Bobby Brown @bobbyd0g@hellsite.net

Chrome is designed to let google spy on you in order to serve behavioural ads. So it should be no wonder third parties are using it to inject malware into your devices. The only reason these are "exploits" is because someone other than Google, the world's largest advertising company, is using them.

https://www.darkreading.com/vulnerabilities-threats/chrome-flags-third-zero-day-this-month-tied-to-spying-exploits

This is incredibly cool. #Firefox adding on-device translation is a huge step forward for #privacy, and eliminates one of the last reasons I had to use a chromium-based browser.

https://liliputing.com/firefox-118-brings-browser-based-website-translation-no-cloud-servers-required-for-a-handful-of-supported-languages/

SCOOP: Footage from a food delivery robot in Los Angeles was given to the LAPD and used to secure a criminal conviction, according to internal emails I got using a public records request

https://www.404media.co/serve-food-delivery-robots-are-feeding-camera-footage-to-the-lapd-internal-emails-show/

This lightning-to-HDMI adapter designed to look like an Apple product is the worst gadget I have ever tested: It demands your location, browsing data, access to photos, and spams you with ads. Requires power and is detected as a "computer."

It's so bad that I am actually impressed a product like this actually exists. These things are actually out there in the wild. Lots of people say they inadvertently bought on Amazon

https://www.404media.co/i-tested-an-hdmi-adapter-that-demands-your-location-browsing-data-photos-and-spams-you-with-ads/

Ugh. Google has patched yet another 0day in yet another media-encoding library that's nearly ubiquitous. Libvpx is in a ton of Linux projects (citation: https://pastebin.com/TdkC4pDv). Wikipedia says it's used by YouTube, Netflix, Amazon, JW Player, Brightcove, and Telestream. It also appears to be used in iOS.

If anyone has reasons to think this vulnerability is limited to Chrome, please let me know. Preliminarily, though, I'm inclined to think this is yet another vuln under active exploit that's going to make a ton of software vulnerable to RCE exploits.

The 0day is tracked as CVE-2023-5217.

https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html

This is important. My mother is currently facing substantial issues regarding her arms, making it difficult for her to effectively operate her keyboard for work. Her computer is running on Fedora Kinoite, and she's in need of reliable voice dictation software to facilitate her job comfortably.

While I'm currently assisting her, it's not really a sustainable long-term solution. If anyone is aware of a high-quality speech-to-text software, preferably one that can function offline and is open-source, please do let me know. This is crucial because the content of her work is confidential, and we need a reliable and secure solution.

Boosts are welcomed.

#Accesibility #AskFedi

Has anyone started an "enshittification watch" website?

Like, just list every notable company or service with a slider bar showing where along that curve they currently fall, with links to notes, analysis, and receipts.

Who is resisting, who is at risk, who is sliding, and who is too far gone.

It's clear that it's gotten much riskier to rely on quite a large swath of the commercial tech landscape. If that's the game they're going to play, seems like we should at least be keeping track with intention so folks can make informed decisions.

[Announcing] fossilphant — a static-site generator to self-host your posts from Mastodon archives https://github.com/swaldman/fossilphant#readme

Check out examples, themes with paging https://www.mchange.com/projects/fossilphant/example/shatter/ or as one tall page https://www.mchange.com/projects/fossilphant/example/tower/

My current instance is sunsetting, and I want to make sure the banalities I posted here remain forever public.

If you are in similar straits, I'd love it if you gave this a try!

cc @isomorphismes @jpkoning @mattlehrer @paulgp

#scala

CISA, the FBI and NSA just jointly published a report on the threat from deepfakes. It's a fairly comprehensive look at deepfake threats to date, and includes some recommendations for how to spot and anticipate them.

https://media.defense.gov/2023/Sep/12/2003298925/-1/-1/0/CSI-DEEPFAKE-THREATS.PDF

@Lazarou @cstross

hardwired analogue telephones can be altered to allow electricity through to the microphone whilst on hook, sounds in the room are relayed back to the Telephone Exchange and monitored (whilst not altering the normal working of the telephone). It was a common tactic in East Germany (all the phones were wired this way) but did also get used against selected targets (usually political activists) in Western Europe (link below shows this on a UK phone)

https://www.flickr.com/photos/rtnvfrmedia/albums/72157644666105390