@cyrus@wetdry.world
@cyrus@wetdry.world avatar

cyrus

@cyrus@wetdry.world

I'm an 18-year-old tech lover from Germany who values privacy and adores cats. Probably Has ADHD and is probably autistic.

#Trans :spinny_fox_trans:​ / #NonBinary :spinny_fox_nb:

Things I boost don't necessarily have to be things I agree with. They can just be things I want people to see.

Make sure you've got a bio or introductory post when you want to follow me.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

18+ croissant, to random
@croissant@zeroes.ca avatar

• burnout
• harassment
• admin defended JK Rowling not realizing how many trans people they were surrounded by
• burnout
• indifference
• harassment but then decided not to shut down
• burnout
• ran out of money
• database corruption so bad the entire instance just vanished
• burnout

and, finally:

• domain seized by the Taliban

cyrus,
@cyrus@wetdry.world avatar

@xyhhx we need more unique reasons fedi instances shut down

cyrus,
@cyrus@wetdry.world avatar

@astrid

added

cyrus,
@cyrus@wetdry.world avatar

@astrid and @atom your two ones are added 👍

(help I can barely keep up with all the pings)

cyrus, to tech
@cyrus@wetdry.world avatar

BlueSky has the potential for misinformation worse than even Twitter.

I had to / wanted to pump this out because barely anyone (that isn't on the fediverse lol) is aware of any of these issues at all, despite how serious they are a threat to BlueSky as a platform for news and information.

BlueSky does not verify when something is/was posted at all. You can post at any time in the past down to around the year 10 (yes, 10). It does not verify links or link previews, so you can hyperlink something misleading, or put something into link previews that doesn't match any content (if at all, there doesn't even need to be content)

The exploit regarding links is here: https://github.com/qwell/bsky-exploits
For the date/time thing, https://klearsky.pages.dev has the ability to post wrong-time posts. see here: https://bsky.app/profile/cyrneko.bsky.social/post/3kkkpld5ywc2b

I hope I don't have to explain that putting arbitrary links, link previews and post times is a DISASTER for everyone except those that seek to spread mis- or disinformation. It allows someone to post wrongful links or previews which look legitimate at times which look legitimate. I would assume that if you seek it out there is already posts and accounts abusing these features to create legitimate looking mis- or disinformation posts aimed at confusing or otherwise tricking people into believing it's real information.

Anyone that cares enough and has a computer of any kind can spread misinfo. That is how easy it is.

Additionally, anyone can register a real looking domain and pair this disinformation with a real looking account that's linked to a real looking domain, like a fake cnn.com domain.

BlueSky does not seem to care about fixing any of this.

cyrus, to privacy
@cyrus@wetdry.world avatar

BlueSky is "open" now.

What, you thought they finally enabled federation? No, they're still ignoring security issues (arbitrary link previews, no post time checks), have no federation and self-hosting BlueSky is still useless.

Oh, they also still want a phone number, great for /s

Just as a little reminder, the Fediverse has been open since forever. A lot of those flooding in now do so due to hype.

dannotdaniel, to random
@dannotdaniel@mastodon.social avatar

bluesky still does not support video uploads, in case you were thinking they'd added features or something

NOPE

all that's changed is that now we both agree that my invite codes are worthless

cyrus,
@cyrus@wetdry.world avatar

@dannotdaniel also no arbitrary content warnings (only things like "adult content" and other presets), polls, audio; they still don't enable federation and security holes like being able to put whatever you want into link previews - even if it doesn't belong to a link - or being able to post in the past (up to the year 10) are still being ignored

cyrus,
@cyrus@wetdry.world avatar

@dannotdaniel I wish I was joking about posting in the past, btw

https://bsky.app/profile/cyrneko.bsky.social/post/3kkkpld5ywc2b

I wrote some more about it here:
https://wetdry.world/@cyrus/111887219233560650

cyrus,
@cyrus@wetdry.world avatar

@dannotdaniel yeah. And I did.

https://bsky.app/profile/cyrneko.bsky.social/post/3kkkqj5nx6c2e

For good measure, here is a repository detailing the link preview and URL vulnerabilities:

https://github.com/qwell/bsky-exploits

cyrus,
@cyrus@wetdry.world avatar

@dannotdaniel as I started to post about this the 1900 and year 10 posts got liked and boosted lmao

Wuzzy, to journalism
@Wuzzy@cyberplace.social avatar

I just learned of the biggest feature I heard of: "view once" images in . The idea is that if you send an image and select the "view once" option, the receiver may only "view it once". After that, it's deleted. And they claim it "prevents screenshots". How? I have no idea.

It doesn't matter because the whole concept is bullshit, of course.

1/4

cyrus,
@cyrus@wetdry.world avatar

@Wuzzy

The technical measure of preventing normal, OS screenshots comes from an API exposed in the OS. On Android, there's a flag that you can set on any activity that will disallow apps that record it (screenshots, screen recordings, scrcpy...) from capturing it, returning a black image instead.

On iOS, there exists an API that allows an app to be notified when a screenshot or screenrecording of it is taken. WhatsApp uses this to notify the other person if that happens on an OS-level.

Additionally, because the image is dumped after opening it once both from memory and storage, the person receiving the image will need to already have malicious intent in capturing the image, or have an existing setup. Most people don't.

This in turn means it protects from most normal users, which do not have special software, hardware or knowledge and access to where WhatsApp stores these images (spoiler: they're not in /storage/emulated/0/.whatsapp or equivalent on iOS, they're in private app storage that's protected by the OS from normal processes). Because the largest amount of users also don't run custom operating systems or have otherwise heightened privileges, this is a good enough protection for the cause.

In other words, unless you are already talking to someone with malicious intent that has a setup ready to dump a given image, this provides more privacy as it prevents the receiver from using traditional methods to get the picture.

PS: the feature wasn't intended to protect from reporting, but provide reasonable enough protection from the receiver.

PPS: Signal has had this for longer than WhatsApp had. This isn't a proprietary "hoopla" moment.

kubikpixel, (edited ) to linux German
@kubikpixel@chaos.social avatar

deleted_by_author

    •
    cyrus,
    @cyrus@wetdry.world avatar

    @kubikpixel Qubes, probably.

    Tails is for privacy, Kali is for testing security - or a lack thereof, same goes for Parrot

    YvanDaSilva, to privacy
    @YvanDaSilva@hachyderm.io avatar

    I've experience with people that have lost trust in , they have renounced it. Here is a few quotes:

    • "cameras are everywhere"
    • "everyone is tracking you"
    • "if they want to know they will"
    • "most countries have laws to spy on people"

    Dear and , what is your feeling on this. Is this a large problem or am I just unlucky to know N people that believe the above and renounce to privacy.

    I think companies have not been punished enough for their wrong doings.

    cyrus,
    @cyrus@wetdry.world avatar

    @ilyess @YvanDaSilva considering how many say things like "I would never be targeted", they probably DO understand the risks but suffer from this thing where you think you're invincible to everything.

    cyrus,
    @cyrus@wetdry.world avatar

    @ilyess @YvanDaSilva

    Not to mention that attacks are often spread out to potentially hundreds of thousands of people, not targeted

    Unless of course there's reason to target you...

  • All
  • Subscribed
  • Moderated
  • Favorites
  • megavids
  • rosin
  • everett
  • khanakhh
  • mdbf
  • thenastyranch
  • DreamBathrooms
  • GTA5RPClips
  • magazineikmin
  • tacticalgear
  • cisconetworking
  • Youngstown
  • slotface
  • kavyap
  • JUstTest
  • osvaldo12
  • ethstaker
  • tester
  • Durango
  • normalnudes
  • modclub
  • ngwrru68w68
  • InstantRegret
  • Leos
  • provamag3
  • anitta
  • cubers
  • lostlight
  • All magazines
    •