Conversation
Notices
-
Embed this notice
Sexy Moon (moon@shitposter.club)'s status on Sunday, 05-Nov-2023 19:42:54 JST 
Sexy Moon
Even though I don't NEED another security key (I already have one more than I actually use) I think I am gonna finally buy a NitroKey and try it out because I want to know if it's better. -
Embed this notice
Sexy Moon (moon@shitposter.club)'s status on Sunday, 05-Nov-2023 19:50:43 JST
Sexy Moon
@MK2boogaloo I actually have a FSFE OpenPGP USB device (two in fact) where the hardware and software are fully free but they can only do PGP not FIDO2, OTP etc.
NitroKey hardware and software are both open source, that is one of the reasons I'm looking into it. -
Embed this notice
Avatar of Chaos (mk2boogaloo@freebeerextremist.com)'s status on Sunday, 05-Nov-2023 19:50:45 JST 
Avatar of Chaos
@Moon why are you using proprietary key, Moon? -
Embed this notice
Avatar of Chaos (mk2boogaloo@freebeerextremist.com)'s status on Sunday, 05-Nov-2023 19:55:49 JST
Avatar of Chaos
@Moon that's the problem here Moon, it's not FSF certified. There's no telling what's going to happen to your baby server. Sexy Moon likes this. -
Embed this notice
Sheriff CJ (The Impostor)?? (colonelj@freespeechextremist.com)'s status on Sunday, 05-Nov-2023 23:00:55 JST 
Sheriff CJ (The Impostor)??
@Moon if a fedi admin wanted to plant a tracking cookie into my browser to spy on me, how would they actually accomplish this? mia likes this. -
Embed this notice
(mint@ryona.agency)'s status on Sunday, 05-Nov-2023 23:00:55 JST 
@colonelj @Moon As easy as adding a Set-Cookie header in nginx and then adding a cookie header to logs. i think most modern browsers restrict third-party cookies, so it'll work only when you visit the site directly. mia likes this. -
Embed this notice
Sexy Moon (moon@shitposter.club)'s status on Sunday, 05-Nov-2023 23:45:13 JST
Sexy Moon
@colonelj A fedi admin could not plant a tracker on their instance that could track you across other websites, unless they also controlled those other websites.
A site admin can only read the cookies of sites they control.
Are you concerned about a specific thing you've heard? -
Embed this notice
feld (feld@bikeshed.party)'s status on Sunday, 05-Nov-2023 23:52:05 JST 
feld
@Moon @MK2boogaloo last I looked the Nitrokeys didn't support smartcard -
Embed this notice
Parker Banks (parker@pl.psion.co)'s status on Monday, 06-Nov-2023 00:31:33 JST 
Parker Banks
@Moon @colonelj I thought something similar happened to chudbere/clairebere though. -
Embed this notice
Sexy Moon (moon@shitposter.club)'s status on Monday, 06-Nov-2023 00:31:33 JST
Sexy Moon
@parker @colonelj I thought they got tricked into downloading a Minecraft server plugin with malware in it. -
Embed this notice
Sexy Moon (moon@shitposter.club)'s status on Monday, 06-Nov-2023 00:34:53 JST
Sexy Moon
@feld @MK2boogaloo the only applet I would install on a smartcard would be the pgp applet anyway feld likes this. -
Embed this notice
Parker Banks (parker@pl.psion.co)'s status on Monday, 06-Nov-2023 01:15:36 JST
Parker Banks
@Moon @feld @MK2boogaloo Nah this was before that ever happened. Something about checking what sites she visited. I can't remember though, so likely have some details fuzzy. -
Embed this notice
Sexy Moon (moon@shitposter.club)'s status on Monday, 06-Nov-2023 01:15:36 JST
Sexy Moon
@parker @feld @MK2boogaloo I will say that it is not supposed to be possible. However there have been side-channel attacks where for example, you could put a tracker on your site that makes requests to other sites. the javascript can't read the response but you can time the request somehow, and based on the timing you can determine if it was probably in the user's browser cache already and that tells you they had been to that site before. I don't know if that is still possible but it had been done in the past. -
Embed this notice
feld (feld@bikeshed.party)'s status on Monday, 06-Nov-2023 02:06:28 JST
feld
@Moon @MK2boogaloo that's the one I need too Sexy Moon likes this. -
Embed this notice
(mint@ryona.agency)'s status on Monday, 06-Nov-2023 04:48:40 JST
@PonyPanda @colonelj @Moon Never used it, can't say. I'm using a combination of uBlock+uMatrix, but the latter definely has a learning curve. -
Embed this notice
PonyPanda (ponypanda@freespeechextremist.com)'s status on Monday, 06-Nov-2023 04:48:41 JST 
PonyPanda
@mint @colonelj @Moon is Privacy Badger actually any good? -
Embed this notice
PonyPanda (ponypanda@freespeechextremist.com)'s status on Monday, 06-Nov-2023 04:50:43 JST
PonyPanda
@mint @Moon @colonelj I got uBlock. likes this. -
Embed this notice
Sexy Moon (moon@shitposter.club)'s status on Monday, 06-Nov-2023 10:07:56 JST
Sexy Moon
I don’t know how this would work tbh mia likes this. -
Embed this notice
Sheriff CJ (The Impostor)?? (colonelj@freespeechextremist.com)'s status on Monday, 06-Nov-2023 10:07:57 JST
Sheriff CJ (The Impostor)??
@Moon i'm just going by what they said :cirnoShrug: maybe they were full of shit the whole time, but it is concerning if it's truly that easy to fedi admins to track their users.
<2022-06-27T02:58:23.000Z> [ADMIN 1]: im going to set up a trap in that poast's webserver will log all traffic by that IP and track him around, then we can paint a picture of where he went and what he was trying to do
<2022-06-27T02:58:47.000Z> [ADMIN 1]: but we are going to watch it for a few weeks. he will slip up with referral sites or other cookies that can be tracked and i will find them
<2022-06-27T02:59:00.000Z> [ADMIN 1]: [ADMIN 2] is more autistic about this stuff then i am so i expect results from at least one of us
<2023-02-12T09:19:45.000Z> [ADMIN 1]: this person had a very specific way of searching for shit which made it super easy to find her
<2023-02-12T09:20:13.000Z> [ADMIN 1]: so she moved to another instance -- [NODE 2] -- whos' admin im great friends with and we often work toghether on shit, like this -- which continued tracking her
<2023-02-12T09:20:51.000Z> [ADMIN 1]: we planted a tracking cookie that recorded her steps after leaving poast until she came back to poast and she would frequently namesearch herself on twitter and come back to poast. it was really sadmia likes this. -
Embed this notice
Sexy Moon (moon@shitposter.club)'s status on Monday, 06-Nov-2023 10:56:02 JST
Sexy Moon
@colonelj @marine @ehhh you can't force the browser to do this. -
Embed this notice
Sheriff CJ (The Impostor)?? (colonelj@freespeechextremist.com)'s status on Monday, 06-Nov-2023 10:56:03 JST
Sheriff CJ (The Impostor)??
@ehhh @Moon @marine (particularly if it's a pleroma issue, as it should be patched) -
Embed this notice
Sheriff CJ (The Impostor)?? (colonelj@freespeechextremist.com)'s status on Monday, 06-Nov-2023 10:56:04 JST
Sheriff CJ (The Impostor)??
@ehhh @marine @Moon I've never specifically asked how an admin would go about tracking a user through tracking cookies. even moon is perplexed, or appears to be, at how one could accomplish this. it's a pretty big deal. -
Embed this notice
The Problem :verified_pink: (marine@breastmilk.club)'s status on Monday, 06-Nov-2023 10:56:05 JST 
The Problem :verified_pink:
@ehhh @colonelj @Moon CJ has been asking this same question, in different ways, since before i left. It’s intended to start drama if Moon’s dumb enough to answer it a certain way.
-
Embed this notice
cyberpunklord420 (ehhh@varishangout.net)'s status on Monday, 06-Nov-2023 10:56:05 JST 
cyberpunklord420
@colonelj Really, dude?
@marine @Moon -
Embed this notice
cyberpunklord420 (ehhh@varishangout.net)'s status on Monday, 06-Nov-2023 10:56:06 JST
cyberpunklord420
I think it's normal for people novice to the technical part of security to ask questions like these (unless you're saying that @colonelj has been asking the same question over and over to people for a different reason.)
@marine @Moonmia likes this. -
Embed this notice
The Problem :verified_pink: (marine@breastmilk.club)'s status on Monday, 06-Nov-2023 10:56:07 JST
The Problem :verified_pink:
-
Embed this notice
All GNU social JP content and data are available under the