Just some Internet guy

He/him/them 🏳️‍🌈

  • 1 Post
  • 644 Comments
Joined 2 years ago
cake
Cake day: June 25th, 2023

help-circle

  • The website requests an image or whatever from 27748626267848298474.example.com, where the number is unique for the visitor. To load the content the browser has to resolve the DNS for it, and the randomness ensures it won’t be cached anywhere as it’s just for you. So it queries its DNS server which queries your DNS provider which queries the website’s DNS server. From there the website’s DNS server can see where the request came from and the website can tell you where it came from and who it’s associated with if known.

    Yes it absolutely can be used for fingerprinting. Everything can be used for fingerprinting, and we refuse to fix it because “but who thinks of the ad companies???”.



  • It’s going to depend on how the access is set up. It could be set up such that the only way into that network is via that browser thing.

    You can always connect to yourself from the Windows machine and tunnel SSH over that, but it’s likely you’ll hit a firewall or possibly even a TLS MitM box.

    Virtual desktops like that are usually used for security, it would be way cheaper and easier to just VPN your workstation in. Everything about this feels like a regulated or certified secure environment like payment processing/bank/government stuff.


  • but I’m curious if it’s hitting the server, then going the router, only to be routed back to the same machine again. 10.0.0.3 is the same machine as 192.168.1.14

    No, when you talk to yourself you talk to yourself it doesn’t go out over the network. But you can always check using utilities like tracepath, traceroute and mtr. It’ll show you the exact path taken.

    Technically you could make the 172.18.0.0/16 subnet accessible directly to the VPS over WireGuard and skip the double DNAT on the game server’s side but that’s about it. The extra DNAT really won’t matter at that scale though.

    It’s possible to do without any connection tracking or NAT, but at the expense of significantly more complicated routing for the containers. I would do that on a busy 10Gbit router or if somehow I really need to public IP of the connecting client to not get mangled. The biggest downside of your setup is, the game server will see every player as coming from 192.168.1.14 or 172.18.0.1. With the subnet routed over WireGuard it would appear to come from VPN IP of the VPS (guessing 10.0.0.2). It’s possible to get the real IP forwarded but then the routing needs to be adjusted so that it doesn’t go Client -> VPS -> VPN -> Game Server -> Home router -> Client.




  • The fediverse is plainly just not appropriate for this. The ActivityPub makes too many assumptions that the data is fully public.

    End-to-end encryption: Encrypt all user communications, private messages, and sensitive data

    That could work probably, it’s a lot of work and will break interoperability but could be done. You’d still have to vet your users very well though, which might contradict the next point. It takes one user to leak everything.

    Anonymous accounts: Allow users to create accounts without requiring personally identifiable information (PII), such as email or phone numbers. How can we balance this with the need to combat spam?

    There’s a fair amount of instances already that will let you sign up with a disposable email

    Tor and VPN Integration: Ensure compatibility with privacy tools like Tor, and provide guidance on using VPNs.

    A fair chunk of instances already allow VPN/Tor traffic. The bigger ones don’t because of spam and CSAM and all that crap, but even Reddit is fully functional over a VPN.

    Remove or minimize data collection, including IP addresses, geolocation, and device information. No web server logs.

    That’d be very hard to enforce, and the instance owners have to do some collection for the sake of being able to handle lawsuits and pass the blame. But you can protect yourself using a VPN or Tor.

    Ephemeral content: auto-deleting posts, messages, etc after a set period.

    As an admin, I can literally just restore last month’s backup and undelete everything that got deleted. If someone’s seen it, you must assume it can at minimum have been screenshot.

    Instance chooser that flags which instances are in unsafe countries.

    Anyone can get a VPS in just about any country, so you’d have to personally verify the owner which is PII and probably one of the most vulnerable part of the group. You take down the owner you take down the whole thing.

    Once again however users have plenty of choices already for that, if you trust your instance’s admins.

    Defederate from instances in unsafe countries?

    Same as previous point. Plus, one can still use the API to fetch the content anyway.

    Better opsec around instance owners, admins and moderators

    Also pretty hard to enforce.



  • Lemmy is decentralized, there is no singular Lemmy as a whole unless you’re talking specifically about the server software. As a user you interact with your home instance, in your case lemmy.world.

    Most connectivity problems and slowdowns are instance-specific unless you’re talking about a federation problem specifically, for example you posted but it doesn’t show up on other instances, that’s a problem between your instance and the community’s instance.

    In your case you most likely just hit something on lemmy.world’s side. Lemmy as a whole is way too small for them to even care about it.

    I’ve been having sub second response times consistently on mine. This post submitted instantly.










  • Why is this always the argument that comes up? It’s like if foreign people came by thousands to post the 9/11 attacks on american media to test the free speech. Most would take it down, some might stay up, but it’s ultimately still very disrespectful and upsetting for a lot of people.

    You can enjoy a heavily moderated platform for what it’s good at. I use rednote for my cat, food and art content and enjoy the cultural exchange. There are better suited apps in general for free speech and political debate. I’m tired of politics invading every platform, so it’s been rather nice in that aspect. For what I want to use that app for, I’m perfectly fine with the CCP’s rules, even if I disagree with some aspects of the CCP.

    Free speech is important, but we don’t need it literally everywhere.


  • No FOSS clients, nobody’s got time to reverse engineer it as it happened so fast.

    As for privacy, well, it uses plain HTTP for at least all the media, so, not very private. It requests less permissions than Meta’s apps however, and only asks when the feature is needed (for example, the Nearby page requests GPS which makes sense). It does seem to like to paste my clipboard which is not very cool, no idea what it’s doing with it. I use a VPN for it.

    It’s still a chinese app under the control of the CCP. Personally, I’d rather China have my data than the US, because at least for China it’s useless whereas with the current administration in the US, who knows what they do with that data.

    As for the app itself, it’s pretty nice. Don’t expect free speech, but the rules also make it for a rather respectful and positive experience overall. For what it’s intended to be (share cats, recipes, makeup, and other entertainment content) it’s pretty good and a breath of fresh air compared to the non-stop political fighting on other platforms. That said it’s not as censored as some assume it is: if it’s presented tastefully you can usually get away with it. Respect and honesty gets you far on there whereas lies and aggression gets you banned. I’ve seen guns, LGBTQ, cars, religion, politics, comparing capitalism and communism. They’re talking about Elon’s nazi salute on there and all.

    The massive cultural exchange going on there is quite enjoyable. People from all sorts of countries are trying out new recipes and adapting them to their local taste. Turns out mandarin isn’t so bad to learn either. Very welcoming community. Rumors are it made the chinese government consider relaxing the great firewall. The sentiment is very anti-war as people from enemy countries are building online friendships.

    I approach it with caution, but I’ve been rather please with what I see.