Post B0dn7fB3yF0094yxea by lproven@social.vivaldi.net
(DIR) More posts by lproven@social.vivaldi.net
(DIR) Post #B0dgU3RJkISo5KJavQ by lproven@social.vivaldi.net
2025-11-26T13:39:01Z
1 likes, 1 repeats
An open letter: stop spreading outdated advice about internet securityhttps://www.hacklore.org/letter All this is BAD ADVICE. Don't…• Avoid public WiFi• Never scan QR codes• Never charge devices from public USB ports• Turn off Bluetooth & NFC• Regularly “clear cookies”• Regularly change passwords
(DIR) Post #B0dgc2u9cOeOk6c760 by Flick@spinster.xyz
2025-11-26T13:44:15.479279Z
0 likes, 0 repeats
@lproven I would quibble over “Never scan QR codes”: there are documented cases of this scam for parking in the UK. https://www.bbc.co.uk/news/articles/c14ejdd8vj2o.amp
(DIR) Post #B0dlgIy4KyplUUIMFs by carolen@spinster.xyz
2025-11-26T14:41:03.429970Z
2 likes, 0 repeats
@Flick @lproven not sure where it was now, but I saw signs in a council pay and display car park fairly recently where TPTB had printed THIS SIGN DOES NOW SHOW ANY QR CODES in big shouty caps
(DIR) Post #B0dlwwcSgKkL6K7fqy by Suiseiseki@freesoftwareextremist.com
2025-11-26T14:44:03.194927Z
0 likes, 0 repeats
@lproven If you aren't using bluetooth, turning it off before going somewhere crowded is a good idea, considering how doing so stops bluetooth location spying (although later versions of bluetooth are meant to have privacy addresses, it is always flawed) and eliminates even the slim chance of bluetooth attacks - too bad that doesn't stop location spying via GPS and the mobile chipset.
(DIR) Post #B0dn7fB3yF0094yxea by lproven@social.vivaldi.net
2025-11-26T14:42:50Z
0 likes, 0 repeats
@Flick That's not a defect in a QR code or its security though. That's a defect in someone not turning their bloody brain on.
(DIR) Post #B0dn7gacih2UWdwt8K by snaggen@mastodonsweden.se
2025-11-26T14:47:26Z
1 likes, 0 repeats
@lproven @Flick But doesn't that apply to most security? It seems that humans as a group are very good at not using the brain under some conditions.
(DIR) Post #B0dnfrjPnk90vXMKWm by lproven@social.vivaldi.net
2025-11-26T14:41:57Z
0 likes, 0 repeats
@carolen @Flick "does *not* show"?
(DIR) Post #B0dnfswvH0XkhigdDk by carolen@spinster.xyz
2025-11-26T15:03:22.551769Z
0 likes, 0 repeats
@lproven @Flick yep, my typo sorry
(DIR) Post #B0eA2asioScMJtxH8K by Mikal@sfba.social
2025-11-26T18:56:20Z
1 likes, 0 repeats
@lproven @Flick "Not turning their brain on"?It assumes everyone understands the threat model, how their devices work, how the web works. It assumes people are never in a hurry, never distracted or tired. It assumes everyone is extremely technologically literate. It's sort of like telling people that every single time they use a credit card at a gas station or an ATM that they need to check the security seals and physically grab and jiggle the device to make sure it'a not a skimmer. But then blaming them for not turning their brain on if they didn't do all that and it turns out there is a skimmer and they get scammed. It feels too much like victim blaming.Yeah, checking a URL before clicking (assuming it's not using a link shorter) is easier than manually jiggling a card reader, but slapping a fake QR code sticker is also lots easier than installing a skimmer, so is an extremely easy scam interface to install.
(DIR) Post #B0eIUTzAqQQ8frmZBQ by lproven@social.vivaldi.net
2025-11-26T20:27:13Z
0 likes, 0 repeats
@Mikal @Flick We're in a fancy upmarket food court, like in Battersea Power Station. There's a smartly dressed chap wandering around with a credit card app on his smartphone offering to take payments. He looks a bit like a waiter, if you squint. He's all smiley and friendly. He _says_ he works there. He doesn't ever stand at the till or behind the bar though. He doesn't carry a menu or have a card reading machine. He avoids the wait staff. He didn't know what you ordered. He never takes anyone's orders in fact.Would you pay him? I wouldn't.
(DIR) Post #B0eIUVPRYF1n5d53lg by Flick@spinster.xyz
2025-11-26T20:48:40.186144Z
0 likes, 0 repeats
@lproven @Mikal We’re not, though. We’re an elderly man who isn’t quite sure how The Internet works and is trying to get to a GP appointment, or a harassed mum with a kid in the car and a million errands to do before the school run, in a car park in a run down provincial town, who’s just realised that we’ve got no change. The car parking service provider, and prices, change every few months: the information board is a palimpsest of signs bolted on top of one another. There’s a phone number one can call and wait on hold to speak to someone incomprehensible in a call centre or — aha! — just scan this code and pop in your card details or use Google/Apple Pay. Stop being so elitist.
(DIR) Post #B0fFss8ObePpodzgeW by lproven@social.vivaldi.net
2025-11-26T22:20:50Z
0 likes, 0 repeats
@Flick @Mikal I don't buy it. Either you develop common sense, or as I keep telling one of my cousins, stop using the internet.Life is risky. There's danger everywhere and people wanting to rob you and rip you off. Functional adults learn wariness and caution.
(DIR) Post #B0fFst3pA8LwgkrYAK by Mikal@sfba.social
2025-11-26T22:54:06Z
1 likes, 0 repeats
@lproven @Flick Yep and part of that caution is not scanning QR codes in the wild [edit:] as a general practice. They are something to be very wary of. Useful, sure, but very easily compromised, more easily than many other types of scam vectors. Giving people advice is fine, but the audience matters. I give different advice to different people based on their skill level and my best guess as to their risk profile. No matter what, victim blaming when people fall for scams is always counter productive.
(DIR) Post #B0fvuCbYBE2HfRwo52 by Suiseiseki@freesoftwareextremist.com
2025-11-27T15:45:00.685371Z
1 likes, 0 repeats
@ECityMom @lproven >How does something access your device Bluetooth without permitting connection first?The way demon rectangles are designed is to have the bluetooth card regularly announce its hardware MAC address, so the device is in the "discoverable" state and can quickly pair with bluetooth devices like speakers or headphones - only if bluetooth is in the "off" state that such announcement is not made.The result is that anyone walking past with https://f-droid.org/en/packages/net.wigle.wigleandroid/ running can store the MAC address, location and time, but more relevantly, there are bluetooth stingrays in stores that collects such metadata and exploits it.Later bluetooth versions are meant to have privacy MAC's, with a random MAC being announced generally, but I guess that the current random MAC would need to be stored if you decided to pair with a device, with that MAC needing to persist for as long as that device is to be paired to.I'm not sure if MAC's are encrypted and if not, having bluetooth headphones that only support a static MAC would allow for long term identification for any listener that intercepts the packets containing the static MAC (bluetooth devices inherently receive all bluetooth packets in range, but are designed by default to drop any packets that don't have a relevant MAC).Often the privacy MAC implementation is intentionally or mistakenly screwed up; https://news.osu.edu/study-uncovers-new-threat-to-security-and-privacy-of-bluetooth-devices/ (unfortunately the article refers to the boring exploiting of devices as to "hack", when hacking is playful cleverness)>Don't you need to "allow" a device to connect by Bluetooth?No - for demon rectangles in the default "discoverable" state, external devices can connect and request paring; https://www.simplymac.com/accessories/why-am-i-getting-unwanted-bluetooth-pairing-attempts (LLM slop, but the first few sentences are relevant).The "allow" permits the current connection to finish the pairing handshake, while disallow rejects the pairing handshake until the asking device tries again.The handshake is extremely complicated and when implemented with garbage proprietary software, there are always protocol vulnerabilities.One example of a possible vulnerability is; https://wiibrew.org/wiki/BlueBomb#How_it_works - often with these proprietary bluetooth stacks, an exploit can consist of starting the pairing handshake, inserting a stage0 executable of the correct architecture into one of the data packets of the handshake (which makes the bluetooth stack load the executable data into memory) and then sends an invalidly encoded packet that exploits the bs and causes it to jump execution to the stage0 executable in memory (whoops, the data is executable), which can then be used to do anything - for example to upload a larger executable via bluetooth that does a lot of things - all without even a connection request popping up (the bluetooth will stop working as a side effect, but nobody will notice due to how often bluetooth stops working).For some Android devices, I guess that sometimes the bluetooth stack is run as root and also is excepted from SELinux (as it's hard enough to get it working without SELinux), meaning a successful exploit would allow for full device compromise.
(DIR) Post #B0jsXchxRKV8jdKHXE by Suiseiseki@freesoftwareextremist.com
2025-11-29T13:26:10.299561Z
2 likes, 1 repeats
@ECityMom @lproven
(DIR) Post #B0jt5XeoiyYSut1y6q by lproven@social.vivaldi.net
2025-11-27T15:58:42Z
0 likes, 0 repeats
@Suiseiseki @ECityMom There you go. If you think of them as demon rectangles, if you know what the difference is between a Mac and a MAC, then this advice is not aimed at you. And TBH if your answer involves terms like MACs then your advice will go over the heads of the people who need it -- at the height of an intercontinental 747.You're not wrong in any way. I am not disagreeing!But turning off your Bluetooth doesn't stop _Them_ tracking you. It barely even slows Them down.It does stop your smartwatch working, though. It stops you listening to music, because the "demon rectangles" for the masses don't have headphone ports any more.So they won't, making it pointless advice.Don't give pointless advice. Work out what the advice could be that will in fact help.
(DIR) Post #B0jt5Z4NTQaxIRztaa by Zergling_man@sacred.harpy.faith
2025-11-29T13:31:55.226498Z
2 likes, 0 repeats
@lproven @ECityMom @Suiseiseki >And TBH if your answer involves terms like MACs then your advice will go over the heads of the people who need it -- at the height of an intercontinental 747.It's pretty incredible that using tools you don't understand is seen as normal and expected in under 100 years.Learn or quit.> It stops you listening to musicBone conduction with inbuilt storage and system. Absolutely proprietary, but then, so's bluetooth. Aftershockz should release their source code, they don't make money off it anyway, let me rewrite it so that it actually works properly pls.
(DIR) Post #B0jt9TL4ipkAgJfeDI by Suiseiseki@freesoftwareextremist.com
2025-11-29T13:33:01.090052Z
1 likes, 1 repeats
@lproven @ECityMom I'm riding a international GNUKE (I'm as high as space).>But turning off your Bluetooth doesn't stop _Them_ tracking you. If it actually turns bluetooth off, it stops bluetooth tracking (of course it doesn't actually turn off bluetooth anymore for some devices), but it doesn't stop gps and mobile location spying.>It does stop your smartwatch workingThe smartwatch isn't yours - it serves another master.It is highly important to get rid of such surveillance device and get a practical watch that doesn't need to be charged.>It stops you listening to music, because the "demon rectangles" for the masses don't have headphone ports any more.If you just want to listen to music, you can get one of these devices dirt cheap if you know where to loop; https://replicant.us/supported-devices.php>Don't give pointless advice. Work out what the advice could be that will in fact help.People would regard advise to get rid of the demon rectangle and to cease using as much proprietary software as possible as too extreme.
(DIR) Post #B0jtNGIU0YhEHs29NQ by Zergling_man@sacred.harpy.faith
2025-11-29T13:35:09.780111Z
1 likes, 0 repeats
@Suiseiseki @lproven @ECityMom >It is highly important to get rid of such surveillance device and get a practical watch that doesn't need to be charged.If you're going to get a pocketwatch, I strongly recommend getting a case for it, instead of putting it in your pocket (...), to avoid snapping the spindle on the release. I did this like 4 times without even noticing, and the guys at the shop said they'd "never seen it happen before" after the first time. Sounds like bullshit to me. But now that I have a leather case i have not had any problem.
(DIR) Post #B0jtoLo5dAbxC6jbFI by djsumdog@djsumdog.com
2025-11-29T13:40:21.658534Z
2 likes, 0 repeats
There was also the case with Samsung phones. It was back in 2012, but there were phones that had certain service codes you could type into the dialer to get to special menus for checking SIM and unlock status. They would activate when the final number of the code was typed in, so you didn't even have to hit dial.You could make NFC tags and QR codes with tel:xxxx URLs on them that the phone would open in the dialer. One was the code to hardware reset the device. So you could literally get the phone to wipe itself just by setting it down on the right NFC tag or scan a QR code:https://www.siliconrepublic.com/enterprise/samsung-exploit-can-wipe-users-data-in-one-tap-videoI also personally hate the move to get rid of restaurant menus and using QR codes to web menus instead. Silly things like that make me avoid restaurants that won't give you a physical menu, forcing you to pull out your anti-social monolith while with friends.
(DIR) Post #B0ju5gREB44O6VJ1MG by Suiseiseki@freesoftwareextremist.com
2025-11-29T13:43:32.458504Z
1 likes, 0 repeats
@Zergling_man @ECityMom @lproven A normal wrist watch replaces a smartwatch and delivers a practically superior experience.Even a cheap Casio F-91W terrorist watch is far more practical with a 7 year battery life (but that model is only splash-resistant and has poor timekeeping).The manufacturer rubber watch band always breaks in only a few months if you do anything active ever - but a decent quality rubber band will last.
(DIR) Post #B0juAnRtXTxXIN3WuO by Suiseiseki@freesoftwareextremist.com
2025-11-29T13:44:27.569370Z
0 likes, 0 repeats
@djsumdog @lproven @Flick >forcing you to pull out your anti-social monolithMy what?>while with friends.Lol, lmao.
(DIR) Post #B0juF1oe45pj0niOkC by Zergling_man@sacred.harpy.faith
2025-11-29T13:45:04.662426Z
0 likes, 0 repeats
@Suiseiseki @lproven @ECityMom Can confirm all of the above, but this doesn't solve the fundamental problem of "shit on wrist make sweat".
(DIR) Post #B0juSatKxwIHYtNWJk by Suiseiseki@freesoftwareextremist.com
2025-11-29T13:47:40.912198Z
1 likes, 0 repeats
@Zergling_man @ECityMom @lproven Idk, I don't have that problem - rubber is pretty cool and I must not be prone to excessive sweat.
(DIR) Post #B0juY3ZBmQbZwZYiTg by Pi_rat@freesoftwareextremist.com
2025-11-29T13:48:40.521444Z
2 likes, 0 repeats
@Suiseiseki @lproven @ECityMom >It is highly important to get rid of such surveillance device and get a practical watch that doesn't need to be charged.I recently came to know that apple watch notifies you if you are in loud environment. What in absolute retardation I thought, if your ears work why have a watch tell you and if you are deaf loud does not matter... truly slaves will buy anything
(DIR) Post #B0juboGScB4JdxaY8O by menherahair@eientei.org
2025-11-29T13:49:20.547270Z
0 likes, 1 repeats
@Zergling_man @Suiseiseki @ECityMom @lproven tasmania moment
(DIR) Post #B0juiFDPKEhmy2EFGq by Zergling_man@sacred.harpy.faith
2025-11-29T13:49:36.740637Z
0 likes, 0 repeats
@Suiseiseki @lproven @ECityMom You're lucky.
(DIR) Post #B0juikUV2jnTy1SpiS by Zergling_man@sacred.harpy.faith
2025-11-29T13:49:48.665527Z
1 likes, 0 repeats
@Pi_rat @lproven @ECityMom @Suiseiseki I bet Dave's weather rock has that feature too.
(DIR) Post #B0jusUr424jUMufNk8 by Suiseiseki@freesoftwareextremist.com
2025-11-29T13:52:21.751535Z
1 likes, 0 repeats
@Pi_rat @ECityMom @lproven Even mostly deaf ears can get damaged further from loud sounds, but even if you are deaf, you can tell when it is too loud from the excessive vibrations induced.Of course proprietary software is always on the prowl to implant dependence in search of a non-existent problem.
(DIR) Post #B0juxOdmZ2jwXkn4FM by Suiseiseki@freesoftwareextremist.com
2025-11-29T13:53:15.143770Z
0 likes, 0 repeats
@menherahair @ECityMom @Zergling_man @lproven It's Tasmania usually cold and merely warm in the summer due to how South it is?
(DIR) Post #B0jvDaS8PlyxoN3wTw by Pi_rat@freesoftwareextremist.com
2025-11-29T13:56:10.583489Z
1 likes, 0 repeats
@Zergling_man @Suiseiseki @ECityMom @lproven I love how I can use it as weapon too that alone trumps all watches
(DIR) Post #B0jvLVWMdQ6opfokk4 by Suiseiseki@freesoftwareextremist.com
2025-11-29T13:57:36.461963Z
2 likes, 0 repeats
@Pi_rat @Zergling_man @ECityMom @lproven My body is the weapon.
(DIR) Post #B0jvUHdFduqyMZDw0G by Pi_rat@freesoftwareextremist.com
2025-11-29T13:59:11.869841Z
1 likes, 0 repeats
@Suiseiseki @ECityMom @Zergling_man @lproven Can you please stop boasting your quirks infront of us mear mortals
(DIR) Post #B0jxttNMeJmYZT8E4W by lproven@social.vivaldi.net
2025-11-29T14:23:02Z
0 likes, 0 repeats
@Suiseiseki @ECityMom @Zergling_man@sacred.harpy.faith I don't know WTF you are on about because none of these random posts are replies to anything. Either reply properly or STFU & GTFO.
(DIR) Post #B0jxtuLz0wGtbTUdYe by Suiseiseki@freesoftwareextremist.com
2025-11-29T14:26:13.690329Z
1 likes, 0 repeats
@lproven @ECityMom >Reply normally.>STFU & GTFOYou're on a censorious instance that blocks other fediverse instances and intentionally hides what instances are blocked too.