It’s almost like this behavior comes from the training data.

… mostly the other way around?

Theoretically it is possible that a compromised machine could compromise a USB stick. If you are at the point where you are having to worry about government or corporate entities setting traps at the local library? You… kind of already lost.

Which is the thing to understand. Most of what you see on the internet is, to borrow from a phrase, Privacy Theatre. It is so that people can larp and pretend they are Steve Rogers fighting a global conspiracy while necking with a hot co-worker at an Apple store. The reality is that if you are actually in a position where this level of privacy and security matters then you need to actually change your behaviors. Which often involves keeping VERY strong disconnects between any “personal” device and any “private” device.

There have been a lot of terrible (but wonderfully written) articles about journalists needing to do this because a government or megacorporation was after them. Stuff like having a secret laptop that they never even take out of a farraday cage unless they are closer than not to an hour away from wherever they are staying that night.

I think any “privacy oriented OS” is inherently a questionable (kneejerk: Stupid and reeks of stale honey) strategy in the first place.

A very good friend of mine is a journalist. The kind of journalist where… she actually deals with the shit the average person online larps and then some. And what I and her colleagues have suggested is the following:

Two flash drives

• One that is a livecd for basically any linux distro. If you are able to reboot the machine you are using and boot to this, do it. That helps with software keyloggers but obviously not hardware
• One that is just a folder full of portable installs of the common “privacy oriented” software (like the tor browser) supporting a few different OS types.

Given the option? Boot the public computer to the live image. Regardless, use the latter to access whatever chat or email accounts (that NEVER are logged into on any machine you “own” or near your home) you need.

It isn’t about being reasonable.

If you are expected to track your time to this degree (and, to make it clear, the majority of employers actively don’t want you to), there is a reason. That reason usually being different funding sources. Generally a mix of grants and clients.

And if a client or grant source finds out you are lying about those? Maybe you only had enough work to do 34 hours instead of 40 hours in one week. Would you be cool paying extra because the guy repairing your muffler had a slow week?

And if people think being proud of a tool that openly talks about what everyone else silently does isn’t a red flag for employers? Hey, its a great job market so I am sure none of that will matter.

Tracking time is fine.

Normalizing your time to the hours you were supposed to work is a massive no no. Especially if you are expected to break down your hours per project.

I mean, you obviously do it. But you never put it in writing.

Pretending the most important use of bit torrent is Linux ISO’s is the kind of cya that people giggle at.

If a candidate I am interviewing has a tool to change their reported hours to me or clients on their public GitHub? That person is radioactive no matter how many times they say “but don’t do anything naughty wink wink”

So … it is a tool to automate time fraud?

Make sure to put this front and center on your CV

Not sure if google is particularly different but the way this works for the other services is basically low energy bluetooth scanning coupled with the phones providing their location*. So basically all the devices on that scanning/spy network periodically ping/listen for nearby devices/trackers. When it finds one, it sends a quick message to the servers with that phone’s location and the ID of the tracker. Get enough of those pings and you can triangulate the position of the tracker pretty precisely.

Which… is why this fundamentally does not work with “hacker” solutions that allegedly emphasize privacy. Because you just don’t have enough devices listening. This was painfully obvious with tile back in the day and is still an issue with Samsung in some countries.

*: Via a combination of gps, cell tower, and wifi network scanning. The less obvious part of that being wifi networks which is the majority of how interior positioning works.

I mean… bluetooth is literally broadcasting your position (sort of/it depends on the implementation). It is not at all a stretch that you should turn that off if you care about privacy. Same with not scanning for what wifi networks are available or even pinging GPS satellites (because that leaves a log). Hell… cell tower logs are a treat for cops/TLAs for a reason.

Aside from that? Good for you. If you actually follow through on that I can respect it. My point is more that this particular solution seems like the worst of all worlds.

Either you are demolishing your battery with regular phone homes to a server you hopefully control or you are relying on a push via SMS and the hope that you lose your phone somewhere you havea reception. And you still only have YOUR phone and YOUR network to track it which has significant drawbacks if you travel.

If people truly change their lives and focus on it, you can do a lot. But it does not take much, at all, to become compromised to one degree or another and people vastly underestimate the amount of redundancy. Or even the impact of a sibling or partner or even friend.

Instead, the common case is people will tweak one small aspect and think that does anything other than inconvenience them. Or, worse, they’ll watch a youtube and decide to put EVERYTHING through their vpn which… defeats the purpose because they are still one easily collated set of profiles/cookies that can trivially reveal that “Fred Smith in Afghanistan” is really “Fred Smith in North Carolina”

Which is why my approach is that there is data I very much want to protect and data I know I can’t. So I focus on understanding the former while doing what I can with the latter.

And something like this? There are probably specific niche use cases for this. But it is a product/service that fundamentally requires aggregated data. And, depending on the implementation, it is going to fuck with your battery hard.

I guess. But it is really going to depend on where you live and just how frequently it does dial home.

My personal use for these networks is luggage tags. But a friend lost her phone on a hike a few years back and the find my phone stuff was more or less useless due to poor reception and ever dwindling battery.

The real benefit is the low energy bluetooth magic and OTHER devices to do the phoning home. Because maybe I have shit reception but someone hiking a hundred feet away has good reception and updates the ping.

Took a bit to figure out what it was even claiming to do

When enabled your phone constantly sends e2e encrypted your location to the server where you can than access it from a webbrowser.

God no. Just take a hatchet to my battery and be done with it.

Also: Until a month or two ago, sure. But google finally got their shit together-ish and set up a tracking network the same as apple and samsung. And that is what you are sacrificing your privacy for. Yes, you give Big Tech tracking information… that they already have. In exchange you can actually have peace of mind of knowing your luggage is in the same airport or even where you parked. And you can’t really self-host a crowd-sourced network.

Not sure if they had a third party manage it for them (there has been a LONG history of super vague “secret” dealings) but it was for their kickstarter rewards through backerkit or whatever. So the same survey you get asking how many extra books you want to buy or whatever.

King under the Mountain always rubbed me wrong. They hit right at the tail end of “wow. kickstarter is awesome” and right before people realized how many DF-like colony sims there actually were. And then their kickstarter survey, for a key with no add-ons, required an insane amount of personal information. I think they claimed it was for VAT but saw a few “ask a lawyer” threads that pointed out that was nonsense and could have been done with a checkbox.

And the super duper secret publisher right around the time interest was spiking because of DF-GUI was more than a bit sketchy

I dunno. I know that it is hell out there for indie devs (not so much in 2021/2022 but…) but all that combined with the game never feeling like more than a “unity school project” REALLY raises a massive number of red flags. Probably just a single kid in over their head and trying to act like a “real” studio but… yeah.

Still, good to see it was released as open source and here is hoping the fanbase that glommed onto this can carry it forward.

Ventoy is a tool I want to use and that would regularly fix issues when I am simultaneously provisioning and diagnosing a system.

But it feels like it breaks if you even look at it in an unexpected manner or if any distro updates at all.

So end result is it works once or twice and then I need to reformat the stick to pop on mint or debian server or whatever anyway.

Yeah… anyone who believes that meme has never interacted with a customer.

People who get angry about an emulator not having the right capitalization on a menu twelve layers deep is shitty. So are people who have a single site license but insist you need to add twelve features or they will take their business elsewhere. And they usually interact with Sales who give less than a single fecal particle and just make tickets and start blaming you for all the problems in their life.