windy.com with a VPN in a private browser window. They can’t track you if they don’t know where you are!

By some argument, section 103 of the DMCA (which is what grandparent post is referring to) does make it illegal to even talk about DRM circumvention methods.

illegal to: (2) “manufacture, import, offer to the public, provide, or otherwise traffic in” a device, service or component which is primarily intended to circumvent “a technological measure that effectively controls access to a work,” and which either has limited commercially significant other uses or is marketed for the anti-circumvention purpose.

If youtube implements an “access control measure” by splicing the ads with the video and disabling the fast-forward button during the ad, and you go on a forum and say “Oh yeah, you can write a script that detects the parts that are ads because the button is disabled, and force-fast-forwards through those”, some lawyer would argue that you have offered to the public a method to circumvent an access control measure, and therefore your speech is illegal. If you actually write the greasemonkey script and post it online, that would definitely be illegal.

This is abhorrent to the types among us for whom “code IS free speech”, but this scenario is not just a hypothetical. DMCA has been controversial for a long time. Digg collapsed in part because of the user revolt over the admins deleting any post containing the leaked AACS decryption key, which is just a 32-digit number. Yet “speaking” the number alone, aloud, on an online platform (and nothing else!) was enough for MPAA to send cease and desist letters to Digg under DMCA, and Digg folded.

The credit companies do not insure against fraud, they simply take the money out of the merchant account and put it back into yours. Now it’s the merchant who has no recourse, if they have already shipped the product. So the only difference between CC and crypto is who is typically left holding an empty bag in case of theft - the payer or the payee. Certainly not the banks!

I’d argue in terms of assigning responsibility, it seems more fair to expect you the customer to keep your digital wallet secure from thieves, than to expect the merchant to try guess every time whether the visitor to their online store happens to be using a stolen credit card.

Question: do the Japanese actually care about privacy? I know I do, but if you were to ask a Japanese person why does their country use cash, would they say “We have considered a system of payment cards and decided against it for privacy reasons” or would they just shrug and say “I dunno, I’m not in charge of payment systems, I use what I have”?

Yeah, for getting kidnapped 🤣

I want people to be able to report bugs without any trouble.

Thank you for being aware! I’ve experienced this on github.com. I’ve tried to submit issues several times to open source projects, complete with proposed code to solve a bug, but github shadowbans my account 6 hours after creating it (because I use a VPN? a third-party email provider? do not provide a phone number? who knows). I can see the issue and pull request when logged in, but they only see a 404 on their project page even if I give them a direct link. I ended up sending them a screenshot of the issue page just to convince them this was even possible. Sad to hear gitlab does it even worse now by making phone mandatory.

far more maddeningly, some sites tell me that my username and password combo are incorrect when I’m using a VPN

Brb, gonna wiretap the judge’s house. It’s not a crime as long as I don’t act on the information I hear so there is no injury.

*Yawn!* Wake me up when they stop requiring phone numbers to sign up.

The list of tor exit ips is publicly viewable. Some IPS block the entire list contrary to Tor Project’s request not to do exactly that.

They incorrectly broke it because they were overzealous.

There was some scare in lemmy development circles recently about script injection vulnerabilities. The various apps and frontend developers “solved” the problem by peppering untrusted user input with escape sequences all over the place. User submits post? Escape title! Receive new post from a federated instance? Escape title!

Obviously if you escape the title twice and display once, it will show up weird. The problem is that the various devs haven’t agreed yet which parts of the messaging protocol are supposed to be already escaped and which are not. Ideally all user input should be stored and transmitted in raw form, and only escaped right before displaying. But due to various zealously-cautious devs we get this instead:

I assume this “VPN Server” that they can see is the “entry node”, and not the “exit node” (i.e. my IP as seen by the world) - but never got a clear answer to that

Traditionally, the entry node and the exit node have been the same VPN server/ip. In that sense, your ISP does know the IP of your exit server, since they are the ones connecting you to it.

For example, your X ISP’s logs could show “At 15:00, user #123 connects to IP 1.2.3.4, which lookup shows is assigned to “CheapVPNs Ltd”. At 15:01 our email server received 1,000,000 emails from IP 1.2.3.4 all angrily complaining about how “X ISP sucks”. Correlation implies user #123 is responsible for the mail bomb attack against our servers.”

At the moment, Mullvad specifically does use different entry and exit IPs, but they are all still located in the same datacenter and subnet. That is, you could be connecting to a Mullvad VPN server 1.2.3.4, 1.2.3.5, or 1.2.3.6 in London, and they all exit out through 1.2.3.1 in London. This is just something Mullvad does. Other VPN services may not do it and Mullvad hasn’t done it in the past. Someone analyzing ISP logs could correlate these IPs if they really wanted to.

Mullvad also offers “multihop”, but the way they have it implemented currently (changing the destination port number), an ISP could still deduce your exit IP if they bother looking up records of Mullvad network structure (which are publicly available), since they know the IP number and the port number of your entrance node.

The only way to hide your VPN exit IP from your ISP currently is to use multiple VPN services and nest them inside each other (or use one service and nest it inside itself using the “multiple devices” perk). Then only a state-level actor could hope to correlate your traffic by monitoring the ingress/outflow of multiple IPs simultaneously.

Piped/invidious work by scrapping the video chunks directly from google and proxying them through volunteer servers. They will stop working as soon as google gets around to locking down the APIs that they are abusing, or blocks their server IPs.

Central Park is not New York’s largest park. It’s the 5th.

I think it’s precisely because there is no governing body for English and all the rules are colloquial, developed through usage, that people do get grumpy! They are the only ones who can create and enforce the rules! Each English speaker feels personally responsible and compelled to correct use they perceive is in violation of the rules the way they want them to be. If they don’t do it right then and there, no one else can.

This is like that Key and Peele sketch where they rob the bank by working in there for 20 years.

That’s why Google is pushing hard their Web Environment Integrity. It’s DRM for the browser! They want the TPM chip in your computer to attest that the code running processing the video stream is authentic. Then you can’t slice out the ads because you do not have physical access to the inside of TPM. With HDCP encryption on the HDMI video output, you gonna need to point a literal video camera at the physical screen to DVR the video and slice out the ads later.

They’ve been working hard for decades to lock down the video pipeline with TPM and HDCP and now WEI. They said “don’t worry about it” and we let them. They are really close to snapping the trap shut!

Now please excuse me, my tongue is falling off with all the acronyms…

We are totally gonna get DVRs back, aren’t we 🤣?

Fucking R-rated maps…