Not long ago, I covered the Merkur hack from Lilith Wittmann – a glaring example of careless handling of sensitive data. And today, here we are again! Another service, another broken-by-design system. This time: the hotel chain Numa, exposing tens of thousands of identity documents to anyone with a URL and a browser.
I just came across this report by this post on Mastodon from the CCC. Their (german) post describes what happened. I’ll briefly try to outline it:
(more…)
If you are not following Elena Rossini, you might have missed her really great video about the Fediverse. I find it a very nice and clean way – not focusing on technology but on us, the users. She doesn’t lecture or explain too much – she just shares what she’s found: a space that feels more human. No ads, no algorithmic pressure, just room to breathe and exchange. No ads, no algorithmic pressure, just us.
This video is a colorful introduction to the Fediverse, guided by filmmaker & Fediverse advocate Elena Rossini. Watch now to discover a whole new world of social media, one where privacy is respected, users are empowered, and Big Tech has no say.
Elena Rossini at: Introducing the Fediverse: a New Era of Social Media
Go check it out at Introducing the Fediverse: a New Era of Social Media!
And of course, follow @_elena@mastodon.social on Mastodon as well :)
I didn’t even plan to blog something today, but a couple of things came together around PeerTube that convinced me to drop a post today. But, maybe before we start … PeerWHAT? you might ask.
TL;DR: An open source / self hosted YouTube
PeerTube is a video platform that works a bit differently from sites like YouTube. Instead of one company running it, PeerTube is made up of many small, connected servers – so there’s no central control. You can watch, upload, and share videos just like you’re used to, but without ads or tracking. PeerTube also connects with other platforms like Mastodon, so videos can reach more people across the Fediverse. It’s a privacy-friendly option for discovering and sharing content on your terms.
A more technical description can be found on Wikipedia: PeerTube – Wikipedia
Recently I switched my DNS Resolver to one of the European public DNS resolvers | European Alternatives mainly for privacy reasons after reading Cloudflare’s blog post about analytics in their free-tiers.
But I missed the malware protection. But today I just got aware of DNS4EU For Public!
DNS4EU is an initiative by the European Commission that aims to offer an alternative to the public DNS resolvers currently dominating the market.
https://www.joindns4.eu/about
It offers 5 different flavours:
And also with some step-by-step guidelines for configuring DNS settings on a variety of platforms.
Update 23.06: The article Datenschutz: Wie viel EU steckt in DNS4EU? analyzes the technical setup. which unfortunately shows quite some US-corps involved. On the other hand, DNS4YOU does not aim to analyze the traffic.
We’ve heard it all a couple of times: “GenAI is replacing Software Developers”, Vibe Coding, … A C-Levels dream to (finally) get rid of expensive software developers by using AI.
(more…)Big Tech dominates online video. Algorithms, Ads, and tracking define what we see and who gets heard. PeerTube offers a real alternative – decentralized, open-source, and powered by its users, not corporations.
Now, PeerTube is taking a critical next step: building its first official mobile app. Framasoft, the nonprofit behind the project, has launched a crowdfunding campaign to make it happen.
(more…)
If you’ve followed me, you might have noticed that I had pulled back my activities on LinkedIn gradually: I posted less, stopped interacting and deleted my content.
But I kept returning – only to feel the same mix of disappointment and annoyance every time. Eventually, I asked myself: Why did I keep coming back – even though it never felt useful?
(more…)
Recently I thought “If AI scrapers are scraping my website, would a prompt injection work? Just adding invisible Prompt commands …?”
And just today, a colleague sent me this link to an article about prompt injection in GitLab Duo: Remote Prompt Injection in GitLab Duo Leads to Source Code Theft:
TL;DR: A hidden comment was enough to make GitLab Duo leak private source code and inject untrusted HTML into its responses.
https://www.legitsecurity.com/blog/remote-prompt-injection-in-gitlab-duo
Well – it shows: damit! Someone else was faster! :-D
But besides that: it confirms a paranoid thought that I have been harboring for quite a while. Any output of an AI system must not be trusted blindly.
(more…)It’s one thing to know that each password can be stolen by kidnapping a person knowing the passwords and then “convincing” them to reveal it. But really reading that it (very likely) happened … feels strange.
I just read an heise article (Um Bitcoin zu stehlen: US-Kryptoinvestor hat wohl wochenlang Touristen gefoltert), citing an NBC-article (Crypto trader tortured Italian man in NYC home in bid to steal his bitcoin).
Oh well, that’s one of the services that traditional banks do. Making suchthings harder. Maybe not fully impossible, but harder than “enter password”.
If you care about open source, open data, or open standards, you should read “What we in the open world are messing up in trying to compete with big tech“.
I found it a good critique on Open Source and why “technology” and an OpenSource Licence may not be enough to compete with BigTech players. The author doesn’t argue against OpenSource but he points some quite valid points.
You might say “look at your own GitHub repo first” but wait: The difference in my view is: Do you open-source something just to make it available for others as well or do you make an OpenSource project to compete with a commercial product / to position yourself as a valid alternative …
Anyways, give it a read – and maybe follow his Blog as well!