* Posts by nonoj

11 publicly visible posts • joined 19 May 2023

Watch out for rogue DHCP servers decloaking your VPN connections

nonoj

My limited understanding of E2EE is that encryption occurs before it leaves the device, be it a cell phone or desktop.

If intercepted as described in the article there’s only an unencrypted file to look at.

If this is all true then maybe ensure the important communication is all performed using E2EE?

Prof asks court to protect his Unfollow Everything 2.0 extension from Facebook's ire

nonoj

Re: Killing the connection?

Thank you again!

nonoj

Re: Killing the connection?

Thanks - all good info even for someone who will have to look up everything you said!

I forgot to say in my post that I also have a VPN which uses WreGuard (whatever that is) and is always in use.

nonoj

Killing the connection?

I use DuckDuckGo browser which stops many trackers. I also use Little Snitch… when I see a connection to FB or anything else come up that is not needed for a website to work I deny it and often blacklist it. So I >think< I’m stopping any trackers from “calling the mother ship” even if they get past DDG’s blockers. I frequently remove all browser history, cookies, etc. when going from one site to another and delete all temporary connections needed for previously visited sites.

I don’t know if this is the most effective way of handling all the tracking getting thrown at us… if anyone has any other suggestions please let me know!

Drivers: We'll take that plain dumb car over a flashy data-spilling internet one, thanks

nonoj

Another vote here for Affinity and one for DxO as well. Affinity Photo replaced Adobe Photoshop, Affinity Designer replaced Adobe Illustrator, Affinity Publisher replaced Adobe InDesign. Affinity has no Lightroom product so I use DxO PhotoLab to replace Adobe Lightroom. These Affinity and DxO applications more than adequately do the job without subscriptions; I own each piece of software I use outright and only upgrade when I see a reason to.

Besides all that, my clients couldn’t care less which applications I use. They’re only interested in the unique style, level of quality and professional business relationship I offer. And the responsibility for providing those fall for the most part on me - not the tools I use.

Uncle Sam will pay for your big ideas to end AI voice-cloning fraud

nonoj

Re: Respond to fake recording calls

“Don’t call without an apointment.”

LOL! Good one.

nonoj

T-Mobile has some kind of traceback feature that displays “Scam Likely” on the phone when the caller’s number fails the traceback. The family joke used to be “Mr Likely called a couple of times today.” T-Mobile also offers the option of blocking callers who fail the traceback. We turned on the blocking option on and no longer receive those kinds of calls at all. So far, we’ve not missed a single important call with the traceback feature and blocking turned on.

The gov could require that all phone carriers have the traceback feature on by default and blocking as an option. Receiving a “Scam Likely” warning would be an immediate heads up that the caller might not be who they appear to be (or rather who they sound like). After that it's on the person receiving the call as to whether to answer or not.

The truth about Dropbox opening up your files to AI – and the loss of trust in tech

nonoj

Re: Dropbox have been dicks in the past

I used Dropbox, sparingly, until Condoleeza Rice was appointed to the board in 2014. I immediately deleted everything on my Dropbox account and deleted the account. I then wrote an email to Drew Houston explaining my departure and asking why they would do such a thing. The condescending boiler plate response was not worth saving.

Adobe warns it may face massive fines for subscription cancellation practices

nonoj

another dissatisfied user

I shifted from Adobe to Affinity a long time ago. First Affinity Photo then Designer and Publisher as they came out. DXO PhotoLab and Photo Mechanic replace enough of Adobe LR for my needs.

Last two years I was invited to participate in a 1-month project by a client who insisted on InDesign for the final project. The first year I was able to subscribe for a single month without issue. The next year the subscription/cancellation process changed so much and customer service was so awful I wound up getting charged a full year of Creative Cloud for a single month of use. After multiple attempts to get the issue rectified I gave up, wrote up a complaint and a searing survey response. It’s been almost a year later have not received a response. I’m not holding my breath.

If the FCC punishes Adobe for its cancellation processes, good. In the meantime anyone who is interested in finding out why I have nothing to do with Adobe will get an earful.

PS: From a security standpoint, Adobe is a nightmare as well. I was able to shut down, literally, dozens of connections attempted by Adobe products that were attempted, literally, all day long whether I was using their applications or not. Denying all but 3 of those connections had no affect on Adobe apps… so why were all the other connections being made? Installation required unfettered access to my Mac Keychain and several undocumented entries were made to the Keychain. When i used Adobe’s uninstall app dozens of files and folders were left behind, even some apps that still loaded on reboot. I had to manually remove Adobe entries from Keychain, go into Terminal to manually get rid of hidden files. And every interaction with Adobe using a browser meant several persistent trackers dropped on my computer. All this is all the more reason to walk away from Adobe.

Bad eIDAS: Europe ready to intercept, spy on your encrypted HTTPS connections

nonoj
Meh

question from a layperson...

As a layperson with little expertise in this area, my question is what I can do about it. Does it help to use Little Snitch? NoScript? TOR browser? If I keep a list of the critical url (banking, bill pays, etc, entities only in my country) and only use them, am I still at risk for those? Or is my exposure limited to entities based outside my home country, like The Register?

Hopefully there is some direction I can take that doesn’t require a crash course in a topic I have little understanding of. One commenter mentioned changing certificates in Firefox… I wouldn’t even know where to start.

I gather from the comments I’ve read so far that there is no out-of-the-box solution. Also, I live in the US, so I know very well there is little I can do if the government decides look at my internet usage. But maybe there are things I can do now that will reduce exposure to man-in-the-middle attacks by smaller bad actors wanting to do bad things.

Thanks for any serious replies… even if they are, “Sorry, you’re out of luck."

Apple warns of three WebKit vulns under active exploitation, dozens more CVEs across its range

nonoj

Re: who knew Amnesty had a Security Lab?

Just sayin’

I agree with your point but I took "Just by the way, who knew Amnesty had a Security Lab?” to be asking for a show of hands not an admission of ignorance.