Seirdy

Seirdy@pleroma.envs.net

Skim before following: seirdy.one/about/fediverse-gre…. It describes how I accept follow requests, block people, etc.

Interested in #Accessibility, #Privacy, #Security (in that order).

I am made of microplastics and can be trusted with your forklift. @alizasystem@chai.kibbutz.gay's boywife, together since 2023-12-04.

tech-stuff: check my "uses" page: seirdy.one/about/uses/
Other tech interests in no particular order: linked data, the #IndieWeb, the #Gemini protocol (more into the community than the technology).

Politics: Leftist, capitalism bad, anti-consumerism.

Neuro-atypicality: #anxiety, #ADHD, #ActuallyAutistic.

:QueerCat_Pansexual:

Boundaries: if you're a minor or if we've not meaningfully interacted before, then don't be lewd/flirty with me. otherwise it's fine, in moderation.

Hashtags for #fedi22 searchability: #shitposting #poggies #LinkedData #SemanticWeb #panro #InclusiveDesign #ScreenReader #SearchEngines #anime #webdev #blogging #linux #Fedora #Sway #zsh #IndianAmerican #StarTrek

[Verifying my OpenPGP key: openpgp4fpr:AC6AF1F838DF3DCC2E47A6CF1E892DB2A5F84479]

akkoma (AP)

Seirdy

1 month ago • •

Seirdy
1 month ago • •

Vague references to domestic abuse, trafficking ment, Windows Recall

The best ways to improve opsec against coercion are to:

Limit what can be taken (reduce what’s stored on a device).
Fake what you do have: use duress passwords or secondary devices.
Last resort: use a hardware key that’s deliberately easy to lose or break, so there’s potentially no key to give up in a rubber-hose attack.

There’s overlap between the three. A duress password temporarily limits what’s stored on a device, and losing a decryption key is more or less the same as instantly wiping encrypted data to reduce what you have to offer. All come down to having less data to give when coerced into giving what you have. Operating systems should also obey this principle by storing as little offline data as possible, and providing duress safeguards for what must be stored.

Windows Recall captures an amount of offline telemetry comparable to parental-control apps often used to control human trafficking victims: the data encompass everything potential victims do on their machines, without any duress protections. Presenting such a feature as opt-out seems like it’s almost designed to hurt victims.

The decision-makers behind features like Recall, or invasive child-monitoring spyware, have likely never experienced this type of abuse. Or perhaps they are the abusive party at home.

Originally posted on seirdy.one: See original (POSSE). #Windows #Recall. Quoting a post by @evacide:
RE: hachyderm.io/@evacide/11248189…

Sex Traffickers Used America's Favorite Family Safety App To Control Victims

Life360’s CEO says he’s never heard of his parenting app being used by sex traffickers to monitor the location of their victims. But Forbes obtained evidence that the app and others like it have been used as digital “leashes.”

^{Thomas Brewster (Forbes)}

evacide

2024-05-22 00:24:59

"...a would-be hacker would need to gain physical access to your device, unlock it and sign in before they could access saved screenshots."
I've got some news for Microsoft about how domestic abuse works.
bbc.com/news/articles/cpwwqp6n…

Microsoft Copilot+ Recall feature 'privacy nightmare'
The ICO wants to know the safeguards around Recall, which can take screengrabs of your screen every few seconds.
^{Imran Rahman-Jones (BBC News)}

#Windows #recall @evacide

This entry was edited (1 month ago)

Seirdy reshared this.

Unknown parent

Seirdy

Unknown parent • 1 month ago • •

@jalcine Ideally they’d wipe parts/all of the device after a delay, or just feign a innocent-looking device without your sensitive data, depending on your threat model.

@Jacky (is looking for work)

⇧