Notices by Ben Tasker (ben@mastodon.bentasker.co.uk)

@VModifiedMind @neil "Life Needs a Big Network*"

* and a tiny MTU

@dalias @samueljohnson For most of mine, it's not so much the switching as the consumption reporting that's useful - is the tumbledryer/dishwasher/whatever using lots or is it idle?

I have some quacking duck key-caps on the way and I'd like to note that this purchase is _entirely_ @neil's fault

Wait.... so they *could* have been doing more and arresting CEO's *does* work?

Whoodathunk it?

https://www.theverge.com/2024/9/5/24237254/telegram-pavel-durov-arrest-private-chats-moderation-policy-change

@morph @_edent_ I might be misremembering, but I thought they had only allowlisted some of the bigger instances

@_edent_ I see it, but suspect you wont see this

@Pontificator_OMF

I don't think it's a bot in the way you're thinking - I **think** the forwarded reports are just rewritten to come from that account (infosec.exchange runs Glitch). Those 7 reports probably came from actual users (and like @GossiTheDog I can totally see why)

@Pontificator_OMF @GossiTheDog

Weird. If they were reported all at the same time, it might be that someone just ticked loads in the interface - AIUI people used to do that when mass-reporting on Twitter in the hope it'd mean moderators didn't properly review and suspended/blocked

@GossiTheDog

The one "good" thing in this is the comment from the guy about how his son found out, called him a troll and he's done it less out of fear of being labelled.

Sadly, the fact that it's blokes going for an "easy target" is no surprise

@neil Not sure, but I do know they have multiple processors.... they run on 8 ARMs

New #Blog: #Amazon has an Honesty Problem

In which #AmazonUK (with the inadvertant help of #AmericanExpress) attempt to try and screw me out of nearly £500 after someone in Amazon's delivery chain stole our order

Note: I'd greatly appreciate it if people could boost the ever-living hell out of this one to try and stop the next victim from happening

https://www.bentasker.co.uk/posts/blog/opinion/amazon-parcel-contents-get-stolen-and-then-amazon-tries-to-keep-payment.html

#ParcelTheft #UK

@HauntedOwlbear @andycarolan @neil

I have similar concerns about parental control software. So many of the offerings involve location tracking and similar - it's not *right* for a parent to give up their child's privacy like that.

The middle ground I settled on, of all things, was Microsoft Family Safety - they *can* do location tracking but it's off by default (and needs opting into on device).

But it still suffers from over/underblocking like everything else.

Cheeky fuckers.

#Youtube have deployed Javascript that delays video load if the user is using #Firefox

https://old.reddit.com/r/youtube/comments/17z8hsz/youtube_has_started_to_artificially_slow_down/

You know, whilst I'm sure it's technically legal, "We've scraped your email address out of #Git commits and are using AI to point sales people your way" just doesn't feel like it's really in the spirit of #GDPR.

Fun fact: if you fuck up the only entry in .ssh/config you get some very confusing behaviour

$ cat .ssh/config
Hostname gitlabssh.home
IdentityFile ~/.ssh/gitlab.key

What would you expect this to do?

ssh myserver.example.com

It'll open a SSH session to gitlabssh.home.

That first line should be

Host gitlabssh.home

The directive HostName is valid, but overrides the destination connection name. With no "Host" before it, it applies globally.

That was mildly confusing few minutes.

My local police force put #facebook's #tracking code on the pages used to report sexual assaults, domestic violence etc.

What the fuck is wrong with people that even the #Police can't go "maybe giving Facebook a view of this stuff might be a bad idea"

It shouldn't happen on normal sites, but a police site for reporting crime? jfc

https://www.eadt.co.uk/news/23658755.suffolk-police-embroiled-facebook-data-sharing-scandal/

#privacy #security

Well, me being on #Threads didn't last long.

A sum total of 4 posts and they decided I'm not real, then insisted on a selfie (which I begrudgingly provided and they rejected).

Not really motivated to fight for it, there was nothing on there that really engaged me anyway.

New #Blog: Using #BlueSky Features As #Disinformation Tools

It seems they already know about it and don't consider it and don't consider it a #threat, but #ATProtocol and Bluesky have the potential to pose some #InfoSec threats:

- Preview card content is under the control of the poster, so can be populated with #misinformation

- Link Anchor text and destination are controllable by the poster, allowing misleading links to be published

https://www.bentasker.co.uk/posts/blog/security/bluesky-posting-enables-misinformation-and-phishing-campaigns.html

#security #socialmedia

New #blog: Autodetecting and Announcing #Mastodon Scrapers and Crawlers

There've been quite a few #fedisearch issues recently, but the common thread is that there's usually a gap in reporting - they're often live for weeks before people are made aware.

It's not just people's pet projects either, there are other #scrapers active, quietly consuming posts

So, I built a bot to detect and out them so that fedi admins can block as necessary

https://www.bentasker.co.uk/posts/blog/security/autodetecting-and-outing-mastodon-scrapers-with-scrapersnitchbot.html

#infosec #security