pantherina

A Signal group to discuss sports, meditation, food, sleep, and all sorts of other healthy things.

We focus on being environmentally acceptable, i.e. no keto carnivore nonsense ;)

To join, please make a nice profile pic and name, doesn't need to be something personal.

Whatsapp is privacy invasive, and we likely know that even when using E2EE, this is possible due to metadata tracking.

An easy way to avoid one creepy thing, contact scanning and the creation of "who knows whom" social nets, is to not grant apps permission to your contacts!

But this is not easy, as apps often enforce this, just as they do with

• embedded cameras instead of using the system camera
• embedded galleries instead of the 2 available portals (but Google will soon forbid that)
• asking for unneeded permissions

Only GrapheneOS also allows blocking these permissions

• sensors
• internet
• loading code from memory i.e. from the internet (why would they do that? Is there something they want to hide?)
• debugging their own code to spy on the system behavior

But this app can help everyone on any Android to at least fix this :)

Whatsapp is privacy invasive, and we likely know that even when using E2EE, this is possible due to metadata tracking.

An easy way to avoid one creepy thing, contact scanning and the creation of "who knows whom" social nets, is to not grant apps permission to your contacts!

But this is not easy, as apps often enforce this, just as they do with

• embedded cameras instead of using the system camera
• embedded galleries instead of the 2 available portals (but Google will soon forbid that)
• asking for unneeded permissions

Only GrapheneOS also allows blocking these permissions

• sensors
• internet
• loading code from memory i.e. from the internet (why would they do that? Is there something they want to hide?)
• debugging their own code to spy on the system behavior

But this app can help everyone on any Android to at least fix this :)

Whatsapp is privacy invasive, and we likely know that even when using E2EE, this is possible due to metadata tracking.

An easy way to avoid one creepy thing, contact scanning and the creation of "who knows whom" social nets, is to not grant apps permission to your contacts!

But this is not easy, as apps often enforce this, just as they do with

• embedded cameras instead of using the system camera
• embedded galleries instead of the 2 available portals (but Google will soon forbid that)
• asking for unneeded permissions

Only GrapheneOS also allows blocking these permissions

• sensors
• internet
• loading code from memory i.e. from the internet (why would they do that? Is there something they want to hide?)
• debugging their own code to spy on the system behavior

But this app can help everyone on any Android to at least fix this :)

Conny ist ein Inkasso-Service, der einem hilft die Mietpreisbremse einzuklagen.

Man geht einen Vertrag ein, und sobald man Geld spart, zahlt man ihnen die Kosten. Das ist super viel, die Ersparnisse von 6 Monaten + 2/3 der rückgezahlten Miete.

Theoretisch klingt das super nice, weil man nichts zahlt falls man verliert.

Sie berichten von 10.000 erfolgreichen Verfahren. Ich bin aber sehr skeptisch.

Vor allem, warum sollte man nicht einfach normal fristgerecht gekündigt werden? Es findet sich doch eh jemand dummes, der nach einem einzieht?

Hat hier wer Erfahrung damit gemacht, oder kennt wen?

Was ich so gefunden habe

Rechtsstreit gegen Conny, Verstoß gegen EU Recht?

Ausführlicher englischer Blog, evtl nicht neutral

Test.de Artikel von letztem Jahr

Reddit Thread

Hier gibts Infos zur Mietpreisbremse

Absolut krass. Wir sind Erstmieter nach einer merkwürdigen Modernisierung. Neben sinnvoller energetischer Sarnierung soll der Altbau in einem Randbezirk zu einem modernen Dingsbums werden.

Ich könnte mir denken, dass sie uns absichtlich genommen haben weil wir schön brav aussehen. Denn...

So darf der Vermieter auch die bisherige Miete aus dem Mietverhältnis mit dem Vormieter weiter fordern, wenn diese schon über der Grenze „Vergleichsmiete plus 10 Prozent lag“. Eine Anhebung darüber hinaus ist bei Vertragsabschluss jedoch nicht zulässig.

Wtf??? Es ist also fast unsere Pflicht, dagegen vorzugehen. 25€ pro m², das ist halt Wucher.

Von der Mietpreisbremse ausgenommen sind Neubauwohnungen, die nach dem 1. Oktober 2014 erstmals genutzt und vermietet werden. Auch gilt die Mietpreisbremse nicht für Wohnungen, die erstmals nach einer umfassenden Modernisierung vermietet werden. Gemeint sind hier Fälle, in denen Modernisierungsinvestitionen mehr als ein Drittel des notwendigen Aufwandes für eine vergleichbare Neubauwohnung betragen.

Das klingt jedoch danach, als würden unsere Modernisierungsmaßnahmen bedeuten, dass wir unsere Wohnung nicht unter den Mietspiegel fällt...

I love those guys, their way too long podcast-type videos are always fun to watch

(His videos are often very lengthy and beating around the bush, so here is a short summary)

1. Learn basics of IT, Hardware, Software, OS, Networking

Like CompTIA A+, Networking+, Security+ Certificates (they have educational material, no need to do the test)

2. Learn how big security is, security domains

How they work together

3. Try Overcome Imposter Syndrome

Focus on what you want to do and what you can

4. Hobby vs. Career

Separate identities to prevent burnout. You shouldnt work your hobby all the time, I guess

5. Work with tools to increase productivity (and use ads lol)

6. Join the InfoSec community

Learn from another, projects, conferences

7. Take one step at a time

I know of CryFS and encFS which both failed an Audit.

I know LUKS and veracrypt which work but are both tedious and not useful for my use case.

I want to encrypt folders on Linux and then sync them with a cloud or just store them locally.

There is goCryptFS which is in Go, i.e. memorysafe which is good. It also failed the audit when it comes to cloud sync.

The issue: if an attacker has access to the encrypted files over time, if you always upload changes, they can crack you.

This would not be relevant for local file stores, but for synced ones it is.

There I used Cryptomator, which has many downsides though

• the app is GUI only, the CLI variant is last released 2021, which I dont consider maintained when it comes to security? Or is it?
• the GUI App is in electron, no Wayland support
• the app devs dont care about flatpak rules and store secrets outside the app container, meaning the app is unconfined by default, you need to manually add an override and it is still pretty insecure in the case that all untrusted apps are flatpaks

KDE KVaults only supports insecure algorithms, goCryptFS would be the most secure for local only stuff, but that was abandoned as a Fedora package and is only available from COPR, currently. (I should learn RPM packaging once again).

Cryptomator seems to be the only one 1. Suitable for cloud sync (not encrypting everything always again) 2. That passed an audit.

The CLI may be fine if it just interacts with the GUI app? I wonder how that would work with the Flatpak.

Do you know any alternatives?

What hacks they needed, where they get MacOS binaries, how the boot works etc.

Very interesting talk.

Btw they have a regular Function touchbar ;)

Wer hier kommentiert mit einer guten Begründung kann Moderator werden :)