|
cool https://twitter.com/duckduckgo/status/923531330121433088
|
# ? Oct 27, 2017 11:27 |
|
|
# ? May 15, 2024 03:34 |
|
“can’t be disabled” is interesting. wonder why that is I bet someone in this thread knows!
|
# ? Oct 27, 2017 11:45 |
|
Subjunctive posted:“can’t be disabled” is interesting. wonder why that is well it says "walking" so you can't be disabled for that one at least
|
# ? Oct 27, 2017 13:07 |
|
Subjunctive posted:“can’t be disabled” is interesting. wonder why that is re: disabling. lately they've been trying to push on-body detection as a convenience security mechanism for knowing when to keep your phone unlocked. the activity recogition api gives confidence values on: in_vehicle, on_bicycle, on_foot, running, still, tilting, unknown, walking. there's no real consideration for the privacy impact of using these readings over a long-term basis, but the intended approach is more "don't alert a person while they're driving"
|
# ? Oct 27, 2017 13:52 |
|
I think I helped train that ML model. They gave me a cool tshirt that has a space rabbit on it and everyone thinks it's for a band.
|
# ? Oct 27, 2017 14:08 |
|
some more fun with voltage fault injection: https://www.riscure.com/uploads/2017/10/Riscure_Whitepaper_Escalating_Privileges_in_Linux_using_Fault_Injection.pdf
|
# ? Oct 27, 2017 14:15 |
|
Riscure owns I hope do to my Master's thesis there
|
# ? Oct 27, 2017 14:18 |
|
Wiggly Wayne DDS posted:some more fun with voltage fault injection: https://www.riscure.com/uploads/2017/10/Riscure_Whitepaper_Escalating_Privileges_in_Linux_using_Fault_Injection.pdf My friend was (is?) working on something like this using a targeted EM pulse to gently caress with secure boot or something. It involved melon sized capacitors that could kill a horse, and last I heard he was trying to figure out how to publish his research without some amateur secfuck artist stopping his heart trying to reproduce it.
|
# ? Oct 27, 2017 14:29 |
|
Wiggly Wayne DDS posted:you do need the com.google.android.gms.permission.ACTIVITY_RECOGNITION permission, it's more that the duckduckgo source is reddit complaining that the permission isn't listed if you install via the webstore. copperhead joins in and has far more intimiate knowledge of android's privacy issues but the end result is sensor data is free for any app in android for convenience. i fuckin' love tilting just standing around tilting at fun new angles heck yes mrmcd posted:My friend was (is?) working on something like this using a targeted EM pulse to gently caress with secure boot or something. It involved melon sized capacitors that could kill a horse, and last I heard he was trying to figure out how to publish his research without some amateur secfuck artist stopping his heart trying to reproduce it. horses can be killed incredibly easily so i'm imagining this thing puts out roughly the electrical charge of a fart
|
# ? Oct 27, 2017 14:39 |
|
killed isn't the same as suicided
|
# ? Oct 27, 2017 15:04 |
|
Poor old freckles, thought of ant+ and died.
|
# ? Oct 27, 2017 15:11 |
|
Wiggly Wayne DDS posted:you do need the com.google.android.gms.permission.ACTIVITY_RECOGNITION permission, it's more that the duckduckgo source is reddit complaining that the permission isn't listed if you install via the webstore. copperhead joins in and has far more intimiate knowledge of android's privacy issues but the end result is sensor data is free for any app in android for convenience. for something like "don't alert a person while driving" why would that not by a system wide setting?
|
# ? Oct 27, 2017 15:29 |
|
Shaggar posted:for something like "don't alert a person while driving" why would that not by a system wide setting?
|
# ? Oct 27, 2017 15:36 |
|
ah, makes sense. yeah I could see how that's a hard choice to make. on the one hand its the system notifying the app of a change of status, but on the other its somewhat private info.
|
# ? Oct 27, 2017 16:43 |
|
Wiggly Wayne DDS posted:you do need the com.google.android.gms.permission.ACTIVITY_RECOGNITION permission, it's more that the duckduckgo source is reddit complaining that the permission isn't listed if you install via the webstore. copperhead joins in and has far more intimiate knowledge of android's privacy issues but the end result is sensor data is free for any app in android for convenience. i hate the sensing when a user is driving thing because how can it tell you're not just a passenger? or even a bus rider but i also don't want a phone that really can tell the difference between driver and passenger, that's scary
|
# ? Oct 27, 2017 17:20 |
|
Wasabi the J posted:Poor old freckles, thought of ant+ and died.
|
# ? Oct 27, 2017 17:41 |
|
fisting by many posted:i hate the sensing when a user is driving thing because how can it tell you're not just a passenger? or even a bus rider it can’t but it can pop up the new ios11 “click here if you’re a passenger” thing
|
# ? Oct 27, 2017 17:41 |
|
hobbesmaster posted:it can’t but it can pop up the new ios11 “click here if you’re a passenger” thing that's just for the sovcit types who insist that only a horse and carriage can be driven and a car is just traveling as a passenger or whatever so you can't give them tickets
|
# ? Oct 27, 2017 18:53 |
|
James Baud posted:Pretty much every housing (re)development in Canada since the early/mid 1990s has them, regardless of the area's density. Oh so it's a "we're spending too much on the postal service" conservatives thing
|
# ? Oct 27, 2017 19:00 |
|
mrmcd posted:My friend was (is?) working on something like this using a targeted EM pulse to gently caress with secure boot or something. It involved melon sized capacitors that could kill a horse, and last I heard he was trying to figure out how to publish his research without some amateur secfuck artist stopping his heart trying to reproduce it. so there are no downsides to publishing?
|
# ? Oct 27, 2017 22:10 |
|
Wiggly Wayne DDS posted:you do need the com.google.android.gms.permission.ACTIVITY_RECOGNITION permission, it's more that the duckduckgo source is reddit complaining that the permission isn't listed if you install via the webstore. copperhead joins in and has far more intimiate knowledge of android's privacy issues but the end result is sensor data is free for any app in android for convenience. uh why does the app need to know any of this poo poo? isnt it up for the os (and user settings) to decide whether to say keep your phone unlocked or supress alerts??
|
# ? Oct 27, 2017 23:48 |
|
Powaqoatse posted:uh why does the app need to know any of this poo poo? isnt it up for the os (and user settings) to decide whether to say keep your phone unlocked or supress alerts?? there are apps that want to be in different UI modes when you're driving or jogging or whatever
|
# ? Oct 27, 2017 23:50 |
|
hobbesmaster posted:there are apps that want to be in different UI modes when you're driving or jogging or whatever ok so those apps should have a special permission
|
# ? Oct 27, 2017 23:51 |
|
... which they do. You're granting it by accepting.
|
# ? Oct 27, 2017 23:54 |
|
except everything in android asks for all the permissions all the time so
|
# ? Oct 27, 2017 23:54 |
|
hobbesmaster posted:except everything in android asks for all the permissions all the time so ^^ yeah this is the problem ^^
|
# ? Oct 28, 2017 00:01 |
|
android apps ask for so many permissions that you could have some profound conversations on where android's security policy lies relative to the line between deny by default and block by exception
|
# ? Oct 28, 2017 00:16 |
|
when u think about it, if you put enough holes in swiss cheese, the cheese eventually becomes the holes to the air
|
# ? Oct 28, 2017 00:18 |
|
i mean at the very very least, the activity recognition stuff should go in the "location" category instead of "other" or they could create a kind of idk "always on handsfree mode" type permissions category and put that in there with "prevent sleep" etc but jeez yeah the real problem is how badly its communicated to the users by google, who (to be fair) dont give a poo poo
|
# ? Oct 28, 2017 00:24 |
|
android permissions are so bad skype, despite explicitly revoking everything, can still take over fullscreen whenever anyone calls me
|
# ? Oct 28, 2017 00:26 |
|
anroid still does the horrible dumb all-or-nothing permisions right? where when you install a app it says what it wants to do and you have to say overall yes/no? as opposed to individual permission requests for each thing a app wants to do like camera or microphone if so lmfao
|
# ? Oct 28, 2017 01:20 |
|
Lysidas posted:anroid still does the horrible dumb all-or-nothing permisions right? where when you install a app it says what it wants to do and you have to say overall yes/no? as opposed to individual permission requests for each thing a app wants to do like camera or microphone That's no longer the case for Android M and above, although apps that don't yet target M have the old "all or nothing" behavior. I'm assuming in the future once enough time has settled there will be a point where the old behavior is no longer supported at all and it will just silently provide zeros and nulls from API calls for privacy protected things.
|
# ? Oct 28, 2017 01:24 |
|
Isn't Peel Smart Remote super hosed for Samsung devices? I've heard that is does something like circumvent android API permissions and runs as root so it can draw ads on your screen at any time?
|
# ? Oct 28, 2017 01:35 |
|
one of the schools i'm a contractor for has a guest wifi i have to use, where it takes me to a page and makes me enter a password. problem is their https is broken (i think the certificate it out of date? idk i'm just a secfuck spectator) so badly that i can't actually access the page on chrome or firefox, both of them either just give me https error pages or do an infinite loop of "you must log into the network" i eventually had to put IE11 back on my computer because that was the only browser dumb enough to let me log in for some reason chrome on my phone lets me do an exception to the certificate while desktop chrome won't i'm assuming this is pretty whatever in terms of secfuck but its my story
|
# ? Oct 28, 2017 02:31 |
|
probably a captive portal trying to pop up on a domain with hsts enabled
|
# ? Oct 28, 2017 14:29 |
|
Thanks Ants posted:probably a captive portal trying to pop up on a domain with hsts enabled yeah, and enough sites are https-only that lol you can either use something benign like http://kitten.zone/ as your unencrypted http test or remember the obnoxious unmemorable urls like http://captive.apple.com/ that computer vendors use to probe for captive portal
|
# ? Oct 28, 2017 15:52 |
|
Cocoa Crispies posted:yeah, and enough sites are https-only that lol http://neverssl.com/ is the one I use
|
# ? Oct 28, 2017 16:00 |
|
Cocoa Crispies posted:yeah, and enough sites are https-only that lol it is a place where yarn is not safe. where birds lie dead, placed upon doormats and newspapers. it is a place where laser pointers drive one to question existence itself. it is... the Kitten Zone.
|
# ? Oct 28, 2017 16:01 |
|
Djeser posted:one of the schools i'm a contractor for has a guest wifi i have to use, where it takes me to a page and makes me enter a password. problem is their https is broken (i think the certificate it out of date? idk i'm just a secfuck spectator) so badly that i can't actually access the page on chrome or firefox, both of them either just give me https error pages or do an infinite loop of "you must log into the network" Does typing 'badidea' work?
|
# ? Oct 28, 2017 20:45 |
|
|
# ? May 15, 2024 03:34 |
|
no but the contractor password is contractor iirc it's the portal page itself that tries to do HTTPS and that's what makes it gently caress up so badly--plenty of other schools have portal pages that don't make chrome throw a fit my only other story was a school that had blocked Minecraft connections and then tried to teach a class using Minecraft and went "wait why can't we connect" though i guess working at the "spiritual center" where if the internet went down i was supposed to go back into the kitchen and climb over jugs of kombucha to unplug/replug the modem kinda counts e: the spiritual center also had a room where the ceiling was maybe six and a half feet high, with these big sheets draped across it that hung low enough my head would brush up against them. i believe there were also candles in this room. Djeser fucked around with this message at 20:59 on Oct 28, 2017 |
# ? Oct 28, 2017 20:55 |