of me makes suggestions for your text. My real edits are usually along the lines of "Throw this into the sea."

You're paying AI companies a monthly subscription fee to be fingerprinted like a parolee.

I got bored and ran uBlock across Claude, ChatGPT, and Gemini simultaneously.

Claude:

• Six parallel telemetry pipelines.
• A tracking GIF with 40 browser fingerprint data points baked into the URL, routed through a CDN proxy alias specifically to make it harder to block.
• Intercom running a persistent WebSocket whether you use it or not.
• Honeycomb distributed tracing on a chat UI because apparently your conversation needs the same observability stack as a payments microservice.

ChatGPT:

• proxies telemetry through their own backend to hide the Datadog destination URL from blockers.
• uBlock had to deploy scriptlet injection — actual JS injected into the page to intercept fetch() at the API level — because a network rule wasn't enough.
• Also ships your usage data to Google Analytics. OpenAI. To Google. You cannot make this up.
• Also runs a proof-of-work challenge before you're allowed to type anything.

Gemini:

• play.google.com/log getting hammered with your full session behavior, authenticated with three SAPISIDHASH token variants, piped directly into the Google identity supergraph that correlates everything you've ever done across every Google product since 2004.
• Also creates a Web App Activity record in your Google account timeline. Also has "ads" in one of the telemetry endpoint subdomains.

When uBlock blocks Gemini's requests, the JS exceptions bubble up and Gemini dutifully tries to POST the error details back to Google. uBlock blocks that too. The error messages contain the internal codenames for every upsell popup that failed to load.

KETCHUP_DISCOVERY_CARD.
MUSTARD_DISCOVERY_CARD.
MAYO_DISCOVERY_CARD.

Google named their subscription upsell popups after condiments and I found out because their error handler snitched on them.

All three of these products cost money.
One of them is also running ad infrastructure.

Touch grass. Install @ublockorigin

#infosec #privacy #selfhosted #foss #surveillance

A couple of months ago a family friend had a very serious health issue and he couldn't move or speak much. So I put together a web app with a set of phrases, connected to a game controller, in a way that he could just select phrases from the list to communicate. Luckily this person got better quickly, and this app was no longer needed, but I decided to improve this experiment and publish it as an Open Source project.

So, this is VoxEase. It can be operated with a mouse, a touch screen, a computer keyboard, a game controller using a single hand, or you can set it to scan the list of phrases automatically so you only need to press one button to pick your phrase.
It only requires a modern browser and once downloaded it works offline.
It supports multiple languages and it can also be used by people with sight impairments (it works with screen readers).

Any suggestions on how to make it better are welcome!

Link: https://turisc.github.io/voxease/

#openSource

The new AirTags 2 just arrived!

Time to take them apart 🧵