• 0 Posts
  • 32 Comments
Joined 1 year ago
cake
Cake day: August 6th, 2023

help-circle


  • If you block ALL traffic from it? Sure. It’s possible but more involved and requires the right hardware to block their tracking domains while leaving streaming apps working.

    It’s best not to use smart TVs as well smart TVs. The apps they have are almost always slower or inferior in some way to the versions you get on streaming devices, updated less often, etc. I recommend pairing a TV with a quality streaming device like an Nvidia shield (or shield pro) or an AppleTV*. Alternatively if you want something a little cheaper in Androidtv space there is the Walmart brand Onn 4k pro.

    *warning with Apple is while they’re pretty good on privacy (meh, there are no excellent choices that support streaming apps in 1080p quality) and don’t have ads their app-store is a bit more locked down. They have all the major streaming services but if you do high seas type stuff it will be more involved and difficult. Though if you have a local media collection (source your own discs or high seas) and run Plex or Jellyfin they have apps for both of those that work great as well as Infuse which usually requires a subscription unless you don’t need 4k or any proprietary audio codecs like dolby for any of your media. I personally can say I enjoy my AppleTV 4K and I think it’s a great device but I run my own media-server and have some common streaming services I pay for.


  • Just beware last I checked they’re not very active compared to the reddit. Getting into a lot of trackers on open signups tends to rely on someone posting about it within hours of it happening. Unfortunately less people use lemmy so they’re less likely to post about it here, it’s not like they have some person in all the trackers who keeps an eye out, it’s entirely up to someone noticing and making a post. Some may open for only 24 hours (hawke tends to I think).

    So regardless of where you see something open, if you have a place you want, I recommend signing up immediately within minutes rather than waiting even an hour as you never know how long it’s been open before it was posted about or how soon it will close. Just make sure you read the rules and any newsposts for new users within the first 24 hours if you can as some places may require activity in the first 24-48 hours for new accounts.


  • I’m pretty sure the megathread lists a website that tracks signups though in my experience it’s not as good as the subreddit. You really just have to watch that space. (Focus especially on checking daily through the winter months, in my experience lots of places open up around Christmas though around Christmas is pretty vague, some will open up around last week of or mid November, others early December, others in early January so it’s a patience game). You can create an rss feed for the sub so get just the posts fetched for you when they occur.

    TL is one of the best. If you need help filling some holes I’d strongly recommend the semi-private rutracker. You can sign-up using browser translation tools and then add it your search stack (it has jacket support) and search using English titles. It’s surprising how many seeded BD remuxes you can find there, they even have stuff I haven’t found on any other PT’s below PTP level. As it’s semi-private there are no real requirements for seeding or ratio though they do track that stuff on your account and give little badges for helping seed. Rutracker also as the other commenter mentioned is pretty strong on CD-rips and music. They’re very weak on western TV though.

    LST is really good. Strong requests and great bonuses system just for keeping seeds going. They have freeleech on open signup and there’s a pool people can fill up to enable it routinely as well. Points can be traded for upload credit so even if you don’t succeed in actually seeding you can maintain ratio. Be sure to check out their Christmas advent calendar (TL does this too) for free points, some people get lucky and get millions of points and you’re sure to get thousands, probably tens of thousands just for checking in daily in December and that can easily boost you to enough credits to buy enough upload to get over a TB. Once established it’s not at all a tough tracker though I’d still prefer TL over it if they have the same stuff because TL has a lower size threshold for automatic freeleech and a lower ratio req.

    The AvistaZ network of sites can be pretty good for obscure content but they’re stricter than I’d like as they require login every 60 days and download of a torrent every 3 months or you get banned which seems easy but if you’re not using them for much it becomes a chore you have to maintain and if you’re on multiple of these sites it applies independently. Cinemaz in particularly is good if you have tastes for arthouse, obscure, and foreign films that you’re struggling to find elsewhere. It doesn’t have mainstream releases though. AnimeZ is pretty good for anime though generally most stuff can be found on nyaa or other open sites. PrivateHD is fine, I find myself mostly finding stuff on TL and choosing it over their listings but occasionally they have a better version of something. Their old rules were better, you could go longer with some inactivity that was more realistic.

    If you like old western cartoons then something like Oldtoons would be a great idea to try and get into. That or a general old content specializing tracker though I can’t mention the one I’m familiar with by name as they prefer not to be talked about.

    If you see hawke uno opening up I’d suggest joining them as well. More encode focused, heavy focus on HEVC but they have an awful lot of stuff from their internals including TAoE and HONE and lots of cross-seeding ability as most QxR stuff gets uploaded, no ratio, just points system and you get a bunch at the start, earn more by seeding, keeping a lot of stuff seeding and you’ll never want for the ability to download or worry about running out.



  • Cons:

    You absolutely cannot get 2FA authenticator codes from 90% of services. Many services that require a phone number even without 2FA just for “verify you’re a human” or because they want your data or to verify region use shortcode services that also will not work with ANY VOIP provider.

    You will not receive their codes. These companies vary from banking institutions to gaming companies to online shopping marketplaces and stores to a Google account (used to be you could get an automated phone call to verify an account, not anymore, must be able to receive SMS from shortcodes that are disabled for VOIP numbers to register and to recover an account) just about anyone you could end up doing business with.

    A shockingly large amount of companies demand phone numbers and send verification texts before allowing you to do business with them, to create an account, to recover an account, to delete an account, to place an order, etc.

    They really shouldn’t, it’s a bad security practice but companies love it because with a phone number they can lower support costs by just allowing people to do a self-service where they get an automated text and can unlock their locked account. They also love harvesting that data and preventing anonymization with VOIP numbers and the reduction of fraud and increase of reliable KYC that comes with requiring them.

    And they all take it as a given that EVERYONE or at least 99% have a cell plan with a non-VOIP number that works with these and the 1% who don’t they don’t care about in the developed world and are an acceptable loss.



  • Take a look here for some alternatives:

    https://dessalines.github.io/essays/why_not_signal.html#good-alternatives

    • Matrix
    • XMPP
    • Briar
    • SimpleX

    Also just because there are no alternatives doesn’t mean your default position should be we just have to trust whatever exists now because it’s good enough. Or that we can’t criticize it ruthlessly, distrust it. Call it out and as a result of that build perhaps the desire for something better, a fix as it were.

    The evidence and history clearly points towards Signal being very suspicious and likely in bed with the feds. This is not conspiracy thinking. Conspiracy thinking is thinking that the country/empire that gave away old German engima machines whose code they’d cracked to developing countries without telling them they’d cracked it in the late 40s/early 50s, that went on to establish a crypto company just to subvert its encryption. That’s done everything Snowden revealed has in fact changed suddenly for the first time in half a century for no particular reason and not to its own benefit. That’s fanciful thinking. That’s a leap of logic away from the proven trends, the pattern of behavior, and indeed the incentivizes to continue using their dominant position to maintain dominance and power. They didn’t back down on the clipper chip because they just gave up and decided to let people have privacy and rights. They gave up on it because they found better ways of achieving the same results with plausible deniability.

    Also why is everything “tankies” with you people. Privacy advocates point out the obvious and suddenly it’s a communist conspiracy. LOL






  • Lot of cope and denial in these threads. Yes the same-day is probably a rosy estimate based off people using 6 digit codes or something easy to crack, doesn’t mean it’s false or that they can’t hypothetically target longer alpha-numeric passwords. For all we know they might not even be brute-forcing and could be conducting some sort of exploit that over time reveals the encryption keys themselves in some way.

    I’m still very curious about the nature of the mechanisms of action. I assume they manage to bypass the basic lock-out against entering too many passcodes too quickly somehow which is what enables this. If throttling could be properly enforced (to say nothing of something like 10 attempts and it refuses all future attempts and erases the key type of thing) this type of attack wouldn’t be practical for anyone using anything above a 6 digit numerical passcode in any reasonable timeframe. I wonder if they exploit wireless radios including cellular, wifi, bluetooth and force some code on the phones via these usually-on chips that enables this via exploiting problems in their architecture. Perhaps something that locks up, prevents functioning or resets certain checks via flooding parts of the hardware/software from these points of access. Or if it really is purely phy/log access to the lightning/usb-c port.




  • There is just no excuse for not even salting or SOMETHING to keep the secrets out of plaintext. The reason you don’t store in plaintext is because it can lead to even incidental collection. Say you have some software, perhaps spyware, perhaps it’s made by a major corporation so doesn’t get called that and it crawls around and happens to upload a copy of a full or portion of the file containing this info, now it’s been uploaded and compromised potentially not even by a malicious actor successfully gaining access to a machine but by poor practices.

    No it can’t stop a sophisticated malware specifically targeting Signal to steal credentials and gain access but it does mean casual malware that hasn’t taken the time out to write a module to do that is out of luck and increases the burden on attackers. No it won’t stop the NSA but it’s still something that it stops someone’s 17 year old niece who knows a little bit about computers but is no malware author from gaining access to your signal messages and account because she could watch a youtube video and follow along with simple tools.

    The claims Signal is an op or the runner is under a national security letter order to compromise it look more and more plausible in light of weird bad basic practices like this and their general hostility. I’ll still use it and it’s far from the worst looking thing out there but there’s something unshakably weird about the lead dev, their behavior and practices that can’t be written off as being merely a bit quirky.


  • I wish they would just push all the big mainstream porn sites to remove the most abusive misogynistic content rather than slapping these checks on everything.

    Also this will never be okay until there is a zero knowledge version that means neither the government, nor the sites, nor any other party can establish a given person’s habits which is probably not something they’ll ever do because tracking is probably part of the point.

    I’m not a fan of the easy access to porn that kids have or the proliferation of the industry in general but I am worried that as part of this harmless things like erotic roleplaying websites will be swept up as part of it and well I use those. And their point is not porn though some people host and share porn as part of it (which is why it’d get swept up with it eventually probably), it’s about writing, smutty, erotic writing. And I’d rather not have to tie my identity to my desires to roleplay out an elf who ends up making “friends” with the wolf-men tribe to my real life identity (I’m not claiming that’s something I do there but it’s an example of something that would be kind of embarrassing for others to know and it’s far from the weirdest stuff that goes on in places like that).

    Government having credits for how often I could say log in and continue a long-term erotic writing campaign with someone is just weird but that’s the end point of this kind of thing. Having credits seems not helpful anyways, the true porn addicts are just going to download stuff then share it in private forums, discords, p2p, etc. If the point is to stop kids from accessing this the credits thing seems odd.


  • So first it’s client-side scanning for CSAM. Not without some nobility. But the problem is once you wedge open that door it’s technically possible to do it for other things and so you become compelled to.

    It’ll move from just CSAM to stopping and tracking “propaganda” as deemed by them which will be narrow-ish at first (anything pro-Russia, RT links, etc) but gradually expand over time to anything outside the mainstream branded as extremist (and guess what, privacy advocates will definitely fall within that label). And once that’s in place the private stake-holders, copyright holders will come knocking, they’ll say rightly so “hey you have the capability right now, we demand you implement client-side scanning to detect copyright violations” and then that will be ordered by a court, further enshrined by a law and oh look now you can no longer send political thought that the ruling regime disagrees with, can no longer surf the high seas, and so on and so forth. Congratulations and please enjoy living in the “garden” of Europe.