> TCP stack can be fingerprinted How does that apply to Tor? It uses custom packets. The entry node may be able to obtain a TCP fingerprint but that's all.
It's not surprising that JS would out you, what I am wondering if whether or not volunteering OS information is foolish when it may not be possible to determine without JS. Why give up information when you don't have…
I believe they used to make the user-agent appear to belong to Windows but then they stopped doing it with the excuse that there are other ways to tell anyway. The OS doesn't really matter, the amount of entropy it…
Even Tor Browser (/mullvad-browser) gave up trying to obscure the operating system, though arguably they shouldn't have. There appear to be too many fingerprinting vectors.
And those types of schemes will never see the light of day, read what they are actually proposing to implement.
Those schemes will never see the light of day, attribution is by design. Without attribution you will just see those tokens sold by the penny.
With ZKP age verification, services will not be able to track you without help from the CA. The CA will not be able to track you without help from the services. Both will contain the necessary information in their…
Unfortunately ZKP's aren't magic. When not doing privacy oriented cryptocurrency (cough money laundering cough) with ZKP's, if you really want private verification you are in a position where a single actor can…
> Exposing the socket directly to the sandbox is dangerous, e.g. it would let the sandbox record the host's microphone directly. libpipewire-module-pipe-tunnel also:…
Properly configured (including strict seccomp) bwrap on its own will be sufficient 99% of the time. But ultimately you are at the mercy of the enormous kernel attack surface and the 0days that result from it. If you do…
There is something wrong with your setup. I just tried: bwrap ... --ro-bind /run/user/1000/pipewire-0 /run/user/1000/pipewire-0 ... -- runsc ... do ... -- mpv podcast.mp3 Flawless playback. I think it's a default…
That's good to hear! Hopefully the passt approach you are pursuing will include the ability to use an existing passt socket and not just launch one for you. Wayland is tricky because there are memory buffers being…
It just didn't seem fully baked yet, the 'do' subcommand works fine while the 'bwrap' alias has this problem: `bash: cannot set terminal process group (1): Not a tty`. When executing 'bash -li'. Also the EROFS feature…
The simplest worthwhile DIY sandbox you can have is to layer two tools: bwrap and gvisor. bwrap args -- gvisor args do args -- /path/sandboxee args bwrap will set up the environment and then gvisor elevates it into a…
Identity theft is a thing. And if you gate a desirable commodity behind an identity it will become even more of a thing. There are 100's of millions of identities to steal.
Alpine is a good system for the boot/main rootfs because it's rock solid and has the most recent kernel. When glibc is required or when you just want to access the repositories of other distros you can unshare and…
I believe it's a great deal worse than that. All the metacognitive insight we do have may just be confabulation and we are fooled into believing that we have it because the process for conjuring it is good at finding a…
The Opus model as usual impresses. Gave it a paper link with bullet point instructions and constraints (while baiting it to perform some mind reading of my intentions) and it implemented production ready code + the…
I'm sure the frontier labs figured out very clever ways to leverage user input and actions as data for training and signals for RL. DeepSeek wants in on the game.
> Almost all human traits are partly genetic and partly due to the environment and/or random. If you could change the world and reduce the amount of randomness, then of course heritability would go up. There has been a…
I was actually curious about this myself back when everyone was chiming in about how it was physically impossible. This is first and foremost an engineering problem as you need to design a system that will both tolerate…
Yes, with blind signatures you still have a central authority which voluntarily 'launders' tokens for you. When you present it your certificate and ask it to give you a blind signature it can reject the certificate.…
If A adopts a Blind Signature scheme it implies A is cooperating in establishing privacy infrastructure. If A is so malicious that it would advertise a sound privacy system and then it immediately sabotages it that's a…
Content Decryption Module (CDM) in your browser or Mobile SDK generates the license challenge <https://go.buydrm.com/thedrmblog/the-anatomy-of-a-multi-drm-...> The "license challenge" (it might be a mistake I think it's…
> you present the same unblinded signature to both services You would never do this as it defeats the entire purpose of using blind signatures to begin with.
> TCP stack can be fingerprinted How does that apply to Tor? It uses custom packets. The entry node may be able to obtain a TCP fingerprint but that's all.
It's not surprising that JS would out you, what I am wondering if whether or not volunteering OS information is foolish when it may not be possible to determine without JS. Why give up information when you don't have…
I believe they used to make the user-agent appear to belong to Windows but then they stopped doing it with the excuse that there are other ways to tell anyway. The OS doesn't really matter, the amount of entropy it…
Even Tor Browser (/mullvad-browser) gave up trying to obscure the operating system, though arguably they shouldn't have. There appear to be too many fingerprinting vectors.
And those types of schemes will never see the light of day, read what they are actually proposing to implement.
Those schemes will never see the light of day, attribution is by design. Without attribution you will just see those tokens sold by the penny.
With ZKP age verification, services will not be able to track you without help from the CA. The CA will not be able to track you without help from the services. Both will contain the necessary information in their…
Unfortunately ZKP's aren't magic. When not doing privacy oriented cryptocurrency (cough money laundering cough) with ZKP's, if you really want private verification you are in a position where a single actor can…
> Exposing the socket directly to the sandbox is dangerous, e.g. it would let the sandbox record the host's microphone directly. libpipewire-module-pipe-tunnel also:…
Properly configured (including strict seccomp) bwrap on its own will be sufficient 99% of the time. But ultimately you are at the mercy of the enormous kernel attack surface and the 0days that result from it. If you do…
There is something wrong with your setup. I just tried: bwrap ... --ro-bind /run/user/1000/pipewire-0 /run/user/1000/pipewire-0 ... -- runsc ... do ... -- mpv podcast.mp3 Flawless playback. I think it's a default…
That's good to hear! Hopefully the passt approach you are pursuing will include the ability to use an existing passt socket and not just launch one for you. Wayland is tricky because there are memory buffers being…
It just didn't seem fully baked yet, the 'do' subcommand works fine while the 'bwrap' alias has this problem: `bash: cannot set terminal process group (1): Not a tty`. When executing 'bash -li'. Also the EROFS feature…
The simplest worthwhile DIY sandbox you can have is to layer two tools: bwrap and gvisor. bwrap args -- gvisor args do args -- /path/sandboxee args bwrap will set up the environment and then gvisor elevates it into a…
Identity theft is a thing. And if you gate a desirable commodity behind an identity it will become even more of a thing. There are 100's of millions of identities to steal.
Alpine is a good system for the boot/main rootfs because it's rock solid and has the most recent kernel. When glibc is required or when you just want to access the repositories of other distros you can unshare and…
I believe it's a great deal worse than that. All the metacognitive insight we do have may just be confabulation and we are fooled into believing that we have it because the process for conjuring it is good at finding a…
The Opus model as usual impresses. Gave it a paper link with bullet point instructions and constraints (while baiting it to perform some mind reading of my intentions) and it implemented production ready code + the…
I'm sure the frontier labs figured out very clever ways to leverage user input and actions as data for training and signals for RL. DeepSeek wants in on the game.
> Almost all human traits are partly genetic and partly due to the environment and/or random. If you could change the world and reduce the amount of randomness, then of course heritability would go up. There has been a…
I was actually curious about this myself back when everyone was chiming in about how it was physically impossible. This is first and foremost an engineering problem as you need to design a system that will both tolerate…
Yes, with blind signatures you still have a central authority which voluntarily 'launders' tokens for you. When you present it your certificate and ask it to give you a blind signature it can reject the certificate.…
If A adopts a Blind Signature scheme it implies A is cooperating in establishing privacy infrastructure. If A is so malicious that it would advertise a sound privacy system and then it immediately sabotages it that's a…
Content Decryption Module (CDM) in your browser or Mobile SDK generates the license challenge <https://go.buydrm.com/thedrmblog/the-anatomy-of-a-multi-drm-...> The "license challenge" (it might be a mistake I think it's…
> you present the same unblinded signature to both services You would never do this as it defeats the entire purpose of using blind signatures to begin with.