An HTML-only email from a gov agency has a logo referencing an URL that looks like this:

https://1wy1y.mjt.lu/tplimg/1wy1y/f/l9hl7/g3q3v.png

It’s not exactly that (apart from the domain) but of course it’s rather unique looking. They send email routinely. The initial emails had an obviously non-suspicious basic logo, like “(their office domain)/files/logo.png”. But then later they switched and every message from them is the URL in the mjt.lu domain. It’s not unique per message but it could be unique to the user, perhaps to keep tabs on when each person reads their messages.

The output of torsocks curl -LI looks like this:

HTTP/2 200
date: (exactly now)
content-type: image/png
accept-ranges: bytes

That’s it. It’s the shortest HTTP header I’ve seen. There’s no content-length. I find that suspicious because if this is a service that facilitates tracker pixels, then they would want to withhold the length in order to dodge detection. Although from its usage in my case it wouldn’t just be a pixel -- it’s a logo.

The date is also suspect. Shouldn’t the date be the date of the object, not the current time this second?

Are there any other checks to investigate this?

The technical mechanism:

https://play.google.com/store/apps/details?id=com.google.android.apps.devicelock

update

To be clear, I am not the OP who experienced this problem. I just linked them from here.

There used to be no problem archiving a Mastodon thread in the #internetArchive #waybackMachine. Now on recent threads it just shows a blank page:

https://web.archive.org/web/20240318210031/https://mastodon.social/@lrvick/112079059323905912

Or is it my browser? Does that page have content for others?

I received several machine-generate e-mails which are all mostly the same: a notification. They are HTML emails with no plaintext MIME part. Yikes! And to complicate matters further, the messages traversed my anonaddy forwarding account which PGP encrypts every message to me before forwarding it to my normal email account.

The gov wants me to give them an “unaltered copy” of these e-mails. This gov office actually blocks my mail server so I am generally unwilling to send them email. This means I will be giving them the emails on paper hardcopy.

So wtf, this is tricky. They want an “unaltered copy”. If I were to print the MBOX files, it would be useless to them because it’s a base64 blob that only I can decrypt. My mail client is mutt so the HTML is detected and piped through w3m to give me a text version that is readable enough.

But in general, how do you give unaltered copies of an HTML email on paper form? This is not necessarily for a court but it could go down that path. Would a court want to see raw HTML tags? Or do courts prefer the HTML to be rendered for readability?

Normally I copy the w3m-rendered text of email into LaTeX and typeset it to look pretty and copy-paste the useful headers into a well-styled header in a monospaced font. And I omit the useless headers. But I get the impression my way of working would not pass for “unaltered”.

I could perhaps try to feed the HTML into wkhtmltopdf. In the end, HTML rendering always varies depending on the rendering tool. Normies use MS Outlook, and I have to figure that the gov is normally dealing with normies. So maybe I should install Evolution or Thunderbird. Any suggestions for a tool that is particularly good at making HTML email presentable on paper without looking too custom?

#askFedi

Just like catcatnya, infosec.exchange just gives a black page. Up, but broken, at least in my browser.

(update) browser issue. Downvoted myself on this to lessen the visibility although some may still find that interesting so I’ll let the thread live.

cross-posted from: https://infosec.pub/post/9936059

I would like to collect the scenarios in which people are forced to enter Google’s #walledGarden (that is, to establish and/or maintain an account).

If someone needs a Google service to access something essential like healthcare or education, that’s what I want to hear about. To inspire a list of things that are “essential” I had a look at human rights law to derive this list:

• right to life
• healthcare
• freedom of expression
• freedom of assembly and of association
• right to education
• right to engage in work and access to placement services
• fair and just working conditions
• social security and social assistance
• consumer protection
• right to vote
• right to petition
• right of access to (government) documents
• right to a nationality (passport acquisition)
• right of equal access to public service in his country

Below is what I have encountered personally, which serves as an example of the kind of experiences I want to hear about:

• Google’s Playstore is a gate-keeper to most Android apps in the world and this includes relatively essential apps, such as:
  • emergency apps (e.g. that dial 112 in Europe or 911 in the US)
  • banking apps
  • apps for public services (e.g. public parking)
  • others?
• (education) Google docs is used by students in public schools, by force to some extent. Thus gdocs sometimes cannot be escaped in pursuit of education. When groups of students collaborate, sometimes the study groups impose use of gdocs. Some secondary school teachers impose the use of Google accounts for classroom projects.
• (education) A public university’s wi-fi network involved a captive portal and the only way to gain access was to supply credentials for a Google or Facebook account.

I’ve noticed that when creating an account for a public service I often have the option to supply credentials for Google or Facebook to bypass the verification process. In all cases of this kind of registration shortcut being used for public service, there was an alternative Google-free way to open the account. But in the private sector, I’ve seen this style of registration that absolutely required a proxy login via some shitty walled garden (like the university wi-fi). So I wonder if there are any situations where a government (anywhere in the world) requires a Google account in order to get service.

cross-posted from: https://infosec.pub/post/9936059

I would like to collect the scenarios in which people are forced to enter Google’s #walledGarden (that is, to establish and/or maintain an account).

If someone needs a Google service to access something essential like healthcare or education, that’s what I want to hear about. To inspire a list of things that are “essential” I had a look at human rights law to derive this list:

• right to life
• healthcare
• freedom of expression
• freedom of assembly and of association
• right to education
• right to engage in work and access to placement services
• fair and just working conditions
• social security and social assistance
• consumer protection
• right to vote
• right to petition
• right of access to (government) documents
• right to a nationality (passport acquisition)
• right of equal access to public service in his country

Below is what I have encountered personally, which serves as an example of the kind of experiences I want to hear about:

• Google’s Playstore is a gate-keeper to most Android apps in the world and this includes relatively essential apps, such as:
  • emergency apps (e.g. that dial 112 in Europe or 911 in the US)
  • banking apps
  • apps for public services (e.g. public parking)
  • others?
• (education) Google docs is used by students in public schools, by force to some extent. Thus gdocs sometimes cannot be escaped in pursuit of education. When groups of students collaborate, sometimes the study groups impose use of gdocs. Some secondary school teachers impose the use of Google accounts for classroom projects.
• (education) A public university’s wi-fi network involved a captive portal and the only way to gain access was to supply credentials for a Google or Facebook account.

I’ve noticed that when creating an account for a public service I often have the option to supply credentials for Google or Facebook to bypass the verification process. In all cases of this kind of registration shortcut being used for public service, there was an alternative Google-free way to open the account. But in the private sector, I’ve seen this style of registration that absolutely required a proxy login via some shitty walled garden (like the university wi-fi). So I wonder if there are any situations where a government (anywhere in the world) requires a Google account in order to get service.

cross-posted from: https://infosec.pub/post/9930406

I have never used Facebook. I’m trying to understand the ways in which people are getting trapped in there. Obviously there is an addiction factor, but I’m more interested in how someone who is (hypothetically) immune to addiction might still be forced into #Facebook.

If someone needs Facebook to access something essential like healthcare, that’s what I want to hear about. To inspire a list of things that are “essential” I had a look at human rights law to derive this list:

• right to life
• healthcare
• freedom of expression
• freedom of assembly and of association
• right to education
• right to engage in work and access to placement services
• fair and just working conditions
• social security and social assistance
• consumer protection
• right to vote
• right to petition
• right of access to (government) documents
• right to a nationality (passport acquisition)
• right of equal access to public service in his country

I don’t imagine that Facebook has an essential role in supporting people’s human rights. I assume most gov offices have a Facebook presence, but there is always a way to access the same services outside of FB, correct?

I can think of a couple situations where FB access is important to reaching something essential. E.g.

• A police department recovered stolen bicycles and announced that theft victims could visit the FB page of the police dept. to see if their bicycle appears in the photos. Non-FB users were blocked from the page and there was no other means to reach the photos. Effectively, non-FB users were denied equal access to public services.

• A Danish university has a Facebook page as well as just about every single student. Facebook was used exclusively to announce campus social events and even some optional classes. Students without FB were excluded. In a sense, they were being excluded from some aspects to public education, although strictly speaking the FB exclusive events were not required to obtain a degree.

• Regarding freedom of assembly, there is an activist group in my local area fighting for the right to be offline. I wanted to join the group, but their sole presence is on Facebook, ironically. So my freedom of assembly in this case is conditioned on being trapped in Facebook.

In any case, I would like to hear more examples of what essential information or services is compromised by leaving or neglecting to join Facebook.

#askFedi #Meta #walledGarden

cross-posted from: https://infosec.pub/post/9930406

I have never used Facebook. I’m trying to understand the ways in which people are getting trapped in there. Obviously there is an addiction factor, but I’m more interested in how someone who is (hypothetically) immune to addiction might still be forced into #Facebook.

If someone needs Facebook to access something essential like healthcare, that’s what I want to hear about. To inspire a list of things that are “essential” I had a look at human rights law to derive this list:

• right to life
• healthcare
• freedom of expression
• freedom of assembly and of association
• right to education
• right to engage in work and access to placement services
• fair and just working conditions
• social security and social assistance
• consumer protection
• right to vote
• right to petition
• right of access to (government) documents
• right to a nationality (passport acquisition)
• right of equal access to public service in his country

I don’t imagine that Facebook has an essential role in supporting people’s human rights. I assume most gov offices have a Facebook presence, but there is always a way to access the same services outside of FB, correct?

I can think of a couple situations where FB access is important to reaching something essential. E.g.

• A police department recovered stolen bicycles and announced that theft victims could visit the FB page of the police dept. to see if their bicycle appears in the photos. Non-FB users were blocked from the page and there was no other means to reach the photos. Effectively, non-FB users were denied equal access to public services.

• A Danish university has a Facebook page as well as just about every single student. Facebook was used exclusively to announce campus social events and even some optional classes. Students without FB were excluded. In a sense, they were being excluded from some aspects to public education, although strictly speaking the FB exclusive events were not required to obtain a degree.

• Regarding freedom of assembly, there is an activist group in my local area fighting for the right to be offline. I wanted to join the group, but their sole presence is on Facebook, ironically. So my freedom of assembly in this case is conditioned on being trapped in Facebook.

In any case, I would like to hear more examples of what essential information or services is compromised by leaving or neglecting to join Facebook.

cross-posted from: https://infosec.pub/post/8864206

I bought a Silicondust HD Homerun back before they put their website on Cloudflare. I love the design of having a tuner with a cat5 port, so the tuner can work with laptops and is not dependent on being installed into a PC.

But now that Silicondust is part of Cloudflare, I will no longer buy their products. I do not patronize Cloudflare patrons.

I would love to have a satellite tuner in a separate external box that:

• tunes into free-to-air content
• has a cat5 connection
• is MythTV compatible

Any hardware suggestions other than #Silicondust?

cross-posted from: https://infosec.pub/post/8864206

I bought a Silicondust HD Homerun back before they put their website on Cloudflare. I love the design of having a tuner with a cat5 port, so the tuner can work with laptops and is not dependent on being installed into a PC.

But now that Silicondust is part of Cloudflare, I will no longer buy their products. I do not patronize Cloudflare patrons.

I would love to have a satellite tuner in a separate external box that:

• tunes into free-to-air content
• has a cat5 connection
• is MythTV compatible

Any hardware suggestions other than #Silicondust?