What's wrong with marking content NSFW? Its not censoring it, simply providing a warning to those who may be in a place where their screen is visible and that might not be appropriate.
Right, it's not quite the same because it's the submitter in reddit and the community on Twitter. I'm not trying to agree with the top parent comment about reddit.
Twitter doesn't fully block NSFW content, either. They each have a system requiring a click to unveil or profile setting.
The effect is to obscure the content, so that people just scrolling by won't see it. Someone has to notice it's hidden, trust that it something they do want to see and not a disturbing gore or porn pic, and then click to see it. That has the effect of reducing the reach of the media. It's similar to how people would make messages on the craigslist RnR forum disappear by abusing flagging.
On Reddit, people opposing your message can use voting rings and automation to abuse downvoting, which has the effect of hiding content.
They can complain that your image needs to be NSFW, and ask the moderators to change it. I believe moderators can set it for content, but if you are posting in their sub, you are at their mercy anyway.
People usually don't want to voluntarily censor things from themselves. They want to impose their personal moral or political ideology on everyone else.
Thanks for posting, turns out one of these was mine. I forgot that it existed. 1213 days of uptime, still running Debian Wheezy (don't worry, i'm bringing it up to date now)
Thanks for running a Tor relay, even better, Tor relays! Please consider to check the right sidebar for new versions on https://blog.torproject.org/, add Debian repos from Tor Project instead of using default repo, and read [tor-relays]* mailing list routinely. It's a fun read comparable to Hacker News, well, sometimes.
It is pretty easy to setup if you know the basic of administrating a GNU/Linux or BSD machine. It is better if you also know a bit about security on those system too (at least how to configure the firewall).
When it come to the legal part, it depends.
Being a exit-node can be very tricky. In some country, you will have to register has a telecommunication provider in order not to be considered liable for whatever comes out of your relay.
Being a guard-node (the "entry" node for tor client) is usually safe but can still create some trouble. For example, the virus WannaCry was using Tor to connect to its C&C servers.
Due to this, some Tor guard node got seized by the French police because they saw WannaCry connect to the IP of those guard node and I guessed, decided that it was necessary to seize them for their investigations ...
But you can configure your node to never be chosen has a guard node and to be just a relay and not a exit node. The node will be the middle man between a guard and a exit node and that should be completely safe, unless you live in a country where technology to circumvent censorship are prohibited.
A TOR relay is pretty safe. You're just a middle-man and have no clue about what's going on.
Your IP is still going into every single blacklist of corporate gateways though (because F5, etc. don't care): so don't host multiple services on that IP/server.
An exit node is the most dangerous position to be in, because that's were all the bad stuff can be seen.
The GP didn't necessarily say he was running an exit relay, only that he was running a relay of some kind. As far as I know it's a lot less perilous to run a middle relay.
That's odd because I've absolutely verified numerous Signal clients by entering a code, without granting access to my SMS (I use Google Voice so my SMS database is basically empty except for random spam from my shitty carrier)
It used to be that Signal required reading the code from SMS and didn't work with Google Voice. But they listened to complaints and changed it to allow entering the code.
I used to use something called UTM Mangler that would replace the referral links with shock sites. I felt that was much better than simply removing them.
I use Google Analytics for a side project site I run for the video game Destiny. I like to look at referral URLs so I can see if some publication has linked to me, if a video has been made about my site, or if there's a discussion on reddit going on that would be relevant.
I know it's popular to think about the only entities using analytics are big faceless organisations and sending them to graphic porn websites is cool, but please remember that a) they're still just humans and b) people run cute little side projects like mine and I don't want to see tubgirl or whatever when going through my referrals.
Block GA, strip referrals, whatever. I don't care. Just please don't abusepeople like this.
You're not concerned about my rights. Why should I be concerned about yours?
Seriously--if you're abusing my privacy by tracking me without my consent (without my ACTUAL consent), what makes you think you have any moral claim whatsoever over me?
Just because someone violates your rights in some way doesn't mean that you can now do literally anything in response.
I agree that web tracking is pernicious but responding proportionally is important. The person who ends up clicking on that link very well may have no decision making power in their organization. There's a good chance they're some random minimum wage contractor that found the job through a temp agency. Why is it okay for you to subject them to potentially traumatic content?
You really don't want to be sending offensive material out to people. you don't know who the recipient could be. The chances are it's just their job, and the decision to track you wasn't theirs.
The point is that "just doing your job" when your job is web advertising does not warrant a (psychologically) violent response while "just doing your job' when your job is the Holocaust does warrant a violent response.
(As I asked in the other peer comment, but am curious about your reaction as well) Would it change your mind if the OP were doing it as a form of guerrilla advertising for those sites?
Okay so sending graphic/abusive porn in place of referrer tags to every website you visit is just such a disgusting, fucked up thing to do. Like, if you do this you're objectively a bad person.
If you're doing "guerrilla advertising for those sites" - I just think you're a wanker. It's ineffective and silly.
The fact of the matter is these referral links are sent to you by the user agent. As the name implies, that program is entirely under the control of the user. Just because the browser makes HTTP requests automatically when loading pages doesn't mean someone can't craft a custom HTTP request with completely made up metadata and send it to your servers.
It's not really any different from random people sending you random links over a messaging service. Would you click on any "interesting" links sent to you by people you don't know, much less trust? It's the same thing. Offensive websites might have shock value but they're actually quite harmless after you close the tab. What if it's a malware site that exploits some 0day in your browser?
To add some contrast to this discussion, let me say that I think it looks quite neat :-) I see some folks here are quite shocked by it. Maybe using these shock site URLs (https://github.com/huntwelch/UTM-Mangler/blob/master/utm-man... ) is a bit over the top.
I was casually musing about such an idea myself a while back: https://twitter.com/harry_wood/status/735048026335682561 . This offers a way to more actively fight back against the over-use of messy UTM URLs. Perhaps a gentler thing to do would be to link to a place/places which re-educate web developers on how to design URLs. (It seems there's a few folk round here who need some re-education on this matter!)
I don't see how deliberately providing false data to organization is amusing here. If you don't want your web sessions tracked that's fine, but there are legitimate reasons for websites to want to understand user behavior. Some of it is for digital marketing purposes but also for usability, for example, how are folks getting to our documentation, is this prominent enough?
Seems a popular opinion that user tracking = bad but it's more nuanced than that.
Browser user-agents are already lies, they already "inject" misleading data as a normal part of your web communications. Frankly, I think the fact that going to example.com means my browser could start sending my personal data to google-analytics.com and several other sites behind-the-scenes is also a "misleading" yet normal standard of web usage.
My point here is that, where you see a dishonest human communication, could just as easily have been a different convention in the computer protocol. It's pretty fuzzy where bits of data you send down the wire suddenly have real human-semantic communication impact. The Law has to make those choices, but as hackers we know that it's fundamentally a bit arbitrary, and the Law will only choose to enshrine the conventions that we -- as technologists -- have already set in course anyway.
Maybe it feels dishonest to fudge tracking info -- but to me it feels more dishonest for that tracking mechanism to have become part of the convention of how the web works in the first place. The only question maybe is what point in time are we at: do our actions precede the enshrining of the standards, or are we still forging them. Am I "allowed" to save minimal amounts of bandwidth by dropping ugly parts of URLs, or is that violating a human contract we've chosen to interpret from those bits.
My voice is to the former. The web is unstable; we've let advertising companies run wild for far too long, with the real danger that it's let bad behaviour become the norm. When this goes from social-convention into law, it's too late. But the more normal it is for software to do things differently -- express digital freedom differently -- the more time we have to build a web-convention that gives more power to users.
If they choose to interpret URLs in magical funny ways, so be it, but it's their fault for trusting silly data that silly web browsers are free to do what they want with. Hack the planet.
Well, the trackers have shown none, for a long time. Now they're on the spotlight, it's all complains. Who has to shown restraint, the tracked, or the tracker?
Cool that no one responded and I just got downvoted. Let me just say I openly laugh at anyone that thinks I have some implicit responsiblity or obligation to not modify the URL of a website I'm visiting. Actual laughter that someone would get indignant about that.
edit: And somehow this is auto-downvoted within 30 seconds? This website is so fantastic!
I don't understand how any of those are remotely related to whois being removed. It's not like it represented anyone that could feasibly be sued before, just a whoisguard service, usually
WHOIS will not be permanently offline, it will be temporarily offline while the ICANN and others work out how to give access to people who have legitimate interest in the data, ie people looking for a legal contact, sysadmins looking to notify someone, registrars themselves, etc.
I don't think the US patent database will go offline, the EU one might hide personal information like name and address unless you request access under legitimate interest.
> how to give access to people who have legitimate interest in the data, ie people looking for a legal contact, sysadmins looking to notify someone, registrars themselves, etc.
That is, anyone but the public. Oh, EU, you've done it again.
Not a lawyer, but I don't think it will affect these kinds of sites. The personal information collected in patents is collected due to government regulation. This is one of the lawful bases for using the data. The data is public information (as a result of that regulation). Affected people will have to be notified when creating a patent that their information will be used in that way -- something I think patent offices already do.
There are lots things that fall under that category, but I haven't really looked into it deeply because in my work we don't have any data collected due to government regulations.
It'll be interesting to see how this works, given that the Signal Desktop client's main page (background.html) includes a CSP that restricts it from running inline or external scripts. It can only run JS that's already in the Signal Desktop package (in theory).
The fact that this isn't being described as an issue with CSPs or electron makes me wonder how it could possibly work.
You are correct, there's also a flaw on CSP not limiting all the ways you can download a resource. And at this time, it's still not fixed. We'll publish an advisory soon.
You've linked that thread a couple of times here, never really elaborating on the nature of your concerns, nor do you elaborate on the specific nature of your concerns in the ticket. Have you considered elaborating on the nature of your concerns? Is there a specific vulnerability in chromium you feel could be exploited here?
