for creating invidious links

  • 16 Posts
Joined duela 3 urte
Cake day: mai. 17, 2020


yeah that’s pretty shite. this was originally posted on slashdot, but I’m going to take it down in light of this. thanks.

Without guessing who is most responsible, it seems like a logical conclusion of internet tracking capabilities is for it to be taken to the extreme before realising something profound like total surveillance is no surveillance or whatever the enlightenment is.

This “Why scientists don’t actually know if social media is bad for you” just came across my RSS [1]. I don’t agree with it, but its helpful to know what you are up against. It came through the Oxford International feed (Mozilla’s Mitchell Baker is an advisor to them). It was written by Oxford International researcher Prof Andrew Przybylski for BBC Science Focus.

But that doesn’t stop people claiming that cyberbullying causes suicides, even though there’s no evidence to prove it. You look at reasons why young people take their lives and it’s test scores or exams, it’s someone close to them taking their own life or it’s drug- and alcohol-related. Those are the three main attributable causes. There’s no evidence that social media is part of any of them.

Now, I can either adopt false confidence and tell you social media might be a problem (and possibly drop the word ‘might’ for greater impact – and there’s an entire cottage industry that tries to do that) or I can be honest with you and say I don’t know because scientists like us can’t see over the walls of the social media companies.

Whether you’re a grown up or a kid, ask yourself why you’re using social media. Is it because you want to, or because you feel you have to? It doesn’t necessarily matter how much time you spend ‘doomscrolling’ on Twitter or dancing on TikTok, but if you’re doing it because you feel you have to and it’s making you unhappy, you may want to try and stop.

  1. Why scientists don’t actually know if social media is bad for you:

The fingerprinting implications are not good no matter whether a site opts out or not. Theoretical protection against fingerprinting relies on a fairly ridiculous notion of Privacy Sandbox which seems easily skirted. Things like Trade Desk Unified ID combined with cohort ID actually makes FLoC privacy negative as it gives another data point to add to your already known identity.

The point is that the only way for a site to opt out of participating is by using this W3C ordained way. It basically useless for end users but necessary for sites who don’t want to participate in the program.

Google’s point is that all this and more is already going on with 3rd party system so why don’t we make this other crappy system which consolidates control further in their hands.

It’s not misinformation however to provide to site operators information about how to opt-out of participation.

I had a chance to read over the full article and its links. Here’s my conclusion:

  1. As stated in your piece, during the “Origin Trial” Google will use those who have enabled ads on their site.

However, this is not true imo:

If your website does not include JS that calls document.interestCohort(), it will not leverage Google’s FLoC. Explicitly opting out will not change this.

This will stop you from participating on the client side of FLoC, not the server-side. Server side categorization for sites with ads is where this Permissions action is aimed at. What this is saying is that if an ad tries to get a cohort id from an opted-out site, it will receive a meaningless default value. This knowledge is for the benefit of advertisers, not webmasters.

  1. The article basically says, it doesn’t matter anyway because the impact judged by the author to be insignificant:

This may or may not reduce the entropy gained by a FLoC ID, depending on how well or poorly your site serves as an identifier. Given this marginal improvement, I don’t think it’s right to place a burden or blame on webmasters when the burden and blame should rightfully be directed at those responsible for rolling this antifeature out in Chromium. We shouldn’t expect webmasters to add a tag or header every time Google advances the war against its own users

However, being categorized as a frequent visitor of Free and Open Sites (think of being put in the Stallman cohort) may well be significant for advertisers, authorities, creditors and so on.

  1. This has happened before (DNT)

While DNT isn’t a great success, the number of companies who could face legal repercussions for ignoring this round of protections is quite small and risk could be quite large.

  1. Breathe

Agreed. This is no cause for mass hysteria, but lets get the information out there so webmasters can make informed choices (setting a Permissions Policy is the best option for those who do not want their content to included, especially as Google moves from Origin Trial into full on deployment and other browser vendors start to adopt the scheme).

It seems like there needs to be people who know how to build an instance community. It would be great to have a history, philosophy, psychology instance that someone builds into a thriving community of experts. Same for science, music, photography and a dozen things others are interested in. They don’t need to be niche or dogmatic, but there should be a reason to join.

Many people seem to think the constrained by design, under active development flagship is going to spawn reddit level communities, but the point of the whole thing is to go build or find your own. So far several of the instances have been regional or politically divisive which seems to serve a need, but online-extroverted leaders with a desire to put themselves out there seem few and far between (those can build are probably building for-profit exit strategy communities).

Anyway, if there was something missing, I would say community builders.

Thanks I am out and about now, will read it.

Are you sure this issue is not about webmaster excluding their content from floc categorisation vs tracking their users via the cohort script? I will look at it later but it seems like two different though related issues.

Good to see a lot of thought went into to this and most of those criteria look right.

A couple comments:

Is the site itself well-known and reputable or obscure and suspicious?

I don’t think well-known and reputable sites should be exempt if they fit the other patterns.

For example, if a fedora enthusiast creates an account that does nothing but post to they should have the same consequence, especially if they don’t participate in the community otherwise.

nor is it against the rules for an organization to have an official account on Lemmy

same as above. organisations should be treated by the same rules as any other user

For me, a grey area would be if someone like logrocket got someone to join the community as an active user and posted logrocket articles as well as contributing to the community with posts to other sites, comments on other posts etc. Not ideal, but hard to say they are breaking the rules.

is blatantly “fake news”

Not a fan of this one because some people’s idea of fake news varies widely and you are stepping on slippery slopes. I understand the intent, and agree but maybe there is a less editorial way to conceive it.

Good work.

similar story for me and several fediverse instances (one peertube and another friendica). it’s somewhat disconcerting that well-funded/well-staffed instances attract more users (and tend towards centralisation).

If an undercover Jack Dorsey blueskies proxy comes in with a couple million dollars, some experienced technical and marketing staff and starts blazing high quality video and content streams, and stealth product placement ads, it’s going to be like Jupiter on the edge of the solar system grabbing all new entrants. If they adopt a closed by default federation model, they could even create something akin to blue checkmark instances.

we should do what we can to bootstrap real federation advocacies.

Have you checked your bios settings for boot options? On mine I have 3 different options: fast boot, thorough and auto along with a couple for delays.

an interesting discussion on PaleMoon blocking AdNauseam wherever one falls on the issue. I don’t use palemoon or adnauseum but I’m not sure everybody that runs ads needs to deal with programmatic harm from visitors. if blocking ads isn’t enough, one might be hardcore enough to boycott the site altogether and add it to your hosts file.

Possibly realted: Your Smart TV is probably ignoring your PiHole

Fortunately, with a few simple firewall rules, you can intercept these hardcoded DNS queries and redirect them to your PiHole. These instructions are for pfSense, however you should be able to adapt them for Sophos XG, Ubiquiti EdgeRouter, etc

If they are really running all these services, €60 a month might be pretty easy to hit.

I can’t find this public monthly financial report … does anyone have it? It would be easier to understand where costs are piling up

The usage of every euro will be made public information via monthly financial reports. As a member you get to influence how we spend these funds.

Just so you know, I (not one of your harassers) am downvoting this because I think the topic is too narrow for this community.

The point is that they are still going to do it anyway through things like Unified ID, Turtledove (outside scope of FLoC) so while we can object to the latest thing in the media, how would we propose they do it? If nobody cares then they have a bag of tricks full of worse measures waiting in the wings.

Just a note that this is for the android project. The original linux project is ongoing (

That would be interesing if an ad platforms focused on site by content category, so someone selling graphics cards would buy spots from google or facebook, etc to be placed on a specific site like videogameenthusiastists dot com or more general site like gizmodo, but the dictionary site who might under 3rd party have known that a visitor is a video game enthusiast will no longer receive the ad placements.

Interesting to think about how all of this will change the web, however it works out.

It could also elicit a so called problem-reaction-solution response where solution brokers propose something not very great either, especially if the media gets involved.

This an interesting crossroads in evolution of internet business models.

Privacy advocates, EFF, DDG, and even Google saying they don’t want 3rd party scripts and cookies (hooray)

EFF etc say they also don’t want an alternative where browsers use machine learning to analyse a users browsing history and assign them a potentially invasive label.

Google says this is already happening anyway with the current 3rd party solution, they who you are, what you do online so why not try to make it reasonably private.

So what does Big Privacy want instead? No 3rd parties, no machine generated interest ids. No potential customer data?

How should businesses owners gather market intelligence on their potential customers? How should potential customers signal their interest in new products?

A couple other initiatives that are taking off are Trade Desk Unified ID 2 which attempts to combine enormous surveillance databases with 1st party scripts to achieve a similar level of intelligence collected under the 3rd party cookie model.

What is the best way for the consumer internet to interact with businesses?

Finally, if you can’t find anyone you know in the invitation tree and didn’t author something posted to the site, consider joining the community in the chat room.

It’s a difficult question in this day and age where balance of fire power between people and government is so mismatched. It might almost be more relevant to think in terms of cyber capabilities.

This passage from Georgetown professor and historian Carroll Quigley always comes to mind when people talk about the American 2nd amendment being a safeguard against totalitarianism. I don’t know the answer.

On the military level in Western Civilization in the twentieth century the chief development has been a steady increase in the complexity and the cost of weapons. When weapons are cheap to get and so easy to use that almost anvone can use them after a short period of training, armies are generally made up of large masses of amateur soldiers. Such weapons we call “amateur weapons,” and such armies we might call “mass armies of citizen-soldiers.” The Age of Pericles in Classical Greece and the nineteenth century in Western Civilization were periods of amateur weapons and citizen-soldiers. But the nineteenth century was preceded (as was the Age of Pericles also) by a period in which weapons were expensive and required long training in their use. Such weapons we call “specialist” weapons.

Periods of specialist weapons are generally periods of small armies of professional soldiers (usually mercenaries). In a period of specialist weapons the minority who have such weapons can usually force the majority who lack them to obey; thus a period of specialist weapons tends to give rise to a period of minority rule and authoritarian government. But a period of amateur weapons is a period in which all men are roughly equal in military power, a majority- can compel a minority to yield, and majority rule or even democratic government tends to rise.

This came up recently with regard to who they are testing it on:

Google have announced that they will not make their FLoC (Federated Learning of Cohorts) targeting solution available for origin testing in Europe, mooting plans to trial the technology in the region this month. The decision comes amidst concerns that the method, which forms part of the tech giant’s post-cookie Privacy Sandbox, violates GDPR and the ePrivacy Directive.

The move was announced at a meeting of the Improving Web Advertising Business Group (IWABG) at the World Wide Web Consortium yesterday (23rd March), where Google engineer Michael Kleber admitted that FLoC may be incongruent with EU privacy legislation. A lack of clarity over who will be responsible for controlling and processing data to create the cohorts, as well as the potential use of FLoC IDs and a current uncertainty over whether internet users can feasibly give explicit consent for how their information is used under the technology could put the cookie-replacement on the wrong side of Europe’s key data laws.

Kleber’s statement was later backed-up by a tweet from Chrome product manager Marshall Vale, which said that the search leader will begin a “FLoC origin trial for users in the US and select other countries, and we expect to make FLoC available for testing worldwide at a later date.” Vale was keen to emphasise that FLoC will make it to Europe eventually, writing in a follow-up tweet that Google “are 100% committed to the Privacy Sandbox in Europe.” (

Not a concrete answer, but for me and several others in this distro hopping lemmy thread, a gateway drug into adopting linux was running a VM on a traditional OS. Perhaps identify groups which promote VM trials would be one approach.

Another gateway seems to be use of linux recovery disks where users boot into linux to recover data on a broken installation.

There may or may not be opportunities to expand reach of those providing these solutions.

In the article, it mentions:

Nobody bit – but as SCO Group had extracted a $50m war chest from investors, there was everything to be gained by carrying on anyway.

This 2016 article calls out Microsoft as a SCO string puller:

SCO’s Linux lawsuit made no sense. Over time it became clear that Microsoft was using SCO as a sock puppet against Linux. Unfortunately for both, it soon became abundantly clear that SCO didn’t have a real case against Linux and its allies. (

with the claim pointing all the way back to 2003: Cyber Cynic: The Microsoft-SCO Connection:

At the end of the present article it asks:

Last time, the fear wasn’t that SCO Group had a strong case, it was that with something so odd and messy in court, anything could happen. This time, the only question is who on Earth is pumping their money into such an uninviting machine?

If its not Microsoft with their newfound love of linux, who would it be?

my only addition is if you happen to have a hidpi screen, check out if your choice does well with fractional scaling. My experience a couple years ago was that Mate for example didn’t do so well but that may have changed.

Nice. I should have checked the date, it came via RSS.

Good, if somewhat idealistic, overview of ActivityPub capabilities across the fediverse.

The no spam rule hopefully covers most of the egregious reposts seen on other sites. It’s difficult to formulate a rule that captures the spirit of “I know a bad repost when I see it”, so something relatively permissive seems reasonable to account the nobody saw it case.

An idea to decentralise a bit is appealing. Not sure about formalising instance as topic ideas or adding additional plumbing for community exploration (a recommended instance list on other instances might be a good step towards some better feature?)

Another thing which might help is creating a third tier to the deny/allow list which allows solo or small instances to post on other instances without necessarily allowing all their content in. Like Deny/Allow/Participate. This would also expose these instances by dint of usernames without building out additional features at this moment. There could be unintended consequences but the current model is not encouraging small instances that don’t want to have to have a vote from the central committee to participate.

Nice ideas, good to see them being put out there.

Maybe not as a commercial product though?

I remember reading an article about this wall penetrating wifi sense a couple years ago:

And worse still, he argues, such tracking can be done surreptitiously because Wi-Fi signals can penetrate walls, don’t require light, and don’t offer any visible indicator of their presence.

I would be happy if they setup shop somewhere else and stay off activitypub. If they come in with opt-in echo chamber prevention analytics, business models, DMCA screening, ID2020, influencers, shadow bans then it’s a giant step backwards.

They were doing this in South Boston as least as recently as 10 years ago, probably still are. As someone who wasn’t parking, it was hilarious to see.

Perhaps advertisers pay a premium on an idea that these trackers and analytics know users better than users know themselves…

Indeed. It probably wouldn’t go over very well if FF surreptitiously rolled out similar ad features through their own experiments infrastructure.

I’m still learning about Google’s federated learning and don’t understand how ad platforms will identify so called cohorts in other browsers

FLoC: for interest-based audiences. The API generates clusters of similar people, known as “cohorts”. Data is generated locally on the user’s browser, not by a third party. The browser shares the generated cohort data, …

It appears there are many working proposals, ideally we could voice an opinion of which is worst for the sake of the unconfigged web.

Additional Info:

[FLoC] addresses category, ads targeting based on someone’s general interests. For personalized advertising … please check out the TURTLEDOVE proposal.

with some bizarre features such as on-device bidding and bring your own untrusted server:

On-device bidding by buyers (DSPs or advertisers), based on interest-group metadata and on data loaded from a trusted server at the time of the on-device auction — with a temporary and untrusted “Bring Your Own Server” model, until a trusted-server framework is settled and in place.

On-device ad selection by the seller (an SSP or publisher), based on bids and metadata entered into the auction by the buyers.

wrt to Firefox, it is interesting to a see a Mozilla rep commenting in the issues

For example, based on Firefox telemetry data the IP addresses of a percentage of our users changes regularly over time. With FLoC those requests that would be presented to the network with different IP addresses … (by Ehsan Akhgari ehsan, Mozilla

and different browser vendors in the draft spec:

The string representation of the interest cohort version is implementation-defined. It’s recommended that the browser vendor name is part of the version (e.g. “chrome.2.1”, “v21/mozilla”), so that when exposed to the Web, there won’t be naming collisions across browser vendors. As an exception, if two browsers choose to deliberately use the same cohort assignment algorithm, they should pick some other way to give it an unambiguous name and avoid collisions. (

Google Is Testing Its Controversial New Ad Targeting Tech in Millions
Hopefully nobody here is still using chrome on personal machines, but good to know > Google’s launch of this trial—without notice to the individuals who will be part of the test, much less their consent—is a concrete breach of user trust in service of a technology that should not exist.

Here is another article Effects of Elevated CO2 on Nutritional Quality of Vegetables: A Review available from NIH

Of the many real existential dangers CO2 poses to life on earth, it doesn’t seem like plant nutrition is one of them.

Soil quality does seem a big factor. It would be interesting to see if a community garden with poor soil still outperforms commercial in terms of taste and potency

What is a good email provider for a custom domain?
What I have found so far: - posteo looks good, but does not support custom domains - tutanota can support it though I somewhat doubt their survivability long-term - proton mail also supports it, but not a huge fan - zoho: tried it years ago and it was ok, [subprocesor list]( has aws and google on the periphery but not core - ? - fastmail: ? - kolab: ? - Mailfence Are there any others to look at? I am not looking to self-host.

An interesting take on browser extensions which hope to prevent fingerprinting With respect to native browser functionality: > Browser vendors have already invested a considerable amount of work into anti-fingerprinting. However, they usually limited themselves to measures which wouldn’t break existing websites... And extensions: > Privacy protection extensions on the other hand aren’t showing as much concern. So they will typically do something like: ``` screen.width = 1280; screen.height = 1024; ``` > There you go, the website will now see the same display resolution for everybody, right? Well, that’s unless the website does this: delete screen.width; delete screen.height; And suddenly screen.width and screen.height are restored to their original values...

NYT says data collection by tech cos should be opt-in
On the heels of Apple’s opt-in tracking policy, NYT is calling for some drastic changes to app defaults. America, Your Privacy Settings Are All Wrong Some highlights: > Despite what corporations profess, much of this personal data is used not to improve products themselves, but to make those products more attractive to advertisers. > Corporations say opt-out provisions put control into the hands of consumers. But users are no more likely to switch off data collection than they are to read through the onerous and lengthy terms and conditions policies that litter the web. Many companies bury their data collection controls deep within their websites. Even if consumers can find them, their choices most likely don’t apply to a company’s subsidiaries or affiliates. > It should not be the role of consumers to make marketers’ jobs easier. Furthermore, there is evidence that such highly targeted advertising isn’t really necessary to support the free web, as technology companies that are against opt-in provisions often argue. > With more people spending time at home, tied to devices that relentlessly track their every keystroke, click and streaming show selection, granting users some semblance of control over their own data is more urgent than ever.

Accidental Wiretaps: The Implications of False Positives By Always-Listening Devices For Privacy Law & Policy by Lindsey Barrett, Ilaria Liccardi :: SSRN (PDF)
Many details in here about nuts-and-bolts operations of digital assistants, companies and contractors that process the data, and legal frameworks surrounding their use. Unfortuanately, much of content is explanation of what is possible vs actual privacy violation cases which have occurred (you may find them in the footnotes which I didn't have time to fully read). They do cover specific cases of contractors reviewing conversation recorded by assistants and being able to identify the speaker. It might be a good reference to have in your back pocket if you ever need to have a debate with others about smart assistants and the attention paid to "The Role of Consent and Reasonable Expectations of Privacy" is particularly relevant as the notion of contact sharing without consent becomes a larger part of the collective consciousness (e.g. Clubhouse invites, etc).

The most interesting part to me started here: > Section 230 Protects Intermediaries That Host Speech: Section 230 enables services to host the content of other speakers—from writing, to videos, to pictures, to code that others write or upload—without those services generally having to screen or review that content before being published. Without this partial immunity, all of the intermediaries who help the speech of millions and billions of users reach their audiences would face unworkable content moderation requirements that inevitably lead to large scale censorship

Big Tech Detective (A new browser extension blocks big tech)
Dabbling with ungoogled chromium*, and reading about this extension I decided to give it a shot. Its not in the chrome store so you need to load it manually. I went to DDG and it immediatedly picked up 8 calls to Microsoft. Pretty interesting, though I haven't looked into what it actually does or if it collects its own data, etc. > Hi there! This page is locked by Big Tech Detective because it loaded a resource from Microsoft > This could have been anything from a font to an ad tracking script. Note that this does not block any of the resources from loading or prevent any of their trackers from collecting your data Requests Within Page > Source # of Requests % Total > Microsoft 8 100% *Don't use google backed apps without adult supervision.

Apparently Apple will proxy Safe Browsing Requests to Google to reduce Google's visibility into iOS users activity. The article doesn't mention what Apple itself does with the information if users should have a proxy in front of apple too ... > But while Google has anonymized URL strings, by sending the link in a cropped and hashed state, Google still sees the IP address from where a Safe Browsing check comes through. > Apple's new feature basically takes all these Safe Browsing checks and passes them through an Apple-owned proxy server, making all requests appear as coming from the same IP address. More information here as well:

favicon supercookies
This idea may have already been discussed in regards to a recent release of Firefox addressing the issue, but it didn't come up in my search. > A web server can draw conclusions about whether a browser has already loaded a favicon or not: > So when the browser requests a web page, if the favicon is not in the local F-cache, another request for the favicon is made. If the icon already exists in the F-Cache, no further request is sent. By combining the state of delivered and not delivered favicons for specific URL paths for a browser, a unique pattern (identification number) can be assigned to the client. > When the website is reloaded, the web server can reconstruct the identification number with the network requests sent by the client for the missing favicons and thus identify the browser. From Firefox "Firefox 85 Cracks Down on Supercookies" > In fact, there are many different caches trackers can abuse to build supercookies. Firefox 85 partitions all of the following caches by the top-level site being visited: HTTP cache, image cache, favicon cache, HSTS cache, OCSP cache, style sheet cache, font cache, DNS cache, HTTP Authentication cache, Alt-Svc cache, and TLS certificate cache. ![firefox](

One of the w3c devs I follow acted on the npm policies repo which I hadn’t seen before. Thought this might be interesting as much attention has been given to GH data collection but not as much npm itself. Not having dug too deep into it, nothing too nefarious stands out but it’s something potentially to watch.

This is from a year ago, but I didn’t see this level of persistence in gathering telemetry before. I am blocking most mozilla tracking endpoints via host file, but that’s a bit extreme. Apparently you can create a custom preference to block it: > The good news is that it is possible to turn off telemetry-coverage if you are one of the lucky 1% selected to have it installed. To do so, you need to manually create a preference to opt out of Firefox telemetry antics a second time. Information on how to do so isn’t so forthcoming, either. It’s buried in the bugtracker for the telemetry-coverage system add-on but has been tested as working by Mozilla’s devs:

If a given free, clean energy was piped into your city and home, how would you use it?
Knowing that this would likely put a strain on other resources such as water and create light pollution, I am not sure what effects this would have on the planet.

What language are you thinking in when reading Lemmy?
For example, I know a tiny bit of French from school, and when I read something like: “Le Brexit, une longue et difficile séparation”, I automatically translate it to English. For non-native English speakers, are you translating Lemmy into another language to think or do think in multiple languages?

oklinks - a meta-agreggator of popular link sharing sites
I tried an install today and the setup and federation is amazing. seeing that first remote search result pop in was a thrill. what amazing work has been done by the dev team! ansible scripts work like a charm, flip switch federation, and an inherited a+ security profile to boot. I will probably remove this instance before the end of the year in favour of another more curated instance once I've kicked the tires a bit. EDIT: This has been shutdown for the time being. I have another personal instance running on a debian server. Great first experience deploying lemmy on vps.