GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Notices by Lenny (f09fa681@digitalcourage.social)

  1. Embed this notice
    Lenny (f09fa681@digitalcourage.social)'s status on Friday, 24-Jan-2025 03:44:00 JST Lenny Lenny
    in reply to
    • Michał "rysiek" Woźniak · 🇺🇦

    @rysiek According to https://www.cloudflare.com/network/ there are 330 data centers, so that may make it less accurate in the general case.

    The quality of data-mined locations associated to IP addresses can however result in similarly accurate or inaccurate locations (also depending on the privacy hygiene of the ISP, the user and other devices using the IP). Another anecdotal evidence: I'm sometimes supposed to be in Lausanne according to IP-based geolocation lookup which is ~180km away from me (and some websites switch to French, yay).

    I'll agree it's not the same thing on a technical level, sure, but would need more data to assess whether the location quality is several orders of magnitudes worse as you claim. In the end, it's similarly bad that it leaks.

    In conversation about 4 months ago from gnusocial.jp permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: cf-assets.www.cloudflare.com
      Cloudflare Global Network | Data Center Locations
      Exceptional performance, security and reliability for the modern enterprise, with a vast global network spanning hundreds of cities in 100+ countries.
  2. Embed this notice
    Lenny (f09fa681@digitalcourage.social)'s status on Friday, 24-Jan-2025 00:10:16 JST Lenny Lenny
    in reply to
    • Michał "rysiek" Woźniak · 🇺🇦

    @rysiek I would question the IP address providing more precise information **in general**.

    Looking up my IP from both of my ISPs (mobile and landline) I'm getting a similarly accurate geolocation, one ~30km and one ~40km away from me. The Cloudflare airport code gives me ~30km accurate position. That's an anecdotal report for sure but possibly transferable to the general situation in Switzerland.

    So what am I missing here that makes one an apple and the other an orange?

    In conversation about 4 months ago from gnusocial.jp permalink

    Attachments


  3. Embed this notice
    Lenny (f09fa681@digitalcourage.social)'s status on Thursday, 23-Jan-2025 23:52:16 JST Lenny Lenny
    in reply to
    • Michał "rysiek" Woźniak · 🇺🇦

    @rysiek Whether it's 10km or 100km doesn't matter much to me. The fact that the location is leaking at all is the concerning factor IMO. Signal and Cloudflare simply brushing that away is quite concerning.

    But I want to emphasize that I don't recommend jumping ship from Signal to less secure or similarly affected alternatives either and do support your effort in that respect.

    In conversation about 4 months ago from digitalcourage.social permalink
  4. Embed this notice
    Lenny (f09fa681@digitalcourage.social)'s status on Thursday, 23-Jan-2025 23:43:31 JST Lenny Lenny
    in reply to
    • Michał "rysiek" Woźniak · 🇺🇦

    @rysiek You all remember the WebRTC "IP leak" fiasco from back then, right? Where people could be called on some messengers and before even accepting the call, your own IP would leak to the caller? (And also Natalie Silvanovich showed everyone why it's a bad idea to start the WebRTC state machine prior to accepting a call to everyone because it's a huge attack surface - https://googleprojectzero.blogspot.com/2020/08/exploiting-android-messengers-part-1.html) Pretty much everyone jumped ship back then and agreed it to be a big no no.

    This attack here is pretty much the same thing without the need to even make a call. It is way more subtle and therefore even more severe IMO.

    In conversation about 4 months ago from digitalcourage.social permalink

    Attachments

    1. No result found on File_thumbnail lookup.
      Exploiting Android Messengers with WebRTC: Part 1
      Posted by Natalie Silvanovich, Project Zero This is a three-part series on exploiting messenger applications using vulnerabilities in We...
  5. Embed this notice
    Lenny (f09fa681@digitalcourage.social)'s status on Thursday, 23-Jan-2025 23:38:57 JST Lenny Lenny
    in reply to
    • Michał "rysiek" Woźniak · 🇺🇦

    @rysiek This is downplaying it way too much for my taste. Let me explain:

    The rough location information is usually only available to servers. Now, even though I prefer zero trust, I would argue that trusting a messenger's server to not give away my rough location is way more reasonable than trusting the person that uploaded the data I'm downloading from the server.

    **But in this case, the person that uploaded the data can extract the location I'm downloading it from.** This is big. It takes metadata to a whole different level.

    I also want to quickly respond to the arguments:

    That very rough radius could actually a pretty big deal in less populated areas.

    The second argument is whataboutism. (And there are definitely apps that are not affected.)

    Kinda agree with the third one though.

    ---

    If I were #Signal, I would turn off the caching mechanism for now and urge #Cloudflare to rethink their statement. The privacy protection mechanisms are clearly lacking. Cloudflares position is simply not acceptable.

    In conversation about 4 months ago from digitalcourage.social permalink
  6. Embed this notice
    Lenny (f09fa681@digitalcourage.social)'s status on Saturday, 09-Mar-2024 09:42:08 JST Lenny Lenny
    in reply to
    • Børge
    • Pete
    • Phil (ascentale)

    @ascentale @pete @forteller A3: Obviously "Die Prinzen - Mein Fahrrad"
    https://youtu.be/Dg5y6Q2crXw?si=EwrT-c9YfW0sdFS9

    Some say it's a great and rewarding way to learn German.

    #bikenite

    In conversation about a year ago from digitalcourage.social permalink

    Attachments

    1. Die Prinzen - Mein Fahrrad (Offizielles Musikvideo)
      from Die Prinzen
      Das offizielle Musikvideo der Prinzen zu „Mein Fahrrad“ ► Hier geht's zum Album "Das Leben ist grausam": https://lnk.to/DasLebenID► Hier geht's zur Playlist ...
  7. Embed this notice
    Lenny (f09fa681@digitalcourage.social)'s status on Monday, 18-Dec-2023 05:05:16 JST Lenny Lenny
    in reply to
    • Flüpke

    @fluepke If that doesn't make you an expert, what does? Have you tried?

    Can't speak for the DID people because I dealt with another WG but I can tell you, they weren't exactly known to be very open either but I still got invited. Sometimes it's nice to be surprised. Not all people who work in such WGs are mindless sycophants which close themselves off towards critics, even if they work for a company or towards a goal with questionable ethics.

    In conversation Monday, 18-Dec-2023 05:05:16 JST from digitalcourage.social permalink
  8. Embed this notice
    Lenny (f09fa681@digitalcourage.social)'s status on Thursday, 07-Dec-2023 23:26:26 JST Lenny Lenny
    in reply to
    • Erik Moeller
    • Flüpke
    • Philip McGrath

    @fluepke @LiberalArtist @eloquence We can totally criticise the W3C in many, many areas but let's clarify a few important things:

    - A ton of WG/CG mailing lists are open: https://lists.w3.org/Archives/Public/ It is also possible to participate there.
    - Many WG/CGs use public GH repos and one can make "substantial contributions" by becoming an Invited Expert. This system is far from perfect, obviously, but it does exist.
    - Many of the W3C CGs are open and everyone can join.

    With that out of the way, can you reference the WG or CG you're talking about which denied public access to the mailing list and severely restricted individual contributions?

    Edit: You're probably referring to https://www.w3.org/2019/did-wg Their mailing list is publicly available here: https://lists.w3.org/Archives/Public/public-did-wg/ Spec repo is here: https://github.com/w3c/did-core and creating issues is allowed (this is how I got invited to another group btw).

    In conversation Thursday, 07-Dec-2023 23:26:26 JST from digitalcourage.social permalink

    Attachments

    1. No result found on File_thumbnail lookup.
      W3C Public mailing list archives
    2. No result found on File_thumbnail lookup.
      W3C DID Working Group
      The mission of the Decentralized Identifier Working Group is to standardize the DID URI scheme, the data model and syntax of DID Documents, which contain information related to DIDs that enable the aforementioned initial use cases, and the requirements for DID Method specifications.
    3. No result found on File_thumbnail lookup.
      public-did-wg@w3.org Mail Archives
    4. Domain not in remote thumbnail source whitelist: opengraph.githubassets.com
      GitHub - w3c/did-core: W3C Decentralized Identifier Specification v1.0
      W3C Decentralized Identifier Specification v1.0. Contribute to w3c/did-core development by creating an account on GitHub.
  9. Embed this notice
    Lenny (f09fa681@digitalcourage.social)'s status on Tuesday, 01-Aug-2023 20:00:43 JST Lenny Lenny
    in reply to
    • Puniko ?
    • Threema
    • KBreker

    @puniko @threemaapp @KBreker Ich bezweifle, dass deine Antwort verstanden werden wird. 😂 Ohne das Schweizerdeutsche regelmässig gehört zu haben, keine Chance das zu decrypten.

    In conversation Tuesday, 01-Aug-2023 20:00:43 JST from digitalcourage.social permalink

User actions

    Lenny

    Lenny

    Random 🦁 on the internet. Avid cyclist. Working at @threemaapp.Be prepared to see wildly varying posts from me on software engineering, politics, urbanism, cycling, gaming, mental health and a surprising amount of rants about noise.

    Tags
    • (None)

    Following 0

      Followers 0

        Groups 0

          Statistics

          User ID
          156256
          Member since
          1 Aug 2023
          Notices
          9
          Daily average
          0

          Feeds

          • Atom
          • Help
          • About
          • FAQ
          • TOS
          • Privacy
          • Source
          • Version
          • Contact

          GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

          Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.