Re: [Trisquel-users] OT Good Books?, init process
http://www.linuxfromscratch.org/
Re: [Trisquel-users] Pretty new..
> GA consists of JS code that the site owner adds to each web page on which they want to track you. I explained in another post that it is possible to be tracked by GA even if the site has no JS at all - through GA's API which can be implemented server side (i.e. inside a PHP or Python script). Of course it is more limited as it can't capture the data which JS captures (i.e. screen resolution) but the point is - just because you don't see any JS code on the front end doesn't mean that the site doesn't send data to Google. There are also similar tracking techniques for Facebook which can be implemented without JS and without any like buttons. As I said in earlier posts - it is not so simple to escape tracking and you cannot do it simply by blocking things in your browser. My personal site doesn't have any of that that (= with JS off nothing is sent). I am explaining all that just for your info. What I currently have was implemented long ago, before I was aware of the privacy mischief which companies do. In any case after May 2018 EU GDPR comes into force so my plan is to first read that whole 88p. document and make more in-depth changes for all sites which are under my control, not just some cosmetic front-end stuff. Although that needs time as I am quite busy, one thing is sure - things won't stay as they are. Meanwhile you can hate me.
Re: [Trisquel-users] Any plans to dump systemd ?
https://en.wikipedia.org/wiki/Systemd#Criticism http://www.zdnet.com/article/linus-torvalds-and-others-on-linuxs-systemd/
Re: [Trisquel-users] Pretty new..
In a previous post I have given quite clear answer to this. There is no "case" and nothing needs the justification or condemnation of a self-appointed judge. GA will be removed, later, when I have time - this has been considered long before some forum troll decided to spit on something for which he has zero contribution. Privacy concerned people always browse the web with JS disabled, so that does not affect them in any way. If you are concerned about being spied upon there are much more serious things you should consider.
Re: [Trisquel-users] Free software foundations problems
> This forum (trisquel-users) is dedicated to topics related to Trisquel and its usage. "tcpdump" shows different :) > Also there are sometimes semi-offtopic posts which are downvoted. As well as fully off-topic posts which are upvoted just because the source is a particular nick name. On a well moderated forum that wouldn't survive but unfortunately some people obviously consider freedom of speech synonymous to freedom of trolling and feel the urge to own each and every discussion for the purpose of manifesting their own authority. (yet object centralization... verbally)
Re: [Trisquel-users] Free software foundations problems
I am not.
Re: [Trisquel-users] Free software foundations problems
Why don't you compare for yourself and share the result? There is nothing complicated. I have already explained how I test (in web browsers thread).
Re: [Trisquel-users] trisquel-users mailing list mirrored to news.gmane.org newsfeed
Thanks. > When I give a mail address and server other than my default one, it is same here. I tried with my actual email address. No idea why it didn't work.
Re: [Trisquel-users] Free software foundations problems
> You're so full of shit. Thank you. You are a marvelous person.
Re: [Trisquel-users] Free software foundations problems
> LOL, dude > You're so full of shit. Thank you. You are a marvelous person.
Re: [Trisquel-users] Web Browser
After some help from devs I was able to run the program. Unfortunately it seems unable to open any site using SSL. There are no any background chattering connections but still it seems quite limited and the interface is not really anything I am used to (there is practically no humanly UI). Perhaps worth considering in future when it becomes usable.
Re: [Trisquel-users] trisquel-users mailing list mirrored to news.gmane.org newsfeed
> @heyjoe I think you will find this newsgroup quite stimulating. ツ Thanks. Now I can get high lol. BTW I wouldn't see this as I am not subscribed to the mailing list, so it's a coincidence that I looked at this thread. Speaking of which: Did you get my email from the other day? I sent it to your yahoo address which I found on this mailing list. FWIW: > Press [Auto-configure] button gave me "Failed: no service record found." Anyway I proceeded without that (TLS works)
Re: [Trisquel-users] Free software foundations problems
https://trisquel.info/en/forum/pretty-new#comment-128424 One day soon this site will not use GA but you will still be a https://en.wikipedia.org/wiki/Troll_%28Internet%29 Your conclusion that a micro site with less than 500 visitors monthly (non of which uses privacy respecting browser) which *temporarily* uses GA is of a comparable scale to Google's mass data collection is genial beyond belief. You deserve a medal for finding that ultimate dishonesty. You should also put Snowden, Assange, Wikileaks, EFF, The Tor project and many others on your wall of shame as they use Twitter and all the people who follow them are constantly being tracked. Then the ultimate perfection of your highness will shine in its full power.
Re: [Trisquel-users] Pretty new..
> Yet you took the time to subscribe to Google Analytics and to add their proprietary JavaScript to your website. How I spend my time and what I put on my website is not your business, especially considering that nobody has forced or even indirectly invited you to visit it (and even less to analyze it publicly). This thread is not about "What do you Magic Banana think about person X and his site". > That is just disgusting. Your non-stop unsolicited personal critiques, trolling at another across threads, cross-linking and cross-quoting unrelated things and wasting my time to clean up the mud you are throwing is the most disgusting thing here. What a wonderful and ethical behavior.
Re: [Trisquel-users] Free software foundations problems
> I would say it is better than Chromium at least. You cannot say that because as per your words you know very little about Chromium. > Apparently it only reveals your ip address which is easily revealed anyways. No. There is more to it.
Re: [Trisquel-users] Free software foundations problems
> It's already been explained to you that Google learns nothing about you from this behavior. I guess the experts who explain this are Google internals who have personally checked that. > They know that your IP address is running a Web browser. Big whoop. It is not Google's business to know my IP address when I am visiting fsf.org. It is my own business only. > I think the benefit of protecting people from malicious websites, scamming, phishing, etc is much more important than not letting Google know that you're running a Web browser, the same as practically everyone else on the planet. You are simply buying what they are selling you, without even thinking about it. Of course they will tell you how useful it is and all that nonsense. But this "protection" tool is a method for censoring. I have seen it blocking access to sites which have nothing malicious on them. > It's like worrying that the gas company knows you're running the stove. No. It is like letting the gas company know where your stove is, exactly when you are using it, what you are cooking and allowing the gas company to control whether you are worth receiving that gas for the particular meal you are cooking or not.
Re: [Trisquel-users] Free software foundations problems
Have you read it? "Iridium has Google Safe Browsing enabled by default. This means within 5 minutes after start and then periodically every 30(?) minutes, a request to iridiumbrowser.de (keeps a cache of the GSB data) is made to update the safe browsing database." I am so sick of that "safe" monitoring and all the justifications for it. Also (as discussed previously) if they are scraping and keeping cached copies of GSB data on their site that seems to be a legal issue because it conflicts GSB's terms: https://developers.google.com/terms/#e_prohibitions_on_content BTW there is also: https://github.com/Eloston/ungoogled-chromium which disables safe browsing. I have not tested any of these two.
Re: [Trisquel-users] Web Browser
https://www.reddit.com/r/firefox/comments/7x59ey/firefox_making_requests_without_consent_even_in/
Re: [Trisquel-users] Pretty new..
> You apparently think that "all CSS" is some kind of "infection". You should really stop telling me what I think, especially when I don't think it. > Let us take your website as an example Let us not. > Without it, your site becomes much uglier: http://dcc.ufmg.br/~lcerf/anchev_no-css.html I don't think anyone has given you permission to copy anything from the site and upload it to another host. But of course - you are "ethical". > I blanked all pictures. I guess that makes you even divine. > Although you told me in https://trisquel.info/forum/web-browser?page=5#comment-127512 that I have "a serious mental disorder" for distributing my scripts under the GPLv3+ (that allows copying), In that post it was said: "I am simply allergic to people deliberately twisting the meaning of what is being said. It's time wasting and annoying." (I still am) "Protecting forum posts with copyright and licenses is insanity." (Yes, it is) "If 2 people communicate by handling a copyright notice and a license for what they share this is not a moral stance but a serious mental disorder." which is quite different from "Magic Banana, you have a serious mental disorder". > I am afraid your judgment may suddenly change when it comes to copying your pictures. These are not "my pictures" (with a few exceptions). This is content which is copyrighted and the copyright doesn't belong to me. So it would be illegal and morally incorrect to disrespect the copyright owners just because some random member on some forum considers this wrong according to his poorly informed judgement. > Anyway, *some* (not "all") CSS can allow third parties to track the visitor. "BTW you can get tracked through CSS too. I don't know if Midori can block all CSS." is different from "All CSS can allow third parties to track the visitor" You seem to have some serious reading disability. You always split everything into pieces, add some tint to them and then recombine them into something new. > However, if the website uses Google Analytics, that does not make much of a difference for most users, who will execute that proprietary JavaScript and be tracked (how disgusting!). You know, like on your site: https://anchev.net/home.js I don't see anyone inviting you to the table, so your shitting on it is the only disgusting thing here. FWIW (not that I owe anyone an explanation): this website was made on a quick notice, using a ready made template. The majority of the visitors are using Mac OSX, Windows, Google Chrome, (not hardened) Firefox, Android and iPhone to browse it, so by visiting this particular site they are surely not more or less exposed than they otherwise are. Regardless of that there will be a new version of the site which will come online when it is ready. Perhaps I could accelerate that if I stop answering to people who have nothing better to do but to troll at others on a personal basis.
Re: [Trisquel-users] Free software foundations problems
> RMS' answer looks clear: for him, the telemetry component has never been the problem; extensions that could access Firefox's internals (including trigger the collect of sensitive data through the telemetry component) were. WebExtensions has *solved* that problem: "no issue with this at this point". In RMS's replies there is no single word about telemetry or what is a problem for him. "no issue with this at this point" are not words by RMS but by the developer.
Re: [Trisquel-users] Free software foundations problems
> Yeah, one question comes to mind, do you have noscript when doing these tests? No but all tests were made with javascript completely disabled in the browser itself. I have shared how I do the tests in the web browsers thread. > I know very little of chromium so I really cannot comment (...) Chromium I don't think has something on the same level of configuration and security as that. You see - you don't know, you have not even read what was shared here previously, you have not checked for yourself, yet you compare levels of security of things you don't know about. This is how legends emerge. In Chromium you have full control and can disable JS per site. In Firefox/forks you don't have that (it is a global setting only). Perhaps it would be better to comment browsers in the web browsers thread as this one has become a mess.
Re: [Trisquel-users] Free software foundations problems
> Actually, I was more talking about the forks then firefox itself. I have provided factual tests for the forks too. > Okay, Well it just seemed suspicious that you attacked firefox forks too. Because essentially, if you attack firefox forks even, you basically have nowhere to move to... The forks inherit the codebase from FF. For IceCat in particular I have investigated more thoroughly than for any other by looking at the actual code repository. You can find my comments here: https://trisquel.info/en/forum/web-browser?page=4#comment-127390 > Unless lynx is your fix, lynx is not a fix but an overkill. I don't have a fix. There are only workarounds (particular settings) which I have shared in the web browsers thread. Or you could follow Abdullah's strategy (with caveats too). > Okay, well I thought wrong I guess, its just kind of strange that someone would attack both firefox and chromium I don't know why you use the word attack. I am not exercising violence on anyone. Rather: sharing findings and disagreements. > as if they were both on the same level... They are not. I have explained in full detail everything I have found. Additionally Magic Banana shared some findings about licensing and specific obfuscated code. So license and privacy wise - they are both imperfect by default. The difference in favor of Chromium (configuration wise) is that it is easier to achieve the zero packet privacy level. This is confirmed by the short tcpdump test but not by any extensive, in-depth or lengthy investigation which would reveal if any of the browsers communicates with the companies in a disguised way (which I doubt but don't exclude completely as a possibility). Also Chromium devs don't close the bug report about it and admit it should not communicate without need. That must not be extrapolated and associated easily to the general mischief which both corporations are involved in on a different level. This is just browser test and nothing else. > When firefox is actually somewhat better on its own... With tweaking and without... You have probably read too many articles which say that Mozilla is your friend. > Okay, does RMS plan to have the problems fixed? I would guess he would if it is a problem otherwise, he would find a better fix that is more substantial than the one the developer has. He has not shared any plans with me. All he said was 1 sentence: "I asked the developer to tell me what's going on." and when later I asked him to take a look at the bug reports at Mozilla and share with everyone that Mozilla doesn't really care about privacy but is only throwing dust in our eyes all he said was "I will look. Thanks." The update which the developer made came yesterday but it is about Abrowser - a program which seems impossible to use/test outside Trisquel (i.e. on my opensuse system) so I can't say anything about it: https://listas.trisquel.info/pipermail/trisquel-devel/2018-February/001147.html Also regarding my concerns about telemetry I asked him directly: Q: Do you have any plans to actually remove the telemetry code or will we rely long term on just having the snake asleep by disabling it through prefs? A: I see no issue with this at this point. Previously (before WebExtensions) any extension could enable that or make changes to any other preference, but that is all sandboxed away now. As you see - just mitigations, not a fix at the core of things and no plans for one. Of course that is much better than default FF settings but still far from a completely clean and trustworthy program which many independent developers have checked. > Although, tcpdump I know little of, first I heard of it was a month or two ago which probably was you. right? man tcpdump
Re: [Trisquel-users] Pretty new..
Alrighty.
Re: [Trisquel-users] Pretty new..
> That issue needs to be laid on the table and given a good in-depth look. Ok, lay it. Let's look into it in the other thread. > Yes, but we still need to shrink exposure as much as we can. Well, you use Yahoo, I use Gmail... and so do many of our correspondents which makes switching the mail server an effort with questionable value. How does having a separate laptop for each task solve this? > There is no perfect compromise. Of course. The essence of compromise is imperfection (incompleteness). > *expensive* baby in our arm that bites. Not only that. The baby is infected and is infecting the other babies, including the favorite baby. > Then what? Then we stop talking about less important things and start healing the baby. Or should we rather stay silent? FSF and GNU have been explicitly notified that their "look no further" recommendation is misleading. I don't think it needs months to say with 2 sentences "Listen people, we made a mistake. Someone from the community found that IceCat has this flaw, we want to be honest - there it is". > What would you expect? RMS publicly stating that IceCat is crap, that it is removed from GNU archives and endorsement list, that everyone should just quit using it and instead just use what the heck they want..? Dropping IceCat and adopting something else is very, *very* serious and expensive affair. And as I have said, FSF is not a small canoe that can change directions on short notice. What do you mean when you say expensive? That someone has put money into IceCat development? How much (so that we can evaluate the expense)? Why is that info not public? I don't quite understand. IceCat is not developed by FSF. From one of the replies from the developer: "The FSF does not develop IceCat (or any other software), the GNU developers do." > We need to wait and see what comes eventually off of your warning RMS about IceCat. Just patience. I don't need to wait, I need a clean browser - today. Not when someone is in the mood for it. I don't want to depend on anyone, dependency is not freedom. My first email is from 2017-12-14. I made my own mod of user.js and I know it doesn't take 2 months but a few hours. Expenses? - Zero. Babies dropped? - None. So why should one kill passion and replace it with patience? When one sees that the house is burning one doesn't sit and discuss - one acts instantly. That is real freedom, not the activism, the philosophies, the slide shows, selling gnu puppets and all that business.
Re: [Trisquel-users] Pretty new..
> I hoped we would discuss this in the other thread but it is drawned among the other things We still can. We actually did and it is marked for further investigation. (simplicity) > And quite an efficient one. Sure but it is not always practical, e.g. in a work scenario in which you collaborate with people who send you links to Instagram or give you download links to WeTransfer and similar (pages where you need to enable crapware). When these people are your clients you can't simply cut them off because your survival depends on your income. That's why I say on multiple occasions that securing one's own little corner of the world is a petty little affair. This btw is another example of isolation. > As for IceCat being endorsed by FSF, I believe it was just a tactical error. As humans we all are prone to errors. Well, I may be cursed here for that but considering the irrational and biased talks and the reactions of the listeners (here too) I am more inclined to think it is superficiality and incompetence mixed with irresponsibility. > I don't expect a quick decision any time soon, because it inherently entails radical measures to be taken. What measures? What is there to wait for? Still not enough data collection? Or an excellent "privacy" policy? Why should we wait for a disaster to strike instead of stopping it right when it is noticed? Again - another irresponsibility. When one proclaims oneself as a defender of freedom and ethics and disregards or stays silent about blatant abuse of human beings this hypocrisy.
Re: [Trisquel-users] Web Browser
Latest commits on github are from 2018-01-05. And the issue I reported already got a reply (2 hours).
Re: [Trisquel-users] Pretty new..
https://trisquel.info/en/forum/web-browser?page=6#comment-128395
Re: [Trisquel-users] Web Browser
I just found a project you may be interested to check: https://www.uzbl.org/ Unfortunately I am getting some errors when running 'make', so I can't share anything more.
Re: [Trisquel-users] Pretty new..
Of course.
Re: [Trisquel-users] Pretty new..
BTW you can get tracked through CSS too. I don't know if Midori can block all CSS.
Re: [Trisquel-users] Pretty new..
Qupzilla looks good. Unfortunately as long as it has no mechanism to control loading of 1st and 3rd party resources (as uM and uBO) I consider that pretty dangerous in today's web (rather than healthy). Of course unless you don't care about being tracked by disguised pixels.
Re: [Trisquel-users] Pretty new..
I am not saying your approach is wrong. I am just saying that Midori is quite old (and its development seems frozen). Web standards are not static but evolve as new security issues arise and user agents must be up to date with those standards. Just look at the high number of weak ciphers in Midori and compare them to other browsers. Of course if one doesn't get out of home and has thick window bars one doesn't need to worry about getting a sunburn but what kind of life is that? :)
Re: [Trisquel-users] Free software foundations problems
> he is the one who is showing facts You mean the videos I shared and the copy-paste from Mozilla's docs are non-facts? Or the tcpdump tests? > you are nitpicking to support Chromium. Did you even read that (#48): >> It is not an argument to prefer Chromium but an argument to avoid Firefox/forks. ? > I am only trying to help you. Thanks but in this thread I am not asking for help. > Also, keep in mind RMs endorses icecat which IS a FIREFOX BASED browser... RMS wouldn't even know about the IceCat's background leaks if I didn't tell him. And that is still not fixed in IceCat + there are no plans to actually remove completely the telemetry code from it (recent feedback from the developer). I will let you figure out for yourself what value have these endorsements is. > Emphasis needed because what I am saying is accurate and you seem to not get it. Just because someone wants to consider more essential factors about security of communication than endorsements and licenses, doesn't quite mean he does not "get it". As you may have noticed I prefer to question what is a "hardened kernel" and "hardened package" and learn about it rather than easily accept and trust nice sounding words giving a false sense of security.
Re: [Trisquel-users] Pretty new..
Well... that has already been done, so I don't see why not. Let's not forget that they attack every possible layer, not just what is easy.
Re: [Trisquel-users] Pretty new..
> OTOH, I use it in totally passive mode. No active content processing is enabled. No exposures, no vulnerabilities. Well, just because you disable the colorful stuff doesn't mean there are no exposures or vulnerabilities. There are things that happen in the HTTP layer itself, also in cryptographic layers etc.
Re: [Trisquel-users] Pretty new..
> I always wondered indeed how come different hardware with same programs use different amount of RAM memory. Different kernel, different drivers, different system resources => different if-then-else executed by the browser code.
Re: [Trisquel-users] Pretty new..
> what about Palemoon or Basilisk internet browsers? You can read more in the web browsers thread. Fresh news about Basilisk: the developers say it is not a "high-sec environment browser" so they refuse to even look at the privacy issues it inherits from Firefox. Palemoon is by the same developers. > Midori Several hours ago I downloaded the source code. The files in the archive were from 2015. So you may want to reconsider using it. It is most likely too insecure already.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> The telemetry component does not report the pages the users visit. It does much more than that, including things like scrolls, clicks, your preferences etc: https://wiki.mozilla.org/Firefox/Data_Collection#Data_Collection_Categories > A victim of proprietary software, yes. No, he does not say "of proprietary software". You are putting your words in his mouth. > As written on the page I pointed to you: "Every nontrivial program has bugs, and any system, free or proprietary, may have security errors. To err is human, and not culpable." And I pointed to you that telemetry and deliberate data collection is not bug or error. It is a feature, deliberately created and enforced by default. > And anonymous. Bulshit. > FYI, IceCat has the telemetry component disabled. Yeah, how comforting. The snake is still there, just sleeping and waiting for the next release in which it may be awakened. How marvelous it is "not to be a victim" and to have "freedom". Gnulellujah.
Re: [Trisquel-users] Free software foundations problems
I am tired of you, honestly. When I say something like "There is red apple on the table" it seems you would never understand it. You would rather argue that Red is the name of a company producing digital cameras, or philosophize about Apples' OSX or about tables as in a database. Then you would argue that Red and Apple products must not be used and show a link from gnu.org about it. That is not a discussion but a constant stupid nit picking.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
You are twisting my words again and again. And you seem to twist even what your favorite authorities say. https://www.fsf.org/blogs/rms/20140407-geneva-tedx-talk-free-software-free-society Watch the video: 4:20-6:20 - Does that create the impression that it is possible to have that also in free software? - No. It is explicitly accenting on proprietary software, explaining how bad it is and there is not a single mention that free software (like Firefox/forks) can also report that you are "reading page 5" (through telemetry) to the "non-profit" organization Mozilla corporation. > But the free software movement does not believe that "free software implies safety": 6:20-6:32 - "How do you stop being a victim?... you can come join us in the free world we've built" Doesn't that say that in the world of free software you won't be a victim? - Yes, it does. So I don't pretend anything. I point out what I see. And I may be wrong, so as I suggested in another post - make a poll in a separate thread, show the video and ask people: Do you think that free software is safer than proprietary? a) Yes, because more people have checked it b) No, it is equally unsafe Then see the results. > It would be equally incorrect to compare proprietary software with a fictitious idea of free software as perfect. Every nontrivial program has bugs, and any system, free or proprietary, may have security errors. To err is human, and not culpable. Deliberately creating telemetry for continuous and detailed data collection is not a bug or inadvertent imperfection. > But proprietary software developers frequently disregard gaping holes, or even introduce them deliberately. So do free software developers (Mozilla), yet your favorite bible doesn't say a word about it. They would rather tell you "use IceCat and look no further". When someone talks about ethics but is not completely honest that is not ethics.
Re: [Trisquel-users] Free software foundations problems
> Are you the same person who pretends that freedom 1 is not practical because it is too much work to read large source codes?! analytics.js is not 10M lines of code. My posts about the impossibility to exercise freedom 1 were about the large code base of browsers. You should really pay attention to context (I say this for 358th time). > You confuse everything It has nothing to do with how the source code is licensed. Ok. Now I understand what you mean. As I said - I may be wrong. > The intent is "improving Firefox by getting usage information, e.g., the state of the browser when it crashes". I don't know what exactly you are quoting. The actual intent is not that because telemetry reports things even without crashes. KDE programs also have crash reporting functionality but it shows a specific dialog box when a program crashes and you have to explicitly send a report (if you want), it doesn't send data to anyone during regular usage. > Not the best argument to prefer Chromium, which is mainly developed by Google, listed in the PRISM documents. It is not an argument to prefer Chromium but an argument to avoid Firefox/forks. > "With a concern for your privacy and safety" does not mean "thoroughly tested". Yet in combination with "look no further than GNU Icecat" it implies exactly that. So again - excerpts, context, wholeness. > "Not malicious" does not mean "safe". And what is "not malicious" then? Unsafe? lol > Nobody here claims that free software has no vulnerability. Where is the list of vulnerabilities? Oh wait - that would be demotivating! > Your implication "People do not use free software because they want telemetry" => "They do not want telemetry" is wrong. Ok. Make a public poll "Do you want telemetry, enabled by default and difficult to disable?" in a separate thread and let us see the result. Make sure to include the following info: "Telemetry is a feature that allows data collection. This is being used to collect performance metrics and other information about how Firefox performs in the wild." https://firefox-source-docs.mozilla.org/toolkit/components/telemetry/telemetry/index.html "Data Collection Categories There are four "categories" of data collection that apply to Firefox: ... Category 2 “Interaction data” Information about the user’s direct engagement with Firefox. Examples include how many tabs, addons, or windows a user has open; uses of specific Firefox features; session length, scrolls and clicks; and the status of discrete user preferences." https://wiki.mozilla.org/Firefox/Data_Collection (the word 'crash' is mentioned only one single time in the lengthy document) I may be wrong and it may turn out that people who like free software also like to be part of massive and continuous data collection. Then your golden logic will shine.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> 2. Any time both nodes are safe, the conversation is safe. Only if the transport and all devices involved in the whole process of computing and data transfer are safe. > Your attitude is "everyone else is doing things in a bad way, so what's the point?" No. My point is not that. I have already explained what it is in previous posts so I am not going to do it again. If you understand - good. If not - I don't have the time, sorry. > How inspiring you are. I am not here to inspire or depress anyone. If you feel bored find something else to do. This thread is not about global pollution or ecology, neither it is a personal consultation by me given at length to everyone who refuses to read carefully but chews me in all possible ways.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> No, it is not. Then why people want free software according to you? Because they like the licensing? Or because it is not paid? No - they want it because of the ability for community control which implies it safety. > ?? What I said means that I know better than you what I mean and why I use particular words, i.e. there is no need to correct me in a different context. I can't count how many times I have asked for that. > Does "your own network completely isolated from the Internet" crosses oceans? No. It is a little bigger than yours. > It is what I need to talk with my parents and I would like to try your solution since you apparently claim it is "practical". Show me a link to the exact post where I say "this is a practical solution". > So if we are objective we have to admit that both are equally possible."), I believe your conclusion is: both alternatives, "Snowden was only lucky" and "end-to-end encryption on a free software system helped him not being detected", are "equally possible". No, these are not alternatives. These are 2 unrelated things. The 2 possible alternatives are: - E.S. is honest - E.S. is not honest > I have just figured out another alternative: "aliens, protecting Edward Snowden, use their telekinetic powers to erase Snowden's messages before the governmental agencies catch them". You have no proof of the opposite, don't you? Does that mean it is an "equally probable" alternative? I will let you figure that out for yourself. I have no time for more nonsense. > Are you arguing that we should only use servers that are somehow democratically administrated? How does that work? Do we directly vote for the hardware/software that server administrators are allowed to use? Should there be a state agency that takes care of that? Should there then be inspectors who check that no unauthorized software is running? I think it would be good to have openness in that matter. Without it everything is just wishful thinking and trusting words. I don't know about inspectors - perhaps not because that involves authority and again trust. Ideally the system should be designed in a way which everyone can check them remotely. Don't ask me how it can be done within current technology. I don't have an answer. > Yes, it can. A sensible metrics would be the proportion of your emails that the NSA can read (in clear text). But you don't know what NSA can read, so you cannot measure it. > Once you sent your data to the service provider, that provider is in control of your data. You cannot know how it processes them. For all you know, they may be manually processed. Free software on the server side does not bring the control of the data back to the server's user. No management engine on the server side does not bring the control of the data back to the server's user either. You are mixing unrelated things: 1) free software 2) known vulnerability 3) user control of data. My questions were in a different context. In any case removing known vulnerability is surely better than having it. If you are arguing that it is futile it is in no way different from saying that having a virus on the server or removing it doesn't matter for the users. I say it does. The fact that the service provider can do other mischief with users' data is a separate thing. > It does not matter to the server's users. It matters to Google (or any other service provider), who wants to be in control of its computing. It wants the power over its servers. And it deserves that power: they are Google's servers. Using free software or not using any management engine is good for Google. It makes no difference to the server's users. You are making it sound as if those servers have absolutely nothing to do with the users who use the resources of those servers. Well, I disagree. Everyone prefers to use a healthy computer, not an infected one. Again - I am talking about technology only, not about the political mischief Google is involved in. (I know both are related but still) > I mean what I wrote: "your interlocutors who chose another provider, not part of the PRISM program, do not have privacy because of you". Straw man fallacy. Your favorite after the perfect solution fallacy. The majority of my (and everyone's) interlocutors use Mac OSX, Windows, Android, iPhone, Gmail, Yahoo, Facebook, Instagram, Skype, Snapchat and WhatsApp and have no idea what is BIOS, ME or JavaScript. And they would never move away from those systems because they give them convenience which they value more than security and privacy. That is not fallacy but a fact. I honestly don't think I can say anything more or new on the subject of this particular thread. So if you don't mind - that's enough. The OP already knows my answer.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
I was answering some questions and concerns raised by others.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
Didn't your main question already receive an answer?
Re: [Trisquel-users] Free software foundations problems
> I see no reason why the Android version of Chromium would "need" Google Analytics more than the desktop versions. I am not saying it needs it. > It is minified. I know. But you can unminify it. That's what I meant. It is still difficult to read due to the non-descriptive variable and function names but that is surely easier to reverse engineer than a binary code. > Jxself points out how Mozilla restricts freedom 2 through its trademark policy. That abuse is a (real) problem that is not related in any way to hypothetical licensing issues in Firefox's code base. I may be wrong but it seems to me it contradicts your previous: >> I have never heard of licensing issues in Firefox. To put it differently: license-wise, it looks like Firefox is not free software due to the restrictive licensing terms which you and jxself mention. So saying that it has no licensing issues is incorrect. > What do you mean? The above. > It is a completely separate issue. Actually a "non-issue" if it is disabled. Well, it is an issue that it exists in the first place and that it is enabled by default. It reveals the intent of the vendor and that is what bothers me. Add to that the affiliations of that same vendor with PRISMed companies, the way they disregard bugs about privacy concerns etc. > I have never seen the FSF pretending that. You have because I have shown it previously (paragraph 3 and next): https://trisquel.info/en/forum/web-browser?page=4#comment-127279 And as a whole: the talks about how malicious non-free software followed by conclusions and advises "that's why you should use free software" definitely creates the implication that free software is safe. So it becomes a common assumption. > For the nth time, the free/proprietary distinction essentially has nothing to do with what the software does, with its "behavior". I know that. Yet consider the above and the reason why people here prefer free software and ask various questions about how to secure their communication and web browsing perfectly etc. Surely not because they want free telemetry. So this is an issue that needs to be addressed somehow. > The only difference that it makes is that a user who wants to help Mozilla improve Firefox through telemetry cannot. Help Mozilla? The helpless Mozilla corporation? I am not quite sure I get your point.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> Nobody here says that "free" is synonymous with "safe" (again: good work at not "putting words into other people's mouth"!). I said: >> You should make a difference between demotivating and disagreeing to blind faith in "free" as a synonym of "safe". Where do you see me say "person X is saying free is synonymous to safe"? Yet it is undoubtedly a common assumption that it is so. Otherwise we wouldn't be here and this thread wouldn't exist. > No, it is not "absolutely necessary". And I say it is, in the context of the particular things I was answering to. Would you mind please stopping that word for word dissection? It is starting to sound like censoring. I wonder if you will ever stop. > Do you have "your own network, completely isolated from the Internet" (as you wrote)? Of course not: it is not a practical solution. Yes, I have such network. And it is not the first one I have had. So kindly keep your "of course not" to yourself. > I very much doubt is different from "I have facts proving it". > Perfect security does not exist. We all agree. I don't know who is "we" but I don't agree. Yet I agree that in current technology it is impossible. > You cannot know what the service provider runs or does. It is impossible to know that. It may lie. And it may *directly* provide data to the NSA, e.g., through the PRISM program. Which is yet another fact supporting that switching providers does not give "much better" things. It can't be measured. BTW it is possible. My internet provider is in our building and we are friends. I know what they run. For some of the things I have even helped them personally. > And you do not deserve the control of the servers you do not own. Well, this is proprietary thinking in its most direct form. Of course I deserve that control. Everyone does. The server is something which serves me, you and everyone else. We must be able to inspect how it works for us, just like we must be able to see how the governments spend our money. Security is possible only through transparency and verifiability. > It makes no difference for the users of Google servers. How do you know that? Who is the entity who has checked it? Why should they care if it doesn't matter? Why would they create anything like NERF and share it as free software? > So what? Users should keep on using GMail like you do? Doing so, your interlocutors who chose another provider, not part of the PRISM program, do not have privacy. Because of you. How is that good? Because of me? You mean I am the one because of which the mass surveillance exists and I am going to fix it by switching from Gmail to someone who "still learns to ride the bike" and meanwhile throws dust in my eyes with "free software"? LOL
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> It is much better than doing nothing. You seem to ignore the most common scenario (which I already explained but again:) host A is perfectly clean/libre system communicating with host B which is PRISM'ed (= all communication is tapped). Now consider that hosts like A are very few and hosts like B are almost all other computers and (currently) all mobile phones. So this "much better" is really wishful thinking. > Privacy, like pollution, is an ecological issue. Privacy is not issue. The issue is surveillance and yes - it is ecological. But you won't stop it by securing one or 10k hosts. As long as there are infected hosts in the whole network, capable of spying on others, the whole network is unhealthy. > Mozilla is a non-profit foundation that promotes Free Software and open standards. https://en.wikipedia.org/wiki/Mozilla_Corporation https://en.wikipedia.org/wiki/Mozilla_Corporation#Affiliations > They are not perfect, but their business model is not to surveil you. https://www.youtube.com/watch?v=qMALm1VthGY > Of course, Mozilla respects your privacy better than Google. Based on what is that "of course"? What evidence do you personally observe? Please stop speaking based on random articles around the web. Bloggers need traffic, I don't. > If you want to argue the opposite, please provide proof, particularly proof that Mozilla is purposely abusing my privacy, and in a worse way than Google, to boot. I don't want to argue. I have already provided enough info in the web browsers thread. And I don't claim that this info is complete and final because I haven't used (or tested) each and every product and service by both companies. Still it is first hand info unlike the articles by bloggers who never tested anything. > Just like when you say Edward Snowden may have been a plant. The burden of proof is on you heyjoe. If you have no proof then you are just libeling a person and an organization both of whom seem to be on the side of a more just world. If one wants to find out the truth about anything one must be objective. I have no proof of that and you have no proof of the opposite. So if we are objective we have to admit that both are equally possible. The fact is that media can highly influence people to think something without a proof and there are people who use that lever. Another fact is - well, he worked for NSA, so he agreed to do nasty things. Why should he not do another even nastier thing? I admit that it as possibility and I admit the other possibility too. It is an open door. Personally I find Wikileaks a more reliable source of factual info. Don't ask me why. > Nobody is disregarding their technical expertise. That is precisely what makes them such a dangerous company. For the last time, their business model is to surveil you. This is not up for argument. I don't think their business model is mere surveillance. It is much bigger than that. Also it is not their expertise that makes them dangerous but how they use that expertise. > I believe all people should care about the freedom of their computing, so I would never recommend somebody to run Windows... You are presenting a false dichotomy. I was answering your questions from your previous post: >> Meanwhile you are so worried about what happens in ring-3? Again, where is the logic? so that you can understand. But you don't. You simply see the word "Windows" and jump into the "Gnullelujah, I believe". Nobody asked you what you think is better or not. You asked me about the logic and I gave you my answer. What's the point of asking someone what he thinks if you don't really care about anything but yourself? If you do that you are not looking for a dialog, you are merely preaching your own thing. Don't waste my time please. > I think I understand well enough what ME is. You speak of Intel ME as if it were a sentient being. Who, precisely, has full access to every single bit of my data...etc. etc. even while my system is shut down? Who is simultaneously spying on all of us like this? Microsoft? Google? The NSA? The local mobster? All of them? Do you have any proof that this is happening? Intel ME is a potential backdoor. Spectre and Meltdown are security vulnerabilities. I doubt that if I decide not to use Gmail, Google's employees are going to start collecting data on me thrugh ME, or Spectre or Meltdown or any other vulnerability in the hardware of my computer. https://www.blackhat.com/eu-17/briefings/schedule/index.html#how-to-hack-a-turned-off-computer-or-running-unsigned-code-in-intel-management-engine-8668 Spectre and Meltdown are yet to be exploited by malicious hackers. These are separate. > I do not mind that you think what you wish and that you make a case for what you think. I do mind that you conflate issues, confuse others, and make it sound as though using free software has no purpose. I do mind th
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> What logic is this? I have already explained it. If you can't understand it I don't think I can explain it any better. You should really try to look beyond your own computer and understand that communication involves other hosts too and that changing your mail server is not enough as a measure to ensure privacy of communication. > Almost any provider is less abusive than Google. These are generalizations. Just like saying that Mozilla respects your privacy better than Google. > At least choose one that promises you privacy and has to breach their promise to abuse you. I already have that. And "at least" it is from a provider who understands security down to the chip. I am completely against the large scale mischief of Google but it would be unfair to disregard the excellent technical expertise of people who work there. Let's not forget who announced the Spectre and Meltdown (hint: it wasn't FSF). And before you jump at me with another "Gnullelujah, you will rot in hell as a sinner" - I am not recommending anything here. I am just saying what I do in a time of searching for better alternative, not that you should do the same (especially when you don't know what you are doing, as it seems). > Meanwhile you are so worried about what happens in ring-3? Again, where is the logic? Again: how many times? It is no different from running Windows, installing LibreOffice on it and feeling relaxed that in this way your computer won't leak data through your office package. > My house can be broken into with a sledgehammer so I should get rid of the door? That is not a correct metaphor. Nobody is destroying your computer. A correct metaphor would be: who cares about the super lock of your door when your key can be accessed by someone else at any time without you even knowing about it? You don't seem to understand that something like Intel ME has full access to every single bit of data (including every key stroke) and can modify and transmit it while you are running your favorite Trisquel and Tor, using non-US based mail service with E2E encryption and thinking that you are safe in that setup. It can even do that while your system is shut down as long as the power cable is plugged in. > As you yourself show, you are not serious in your approach to privacy. What is your approach? To simply tell others that their approach is wrong? You didn't even know what a protection ring is before it was mentioned, yet you tell another that he doesn't understand, you speak about PhD's and what not. Does that make you serious? Or the fact that you object to anything which you fail to even look at?
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> I also agree that heyjoe's posts are for the most part defeatist and demotivating. You should make a difference between demotivating and disagreeing to blind faith in "free" as a synonym of "safe". Otherwise you are merely singing Gnulellujah. > I'm not sure what threat model he is thinking about or what he wants to achieve. Because you don't read in order to understand but in order to argue. > * Every attempt at privacy, security and computer freedom is moot because hardware is insecure. I don't think I have ever said that. The word "moot" is not even part of my vocabulary. Taking every possible precaution is absolutely necessary. But one should remember that this includes also going down to the lowest level, not merely installing a distro which is considered free. And because you cannot control things down to the hardware level your security and freedom is always limited by that. You can still live with that level of (in)security but if you don't get "tracked" it is because you are lucky, not because you are really safe. And lucky means - not specifically targeted. Once you become a target (which is not impossible) - good luck with your "free software recommendations". > * We should not try to do "the best we can" because that is not a measure of anything (?!). No, we should always do the best we can. And yes - it cannot be measured because there is no number which can express how close you are to expunging all threats, especially including an unknown number of unknown ones of unknown nature. And it is important to note that the OP is asking about a perfect method of guarding one's communication which excludes the possibility of any imperfection at any level. I maintain that currently this is impossible and there are technical facts proving it. >* Firefox is no good because a tcpdump showed that it sends packets to other servers. Prove me wrong. Show something, don't just "distill". > Chromium did not send packets using that same, very limited test (as Magic Banana has explained). Therefore Chromium is better even though it contains obfuscated code and non-free licenses. The obfuscated code was shown much later than the tcpdump test. I have never said that I have complete ultimate trust in Chromium. All I am saying (or rather - all the test is showing) is that Chromium does not chatter like Firefox and is easier to configure so that it does not chatter. Is it a complete test showing that Chromium never contacts Google under any circumstances? - I have never claimed that. The tcpdump test is a simple one (yet useful) and can be used a basis for further in-depth testing. > * Meanwhile, heyjoe has just written on another post in this thread that he uses Gmail, a "service" whose main function is data mining and surveillance, made by a company whose main business model is data mining and surveillance, and who have been shown to belong to the PRISM NSA surveillance program, among many other possible privacy and security related red flags. Yes, I have written that but I have also written that I am looking for better alternative. This means: a service provide who can proof that their systems are free from malware on firmware level (at least to the currently possible level) and for which there is a verifiable proof that their systems don't use any software whatsoever which may indirectly provide data to NSA. Without that just a note on someone's site "we use only free ethical software" is just marketing through wishful thinking. Re. Google in particular I have also shown specific video which shows that they do care about removing Intel ME. That of course does not excuse them for their other mischief but be fair: Which other online service provide have you seen working on that? Kolabnow who "learn to ride the bike"? I also explained that switching the mail server doesn't really add any privacy as long as on the other side of the wire you are communicating with someone who is part of the PRISM or who uses a system with security issues explained above. These are all actual irrevocable facts. > The above makes me believe that either heyjoe is just a troll, or he refuses to think in a logical manner, or perhaps he just refuses to admit when he is wrong. That is your problem - you believe in things, you don't look at facts. And you make conclusions about "logical manner" based on the illusions you believe in. > What I am sure about is that he does not want to contribute to anything positive to any discussion I have so far witnessed, except by complaining and shooting down solutions when they are given to him (as the empty github repo and Magic Banana's unused contributions prove). Oh really? And how do you contribute? By analyzing me? How marvelous. > Frankly, all the threads I have seen heyjoe participate in, have become onanistic and meaningless, including the web b
Re: [Trisquel-users] Free software foundations problems
Thanks for sharing that info. That's what I was hoping to see from you when I
asked you to show actual code in the web browsers thread.
What catches my eye is:
./android_webview/BUILD.gn
and
var n=analytics.getService("Data Saver Extension")
in detailed_data_usage_compiled.js. These make me think that the analytics
may be part of the Android version or Chrome (where I assume that being
tracked is inevitable).
It seems uBO and uMatrix can block any behind-the-scenes XHR but of course it
is not safe to assume that as a guarantee.
> Maybe data are send every time 10 MB were collected, maybe only on
Halloween day
I have thought about that too. Still I have no proof for or against it. Just
like I don't have a proof that Firefox actually respects the telemetry
disabling through about:config.
> maybe when a website using Google Analytics is visited (more than 60% of
the top-100k sites according to
https://trends.builtwith.com/analytics/Google-Analytics : scary), etc. With
obfuscated JavaScript involved, it is hard to be sure...
When I have worked on sites which have GA and have monitored each and every
XHR I have never seen data submission beyond what the actual site sends to
GA. So I would exclude that (unless the spyware which we suspect sends data
in a way which is not visible in browser console (not impossible, still no
proof)).
BTW if https://www.google-analytics.com/analytics.js is unminified it is not
impossible to understand what it does. I remember some time ago (> year)
looking at that code and I didn't see any functionality which is not in GA
documentation.
I wouldn't trust that scary stats. I would rather say it is incomplete
because GA has an API which allows sending data to GA without JavaScript
(e.g. from PHP). I have used it, it works. It can't report things like
browser resolution etc. but it still can report the parameters which are
available without JS. So just because there is no explicit HTTP request to
google-analytics.com on the front-end doesn't mean the site is not using GA.
I.e. - disabling JS does not save you from GA.
Something else which I noticed today: A bug report about Chromium with owner
with email address @intel.com (What has Intel to do with Chromium?)
https://bugs.chromium.org/p/chromium/issues/detail?id=752375
> "This dependency is here temporarily".
Yes and it also says "#TODO(crbug/750327)". I tried to visit that bug:
https://bugs.chromium.org/p/chromium/issues/detail?id=750327
but I am getting:
"You do not have permission to view the requested page.
Reason: User is not allowed to view this issue"
which is quite strange for an "open source" project. Normally only specific
security related bug reports are invisible to the general public (to avoid
the possibility of privacy issues) but unrar?
> I have never heard of licensing issues in Firefox.
I think we have:
https://trisquel.info/en/forum/web-browser#comment-125929
> For instance, it states that the GPL is incompatible with the MPL.
Is that not an issue? And does it really matter if all the forks (including
Tor browser) inherit the telemetry code (and who knows what else) and simply
disable it through prefs?
I am still unclear which browser is safe to use.
Maybe we are way off-topic already but it is still a common question about
all free software. When an organization like FSF recommends things it is not
quite fair not to take certain responsibility in the quality of what they
recommend. Otherwise the recommendation creates the impression that something
has been thoroughly tested. "Does not include proprietary software at all"
should be questioned more deeply because a feature like telemetry is a form
of proprietary behavior in which the proprietor collects data. So I think FSF
should not recommend any distro which includes a fork of Firefox unless it
has been checked that the telemetry code has been completely removed (and not
just disabled through prefs).
Re: [Trisquel-users] Is there a perfect method to guard our communication?
Sounds like too much hassle to be honest. A classical simple system for auto subscribing for email notifications for the thread one posts to is much simpler. BTW I have been part of some discussions (IIRC on Google's community groups) in which it was possible to still post by sending an email as a reply, or through the page of the thread and there was no need to get updates for all other discussions.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
Thanks for explaining the technicalities. But can NNTP resolve the issue with mail lists sending all the threads (including those one doesn't participate in)? If not - then it probably has value only as an optimized version of lists rather than UX improvement.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
Thanks. I already configured it in claws mail. However I don't see it as anything different from mail lists, i.e. I still see all of the threads inside the particular forum/newsgroup I subscribe to. Perhaps it won't be quite different from what we already have here?
Re: [Trisquel-users] Is there a perfect method to guard our communication?
I have absolutely no idea. I don't use these +/- buttons at all. It is a silly function to me.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
openSUSE's forum have that too but I haven't explored into it (I still need to learn about how to use NNTP): https://forums.opensuse.org/faq.php?faq=novfor#faq_nntp Perhaps that could be part of the request (if one is to be made). I am not quite sure how this site is maintainted though. A little after I joined I sent an email to https://trisquel.info/en/contact about https://securityheaders.io/?q=https%3A%2F%2Ftrisquel.info&followRedirects=on but I never received a reply and it is obviously not fixed. BTW (another little off-topic): Thank you for your earlier advise about claws-mail. It is an excellent mail client. I like highly customizable programs :)
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> 2) Not mirrored to list archives; (I don't know whether there is a mailing list for it in the first place) Mailing lists are a pain to me. It seems when I am subscribed I get all the messages, even those from threads I am not taking part in. This is spammy. I would rather prefer it like in openSUSE forums: to get an email only when someone posts a reply in a thread I am following and only once (even if there are more posts after it). Otherwise if I am offline for a few days and I open my mailbox after that its a nightmare.
Re: [Trisquel-users] Free software foundations problems
> I really want the lawyer. I don't. I hope I will never need one. > I also clicked on the "analytics" subdirectory because I found it interesting that Google Analytics is part of Chromium. I don't think it is not part of the browser (is it?). As the README says: "The third_party directory contains sources from other projects." Chromium does not connect to Google Analytics (otherwise we should have seen it in tcpdump) and cannot open rar files. Re. licenses: I agree with you, it is not 100% clear. Ideally everything should be free as per FSF's terms, audited by many people, trustworthy and privacy respecting (like the kernel). But when you have a huge project which contains a mix of things perhaps it is not very simple to unify licenses (another reason to hate lawyers). Is the situation with Firefox any different? I have some memory that it was noted in previous threads that it also has similar problems. (+ we have clear factual evidence of Mozilla's attitude about certain concerns). Personally I am still using Chromium (and Gmail) and looking for alternatives. Although I have a user.js file about Firefox which tightens it quite a lot, I am still hesitant to switch to Firefox (or IceCat) because that would mean having to check for new leaks on each version update. And I honestly lost any trust in Mozilla. OTOH the wonderful extensions uBO and uMatrix are not available for non popular browsers. It is a real mess.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
I agree too. So what shall we do? - Talk in troll lounge - Stop talking - Ask someone to create separate general tech-talk forum ?
Re: [Trisquel-users] Is there a perfect method to guard our communication?
No, I am not. That "here" is something you tailored from different parts of my post, again - extracting a detail and missing the whole and turning it into something else. Ok, enough. Stay on topic please. That is not helpful to anyone.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
Perhaps because of the parts full of wonderful and polite communication of useful information.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> you just did some tcpdumps, which provided some nice info, That "just" is what nobody else did and it is not based on "helpful" articles and recommendations. > but you make it sound as if you revolutionized the whole webbrowser market... Where do you read any claims of that? Please stop putting words into other people's mouth. > Unlike heyjoe, who produces mostly big words with not much to them, Glad to see that you produce something much more, in all threads. > magic banana gives excellent help to the trisquel community for years and years. Yet another out of context thing. What has that to do with anything? Here he is throwing accusations (in a softened language) that someone is trying to demotivate others by explaining instead of assuming and praising. Meanwhile he himself is actually discouraging any exploration into anything different from the established pattern of "say free software and don't look any further". If you find this as part of an excellent help my BS detector shows something different. > and even contributed to the very same thread you mentioned by writing two scripts. And how come the one who demotivates others actually motivated another to do what you point out? Or perhaps that contribution came out of nowhere, unrelated to the "big words" of the demotivator? Maybe also the thanks he received in that thread are some kind of abuse to those sacred 20 lines? FWIW: There are also other people like SuperTramp who shared useful info in that thread yet they don't twist other's words. > you're accusing rhetorially fluent members and analytical thinkers like magic banana of twisting words. You should probably check the difference between accusing and pointing out how others accuse. I am not the one who puts words in other people's mouth or takes words out of context and starts meaningless off-topic argumentation over that. > And now you're really wondering why nobody wants to join your disussion in the troll hole? Seriously? The fact that only one person actually joined is a proof that people here would rather ignore seriousness and escape into superficiality. And BTW it is not "my discussion", I don't own anything. It is open to everyone who is interested in something more in-depth than merely comparing licenses and linking to articles from gnu.org.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> I actually wrote two scripts to help you You are not helping me but the community. I am not a helpless person asking for your help. > In contrast, the only "advice" from you is "create your own network, completely isolated from the Internet" That is the only valid answer to the OP's question because perfect means complete not "99.%" (which is really just another random number creating a false sense of high security). I am not going to dissect previous posts yet again and I am not interested in your endless juggling with rhetorical tricks.
Re: [Trisquel-users] Free software foundations problems
> If you know something I don't though, feel free. I haven't used chromium too much... to be honest. Then you should not assume what others say/recommend but test for yourself. I have tested and I have found that out of the box both Chromium and Firefox-based browsers contact third party hosts. Firefox is actually much more "evil" in that sense because it has telemetry enabled by default + it creates connections not only to Mozilla but also to Amazon, Akamai, OCSP etc. Additionally it is not trivial to configure it in a way to stop that. (it needs a lot of customizations, advanced user stuff). Chromium out of the box connects only to Google and it is fairly easy to stop that. There is enough info about it in the web browsers thread. In particular this is my report about its privacy issues, with full details: https://bugs.chromium.org/p/chromium/issues/detail?id=795526 As you can configure it so that it does not contact anyone. And until this "bug" is fixed you can also set translate.google.com to point to 127.0.0.1 in your hosts file and you can be sure there are no connections to other hosts which you don't explicitly initiate yourself. > ps, look at libreplanet's reasons why chromium is not to be trusted. Before you respond okay? Have they done the tests which I did? If yes - where are their results and reports? Or are they merely comparing license terms to recommended license terms? They write: > Problem: (1) Copyright or license of some code is unclear > (2) Links to proprietary plugins. Which code? https://src.chromium.org/viewvc/chrome/trunk/src/LICENSE?revision=HEAD&view=markup Unclear to who? Some lawyer? Seems pretty clear to me. Do you really want a lawyer to tell you what software to use? Or a layman who fails to understand legal terms? They also link to some bug report from 2009 which I haven't read in full detail but skimming through it looks like mainly a concern about some automatic license checker script failing to verify things correctly. And note: the bug report was opened by a project member with email address @chromium.org which is a positive signal (at least to me). As a comparison: Is Mozilla's "privacy policy" better? https://trisquel.info/files/firefox-privacy-policy-2.png + the way they react to the bug reports about the privacy issues (they close them). Libreplanet also writes: > Recommended Fix: Remove program/package > Use GNU IceCat, or equivalent IceCat also has all the issues which Firefox has as it is the same code base. As discussed in the web browsers thread it is really just a rebranded Firefox with some customized prefs (more tightened) and relies on extensions (but not the best ones) to enhance privacy: https://trisquel.info/en/forum/web-browser?page=4#comment-127390 So it is not an entirely different program which is specifically made to respect your privacy. It is rather a patched problematic program. As I said: you should not trust words (including mine) but look and test for yourself. And btw as a side note: anyone who thinks he can hide from Google completely must be quite naive. They own too many domains and too many sites use their hosted libraries, APIs etc.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> What about the subliminal message "our computers and networks are owned, securing our communications is moot, give up"? Nobody said "give up". You should really stop putting words into other people's mouths. I have asked you to stop it so many times, yet you keep doing it. > If I was a conspiracy theorist (I am not), I would suggest heyjoe and you infiltrated the Trisquel community to demotivate those who want to secure their communications. heyjoe is the person who showed something practical in investigating and improving security of web browsers. What did you do about it? You criticized him from the very beginning, posted various inflammatory, confusing and time wasting off-topic remarks and at the end you started licensing your forum posts. Do you really think what you did helps anyone to improve the security of their communication? Or you are just throwing mud at others, so that your perfect knowledge can shine? Would you rather prefer the info about browsers not to have been shared, so everyone can live an illusory life in the fancy words of ideologies and motivational talkers? heyjoe also opened a thread to discuss ideas about a new network model. What did you do? - You posted in it just to explain that because it doesn't fit in what you know, it is inefficient, anti-ecological and what not, when the whole idea was to discuss a possible new approach, share other ideas etc. You simply dump everything which doesn't conform to what you stick to. Yet you say that others are demotivators. Great, hats off. Maybe we should all sit together in a church and sing motivational Gnulellujahs which would be the ultimate security of communication? heyjoe is also the person who invited everyone into an in depth discussion about what we could actually do to optimize security of current systems and to create new truly secure systems, considering (and _not_ neglecting) the actual issues which currently exist. How many people joined and showed real interest? Just look at your only post in that thread and how "motivating" it is. As Abdullah explained - creating a false sense of security and safety is much more dangerous than facing actual insecurity.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
Perhaps an interesting article: https://aeon.co/essays/your-brain-does-not-process-information-and-it-is-not-a-computer
Re: [Trisquel-users] Free software foundations problems
> Chromium dials back to google very frequently. Not if you have configured it properly. I don't know what you mean by "dials back". The only case when it communicates to a third party host is when opening chrome://settings in which case it sends a single request to translate.google.com to check which languages are available. I have already filed a bug report about that and it is being considered. > Although if a chromium based browser had something similar to a noscript feature built in In chromium you can disable/enable JS per-site without additional extensions. > + no anti-features of any kind it would be extremely secure I am sure. What anti-features are you referring to?
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> It *was* their dual-core signal processors that is developed Animals with dual-core sound processors? Am I missing the humor or some deep meaning in that? :) So you don't have cable TV and you have deliberately limited your internet quota. That reminds me of the monks who always look at the ground because there could be a woman out there which they must not see (even though they may be walking in deep woods). :P This is worse than panopticon.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
Perhaps. But I don't assume easily :P
Re: [Trisquel-users] Is there a perfect method to guard our communication?
No. Using the word as a marketing tool implies that.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
I don't know if anyone has ever considered the possibility of E.S. being a deliberately created figure (for various purposes). To me it seems quite possible. NSA surely knows his location and can expunge him at any time. But they don't.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
The video is a short presentation by Trammel Hudson who talks about securing the boot process through replacement of proprietary BIOS/UEFI with https://www.linuxboot.org/ > Well, a glass window is the best membrane one can think of. There is no better. If that was true animals with high sensitivity to sound would have glass windows inside their ears :)
Re: [Trisquel-users] Is there a perfect method to guard our communication?
If you can't measure it "best" and "least" have no meaning. A goal is not merely a direction of movement.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
For some it is simply staying Ecuador's embassy.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> The goal is to strike the best compromise Then please define clearly and unambiguously "best compromise" explaining: - why it is best (and can't be any better) - what exactly is compromised (and cannot be otherwise) Otherwise without actual measures it is really heading for the horizon which is not a goal.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
I dare to say that E.S. seems to me not quite thoughtful of the lower ring issues. In his Twitter feed he merely says "Use Tor, use Signal" which is meaningless considering the former. This makes me question the actual competence of the guy as these are really superficial statements (even more considering what you say - windows etc). > And the fact that he managed to not get caught in spite of *that* security flop is still more interesting. Well, let's not forget that just because we consider that something is possible (a low lever back door) doesn't mean it is necessarily easy, especially in particular circumstances, e.g. accessing the machine behind a firewall, or having it online for too short time to perform an attack. Additionally as an NSA employee he surely knows how his colleagues would proceed, so he may be able to avoid certain attacks through that info, at least in a certain time span until they develop new strategies. So that may be a factor of "luck" as well. > A separate topic to discuss vulnerabilities, possible attack vectors and defenses would have been nice, and I had hoped that of the security thread in troll lounge, albeit it has diverged into something else. We still have that but perhaps it deserves a thread of its own. But what more/new could we really say about it? As you can see in the video I linked there is some research going on. Perhaps you can join that approach if you feel going down to the oscilloscope level but it seems to me reverse engineering (mouse) will never beat evil engineering (cat) and its legislation at mass scale (tiger).
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> If you have a fuge factory, and a enough capital, and some artificial satellites, and some rights for legality, can you make a perfect method? Why do you think these are the factors needed to perfect security? If you have these - you will most likely be visited by FBI/NSA/CIA personally and be told "You should do this or... (add any terrible things you can imagine to complete the sentence)".
Re: [Trisquel-users] Is there a perfect method to guard our communication?
Instead of waiting one could take action. Waiting is like never filing a bug report but simply expecting someone to find the bug and fix it. Or waiting for someone else to identify the browser leaks just to say "how nice" or "how bad". Or never learning because right now there are more "important" (usually meaning more entertaining) things to do. Approaching things step by step surely makes sense but only when there is a clear plan and a possible goal. In case of security in current technology it is known beforehand that absolute security is impossible and there is no real plan. So it is a stepping towards nothing. Defining and working against attack vectors is like blacklisting an infinite and incomplete list of hosts one by one. This is not security but a perpetual escape from insecurity. That is the root of the problem. The question "Is there a perfect method to guard our communication?" has no answer because perfect means complete, finished, not a continuous never ending process.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> Micro$oft announced that Windblows would support facial recognition instead of a password That would be utterly stupid. One's face is not private data, especially in the age of social networking with profiles full of pictures. BTW M$ has very strange understanding of security. Some time ago I read that when you encrypt your disk with Win10 your encryption key is automatically uploaded to your profile at microsoft.com "so that it is safe and secure that you will never loose it". (or something along these lines)
Re: [Trisquel-users] Is there a perfect method to guard our communication?
They are not backdoors per se but because of their nature they open a huge door to mischief.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> That is people's happiness. > I think they should state facts honestly. If they keep sincere, people will respect them the end. No merchant cares about your happiness. The convenience they sell to you is just a tool to put you to sleep, so they can exploit you more efficiently. In such environment honesty is impossible. There is this newly emerging trend to sell "ethical" devices which I think will become more popular as surveillance increases. So ethics is becoming corrupt too. Wherever there is a scheme for reward and punishment there is corruption. And in current state of technology it is inevitable because it requires extreme expertise and extreme resources - things which are managed by companies through reward-punishment models. Just like it has always been in human history with everything. Unless that pattern is broken, expect more misery.
Re: [Trisquel-users] Free email providers
We are still working on it :P
Re: [Trisquel-users] Free email providers
> Is this the DDoS attack? You would have to try much harder for it ;) Then the mod will find you without you having to contact him :P
Re: [Trisquel-users] Free email providers
> I had addressed it with; Sorry. I may have missed that. Anyway my clarification is probably still relevant and necessary :) What is TIC? The bullet lists you show are still only for experts. I can't imagine doing it with clients who use iMac/iPhone and are utterly proud of it and closing one's source of income because of that would be insanity.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
> When a libreboot laptop in a their factory, it has no back doors, 100% ensured. 1) All CPUs are currently buggy and are vulnerable to back doors (Spectre, Meltdown). The software mitigations don't fix the hardware, only reduce the risk partially. 2) Microcode is still proprietary 3) Other chips inside the computer may still have proprietary firmware > But whie it is shipping, there is a possibility of it is installed back doors. Maybe if you are Edward Snowden. Otherwise quite unlikely.
Re: [Trisquel-users] Free software foundations problems
> I discovered my new favorite distrobution, Hyperbola. I think you should change your avatar to a clear text "I use Hyperbola" :) Would save you typing :P
Re: [Trisquel-users] Free software foundations problems
> anything based off of chromium Why? > ps, the linux libre lts kernel itself is hardened for hyperbola by default. Still that means nothing without exact description.
Re: [Trisquel-users] Free software foundations problems
Thanks! I guess unar is what I need (I see it in openSUSE's OSS repo too).
Re: [Trisquel-users] Free email providers
What you list is only valid if all the nodes in the network have the qualities you listed. Suppose you have: - node A (perfect clean ultimate libre) - node B (containing spyware) A sends encrypted message to B. The spyware on B decrypts everything because it steals B's private key. So what good is A's perfectly secret private key? - Nobody cares about it or its secrecy because the info you transmit has been hacked through the other node. That's the big fuss (to my mind). (of course you know all that)
Re: [Trisquel-users] Free software foundations problems
That article is not by openSUSE so what it lists and recommends is someone's personal preference (including adding Google Chrome from external Google's repos etc). > So I guess it is already be enabled by default and therefore should not be recommended here. I already explained everything I know about the repos.
Re: [Trisquel-users] Free software foundations problems
Because people here obviously respect the authority of an organization which recommends things which are not quite factual and IceCat is one of them (for the moment, until it gets fixed). The point is: just reading recommendations does not equal testing or even less - understanding. That has relevance to all discussions.
Re: [Trisquel-users] Free software foundations problems
I can't recall for sure because the last time I installed openSUSE from scratch was years ago. Since then I am only upgrading it to newer versions. But during initial setup you can choose what you install - package by package. And you can select repos from which you install. https://en.opensuse.org/Package_repositories The "OSS and "Update" repos are the ones from which comes the main installation (base system), so this is what is surely enabled by default. "Non-OSS" repo contains only 34 packages. 2 of them (patterns-openSUSE-non_oss and patterns-openSUSE-non_oss_opt) are just text files: /etc/products.d /etc/products.d/openSUSE-Addon-NonOss.prod /usr/share/doc/packages/openSUSE-Addon-NonOss-release-addon-nonoss /usr/share/doc/packages/openSUSE-Addon-NonOss-release-addon-nonoss/README From that repo I have installed only 2 packages: AdobeICCProfiles: which is just a bunch of ICC profiles, surely that won't invite NSA into your computer) unrar: because I need a way to extract rar files when clients send me such. If there is a free alternative to it, I would use it but so far I haven't found one. The "Non-OSS Update" repo list only 1 package (opera) and it is not installed (and not in the list of recommended in YaST) "Packman" contains a mix of free and non-free software. It is NOT part of the official repo list, i.e. you must add it manually and explicitly. I have done that and I am using only packages with free licenses (FSF's license list). As for kernel, the following packages come from the "OSS" repo: kernel-default: GPL-2.0 kernel-default-devel: GPL-2.0 kernel-devel: GPL-2.0 kernel-firmware: SUSE-Firmware and GPL-2.0 and GPL-2.0+ and MIT kernel-macros: GPL-2.0 I also have ucode-intel (License: SUSE-Firmware) which is perhaps the thing which most people are concerned about (blobs for CPU microcode which you have in your CPU regardless of OS). It is from the "OSS update" repo (I don't know why). Again: I am not recommending anything. Just sharing what is.
Re: [Trisquel-users] Free software foundations problems
https://www.waterfoxproject.org/#develop Perhaps you haven't read what it advertises.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
I thought you were asking. Anyway it is quite difficult to understand your English, so I may have misunderstood.
Re: [Trisquel-users] Free software foundations problems
This page: https://www.fsf.org/working-together/gang/icecat says "If you're looking to surf the web at speed, but with a concern for your privacy and safety at the same time, look no further than GNU Icecat." but IceCat has privacy issues (demonstrated by me personally). In any case I am using the NVIDIA proprietary video driver anyway, so it is inevitable to have bin blobs. (For the next person who would tell me not to recommend it - I am not recommending anything, it is just what I need to do, otherwise my videocard works x10 slower with nouveau and I can't do my work)
Re: [Trisquel-users] Is there a perfect method to guard our communication?
I simply explained what I do.
Re: [Trisquel-users] Free software foundations problems
> By harden I mean an increase in security/privacy. That's all I really know. :) That's pretty vague. Brave is supposed to be hardened Chromium but it leaks network packages in the background like crazy (much more than Chromium). Waterfox is also supposed to be a hardened Firefox but it is really the same. And so on.
Re: [Trisquel-users] Is there a perfect method to guard our communication?
First you should understand that this is capitalism and everyone is trying to sell you something (even "free" things). Too much advertising and too heavy marketing language is a sign to be noted. Look at how they speak, not only what they say. Personally I get in direct contact with the service provider and ask what I am interested in. From the way they reply I understand what is the depth of their technical expertise and with what attention they approach the questions (level of support). If they ignore me or try to entice me too much - I note this for myself too. At the end I compare. Usually it is quite easy to choose the best (or least worse) because in every field there are only a few who really shine.
Re: [Trisquel-users] Free software foundations problems
But what do you mean by "harden"? Give specific examples please, so that I know what is "softened" and "hardened" in your mind. > stretch as the base for stable and Buster for testing. What is 'stretch' and 'Buster'?
Re: [Trisquel-users] Free software foundations problems
> It's not free/libre ([1]), It is free unless you explicitly add the non-OSS repos. > I would suggest that people around here stop recommending this distro Where exactly did you read "I recommend"? > otherwise people might as well start using the post downvoting system. Perhaps it would be a better idea people here to start reading more carefully and stop thinking in binary (free/non-free) because technology and everything around it is much more complicated than the recommendation and the stickers of organization X.
