Thanks for the ransom note tips.
I’m also thinking the ransom note could be a PDF w/metadata removed, posted anonymously to a framadrop box, and the physical note could be made with your dominant hand but only as a hand-written QR code to the PDF URL. Perhaps magic marker with making dots on a graph paper.
Printer makers have no legal obligation to surreptitiously fingerprint every page printed.
Frankly, you are simply stupid if you believe this.
Citation needed on the legal statute. Also, please show us cases where printer models /without/ tracker dots led to prosecution of the printer maker.
That’s not the worst of it. If you fill out a USPS change of address form, they surreptitiously sell that information others.
So you should never fill out that form. Buy stamps if necessary to tell each entity your new address. It’s the only way to get some control over the disclosure.
equifax/transunion: oh, look! we don’t care why, but there are “too many different phone numbers” being reported for you. we’re lowering your credit score
I treat all members of the credit bureau (all banks, insurance companies, etc) the same when it comes to info sharing, just as if it’s all the same org. Because they all share the info via the credit bureau. If you give a different number to every bank, every bank can see all the numbers you gave to other banks through the credit bureau.
I give just one useless number to all of them. A FAX number. Banks have no hope of getting me on the phone. But fuck them… they create this mess by joining the credit bureau. They’ve demonstrated that they cannot be trusted with useful info. So for self-defense, consider making every bit of info you give as useless as possible.
You might be interested to know that the phone numbers on your credit report never mention the source who reported the phone number, which is unlawful. I wrote this thread about it:
Indeed I had some back in the pre-bluetooth days as a way to play MP3s to a car’s ill-equipped sound system. That would be a useful way around devices that have no AUX input. Good idea!
Though it wouldn’t solve the problem of a cycling party like that of Critical Mass.
Thanks! That’s quite useful.
Before emailing someone or deciding whether they get my email address, I run a script that does an MX lookup which then looks for PRISM corps in the results. It also checks the PGP keyrings to see if they have a pubkey. I’ll have to expand the script to check the TXT records as well now.
Thanks for the tip. I never studied the SPF stuff. Is that practical to check?
Well, in that case I guess I should target Barracuda, Proofpoint, and MX Logic in the same way, since 90+% of the world is on MS or Google platforms. That’s probably my practical answer… to distrust any MX servers that are known to be proxies. So, I need a list of proxies like that.
I think I’ve been stung by the same server twice. I vaguely recall another address that resolved to barracudanetworks.com, where msgs from that other user to me had MS outlook in the headers. So I wonder if barracudanetworks is setup to be a proxy or façade of sorts for MS, in which case I could track this.
So what if for every email I receive, I have a program that checks for MS in the headers and (if MS matches) it does an MX lookup on the sender address, which it could then store in a DB to track patterns. This could also be a shared DB so a group of people could benefit from associating non-MS MX servers (like barracudanetworks) to MS. Imperfect of course, but perhaps accurate enough?
Ultimately this is GDPR issue. Data subjects are supposed to be able to know who gets their info and legally they have control over it. Email is somewhat incompatible with the GDPR in this regard.
I realise a guarantee is impossible. Even a Protonmail user could receive a msg from me and then use an MS service to reply manually.
My question was more asking if MX lookups are the /only/ mechanism we have. Have I overlooked another test that would detect more cases?
Certainly it would be feasible to deploy a mail server that blocks inbound MS. This would at least cut off repetitious msgs to me that traverse MS assets. But it’s just theoretical… I don’t think any email service exists with this kind of deliberate configuration.
I’m w/you on the e2ee, of course. But this requires both people to partake, so the suggestion is broken in most non-p2p situations. In a world where govs, NGOs, and most people are incompetent, e2ee is not generally available. From there, do you want to function at all? You can be 100% dysfunctional if you insist on e2ee. I am almost there, actually. Countless businesses lose my business because they are not on the ball w/security. And gov offices get paper correspondence from me because their digital attempt stinks.
But there are situations where e2ee is not strictly important for a particular situation. Yet I will be damned if I have to dance for Google or MS to get their servers to accept my msgs, all to help the scumbags profit from seeing my payload. So I will send an in-the-clear email to non-FAANG recipients in some cases.
But this is the InfoSec community and your reasons are probably entirely separate.
Infosec broadly covers:
Your problem as you describe it boils down to availability (which some would say is the most important infosec factor). I also have a serious availability with Microsoft. When I send email to an MS recipient (back in the days when I was willing to), MS’s servers refuse my msg because MS aggressively implements a strict IP reputation policy. And to be clear, you need not ever send any spam to have a bad IP reputation. You can simply subscribe to an ISP that gives you an IP address which the ISP has published as “residential”. And just like that, the discrimination machine kicks in.
MS does not want mail from self-hosters like myself. They want to force me to dance for them. Even though my email is RFC-compliant, MS wants me to subscribe to a more costly business class of internet service, or to pawn myself to another email service provider.
Either way, MS can fuck off. I will not lick MS’s boots.
Out of curiosity, why are you declining to transit Microsoft servers? Worried about inspection or something?
First of all, I boycott MS. The boycott is mostly driven by factors unrelated to infosec. Boycotting is no longer just refusal to buy their junk – boycotting also means to not feed them data because they profit from the data (otherwise, why are they gratis?) I am not generally worried about info in my payloads being specifically exploited in some kind of attack by MS, but I will not feed MS data that it can profit from. I also protest non-US govs throwing away their digital sovereignty and making all their people lick the boots of a privacy-abusing US surveillance advertiser.
I’m not sure how much research you’ve done, but a quick search of “Facebook addiction peer reviewed”
Thanks… indeed adding /peer reviewed/ helps.
It’s also probably worth digging into dark patterns used by Facebook and others to keep users coming back/focused on their feed.
Glad you mentioned that… I might have overlooked it otherwise. The gov might argue (perhaps internally) that social networking is naturally addictive and that it’s an unavoidable nature of the beast. But Facebook (and likely Twitter) deliberately designs their platforms to artificially supercharge the addictiveness. So I will make that the focus of the addiction discussion, to separate Facebook from Lemmyverse.
I’d also be prepared for the counter argument: “governments are only using Facebook because that’s where the people are”.
I’m not sure my compaign will get any express feedback from opposition, but I will stress that the “network effect” feeds into the addiction as well as creates the power imbalance.
I skimmed through it and agree with everything up until the idea of a general ban on smartphones. That’s crazy talk. Banning young children from having smartphone access is various circumstances is probably a good idea.
But for adults, I would just be happy with a ban on forcing others to use smartphones. E.g. some banks have closed their doors and shut down their web portal to wholly force all their customers to lick Google’s boots to obtain the bank’s closed-source proprietary app, which then forces chronic phone hardware upgrades. Then people who do not conform to the bank’s demands lose access to their money. That shit should be banned.
There might be some truth to that but I’m not sure it’s relevant, unless you are also saying most of the population is smart.
There are always people who have immunity to various addictions. The question is: when the gov pushes people into Facebook, are they pushing some people into addiction? If the gov were to hand out tobacco samples on the primary school playground, some kids may not get addicted but that does not vindicate such action.
Indeed road travel is the focus for Sirius XM and I think the biggest marketshare is from truck drivers. But I have seen Sirius home receivers, though perhaps rare. I know a former subscriber who has an antenna for a home unit, which mounts outside the house and came with a really long cable.
I never saw the scheduling mechanism, so I appreciate your insight. Glad to hear the schedule info is sent in-band… and I suppose finding a home unit that exploits that would be another matter.
Thanks! It’s probably useful for people in the UK. I get BBC though, so I’ll have to see if my BBC World News is aligned with that. But in the end it seems I really need to get the schedules from the DAB SPI signal, and thus I need to look into what kind of hardware can do that.
deleted by creator
In your own home, couldn’t you just use internet radio instead?
Internet radio is certainly not a replacement for broadcast radio.
It’s a good “cover for action”, considering most of the printers that have the stego are naturally incapable of achieving the high quality needed to counterfeit banknotes. And those that are high enough quality are artificially crippled to be incapable of producing an exact match on the colors used in banknotes. Printers are generally lousy at matching colors. IIRC, Epson supplied software that would alter the photo displayed on your screen to best match what the printer could do, because demanding that the printer precisely match the source color is unrealistic.
Self-regulation out of fear of regulation is a tough sell. What regulation do they risk if they don’t self-regulate, other than the very same outcome: tracker dots?
Like a lot of surveillance, there is the cover story and then there is the real reason.
Nonetheless, I appreciate the comment… it’s always good to be aware of the /official narrative/ regardless.