Luka Rubinjoni

@rubinjoni
183 Followers
681 Following
12.1K Posts
Vesti la giubba
CallsignYU4ETE
VeilidChat(beta)Connect with Luka R. on VeilidChat! --- BEGIN VEILIDCHAT CONTACT INVITE ---- ClMKLw0wRExWEigNvo-etRUAgnT0HTQDUQwljwEC Oi1swA_ANchxnXM9-ndfs0VFo60EEiAjJJgeXMmB JNH-s-TquyQLmO8n5UZW3FSPEFIL_ucnjRJRDVha pJcVKvEdsx3rStCeJSiWaTMt-VTYFjWaGciJPb4d ZjlFF0XYhE0jzM
Cwtchlozkx2dws2v4ronsovtxhqfqj5o7ilptcpub74yhd2bey44j5fblr3id
Luka Rubinjoni4h ago
Pusher of Pixels5h ago

So that White House App they just released? this won't come as a shock but hoo boy is it a treasure trove of terrible security and outright fraud to mine your data and track your location

#WhiteHouse #Trump

https://blog.thereallo.dev/blog/decompiling-the-white-house-app

The official White House Android app:

Injects JavaScript into every website you open through its in-app browser to hide cookie consent dialogs, GDPR banners, login walls, signup walls, upsell prompts, and paywalls.

Has a full GPS tracking pipeline compiled in that polls every 4.5 minutes in the foreground and 9.5 minutes in the background, syncing lat/lng/accuracy/timestamp to OneSignal's servers.

Loads JavaScript from a random person's GitHub Pages site (lonelycpp.github.io) for YouTube embeds. If that account is compromised, arbitrary code runs in the app's WebView.

Loads third-party JavaScript from Elfsight (elfsightcdn.com/platform.js) for social media widgets, with no sandboxing.

Sends email addresses to Mailchimp, images are served from Uploadcare, and a Truth Social embed is hardcoded with static CDN URLs. None of this is government infrastructure.

Has no certificate pinning. Standard Android trust management.

Ships with dev artifacts in production. A localhost URL, a developer IP (10.4.4.109), the Expo dev client, and an exported Compose PreviewActivity.

Profiles users extensively through OneSignal - tags, SMS numbers, cross-device aliases, outcome tracking, notification interaction logging, in-app message click tracking, and full user state observation.

I Decompiled the White House's New App

The official White House Android app has a cookie/paywall bypass injector, tracks your GPS every 4.5 minutes, and loads JavaScript from some guy's GitHub Pages.

Thereallo
Luka Rubinjoni20h ago
Jan Wildeboer 😷23h ago
In 2019, on March 26th, the EU Parliament confirmed the TRAN ( European Parliament Transport and Tourism Committee) decision to support the EU commission proposal to get rid of the summer/winter clock change. So tonight we will enter year 8 of waiting for the Council of the European Union to do their part in the process so we can finally rid ourselves of this useless theater. #ThanksEU
Luka Rubinjoni21h ago
XKCD Bot1d ago
#3225 - Satellite Pollution
Luka Rubinjoni21h ago
Show threadNeil Brown1d ago

Perhaps I am some kind of dangerous computer radical these days, thinking that one should be able to buy or make a computer, install one's choice of OSs and software, create a local user account, and get on with one's affairs, privately and without interference.

Quiet enjoyment of one's computer.

* No age or ID verification

* No jumping through hoops to install software, or third parties restricting the software that one can run

* No third party accounts

Luka Rubinjoni21h ago
Neil Brown1d ago
The idea that one should be forced to verify one's age or identity to use one's own computer absolutely baffles me.
Luka Rubinjoni23h ago
Helen1d ago
Shout out to my colleague who, when asked in the work chat "has anyone left their work iPad here," responded with "if the passcode to it is [6-numbers] then yes" and caused a cyber security breakdown at 9pm on a Friday 👌
Luka Rubinjoni1d ago
MissConstrue1d ago

https://www.bellingcat.com/news/2026/03/26/us-iran-mines-israel-village-missile-munitions-weapons-war-conflict/

RED FUCKING ALERT

The United States is dropping land mines around villages in Iran. Images posted to social media Thursday show what experts said are U.S. land mines dispersed across a residential area in southern Iran, in what appears to be the first instance in more than two decades of American forces using the weapons.

The photos show American BLU-91/B anti-tank land mines, which are released from an aircraft as part of the Gator mine scattering system, according to four munitions experts who reviewed the imagery at The Washington Post’s request. The United States is the only party in the Iran war known to possess the system.

LAND MINES ARE A WAR CRIME! What in the actual fuck are we doing here? This is a violation of law, of sense, and of humanity. Den Hague for everyone involved.

#landmine #us #warcrimes #iran

Evidence Points to US Scattering Mines over Iranian Village - bellingcat

US appears to have deployed the Gator Scatterable Mine system over Kafari, a village near Shiraz, Iran.

bellingcat
Luka Rubinjoni1d ago
Show threadGideon Hallett1d ago

This is also a safeguarding issue.

As I found out yesterday, one of the things locked down in 26.4 is that Content and Privacy Restrictions is locked on. You need to pass age verification to change it. Until I can prove I'm over 18, all of these features like location sharing are enabled and I can't disable them. For me, it's an annoying inconvenience.

For someone vulnerable in an abusive domestic situation - this could be considerably more serious. (5/7)

Luka Rubinjoni1d ago
Show threadMr. 10572d ago
Seeing somebody dressed in a tacky tiger stripe leotard covered in bright orange faux fur was NOT why I bought tickets to see Cats.
Luka Rubinjoni2d ago
Show threadMatt Blaze2d ago
In other words, restricting the elevator in this way is a bad tradeoff. It makes it harder for guests to visit their friends on other floors, but it reduces the complexity for an outsider burglar from O(|rooms|) to O(|floors|) + O(|rooms_per_floor|), a much more feasible search space.