This page - a bit of barely styled text on a plain background - also doesn't work without JS at all. Even though this is not a SPA, the essay text is just there in HTML response. I know I'm yelling at the clouds here, but I find this slightly annoying (why do I need to run code to read this?).
>EDR/AV is basically unnecessary, when you only mount things either writable or executable
Sounds good, except:
* scripting languages exist. The situation is even worse on Linux than on Windows (because of the sysadmin focus). You need at least /bin/sh installed and runnable on any POSIX system. In practice bash, python, perl and many more are also always available.
* exploits exist. Just opening a pdf file may execute arbitrary code on a machine. There is no way to avoid that by just configuring your system. And it will happen sooner or later, especially if nation states are involved.
The idea that your systems are somehow unhackable because you... mount everything W^X is... not based in reality. Of course it's a great idea, but in practice you need defense in depth, and you need to have a way to Detect and Respond to inevitable Endpoint breaches. I don't love EDR/AVs, but they mitigate real attacks happening in the real world.
Yeah, I don't get it. Tor browser alone, with no additional configuration and basic hygiene, is enough to stop any fingerprinting and tracking. The only problem is that it's too private, and tor traffic is often associated with crime, so it's sometimes blocked, notably by cloudflare.
I don't use it for daily browsing, but when I want to search for something I don't want associated with me (for example, health concerns) I just use tor browser and don't worry about tracking.
The Tor Browser won’t effectively stop fingerprinting, if anything it makes you more unique due to the low amount of people worldwide using it, and then you add points of data by using different DNS providers, extensions etc.
The Tor Browser as a privacy measure is likely no better than a normal browser with uBlock if you’re also using it like a “normal” browser, signing into the same accounts you always use etc. My opinion obviously but I dislike people recommending the Tor Browser as a lot of it’s primary benefits are lost if you’re just using it as a daily driver browser.
I always point people to https://fingerprint.com/ to see if their browser can defeat it. Most of the time you can’t without clearing cookies, changing device resolution, change VPN location etc. something the average person can’t/won’t do. Even JS aside there are a ton of different ways to track people based off even just getting server side data when a site’s stylesheet is fetched.
* There are solutions to poverty, which the individual person can follow, but (even though poverty is hell) people ignore them and prefer to stay poor
* The solutions to poverty you think about actually aren't. The money-deprived people already know about them and (having much more knowledge about poor people's world) know they don't work.
Since you - like almost everyone here - are a smart person with a scientific mind, I'm sure you can see that the first explanation is more likely.
If you get downvoted (as a matter of fact, I didn't) it's only because you declare that there is a miraculous solution to poverty, that would help people, that nobody talks about, and then you well, don't talk about it.
* People who have successfully clawed and scratched themselves out of poverty are almost never taken into consideration in discussions about poverty.
At most modern culture appreciates a rags-to-riches story. But rags-to-normal stories are unheard of. When was the last time you heard about people going from poverty to having just decent lives? Doesn't really pique the interest of people, perhaps.
But that's what countless people have done, they're just not considered in the perspective of poverty. At most you just see them as some everyday guy in the supermarket or on the bus.
Getting out of poverty and back on your feet again is very close to a miracle. That's how it feels for those who experience it. But hackers spit on it with contempt, because that was not the solution they would have preferred. Or that was not a solution which was applicable to every single person on earth. And in that case, I guess we should file a formal complaint also against all the saints who cured the blind but didn't cure the deaf.
1. There are solutions to organization and staying on task, that person can use, to successfully manage their lives, or
2. Those solutions actually aren't. They only work for people who would have been organized anyway.
Casting this dichotomy into a different area that I understand better helps me to see what you are saying. I think that it also gives me an idea that this is not a dichotomy. There are solutions to poverty for the individual. The individual must be aware of them, use them, and keep using them, until they are no longer poor. Then, they have to have a system to avoid returning to poverty. The sum total of this is much harder than it seems, so to many people it seems like those solutions cannot work. Sure, to a person for whom these approaches work, who has become broke and homeless, they can do it, but that is cold comfort for those who cannot escape poverty.
There's a clear 3rd option where the poor are self destructive shit heads.
IMHO this is one of those areas where lots of things can be true. If you're sick or catch bad breaks then yep poverty is a grinding cycle. If you're not then the American Dream is still alive. But the "American Dream" always kinda sucked. In that you never got a ton of luxuries and it was all somewhat precarious.
There are solutions to poverty and the majority of people do follow them successfully. However there are always people getting into poverty and so there is always poverty. Worse there are people who cannot follow the solutions we have to poverty - this is a small minority, but it is the ones that are hardest to deal with.
There are also a tiny number (less than 1 in 1000) who have a lot of wealth but choose to live in poverty because that is freedom. If you look close you see they are the ones who have a warm coat and working heat in their tent. This is not poverty, but they try to be counted in your poverty numbers because it helps them. When you have wealth living in poverty is not that bad. (the above is a story a homeless man told me this week while I was helping out at our local food shelf. The homeless man is in poverty and I get the impression his divorce settlement is the problem and as soon as his kids are out of school he plans on getting a real job)
From experience, it's not overstated. Running your own email server is pain, and even if you do everything right you may get delivery problems. And if you want to improve your chances, you have to do whatever big tech wants you to. And if you ever get onto the bad side (for example, your site is hacked and distributes malware for a few days) you may never recover.
It's not impossible, but it's not something you run once and forget.
As a devil's advocate, there are also criminal groups, right now, that do actual crime, that operate on discord. 99% of criminals likely don't have enough knowledge to maintain proper opsec, so spying on chats could in principle help here.
On the other hand, there are also criminal groups, right now, that do actual crime, that operate on discord. Going after them would be trivial in comparison, and yet we introduce extreme spying laws instead.
> How hard would it be for law enforcement today, before chat control, to get chat logs out of discord?
Not sure, speculating: somewhat hard.
Discord must comply with government subpoenas, so if you're the FBI it's easy. If you're law enforcement, I imagine they tell you to go kick rocks if you don't have a warrant.
Law enforcement is pretty bad and mostly lazy. They can't be bothered to pull people over going 20 over, let alone get a warrant for every wannabe punk.
If you're not in the US, then I imagine the effort is insurmountable.
> If the effort is low, and they're not doing it today, they're not going to do it after chat control either.
No - but it can be automated, which is the issue.
Sort of like how the US was wire tapping virtually all internet traffic at one point with PRISM.
Then I imagine the "law enforcement" is done using machine learning and heauristics.
Do you use black slang? Put him on the list. Is your name not that white sounding? That's right, the list. Are you on hacker news? You guessed it - the list.
I mean, that's pretty much how automated facial detection works now. And yeah, it sucks.
> If you're not in the US, then I imagine the effort is insurmountable.
Actually, in the EU, the police (and ...) have direct access to surveillance channels. Meaning, they have a website interface that they click around on, without anyone from the provider ever helping them at all. This allows for extracting call logs, listening in, finding location, lists of IPs they connected with, what DNS records they looked up (yes, that part is defeated by actually configuring DNS in your phone, but who does that?), ... I've seen these interfaces because I've designed their network installation and a bit of initial support. They are installed on cell towers. Oh and "support" meant getting calls from all sorts of local police stations who found out this was possible and essentially directing them to the person who could give them access.
Of course, the spying equipment itself does not log who access it and what they access. Clearly, the police do not need to be told what the value is of hiding what you're doing even if it's legal.
The only issue holding back mass-surveillance in the EU is "who pays for it?". Essentially a number of hours are tracked? Why so little? Then the local SSD is full. They want 6 months, minimum, but the state is unwilling to pay a single cent for that, and forcing providers to pay for it, that the executive (ie. ministers) haven't been willing to do.
Yes, they're supposed to get a "research judge" permission, which is more-or-less a subpoena, except much more informal, but do they actually do this? It's an honor system.
