Readit News logoReadit News
lovethevoid commented on You-get: Dumb downloader that scrapes the web   github.com/soimort/you-ge... · Posted by u/Anon84
fnoobnar · a year ago
I’m not sure I understand why Bandcamp is on the list of supported sites: they allow you to just download the files on the condition you first pay the artist for them.

The fact you can download it with this tool is because the artist is letting you listen to it for free before buying it. Downloading it with this tool seems totally unnecessary and a bit of a jerk move. Bandcamp hosts mostly small and independent artists and labels.

lovethevoid · a year ago
Their list of supported sites isn't a declaration of where you should use this tool for moralistic reasons. It's just a list of popular sites it works on.
lovethevoid commented on Send: Open-source fork of Firefox Send   send.vis.ee/... · Posted by u/leonry
Arubis · a year ago
Best of luck to the author! My understanding is that anything that makes large file sharing easy and anonymous rapidly gets flooded with CSAM and ends up shuttering themselves for the good of all. Would love to see a non-invasive yet effective way to prevent such an incursion.
lovethevoid · a year ago
For Firefox Send, it was actually malware and spearfishing attacks that were spread.

The combination of limited file availability (reducing the ability to report bad actors), as well as Firefox urls being inherently trusted within orgs (bypassing a lot of basic email/file filtering/scanning), was the reason it became so popular for criminals to use. Like we've seen in the spearfishing attacks in India[1].

[1]: https://www.amnesty.org/en/latest/research/2020/06/india-hum...

lovethevoid commented on Stripe in talks to acquire Bridge for $1B   techcrunch.com/2024/10/17... · Posted by u/pseudolus
lovethevoid · a year ago
This is Bridge leveraging failed talks for future funding rounds or in hopes of finding another faster buyer. Stripe has been making a plethora of acquisitions recently, but have kept all of them quiet and mostly directed towards tiny teams that were covering blind spots for Stripe.

I just don't see how any of that aligns with Bridge, not when Stripe has already been implementing crypto related features and is well positioned to offer everything Bridge does without the $1B purchase cost for a company that can only get valuation at 200m.

lovethevoid commented on Using Cloudflare on your website could be blocking RSS users   openrss.org/blog/using-cl... · Posted by u/campuscodi
capitainenemo · a year ago
Odds are they have Resist Fingerprinting turned on. When I use it in a Firefox profile I encounter this all over the place. Drupal, FedEx.. some sites handle it better than others. Some it's a hard block with a single terse error. Some it is a challenge which gets blocked due to using remote javascript. Some it's a local challenge you can get past. But it has definitely been getting worse. Fingerprinting is being normalised, and the excuse of "bot protection" (bots can make unique fingerprints too, though) means that it can now be used maliciously (or by ad networks like google, same diff) as a standard feature.
lovethevoid · a year ago
I also use Mullvad Browser (a browser based on Firefox), and it supports resisting fingerprinting without any of those blocks. Tried it on Drupal and Fedex. Loads Cloudflare sites normally.

I'm guessing if it's really Resist Fingerprinting on Firefox (something Mullvad also has on by default), then there are other settings that aren't being enabled causing the issue. Mullvad actually lists the settings related to resisting fingerprinting here - https://mullvad.net/en/browser/hard-facts

lovethevoid commented on Using Cloudflare on your website could be blocking RSS users   openrss.org/blog/using-cl... · Posted by u/campuscodi
mzajc · a year ago
coveryourtracks.eff.org is a great service, but it has a few limitations that apply here:

- The website judges your fingerprint based on how unique it is, but assumes that it's otherwise persistent. Randomizing my User-Agent serves the exact opposite - a given User-Agent might be more unique than using the default, but I randomize it to throw trackers off.

- To my knowledge, its "One in x browsers" metric (and by extension the "Bits of identifying information" and the final result) are based off of visitor statistics, which would likely be skewed as most of its visitors are privacy-conscious. They only say they have a "database of many other Internet users' configurations," so I can't verify this.

- Most of the measurements it makes rely on javascript support. For what it's worth, it claims my fingerprint is not unique when javascript is disabled, which is how I browse the web by default.

The other extreme would be fixing my User-Agent to the most common value, but I don't think that'd offer me much privacy unless I also used a proxy/NAT shared by many users.

lovethevoid · a year ago
Randomizing to throw trackers off only works if you only ever visit sites once.

But yes, without javascript a lot of tracking functions fail to operate. That is good for privacy, and EFF notes that on the site.

You can fix your UA to a common value, it's about providing the least amount of identifying bits, and randomizing it just provides another bit to identify you by. Always remember: an absence of information is also valuable information!

lovethevoid commented on Salesforce CEO Marc Benioff blasts Microsoft's Copilot: 'It just doesn't work'   fortune.com/2024/10/17/sa... · Posted by u/breadwinner
RHSeeger · a year ago
Co-pilot as in github copilot, available in IntelliJ? Because I find that to be pretty fantastic.
lovethevoid · a year ago
Copilot as in Microsoft Copilot
lovethevoid commented on We outsmarted CSGO cheaters with IdentityLogger   mobeigi.com/blog/gaming/h... · Posted by u/mobeigi
retentionissue · a year ago
Catching/stopping people who want to cheat for profit is something I personally think is never going to happen.

For a time, I would buy keys for CS:GO and different Steam accounts and use a subscription based cheat provider to provide me with ESP/chams on screen. I knew that overwatch/admins would be seeing the demos as the accounts were new Starting from unranked meant you would be under scrutiny already so I adjusted my playstyle.

I learned not to linger around looking at walls. People's movement patterns and decision making eventually became predictable as I reviewed demos or learned in the middle of a match how players have habits and abused that information. I was able to determine when to throw a round away to avoid suspicion and deliberately ensured I had a string of 2/3 bad games every so often so my K/D wasn't insane. I never used any aim assists, spinbots etc., and I always, always communicated with my team through ingame VOIP (not giving cheat calls) and maintained a legit facade.

I went undetected for nearly 2 years and sold hundreds of CS accounts successfully and made a tidy profit doing it. It's another string of the gaming industry that brings in money and it will never go away.

I like to think of it as an online drug war, however insensitive that may seem.

lovethevoid · a year ago
At that point, you're putting more effort into cheating than regular players do at playing the game lol
lovethevoid commented on Using Cloudflare on your website could be blocking RSS users   openrss.org/blog/using-cl... · Posted by u/campuscodi
neilv · a year ago
Similar here. It's not unusual to be blocked from a site by CloudFlare when I'm running Firefox (either ESR or current release) on Linux.

I suspect that people operating Web sites have no idea how many legitimate users are blocked by CloudFlare.

And. based on the responses I got when I contacted two of the companies whose sites were chronically blocked by CloudFlare for months, it seemed like it wasn't worth any employee's time to try to diagnose.

Also, I'm frequently blocked by CloudFlare when running Tor Browser. Blocking by Tor exit node IP address (if that's what's happening) is much more understandable than blocking Firefox from a residential IP address, but still makes CloudFlare not a friend of people who want or need to use Tor.

lovethevoid · a year ago
What are some examples? I've been running ff on linux for quite some time now and am rarely blocked. I just run it with ublock origin.
lovethevoid commented on Using Cloudflare on your website could be blocking RSS users   openrss.org/blog/using-cl... · Posted by u/campuscodi
mzajc · a year ago
I randomize my User-Agent header and many websites outright block me, most often with no captcha and no useless error message.

The most egregious is Microsoft (just about every Microsoft service/page, really), where all you get is a "The request is blocked." and a few pointless identifiers listed at the bottom, purely because it thinks your browser is too old.

CF's captcha page isn't any better either, usually putting me in an endless loop if it doesn't like my User-Agent.

lovethevoid · a year ago
Not sure a random UA extension is giving you much privacy. Try your results on coveryourtracks eff, and see. A random UA would provide a lot of identifying information despite being randomized.

From experience, a lot of the things people do in hopes of protecting their privacy only makes them far easier to profile.

lovethevoid commented on FIDO Alliance publishes new spec to let users move passkeys across providers   fidoalliance.org/fido-all... · Posted by u/Terretta
jakub_g · a year ago
Something that is not clear to me about passkeys and makes me uneasy to start using them:

Are passkeys replacing passwords, 2FA, or both?

What if I created a passkey on some device, lost that device, and my passkeys aren't cloud-backed-up? Would I be able to recover my account, or it's doomed? Or does it depend on how a given website implemented it?

lovethevoid · a year ago
Two things:

You kind of have to go out of your way to not have your keys backed up. By default, the easiest route is using your android or iphone and both of them back the keys up using icloud Keychain or google password manager. 1Password, bitwarden, all support syncing. Chrome will allow saving it to icloud or your google account. Keepass can be manually synced. Windows is adding sync in the next update for windows hello. List goes on.

The other thing is that multiple keys can be created. Easiest way to see this in action is google's account security settings. Log in (if you have an account), hit create passkey, see your options and play around with them. You'll also see you can add a hardware security key too, which isn't nothing new but if you have one that's another key that doesn't rely on a mobile device!

If all else fails, the usual account recovery process applies. Much like it would if you forgot your password.

l

u/lovethevoid

KarmaCake day438May 31, 2024View Original