Notices by Ben Tasker (ben@mastodon.bentasker.co.uk), page 2

You know, whilst I'm sure it's technically legal, "We've scraped your email address out of #Git commits and are using AI to point sales people your way" just doesn't feel like it's really in the spirit of #GDPR.

Fun fact: if you fuck up the only entry in .ssh/config you get some very confusing behaviour

$ cat .ssh/config
Hostname gitlabssh.home
IdentityFile ~/.ssh/gitlab.key

What would you expect this to do?

ssh myserver.example.com

It'll open a SSH session to gitlabssh.home.

That first line should be

Host gitlabssh.home

The directive HostName is valid, but overrides the destination connection name. With no "Host" before it, it applies globally.

That was mildly confusing few minutes.

My local police force put #facebook's #tracking code on the pages used to report sexual assaults, domestic violence etc.

What the fuck is wrong with people that even the #Police can't go "maybe giving Facebook a view of this stuff might be a bad idea"

It shouldn't happen on normal sites, but a police site for reporting crime? jfc

https://www.eadt.co.uk/news/23658755.suffolk-police-embroiled-facebook-data-sharing-scandal/

#privacy #security

Well, me being on #Threads didn't last long.

A sum total of 4 posts and they decided I'm not real, then insisted on a selfie (which I begrudgingly provided and they rejected).

Not really motivated to fight for it, there was nothing on there that really engaged me anyway.

New #Blog: Using #BlueSky Features As #Disinformation Tools

It seems they already know about it and don't consider it and don't consider it a #threat, but #ATProtocol and Bluesky have the potential to pose some #InfoSec threats:

- Preview card content is under the control of the poster, so can be populated with #misinformation

- Link Anchor text and destination are controllable by the poster, allowing misleading links to be published

https://www.bentasker.co.uk/posts/blog/security/bluesky-posting-enables-misinformation-and-phishing-campaigns.html

#security #socialmedia

New #blog: Autodetecting and Announcing #Mastodon Scrapers and Crawlers

There've been quite a few #fedisearch issues recently, but the common thread is that there's usually a gap in reporting - they're often live for weeks before people are made aware.

It's not just people's pet projects either, there are other #scrapers active, quietly consuming posts

So, I built a bot to detect and out them so that fedi admins can block as necessary

https://www.bentasker.co.uk/posts/blog/security/autodetecting-and-outing-mastodon-scrapers-with-scrapersnitchbot.html

#infosec #security