@0xtero@kbin.social cover

0xtero

@[email protected]

First I drink the coffee, then I do the things.

Cybersecurity specialist. Perpetual blue team botherer and a glorified network janitor. SecurityFest Crew (https://securityfest.com/)

Trying to leave things better than I found them.
Slow regard of silent things.

#infosec #security #cybersecurity #dfir #coffee #climate #sustainability #solarpunk

About Me: https://0xtero.hanninen.eu/
Mastodon: https://infosec.exchange/@0xtero

This profile is from a federated server and may be incomplete. View on remote instance

0xtero ,

Apply for moderator here: https://kbin.social/m/linux/moderators

[Thread, post or comment was deleted by the author]

    •
    0xtero ,

    The biggest thing that bugs me about Mastodon is the lack of the simple ability to just "like" or agree with a post. I like a voting system. Give the idea that what you posted is some sort of uncouth or an unspoken unique idea. I don't want it a part of my profile via "boosting". I just want to say "hey bro, yeah, that's neat" and move on.

    That's exactly what the "Favorite" (star) function does on Mastodon.

    0xtero ,

    Some instances will want to become as big as possible, for resell value.

    What’s the resell value of an instance?

    0xtero ,

    Facebook bought Instagram for the price of ~$30 per user.

    Yeah, sure for ad revenue.
    Fediverse hasn't been monetized though, so there's no expected ad revenue. Patreons and other donations are not revenue.

    You are basically just buying a bunch of hosting costs

    0xtero ,

    So none of that applies to fedi then. Can’t buy up users because we’re federated and can’t buy up competition, because we’re a just fart in Sahara in comparison, both in numbers of people and in revenue dollars

    And since there’s no privacy here he can datamine the shit out of content already

    0xtero ,

    I’d just move to fedia.io and keep posting. My login isn’t worth very much

    Defederation, Threads and You ( kbin.social )

    A lot of us are pretty new to the fediverse and we've arrived just in time to grapple with what is easily the biggest federation/defederation controversy ever to hit it. I've put this thread together to hopefully help communicate some of the more complex ideas that we're trying to get our heads around....

    0xtero ,

    Finally someone who has a clue. That was well written and easy to understand. Thank you for all the work you put into that post!

    Defederation is about what an instance allows in, not what an instance allows out. Defederation stops you seeing the defederated instance's content, but it does not stop them seeing your instance's content.

    As a final, tiny little point of interest - there is a setting called AUTHORIZED_FETCH (Secure mode) which will force the requesting instance to authenticate. This can be used to stop the data from flowing out.

    Of course enabling this is somewhat problematic as it tends to break other things. But it's there.

    0xtero ,

    I agree. Threads, from their perspective, is not about Mastodon or the fediverse. We don't show up on their radar. We're a speck of dust on their roadmap. We are a complete non-factor to Meta and their plans. They want ActivityPub so they can demonstrate interoperability to EU Privacy Watchdogs who have so far costed them $1.3 billion in fines and are threatening with more. That's why Threads is not available in EU.

    But who cares about that really? Not me.

    It doesn't really change my attitude towards them. I joined fediverse, because it's the only place where you yourself can control the signal to noise ratio. There's no algorithm that shoves ads or influencer opinions down your throat. The moderation is largely crowdsourced to users. I want my "social media" to be "social". I want control over the things I see in my timeline.

    That's not to say Mastodon/fedi doesn't have it's problems. It does. Many of the things OP lists are correct.

    But at the end of the day, Meta doesn't care about us. But I care about me. Block the shit out of Meta. They're harmful to humanity.

    0xtero ,

    But they couldn't keep Solaris open and free. What a bunch of hypocrites.

    Fediverse dating app? ( kbin.social )

    This is just a thought I had that I wanted to bounce off people who know more about ActivityPub/the fediverse— would it be feasible (and would it make sense) to build an open-source, ActivityPub-compatible dating app as an alternative to Tinder/Bumble/etc.? And if so, what could that look like? Obviously the small userbase...

    0xtero ,

    would it be feasible (and would it make sense) to build an open-source, ActivityPub-compatible dating app as an alternative to Tinder/Bumble/etc.?

    Sure, why not - most of the stuff is already in the protocol.
    Profile, Favorites, Boosts and messaging.

    If it would make sense. ..
    Well that's a hard question :-D

    0xtero ,

    Looks like Lemmy code has a security vulnerability, persistent XSS, that allows injection of Javascript into the sidebar and comments. That allowed the attacker to force load NSFW content even after lemmy.world admins cleaned up the first attack.

    Looks like the injected JS code also steals login tokens from your browser, seems some admin accounts got compromised this way.
    Probably a good idea to not visit Lemmy sites for time being (or block execution of Javascript in your browser, which is always a good idea).

    0xtero ,

    🙃

    0xtero , (edited )

    Looks like Lemmy code has a security vulnerability, persistent XSS, that allows injection of Javascript into the sidebar and comments. That allowed the attacker to force load NSFW content even after lemmy.world admins cleaned up the first attack.

    There might have also been an admin account compromise at lemmy.world involved. Time will tell if these are related.

    Edit: Looks like the injected JS code also steals login tokens from your browser, so that explains the admin compromise. Probably a good idea to not visit Lemmy sites for time being (or block Javascript in your browser, which is always a good idea).

    0xtero ,

    Why are you bothering with all this?

    Most of the time, they're looking for replies like yours. Or people who get outraged and upset and want to "defend" their favourite thing. They're after reactions. It makes their day.

    Better way to engage is to hover your cursor over their name and click the "block" icon in the pop-up.

    0xtero ,

    Pixelfeed

    0xtero ,

    You can add this group @[email protected] from Mastodon and see and interact with all the posts. Mastodon doesn't (of course) have some of the functions, like threading, upvotes/downvote etc, so the experience might not be as good.

    Similarly on Kbin, you can follow people from Mastodon - their posts end up in the Microblog section

    [Thread, post or comment was deleted by the author]

    •
    0xtero ,

    This is exactly what we had here on kbin just last week. A dude running 10 alt accounts to boost and rep farm for his main account.

    The whole thing where we have pages and pages of romantic navelgazing about how great fedi is, is getting a bit old.
    I wouldn't throw too many stones in this glass house. Not until you've taken a good look at what's in here.

    0xtero ,

    It doesn't matter if you post anything to Facebook, or if you even have Facebook account. Almost every commercial site in the world has a "Share this" button somewhere that is loaded directly from Facebook. IF you have a Facebook cookie, your information across the Internet is collected. IF you block Facebook cookies, but use somewhat static IP, you are still monitored.

    Google and every other company that lives by datamining users for advertising purposes tries tier best to do the same. Aggressive adblocking in your browser helps a bit, at least you can tell your browser to not send the request, but it's VERY HARD to stay outside the data collection from these companies and adblockers are a constantly escalating war of attrition.

    The End Boss isn't Meta, Google or Twitter.
    It is advertising networks and the entire advertising industry.

    0xtero ,

    XMPP did not exist on its own outside of nerd circles, while ActivityPub enjoys the support and brand recognition of Mastodon.

    That's either a really tasty self-irony or just delusional. I really hope no one thinks Mastodon is anything but a nerd circle.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • random
  • All magazines
    •