I’d also assume that ublockorigin will stop most of this in its tracks.
I'd love a reference on that. I didn't think it did anything like that.
Firefox containers and good browser hygiene can, but if you slip up...
Readit NewsRelevant paragraphs:
> How this de-anonymization attack works is difficult to explain but relatively easy to grasp once you have the gist. Someone carrying out the attack needs a few things to get started: a website they control, a list of accounts tied to people they want to identify as having visited that site, and content posted to the platforms of the accounts on their target list that either allows the targeted accounts to view that content or blocks them from viewing it—the attack works both ways.
> Next, the attacker embeds the aforementioned content on the malicious website. Then they wait to see who clicks. If anyone on the targeted list visits the site, the attackers will know who they are by analyzing which users can (or cannot) view the embedded content.
> The attack takes advantage of a number of factors most people likely take for granted: Many major services—from YouTube to Dropbox—allow users to host media and embed it on a third-party website. Regular users typically have an account with these ubiquitous services and, crucially, they often stay logged into these platforms on their phones or computers.
Isn't this one of the older forms of de-anonymization? And this is pretty visible to the user too, embeds hint to even non-technical people they can be tracked across websites.
Lots of companies do this. I've seen it on HN even. We probably should consider it an attack, but there's no way regulators will go for it. There are counter measures against it though, but I doubt anything is foolproof
cookieperson commented on Sensor Fingerprints: Camera Identification and Beyond link.springer.com/chapter... · Posted by u/haltingproblem
A problem I see is that someone could denoise an image and then add adversarial noise so that it resembles one of these signatures.
Removing noise is difficult if not impossible. The best someone could probably do is find a sensor whose noise characteristics are a superposition of their cameras and another additive distribution. There are simple ways to defeat this, but it's best not to share them, as I think the only people ruñning from this kind of tracking would be sketchy criminals.
cookieperson commented on Was modern art a CIA psy-op? (2020) daily.jstor.org/was-moder... · Posted by u/areoform
That's a wildly overstated headline. Modern art goes back to the early 19th century and there were artists and patrons across the world long before the CIA. It's entirely plausible that they saw the rise of modern art as a useful vehicle to propagandize but it's ridiculous to say the entire thing was an OP.
This. Sure all three letter agencies need avenues to shuffle large somes of grey and black market cash around, art is convenient for that... Music and movies too. An extra plus for hiding messaging and all that... But I wouldn't view these operators to be as all encompassing as stories like these make them out to be... The next step is crap like "Leonardo da Vinci was actually a cia spy recruited by the freemasons", and once you go that far you're one cardboard sign and a roll of tinfoil away from an institution.
cookieperson commented on OpenAI Cybersecurity Grant Program openai.com/blog/openai-cy... · Posted by u/staranjeet
Wait 'til they find out that the kind of stuff they build is way easier to apply to attack than to defense...
Yup. Defense is mostly technical nuance. Attacks outside of academia often rely on the weakest links, distracted or scared humans. Chatgpt and LLMs like it can easily mass phish or otherwise thousands of targets in a matter of seconds. Can also be used for OSINT on human targets... Combine the two and ransomware will be a true cottage industry ran by script kiddies.
That said there are things they could do to prevent this. They won't do them, it'd be costly research... But they could.
cookieperson commented on Rust has been forked to the Crab Language github.com/crablang/crab... · Posted by u/max_
They aren't working under the current leadership. None of them work on Rust and none of them plan to work on Crab. There is no point acting like five minutes fiddling with sed is the start of something big in the first place, but especially when the authors explicitly state that they aren't planning on starting anything.
If you check my posts on this subject I never said anything about this being big. I even said it'd probably fail.
I didn't know the authors had no intention of not doing anything with the repo. In which case it's just someone trolling. Which is also not a big deal.
cookieperson commented on Rust has been forked to the Crab Language github.com/crablang/crab... · Posted by u/max_
They're not doing their own thing. They're doing the same thing with a different name and have no intent to contribute original patches that don't change the name. It takes about two seconds in GitHub's UI to fork, and about five minutes of fiddling with sed to change it to the degree that they changed it.
Maybe they have a different vision for it. And sometimes people prefer to work under different conditions. The ends don't justify the means. People jump from one insurance company to another insurance company for changes in leadership every day. If these people don't want to work under the current leadership I'd say they aren't doing the same thing.
OSS is a free thing. They can do what they want.
cookieperson commented on The FBI as advanced persistent threat theregister.com/2023/05/3... · Posted by u/jjgreen
1. What advertising companies have been abusing power too. Two wrongs do not make a right.
2.
Plenty of examples of 3 letter agencies abusing their powers if you search.
EFF, reason.com, and the register usually make a point of reporting on it.
eg: https://www.eff.org/wp/patterns-misconduct-fbi-intelligence-...
https://reason.com/2023/05/17/the-durham-report-is-right-abo...
For example spying on (ex) girlfriends, seeing people in various state of undress (cameras in devices) etc.
https://www.eff.org/deeplinks/2015/01/government-releases-do...
You may not realize this but, every cellphones gps is tracked and bought and sold to various companies every day. Every minute of your physical location and identity. Every ad you see, your search interests, also for sale by the petabyte. Your browsing habits, your purchases, even your social media data has likely been bought and sold. Your ISP also sells your data, likely to advertisers.
The FBI actually recently purchased a bunch of this kind of data because the governments restrictions would t allow for it any other way.
cookieperson commented on I have gained admin access to numerous GCloud Organizations by accident · Posted by u/anon223345
Just be careful y'all. Even though something is a bug or a mistake you could get in bigtime shit over it, or a bill.
Completely removing noise is difficult-to-impossible. Attenuating the noise enough to impart a new noise pattern is much easier, though (not saying it's easy, just easier).
I did this sort of thing decades ago as part of larger system used for research.