Saki @ Saki @monero.town

New to Lemmy. A privacy advocate. Interested in number theory.

---

Read more

Posts

22

Comments

99

Joined

2 yr. ago

Moderating

---

You may be absolutely right about a warrantless search discussed in the “See also”. EFF’s opinion (the main link) is about something different, though somewhat related. The situation seems to be…

Police procured a search warrant for defendant's cell phone but were unable to execute the warrant because the cell phone was passcode protected and defendant refused to provide the passcode. Accordingly, the State filed a motion to compel production of the cell phone's passcode.

EFF argues that even in this situation with a warrant, Fifth Amendment protections against self-incrimination mean that the defendant can’t be forced to reveal the passcode:

“When the government demands someone turn over or enter their passcode, it is forcing that person to disclose the contents of their mind and provide a link in a chain of possibly incriminating evidence,” said EFF Surveillance Litigation Director Andrew Crocker. “Whenever the government calls on someone to use memorized information to aid in their own prosecution—whether it be a cellphone passcode, a combination to a safe, or even their birthdate—the Fifth Amendment applies.”

You can use any email provider in a pretty privacy-friendly way, as long as you sign up anonymously, always use it via Tor, and (most importantly) do gpg locally and just paste ascii. Don’t share your secret key with them/anyone!

• Monero users understandably tend to like Monero-accepting services. Tuta does, albeit indirectly; Proton doesn’t. There is also cyberfear.com, a less known anonymous email provider accepting xmr, but maybe no one is sure if it’s okay.
• Despite all potential issues, for normal users who are still using Gmail etc., Proton/Tuta are still recommended (simply because they’re better than Google).

Leave it to the cryptocurrency people to turn a simple tutorial into an ad.

I’m from the same Lemmy instance monero.town (technically a mod?) and can see your point. Initially I was vocal about perceived link-spamming, advertising this SimplifiedPrivacy thing; at least a few users there were/are feeling the same way, as you can see e.g. here. So please don’t lump crypto (esp. Monero) users as a single kind of people.

Like @leraje@lemmy.blahaj.zone pointed out, some of info provided by this user (ShadowRebel) can be useful. Perhaps some people prefer a video to text. Monero users tend to respect freedom (of speech) and advertisement is not forbidden in Monero.town anyway. Perhaps you can understand that this does not mean “the cryptocurrency people” are the same.

In addition, Tuta is open source and the entire client code is published on GitHub.

One can freely share “good” source code while actually using something different; which might be an intrinsic problem of an “open-source” web service. Plus, one has no reason to believe that the service has never been compromised: someone might have a backdoor that Tuta itself is unaware.

I’d like to believe that Tuta is not evil, but ultimately that’s anyone’s guess. I’d recommend true e2e (local-to-local) such as PGP, rather than trusting a middle-man e2e provider.

The SimplyTranslate front end has many languages, translate engines selectable: Google | DeepL (Testing) | ICIBA | Reverso | LibreTranslate. Some instances are Tor-friendly, even onion. The project page seems to be https://codeberg.org/SimpleWeb/SimplyTranslate

Refusing to use Google is just common sense. LibreTranslate itself is decent (at least not Google), except a website hosting it may have some opaque JS or Google things (Font, Analytics, TagManagers, etc.)

Either way, translation can’t be super-private in general. For example, if you use it to write a private message or love letter in a foreign language… even including real names and physical addresses…

Also, metadata like “a Danish-speaker is reading this German text about X” can’t be hidden, and if the language pair is uncommon and/or if text to be translated is specialized (not generic), the engine provider may easily guess “this request and that request yesterday may be from the same user”, etc. if they want to. A sufficiently powerful “attacker” might de-anonymize you, helped by other info about you, already gathered. In practice, maybe not a big concern, if you’re just translating generic, non-sensitive text, not showing your real IP, and clearing cookies frequently.

Just fyi: recently EFF is creating Privacy Badger browser add-on and GNU also has LibreJS. They’re technically not ad-blockers, though; apparently a tracker-blocker and a non-free-script-blocker, respectively.

I’ve found two possible solutions:

• If you use some kind of Lemmy reader instead of using a browser, it may have a filtering function, like “hide post including this word” like using regex.
• “After complaining yesterday about seeing too much Linux content in the Fediverse” — this Lemmy user seemed to have experienced a similar problem, and finally found a fundamental (albeit rather unexpected) solution. Read more: https://lemmy.world/post/8107430

Thunderbird doesn’t passphrase-protect your PGP key. Though you can set a general password… For something less important, its OpenPGP may be convenient, given that if you send/receive email normally, there is metadata problem anyway. But if you need to play it safe, you may want to use gpg offline and paste ascii.

Increasingly more and more “phoning home” is not exactly comfortable, either: thunderbird-settings.thunderbird(.)net location.services.mozilla(.)com addons.thunderbird(.)net versioncheck.addons.thunderbird(.)net services.addons.thunderbird(.)net, etc. Perhaps people today, both users and developers, feel something like this is normal, because things were already more or less like this when they were born.

Re: Micro$oft - It might be that after raped by Google, the society has been desensitized and stopped feeling anything about “minor details.” Why worrying now? You use a Windows 10 passport account (what is it called?) just to log on to “your own” computer and also a Gmail account anyway, right? So bad news is, your privacy is almost zero already.

https://monero.town/post/894750 So you did f2f… Glad it works, though. But how to buy it is irrelevant to the OP and is off-topic, so we shouldn’t be talking about that here.

Basically I’d never recommend anyone to buy a significant amount of crypto hoping that you can get rich quick with that. Yes, it might go up, but it may go down. Encouraging such sketchy gambling would be crazy and irresponsible, and more importantly that’s not the original purpose of this technology. Yet you already even know localmonero, so yeah, you’re simply one of us. If you’d like to you can join monero.town or subscribe it from your instance :)

It doesn’t need to be today. You don’t need to ditch it completely, but if you’d like to, you can use two machines side by side. It’s about freedom. No one should force you to do anything. Good luck!

Originally Bitcoin had nothing to do with “get rich quick”. It felt vaguely like Freenet. It was experimental, philosophical, mathematical, cypherpunk… Almost no one had imagined that investors were going to be interested in it and something like that fad would happen.

Unfortunately it’s not easy to get Monero. In several countries, CEXes don’t support it (delisted). Besides, getting Monero from CEX is not ideal privacy-wise. So, a typical Monero user gets it no-KYC, without using CEX. Which is legal, but rather complicated. That’s why I wouldn’t recommend Monero to regular people.

As you said, Monero is such a great way for payment in a practical sense. Very low fees (~1 cent, no matter how much you send), private (only you can authorize transaction, no need to get a permission from someone else). The community is relatively small (monero.town on Lemmy), but generally nice and cozy. We seldom, if ever, talk about investment… It’s so different from what people think when they hear “crypto”. It’s understandable that some people assume it’s just one of those alt sh*tcoins.

That should be easy if you do some script-fu, etc. Perhaps not so easy on Windows, though.

I understand that you may feel depressed, or even annoyed, for example when told, “Solving the problem foo is trivial if you use bar” when bar is not trivial nor realistic for you (or so you believe). For example, 2¹⁴⁹−1 is easy to factor if you use elliptic curves, but studying elliptic curves may feel daunting (though it’s not so hard as you might think).

I do understand how you may feel in such a situation. I may be sometimes in a similar situation too.

Obviously, though, not trying to read about the solution bar wouldn’t solve the original problem foo. Not learning ECM doesn’t enable you to factor 2¹⁴⁹−1 for example. Not trying to listen to about the L-word wouldn’t fix the annoyance of Windows. Annoyance itself may be harmless but everyone knows Windows is privacy-invasive and vulnerable to malware, viruses, keyloggers, etc. So staying too long there, refusing to learn some solution, something really bad might happen to you eventually. Honestly, something like that did happen to ourselves recently. Our community lost a lot of money, apparently stolen by attacker(s)—exactly what happened is still unknown, but the victimized wallet was on Ubuntu connected to Windows 10 via SSH.

You don’t need to ditch Windows. I respect your freedom to use non-free software. In fact, many L-word systems do include non-free blobs too!

That being said, may I suggest that you try different OS(es) just for 10 minutes, booted from a USB stick, when you have time, to see what it’s like. You might be surprised because it just works, actually more intuitive, you can use it easily, not to mention you’re not forced to see ads. Or no invasive telemetry. Feel free to ignore this suggestion if you really love Windows, thinking it’s the best OS ever. I respect freedom of thought!

The same URL now: Microsoft gives in and lets you close OneDrive on Windows without explaining yourself

Update November 10th, 4:45AM ET: Microsoft has removed the dialog forcing users to fill out a survey when quitting OneDrive, and reverted to the original prompt. In a statement sent to The Verge, Microsoft says:

Between Nov. 1 and 8, a small subset of consumer OneDrive users were presented with a dialog box when closing the OneDrive sync client, asking for feedback on the reason they chose to close the application. This type of user feedback helps inform our ongoing efforts to enhance the quality of our products.

The story below is unchanged.

If what you’re talking about is something OS-level, chances are that you can trivially do the same thing. But if it’s application-level (a tool for Windows): while there’s a way to run a Windows application, apparently it’s not always perfect. If you really need to use a program that only runs on Windows, that’s a valid reason for you to keep using Windows. I hope you can find a libre alternative. You’re free to code your own tool (which behaves exactly the way you like), but admittedly that option is not always realistic.

Nevertheless, at least when doing something generic like browsing web pages or writing email, you don’t need to do that on a privacy-invasive OS. If more and more users start noticing that, Micro$soft might realize that annoying paying customers is a bad idea in the long run.

It’s preposterous to pay (buy an expensive license) to be abused!

Excuse me, do you have a moment to talk about GNU/Linux? 🙃

When I got my senior mom a computer she had never used Windows. Instead of having her learn that I installed Debian with Xfce and Firefox. Now that’s all she knows, I laugh at people who tell me Linux is too hard when my mom without any tech knowledge uses it as her daily computer. If I had to switch her to Windows or a Chrome browser she’ll make a fuss about it.

How about a live OS as a free trial? Not only free as in free beer, but free as in freedom, and always will be free. You own your OS, not vice versa.

Become a Linux user today, while keeping your precious Windows 11 or whatever. I raise you Tails if you do this at all.

• Get an unused USB stick, download Tails and make a bootable USB. Typically this will take less than an hour.
• Restart and boot your computer into Tails.
• Congratulations! You’re a Debian user now, even on Tor. Meaning your real IP is hidden. Privacy strikes back!
• Start Tor Browser and enjoy Lemmy. Libre world is usually Tor-friendly (though lemmy.world may be behind CF).

I’m not saying you should ditch Windows today, but you might want to do some experiments? There are other OSes too, if you think yours is (becoming more and more) annoying!

[PS: lemmy.world is indeed behind Cloudflare (CF). You may not be able to use it directly via Tor. I’m okay because writing/reading this from a different, privacy-friendly instance. Though CF is MitM, some people believe it’s necessary. Be careful, though: everything you send, including your password, may be visible to this MitM as plaintext.]

The linked article is inaccurate and misleading. Your wild guess is based on that.

Currently the best blockchain analytics publicly available about the incident is this by Moonstone, and even though it seems that the victim shared the secret key with them, nothing much is known due to the nature of the privacy coin. No way other analytics providers could tell more.

Check the original source and some of the comments there before making an irresponsible accusation like the attackers must be North Korean (or Russian, Muslim, Romany, …). A knee-jerk suggestion like that does not only promote unfair racism/stereotypes, but it helps cover up the real mastermind. Although, it’s not your fault that the article is misleading, and we can’t rule out any possibility including what you suggested. The real problem here is this confusing, poorly-written article…

Sorry if I sounded unpleasant. I’m not holding Monero, I actually use it (just like one may use Paypal), is all. Still, as you can see I’m from Monero.town, so obviously I’m a fan. Guilty as charged!

I’ve actually been “preaching” about privacy to my friends, but they’re typically like “Google is fine. I have nothing to hide.” Or about PGP (in vain). But I wouldn’t preach about (recommend) the privacy coin to regular people. Like you pointed out, it’s controversial and risky. As a long time user, I know too well about both sides of this.

I do agree most cryptocurrencies are scammy, or traded speculatively. It’s a free country, so one can do whatever they want to with their own money, but I personally think they’re like greedy gamblers.

I’m a Monero user, not a trader, not an investor. I have Monero because I use it. I support it because I’m a privacy advocate. I’ve never even once used a CEX, totally unrelated to investment. Your points may be valid for those investor people, though.

Exactly, except not “the entire”, but “almost entire”?

Monero has been largely detached from CEXes, no companies, no middle men… Many users still have that idealism, a cypherpunk philosophy, that which Bitcoin tried to achieve originally. It’s community-based and crowd-funded… Some of that fund was stolen, so we’ve got to admit that the Monero community was not so smart after all… Yeah, a bit embarrassing tbh. To err is human, I guess.

For example, we do have a zero-fee donation site kuno.anne.media and recently help some girl buy a laptop or doing things like that. Some of Monero users are idealists by nature, maybe silly dreamers or naive philosophers, but definitely not greedy HODLERs. Weird people, either way, haha 😅

I think I know what you’re trying to say, and that’s actually a difficult point. Privacy is double-edged.

By that logic, you’d have to support chat control, e2e backdoor, eIDAS 45, etc. and ban Tor, Tails, VPN, BitTorrent, or encrypted communication in general because sometimes criminals can (and do) abuse such technology too. While such logic is understandable, I’m a privacy advocate and can’t agree with that. Most libre people, EFF, FSF, etc. have been fighting against that very logic for more than 20 years. I’m one of them.