I do similar. For laptops and docks, especially if they change setups it can be a pita (though you just need to copy files around).

Also the DE monitor config (ie that you use to login) is logically different to a users x config. So you gotta copy that over to make sure the primary monitor etc is right.

Honestly the only thing I can think of is the competition recently to hack a satellite, maybe has drawn the ire of some script kids, or rather interest. [1][2][3] I LOT of educational and research stuff is quite open, and often very resistant to change as they value access/transmissibility over security in many cases where theres no real grounds (ie: its not national secrets etc). Some of these datasets are quite large.

Even still basic things like firewalls, key based access etc should be setupo. Heck if its a multi-million dollar instrument airgapping is probably worth its time. But i dunno. Just conjecture on my part.

The competition definately brought some attention [4]

• [1] https://www.newsweek.com/eight-teams-hackers-will-compete-breach-us-satellite-space-1808270
• [2] https://www.afrl.af.mil/News/Article-Display/Article/3341747/hack-a-sat-competition-highlights-on-orbit-hacking/
• [3] https://www.space.com/satellite-hacking-hack-a-sat-competition-winners
• [4] https://www.defenseone.com/threats/2023/08/national-intelligence-office-issues-cyber-warning-government-and-commercial-satellites/389671/

FWIW he says this in the beginning of the video.

MS goes out of their way to make shit harder than it needs to be.

For example. The store, they have a store for business where you can simply whitelist known apps buts it’s a PITA to setup AND they have been threatening to decom it for ages

https://learn.microsoft.com/en-us/microsoft-store/microsoft-store-for-business-overview

Want to add safety/security features like secuirty keys. Well if you do it on a non domain joined machine you can just sign into a m365 account to enable a passkey or yuibijey as a second factor.

Want to do that in a business environment. Congrats now you have to deploy a windows CA and issue user certificates to tie to this. Even if you are signing the machine into m365 with ADAL.

They go out of their way to add complexity and failure points.

My family is Italian. From Italy. I’m pretty sure we know how to make sauce. But hey. You do you.

Sauce is scooped out of the pot while it’s on the stove and mixed with the noodle of choice in my house.

Edit: to add my wife, who isn’t Italian, knows how to make ketchup and noodles with the best of them and even then it’s scooped from the pot onto then noodles while plating. And she puts fuckin ground beef in her spaghetti

Normal folks put pasta on their plate and then sauce. They aren’t cooked together, and only combined when plated unless you are wasted and trying to cook it on a George Forman grill or something.

Tthe problem is now if you have the store disabled basic shit, like the ability to open .heic files is broken or use stuff people want like sticky notes is broken.

We turn off most of what we can’t but having the store enabled causes all sorts of stuff.

Also windows 11 has ads baked in even with the store disabled. Plug in a Logitech mouse, get a pop up for their software. Open the picture viewer and get an ad to install some video editor that isn’t clear whether it’s a Ms product or not.

No to mention basic things like copy paste and edit are now weird icons because I guess they think most users are illiterate.

Most of the 11 UI changes are not for the better. Having to beta test it for work is frustrating and I run an IT shop.

Beeper does want you to proxy your iCloud account through a Mac on their network for iMessage. You are logging into your iCloud account through their site. They are in effect using Mac minis in a farm to provide the service based on what I looked into (including self hosting it, but then you can’t use a beeper app, you need your own)

https://help.beeper.com/chat-networks/imessage?from_search=125277302

Any company that I have to give my username and password for a third party service (and especially one as important as icloud/imessage) ill take a hard pass.

At this point i just interpret AI to be "we have lots of select statements and inner joins "

Can help with all of them. But check out opnsense.

While true. It’s because a lot of homeless are really unpredictable for various reasons.

The “down on their luck” homeless you see panhandling etc are generally the exception. Most have legitimate mental illness or drug problems. At least in my neck of America.

Oh yeah. Of course old tpm (1.2) that was the only key to the Castle isn’t great in the hand of someone with some know how and alligator clips since it communicated in clear text at the bus level so key extraction was possible. But for most folks security model, who cares. If it was a risk the business handled it with a pass phrase and tpm.

Apple does security prettt well and integrated too. Especially for most that don’t care.

Im gonna be honest. I stopped reading here.

There are entire swaths of the world, billions of people, where phones are basically the only gateways to the inter.

I do not recommend using a smartphone for banking. You’re asking for a huge attack surface & it’s reckless. People will do it anyway but to suggest that people should avoid Tor for banking on the basis that you’re assuming they are using a phone is terrible advice based on a poor assumption. Use Tor Browser from a PC for banking. That is the best advice for normies.

again, the article is about “normies” using tor to get it to lose its stigma… The only way it gets de-stigmatized is for “normies” to use it. The way “normies” access things is vastly different. There are risks to that. And its not just banking. Getting your email account hacked because you used it on a malicious exit node for one reason or another is just as bad, if not worse. Tor exit nodes are wholesale more malicious than your ISP.

I dont know why you are getting hyper fixated on specific use cases that were used as broad examples. Banking isnt the point its the general use of TOR and the risk it brings. Forest for the trees my guy.

Have a good one. We’re done here.

Good security comes in layers (“security in depth”). TLS serves users well but it’s not the only tool in the box.

Im glad we agree. Because its the entire point. You are nitpicking where it suits you and thats not really honest conversation. Tor browser isnt the only way to access tor and if you are talking about making tor more accessible using things like phones is going to be needed. There are entire swaths of the world, billions of people, where phones are basically the only gateways to the inter.

And on a device with something like CalyxOS (or built with the app structure like calyxOS android based apps) that opens up a LOT more applications to using tor, some of which arent going to be locked down or configured appropriately. Its riskier. You seem to implicitly agree as you only pointed to a single example of XSS and just ignored other examples I provided…Surely we dont need to iterate through every attack vector out there? Because the point isnt those minutia there.

The point is, again, that Tor and specifically exit nodes are more hostile than normal ISP relays. They are actively malicious and often looking to exploit anything they can. Saying selling metatdata that is unencrypted is the same level of malicious as a nation state going after you (life and death) or having your identity or bank account stolen is clearly pretty naive. Even having your banking comprimised is a giant show stopper and theres no “well i have protections” flag to waive. You still have to deal with getting your funds back and paying for stuff to live in the interim. Its a very invasive process. Comparing that to an ISP selling your DNS queries (which im not even sure happens) is literally apples and orances

Those threat models all have a common denominator: mass surveillance. It is safe to assume mass surveillance is in everyone’s threat model as a baseline.

Thats a bad assumption. MOST people arent really concerned with it in the western world. Its why the apparatus exists. And thats not a Trump thing. its existed WAY before trump. Snowden showed that and it was Obama, not trump, that went after whistleblowers harder than any predecessor before them. Its why Snowden is still in exile to this day. Further trying to make this about “party” sides is a bad idea. Its something all parties, including most countries are not only a party to, but actively collaborating against. And there are some areas where straight access TOR is illegal and can get you in trouble. ANd the mass surveillance one country does (ie: US) is much different than another (ie China) so again its not just a giant brush to paint with there. Piping all data through Tor would make you look more suspicious in some of those latter countries and could increase your risk to fingerprinting or tracking, rather than selectively using it where and only when needed.

Every connection that matters uses TLS so the exit node honeypot only sees where the traffic is going, not what’s in the traffic and not where it comes from. IOW, the exit node knows much less than your ISP.

That’s not a magic bullet for secuirty. There are so many ways to exploit connections. Look at what happened here on lemmy with vulns leading to takeovers of instances with xss of session cookies . Or what happened to Linus Sebastian and his YouTube channel, which has one of the largest, most security conscious companies backing it.

The primary difference is your ISP is not generally actively hostile. They may want to sell metadata but they aren’t actively trying to exploit you. And all it takes is a bad auto fill page, or even a fake/spoofed one on an account without mfa or a service with xss vulns etc.

And your thesis is what, that we should make snooping easier for them by not practicing sensible self-defense?

To your own point. Everything is TLS now right? That argument swings both ways. If your ISP (or in some cases a nation state is your isp) is actively tracking you, then there are other alternatives that may be better. Mullvad would sooner be used for banking than tor. Tor is also not all that often used en masse. If my township only has a single tor user (me) that makes me less private. An ISP can easily see who is enterting tor unless you are using more obfuscation like bridges and obfsproxy. It’s the same reason why checking the do not track box in your browser is less privacy oriented. It adds entropy to your fingerprint there.

But to answer my your question my thesis is tor is not necessarily a privacy panacea. The threat model an American or European has is much different than someone from Vietnam or turkey or China, which is also much different than someone from the Nordic countries.

Also. Those running an exit node can and do sniff traffic.

It’s bad practice to login to stuff that’s important (like banking) over tor. Or login to anything over for you have logged into over the clear.

Also, nation states can track you using a variety of techniques from fingerprinting to straight up working together to associate connection streams. A large number of tor nodes are run by alphabet agencies. Hell the protocol was developed by the us navy.

My distaste for systemd has been replaced by my distaste for netplan.