@sengi_app @liaizon yup, you're right, that's how the web works. that's not how desktop software works. downloading and running desktop software is not consent to download and execute arbitrary code i've never seen before.
@sengi_app @liaizon just because a desktop app is "not mandatory" doesn't make it okay to make it do things the user doesn't want. i downloaded this app and ran it, and it connected to your server to download stuff. why is that okay? i didn't want that code, i wanted the code i downloaded from github.
you need to learn about user consent.
auto updates without user consent are RCE! what part of this aren't you getting? if i compromise your webserver i can take over the client with malicious code.
that means that this "desktop" app is actually downloading javascript on each launch and running it locally, granting remote code execution on my computer. that's *way* worse - it means that a compromise of your webserver can read and upload/steal any file on my computer. this is a security nightmare.
bundle the code into the desktop application, and do not make any connections on launch other than to the configured homeserver. you're opening your users up to compromise
@liaizon simple analytics, without advance opt-in consent, transmit my data without my consent, and meets the definition of spyware. apps that transmit my activity *intentionally* without obtaining consent *are* malicious software, and the developer built this, which means they built it maliciously to steal my data.
SN9 test flight imminent, engines being chilled, launch in less than 30 mins:
Turns out this app is spyware, it phones home the instant you open it, without consent:
You can't use HomePods (even to just play music via Wi-Fi) without an iCloud account. You can't use iCloud without an Apple ID, and an Apple ID requires a phone number to create.
This means that you can't use HomePods, a wireless microphone you install in your house, without providing Apple and their government partners a strongly identity-linked unique identifier (a phone number).
Cool, huh?
@surfingalot alternate mastodon html client
the whole fucking society is wiretapped 24/7 and yet they still can't do basic policework.
https://www.christianpost.com/news/fbi-increases-reward-for-rnc-dnc-pipe-bomb-suspect-to-100k.html
@Cambria the screen is excellent, they did a reasonably decent job of ripping off the macbook air. the keyboard is crap though. it runs linux like a dream.
such a great read, posted by one of the new amazing users on my bbs which launched yesterday:
Extreme Privacy, 2nd edition:
https://mega.nz/file/dZMARD4I#1h6AZ_pDh3eTIgWiB8CF5zsLBruGyete4vEmLINsVEQ
@staticvoidmaine bulletin board system. a place to post/discuss things with weird strangers on the internet
Hacker, researcher, entrepreneur. Make sure we're connected at https://sneak.berlin/list
these toots are also available at https://s.sneak.berlin/@sneak.rss if you're into that.