The Computer Thread

@Rainah Daze

I am going to be saving money for another one on Ebay.

Edited by GAP on Jun 19th 2020 at 6:42:27 AM

None of those programs are useful to me, and Genopro is too expensive for what I need, but thanks anyway.

So...about that new Edge browser. Anyone having issues?

I still think it's funny that Micro$oft threw in the towel and put Chromium in as the guts of their flagship browser, given all the time in The '90s they spent fighting Netscape....

Is it on-topic to ask for feedback on whether or not I should make a Facebook account, considering all the scandals about its shady practices when it comes to user privacy and information security? See, some of my favorite online artists primarily if not exclusively post their work on FB, and it's tedious to frequently add new custom filters to my adblocker to block out the screen-obstructing "how about signing up?" message that pops up almost every time I so much as scroll up or down a single screen's worth or go to a new page. And some of the aforementioned artists appear to have set their photo gallery so that it's not viewable by non-users, which is the final impetus for me posting about this here.

Note that I live in Saudi Arabia, in case my geopolitical location is relevant for the answer.

And here is where I would say that if it was anywhere else but Saudi...dude, just don't. Between the spying by the authorities there and the fact that Facebook will cooperate with governments (PRISM? Facebook was stacking paper working with the NSA) and the data breaches, if I was you I wouldn't.

I would counter the above by saying that there is no fundamental reason not to have a Facebook account if you gain utility from it and are reasonably diligent about protecting your privacy.

• You have complete control over what information you share with Facebook. You can put as much or as little data in your profile as you want.
• You can ignore or block any content in your feed that you don't like or don't want to see.
• Make diligent use of the privacy controls to restrict what information Facebook gathers and shares about you.
• Be aware that, regardless of the above, Facebook will gather data about you from your use of the site and share it with third parties. Facebook will also track your use of third party sites that are affiliated with it.

Another Microsoft service botes the dust: Mixer is shutting down, Microsoft partnering with Facebook gaming.

I'm also hearing mixer employees heard about it right before the announcement was made.

Fighteer, I like how your final point contradicts the first three. Marq, only you can decide what the right decision for yourself is. Bear in mind what the benefits and costs of a FB account are, including the probability that your government is screening everything. If you are doing anything online that might get you in trouble, then the only way to both have a FB account and maximize your anonymity is to conduct the two activities on different PC's, and don't ever cross over. Anything you do on a machine that has been used to connect with FB is potentially compromised if the authorities ever ask to inspect it. "Potentially" in this context means that getting identified is a low probability event, but given that you live in a conservative muslim state, it's also a high stakes decision.

There are other things you can do to protect yourself, such as running Tails or a VPN (if you run Tails from a read only DVD, you can use the same machine for connecting to your FB account, but remember to exit out of Tails first).

Let me know if you have any questions.

It's not a contradiction, but a caution. FB can and will track whatever you do and use whatever data you provide, so if you want to use FB and maintain privacy, give it as little data as possible.

It tracks stuff you dont provide too by permanently marking your computer after you make an acount.

I dont know if it's still up.. being a stalkers best friend and all... but there was a website a few years back that showed you what they had on you, and it shocked people to see that even if you never talked about it... they had every thing from every street address you ever lived at, to how much money you made, to medical history and even the last time you took a vacation day.

The level of information Facebook collects and then freely gives out is disgusting, google may do the same but the way handle the information is better... with them not selling the information on you, but rather using it to play matchmaker and connect add providers to you without handing over the info directly.

The main thing I'm concerned about is that signing up requires entering a valid email address, and the email services that I know of require a valid phone number, which FB will inevitably be able to access and do with it whatever they typically do with the rest of a user's personal information. I already took the plunge once a while back and made an FB account with a dummy Gmail address (I made it with my phone number, then deleted the number from the settings before using the address to sign up on FB) just so that I could open one page and copy-paste the list inside it, then immediately deleted the account afterwards since I had no need for it. Would that work on a more long-term basis?

As for Saudi Arabian surveillance... Guys, if the spooks in question actually cared as much as you guys think they do, they would've come knocking on my door for any of the very "unflattering" things that I've been saying about the government and especially the monarchy on this very site for years. I get the impression that they only care if such stuff checks at least one of the following on their list:

1. It's posted on a highly visible social media platform (e.g Twitter) where such information could become easily headline news, especially if it's plausible for the information to go viral very quickly (e.g. celebrities).

2. The communications contain keywords that are deemed to be likely indicators of active plotting or intent to plot against the government and/or monarchy.

3. It somehow reached the eyes/ears of one of the Sauds who either has the authority to order the source of the communications to be punished or has the ear of someone who does.

Any methods for removing this permanent marking?

Edited by MarqFJA on Jun 23rd 2020 at 5:27:40 PM

Demarquis' Privacy Primer:

Protonmail is a free, encrypted email service that does not require you to identify yourself to them. I've used them myself, so I can vouch for them.

You can also get an anonymous phone number I have used Google Voice myself.

As for Facebook, the reason that's tough to do is because they gather information about you from other people who have friended you or connected to you through their FB pages. So even if you yourself don't have an active FB account, they may very well have a file on you anyway. Lesson: if you don't want to be profiled, you not only have to remember to be careful who you share stuff with, but who is sharing stuff with you.

In the US, getting street addresses people lived at (or their phone numbers) is easy and cheap. You can get income information if they worked for a publicly funded agency, otherwise that should be no easy way to get it. HIPAA laws mandate that personal medical information should never be shared except between care-providers, and that only with the patient's permission (as I indicated, all this applies only to the US—I have no idea what privacy protections exist in other countries).

Of course, you can be profiled in various ways without anyone getting your data. Knowing what advertisements you click on and what you are interested in purchasing will allow someone to guess things about you (your income, age, race, family status, political affiliation, etc.) with a fair degree of accuracy.

And of course your internet provider is tracking you, the keywords you search for and the websites you visit, which is why many people only access the internet via TOR or a VPN (Protonmail provides a free one).

Edited by DeMarquis on Jun 23rd 2020 at 12:42:50 PM

I do wonder what they do with everyone who doesn't click on adverts.

They make guesses based on your search history, and the websites you visit.... did you know that you can tell a lot about a person from seemingly inconsequential things... by knowing the model of car some one drives you can predict there political alignment with nearly 80% accuracy... which is how buisnesses like facebook figure that out....

If you don't just tell them in the first place.

While its true that you can't get the information directly they don't bother, they look for other cues... scraping the websites you visit (People who feel well don't visit mayoclinic), what you are saying to people, what they are saying about you... and if your missing work or not.

TBH the amount of information you can piece together from things is fucking scary.◊

Edited by Imca on Jun 23rd 2020 at 11:16:06 AM

Quite interesting, really.

Best way to use Facebook without them tracking you across the web is Firefox with multi-account containers and the Facebook Container extension. It will block Facebook scripts outside of the FB container in addition to the standard isolation of cookies/browser storage that containers use

Lindsey Graham, Tom Cotton, and Marsha Blackburn are all cosponsoring a bill in the US Senate to outlaw end-to-end encryption due to criminal activity.

Edited by tclittle on Jun 25th 2020 at 11:15:14 AM

Yeah, the main challenge isn't to conceal your identity from Facebook (that's relatively easy), the challenge is to prevent them from developing a profile on you that is extremely accurate even without knowing who you really are (which from their point of view isn't what they are really interested in anyway).

Doesn't that basically render online commerce effectively impossible in the US?

I answered this in the privacy thread: It would really inconvenience businesses in the US, and the chances of this passing the Dem controlled house are essentially zero. This is a stunt.

Is such collated information accurate enough that a sufficiently motivated malefactor could use it to deduce my real identity (and thus open the possibility of doxxing) and/or cause me serious trouble?

Simply put, yes. However, it's important to know whether this malefactor has the ability to gain insider access to IP logs and other confidential data. Private individuals and companies typically don't. Criminal enterprises may attempt to steal or hack these data, but that's a difficult risk to quantify. Law enforcement and other state-sponsored actors, however, do have the ability to gain access to confidential data. It's extremely hard to hide from them if they really want to find you.

For example, if you use a reliable VPN, no outside observer can connect your start and end points (unless you dox yourself via carelessness), but the VPN itself can, and they can be subpoenaed or raided. If you use end-to-end encryption, people may not be able to read your messages (even the people who made the app), but they can tell you sent them and to whom. Even in the best case, when the connection is untraceable, the fact that you used a VPN or E2E at all can be held against you.

If you are protecting your privacy against hackers, identity thieves, etc., great. That's highly reasonable. If you're protecting it against governments, you're pissing into the wind. At best you can increase the level of effort required.

Edited by Fighteer on Jun 27th 2020 at 1:47:23 PM

@Marq: Simply from randomly collected metadata? Very unlikely. The people with the resources and motivation to do that (Facebook, Google, The Republican Party) don't actually care who you are, they only care if they can influence your purchasing or voting behavior. Treating you as the member of a narrowly defined demographic is good enough for them.

As for hackers, they may care who you are, but they can't collect your metadata very easily. They can steal your identity, dox you or lock the contents of your hard-drive, but they have no direct access to your search or purchasing history. As a general rule, if Facebook doesn't know who you are, then no one else will either, even with access to the log files.

You keep your real identity secret from FB by using an anonymous email address and phone number ('course, if they figure out you are doing this, they can cancel your account). You might also want to keep your ip address a secret, and there are various ways of doing that (a hacker without a web page for you to visit would find it very hard to get your ip address, but of course FB would know what it is). Using a mobile phone, a dynamic ip address, TOR, a VPN, or simply using a cafe's wifi would conceal your ip address from anyone except your internet service provider (and the cafe wifi would protect you even from that).

But at this point the question is just how much trouble are you willing to go to? What are you trying to protect yourself from? If it's just random hackers, I wouldn't worry too much, FB protects it's customers pretty well. If you're trying to protect yourself from FB itself (and other website services) that's more difficult and involves more effort to go to. If you're trying to protect yourself from government, well, that's even more effort.

Just remember that perfect anonymity online is impossible, just like the perfect lock doesn't exist. It's a question of making your data more trouble to obtain than it's worth to anyone.

Edited by DeMarquis on Jun 27th 2020 at 2:18:56 PM

I've had the hardest time deciding where to discuss this. The U.S. Politics thread isn't right, and the Privacy thread isn't quite either, so this is the best place I can find.

Many of us may have heard or seen (it made national news headlines) that Twitter got hacked yesterday. Not its users, but Twitter itself. This hack appears to have been one of two things: the result of a spearphishing campaign or an inside job. We won't know for sure until the company completes its investigation.

The result of the compromise, however, was that malicious attackers were able to gain complete control of the tools that Twitter uses to administer accounts. This let them change passwords, change email addresses, remove two-factor authentication, and so on. They used this control to ... send out a bunch of tweets attempting to scam people into sending them bitcoin. Seriously.

The attackers mainly focused on verified accounts with high follower counts: Bill Gates, Elon Musk, Barack Obama, etc., plus some major corporate accounts and bitcoin traders. These accounts began tweeting a message claiming to be "giving back to the community". Readers were promised that if they sent bitcoin to the accounts listed in the tweets, they would receive double back. Of course, this didn't happen.

It took several hours for Twitter to regain control of the situation, during which tweeting was shut down for most verified accounts and password changes were disabled.

The reason I bring this up is not to slam Twitter or gloat about bitcoin users getting their just deserts (although I do feel that way), but to speculate about corporate information security. Why did Twitter not have stronger protections against this sort of attack, such as 2FA attached to employee accounts and screening for logins from unknown IP addresses?

My company, for example, conducts annual IT security training and periodically sends out fake phishing emails to find out who bites and to train people to detect them. It also requires two-factor authentication. Does Twitter not do these things or did they fail?

Why do people still fall for phishing and spearphishing in this day and age? Are humans psychologically incapable of resisting them despite training? Do we just have to accept that the price of using technology is that we'll constantly fall victim to social engineering attacks?

I also find it both bizarre and overwhelmingly relieving that these hackers got what was effectively complete control of Twitter for over an hour and all they did was try to scam bitcoin out of people. What if they'd sold the access to a malicious state actor? Bought stocks and sent tweets designed to affect the prices of those stocks? Started wars by sending inflammatory messages? Consider that they also had access to the private messages of all those users. What secrets might they have stolen and sold?

How did we simultaneously have such a disastrous event and get so lucky with the net outcome?

Edited by Fighteer on Jul 16th 2020 at 7:33:31 AM