I think this is zerobytes.monster, one of the reddit mirror instances.

the post count fits and it also matches with the user count not significantly dropping.

that instance has been using rather strict waf blocking rules from time to time that likely also affect the crawler for fediverse.observer.

not a very informed comment.

torrents have checksums, you can’t just send someone incorrect parts, they’ll get rejected.

the token is completely tied to your account.

you can access part of your account info/settings with that as well, a while back they added an extra password prompt to some of that.

truly anonymous searches are simply impossible unfortunately. while they claim they’re not logging any searches it’s impossible to verify.

indeed

there is https://opennic.org/ but I don’t know how they deal with stuff

what about young people over 30 though?

just this week I’ve had multiple random matrix accounts start a chat with me to post an Imgur link with some Hitler bs. I assume they just chose random members of one or more fediverse related public matrix rooms to send that to. they probably just do this with random public rooms and the fediverse relation didn’t matter.

that’s odd, my (indirect, reported by others) experience with GlobalProtect on Linux was mostly fine, although when using SAML it only really works with the GUI version and not the CLI version

it doesn’t seem to be server specific because once prompted there is no way to use the account again, even if you decided to just not use a server that may have these settings set.

no, you’re also effectively locked out of any participation unless you provide an email address and phone number, which they won’t even tell you about in advance but use dark patterns and gaslighting that they noticed “suspicious activity” to step by step first ask you for an email and then once that is validated they prompt you for a phone number. the only thing they don’t do yet is ask for ID.

I like having TLS in my browser

if you’re not community banned you might still be instance banned on the community instance, which wouldn’t show up in your local instances modlog if the ban happened on a <0.19.4 instance. if the methods pointed out by other comments here fail I suggest you visit the instance of the community and check the site modlog there, searching for your user.

i suspect you’re referring to your post to a lemmy.ml community and you have indeed been instance banned there for a limited amount of time.

I can sell you a copy of lemmys source code, are you interested?

you can enable end to end encryption, it’s optional. I don’t think it’s enabled by default.

until 0.19.4 is released, clients are supposed to suppress comment contents when the comment is either marked as removed (moderator) or deleted (creator).

they might decide to show contents to site admins or community moderators anyway, but some clients did not implement this properly and show the original content to all users.

this is of course not something that should have been available to everyone in the first place, which is why this is being fixed in 0.19.4.

depending on the client, you should still see some kind of indicator above the comment text that shows it was removed or deleted, in this case removed.

won’t be the case for much longer, the next lemmy release is removing that.

i suggest you remove this quote and summarize it with fewer details if you need to have it there in the first place. you’re effectively advertising for them now and undoing the moderator action of removing this advertisement.

The 90 days disclosure you’re referencing, which I believe is primarily popularized by Google’s Project Zero process, is the time from when someone discovers and reports a vulnerability to the time it will be published by the reporter if there is no disclosure by the vendor by then.

The disclosure by the vendor to their users (people running Lemmy instances in this case) is a completely separate topic, and, depending on the context, tends to happen quite differently from vendor to vendor.

As an example, GitLab publishes security advisories the day the fixed version is released, e.g. https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/.
Some vendors will choose to release a new version, wait a few weeks or so, then publish a security advisory about issues addressed in the previous release. One company I’ve frequently seen this with is Atlassian. This is also what happened with Lemmy in this case.

As Lemmy is an open source project, anyone could go and review all commits for potential security impact and to determine whether something may be exploitable. This would similarly apply to any other open source project, regardless of whether the commit is pushed some time between releases or just before a release. If someone is determined enough and spends time on this they’ll be able to find vulnerabilities in various projects before an advisory is published.

The “responsible” alternative for this would have been to publish an advisory at the time it was previously privately disclosed to admins of larger instances, which was right around the christmas holidays, when many people would already be preoccupied with other things in their life.

nearly all talks are either in English or have English translations. not sure if they’re available on YouTube but you should be able to find everything on https://media.ccc.de

true, my comment was primarily from the perspective of the recipient of tracking links

I haven’t checked how reddit does this but just from the example it seems like there is no anti tracking from the use of urlcheck that you’re describing.

reddit appears to generate tracking link with a specific numeric identifier in their database, so instead of attaching a bunch of removable url parameters they instead do a lookup in their database and then redirect to the original destination.

this also means your app checking the redirect will need to fetch the url to determine the destination, which means their tracking still works just fine.

edit: a word