Skip Navigation

🦊 helloyanis :veripawed3:

@ helloyanis @furries.club

Posts
15
Comments
61
Joined
12 mo. ago

  • The EU's age verification app can be hacked in 2 minutes. (Found by Paul Moore)

    Jump

  • @vapeloki The issue is, once again, not that the app allows you to bypass age verification or anything with how countries implement it. It's that the app makes it extremely easy to get the data and spoof someone else, while claiming it's secure and privacy focused while it is not.A prectical example would be :- Someone steals my phone- They can access the app as they can bypass the PIN- They can appear and act as myself on any platform that will use the system to verifyNo matter how countries implement it or how the app is still "in development", I'm just saying that this current implementation is insecure and can be very easily hacked besides what is being said on the public spaces like the dedicated website and the twitter account of the president of the EU commission.I will probably stop replying to this thread now as you keep telling me the same arguments and even when I demonstrate how I disagree with them, you keep repeating the same ones so I'll just stop wasting my time

  • The EU's age verification app can be hacked in 2 minutes. (Found by Paul Moore)

    Jump

  • @vapeloki I really don't get what you say with "there is no app". The repo is literally called " age verification Android application". It's not an SDKAlso, why shouldn't it matter what Ursula said?The part of the readme you linked me mentions "In particular, any national-specific enrolment procedures must be implemented by the respective Member States or publishing parties". This does not relate to the security of how data is stored.

    "The current version is not feature complete", well, it's not what I'm complaining about. The thing is the feature that are there are not well made and use an approach that don't focus on security and privacy.

    Yes it's a demo but if they want people to base their implementation based on that, then every implemenation will be faulty. A demo is meant to DEMOnstrate how it's done. It never says anywhere it's a prototype and if it was so, they wouldn't brag about top notch security on their web page.

    But anyways, you probably won't change your mind.

  • The EU's age verification app can be hacked in 2 minutes. (Found by Paul Moore)

    Jump

  • @vapeloki From Ursula von der Leyen on Twitter, april 15th :"The European Age Verification App is ready""Our app ticks all the boxes.✅ Highest privacy standards in the world[...]"

    The GitHub readme note was added on april 17th, so after the backlash. I guess that means they are aware they need to update stuff, at least, but again it shows how they thought the app was good to go and production ready while it clearly was not.

    Obviously Ursula von der Leyen is not a developer of the app so at some point she must have been told by the developers that the app was ready, then people saw it wasn't so they added the note to the GitHub readme. That's how I think things went.

  • The EU's age verification app can be hacked in 2 minutes. (Found by Paul Moore)

    Jump

  • @vapeloki While this is a prototype release, yes, it shows they don't have user privacy at the core of their product despite what the branding seems to imply.

    Usually prototypes comes with missing features, but right now the features are in a state with fundamental security flaws and they'd almost need to rebuild a whole app to fix that. Usually a prototype is to prove that a concept works, not how insecure it is.

    Also, besides that, the president of the EU commission publicly stated that the app is production ready with the world's best security standards. See https://xcancel.com/vonderleyen/status/2044340323120193595#m . I don't think this would get posted if they thought that the app's security infrastructure was broken and that this is just a prototype 🫤

  • Privacy @lemmy.ml
    🦊 helloyanis :veripawed3: @furries.club

    The EU's age verification app can be hacked in 2 minutes. (Found by Paul Moore)

  • I just found a security breach that can leak thousands of emails on a website!!

    Jump

  • @hansolo Well, don't trust me then. I'm just a random person online after all! I'm not going to fight to prove something that I know happened, that would just be a pointless argument and a waste of time, I think.

  • I just found a security breach that can leak thousands of emails on a website!!

    Jump

  • @hansolo Well it is not one of the largest companies in the world, I can tell you that. You don't really have to trust me (but why would I post it if that wasn't true?)

  • I just found a security breach that can leak thousands of emails on a website!!

    Jump

  • Not in all cases actually, as is shown by this reply! Mastodon just defaults to including the @ of the person you are replying to, so they get a notification, but it works without!

  • I just found a security breach that can leak thousands of emails on a website!!

    Jump

  • @hansolo Well, I can't really share more details without compromising the privacy of thousands of people who didn't ask for anything! I don't really know what else I can tell you? If the website does not fix it then I can disclose the vulnerability, but since there are accounts dating back to 2009 the code base must be super old and hard to fix so I'll give them some time.

  • I just found a security breach that can leak thousands of emails on a website!!

    Jump

  • @CodenameDarlen It's because I post on mastodon : My instance is furries.club (check my username) and that's a Mastodon instance that works with hashtags to find posts. Instead of writing the same post multiple times, I use instead the 𝓶𝓪𝓰𝓲𝓬 𝓸𝓯 𝓯𝓮𝓭𝓮𝓻𝓪𝓽𝓲𝓸𝓷 to write the post only once with hashtags and by tagging the Lemmy community so that it also gets posted there, and people who comment in one platform will also have their comment show up on the other platform.

  • I just found a security breach that can leak thousands of emails on a website!!

    Jump

  • @CodenameDarlen I'm glad I write well enough to be confused with AI but no, I haven't even used any em dashes! 😉

  • Privacy @lemmy.ml
    🦊 helloyanis :veripawed3: @furries.club

    I just found a security breach that can leak thousands of emails on a website!!

  • My Firefox add-on to download music and videos just got a big update!

    Jump

  • @pkjqpg1h Yes, indeed that's an issue with the Firefox app, there's nothing I can do on the side of the extension with this, as it acts as if you cancelled the download.

    However, a workaround is, load the website and the add-on in a non-private window and make sure "Media cache" is enabled in the add-on settungs.

    Once the download is over and the popup to download flashes and disappears, start downloading again (with the same quality as before if asked).

    The download should only take a few seconds as the add-on caches the video/audio data so it can do faster downloads.

  • My Firefox add-on to download music and videos just got a big update!

    Jump

  • My Firefox add-on to download music and videos just got a big update!

    Jump

  • @DarkPassenger Awesome! Well, if the website you are downloading from does not work, tell me and I'll try to figure it out!

  • Firefox @lemmy.ml
    🦊 helloyanis :veripawed3: @furries.club

    My Firefox add-on to download music and videos just got a big update!

  • ChatGPT will now predict your age based on how you interact with it

    Jump

  • ChatGPT will now predict your age based on how you interact with it

    Jump

  • @treatcover Well, you can run Mistral locally but my laptop is not powerful enough hahaAlso, yeah, a small copy paste goes a long way!

  • ChatGPT will now predict your age based on how you interact with it

    Jump

  • @ageedizzle I plan on using https://chat.mistral.ai/ since it's a completely different model that is open source and based in france so regulated by GDPR. If you still use ChatGPT but from somewhere else, it kinda defeats the purpose to switch away from it, in my opinion.

  • Privacy @lemmy.ml
    🦊 helloyanis :veripawed3: @furries.club

    ChatGPT will now predict your age based on how you interact with it

  • What YouTube downloader are the kids using these days?

    Jump

  • Oh, good: Discord's age verification rollout has ties to Palantir co-founder and panopticon architect Peter Thiel

    Jump

  • It's a great day to delete your X account(s)

    Jump

  • @CircaV @Europellinore Personally, I'm using Mastodon over BlueSky and I wonder why it has not got the same attention as bluesky :- It's decentralized and you can host your own, to help with data safety- This also prevents it from turnuing into another twitter since if that happens, you can just host an old version or fork the code and continue updating it- It's compatible with activitypub, so you can post and reply on Lemmy from a Mastodon account, like this one!

    But yeah, it's pretty annoying to switch from one platform to another since your followers are not likely to do the same. Maybe that's why?

  • I just halted a job interview process - due to self respect.

    Jump
  • Games @lemmy.world
    🦊 helloyanis :veripawed3: @furries.club

    🎧👾 Groove Coaster 2 offline mod update

  • Linux @lemmy.ml
    🦊 helloyanis :veripawed3: @furries.club

    Finally, after some time I made the switch to #Linux !

  • Trouduction @jlai.lu
    🦊 helloyanis :veripawed3: @furries.club

    Oui, mais est-ce que votre pommeau de douche est résistant à l'eau?

  • Trouduction @jlai.lu
    🦊 helloyanis :veripawed3: @furries.club

    Vous connaissez peut-être le menu de démarrage sur le bios de votre PC. Mais connaissez-vous...

  • Open Source @lemmy.ml
    🦊 helloyanis :veripawed3: @furries.club

    -=My new file explorer that runs in your browser=-

  • Technology @lemmy.world
    🦊 helloyanis :veripawed3: @furries.club

    I updated Media Downloader Unleashed so it can download MPD streams!

  • Programmer Humor @programming.dev
    🦊 helloyanis :veripawed3: @furries.club

    "Encrypted"? Yeah, right!

  • Esperanto @sopuli.xyz
    🦊 helloyanis :veripawed3: @furries.club

    Great news everyone!

  • Esperanto @sopuli.xyz
    🦊 helloyanis :veripawed3: @furries.club

    Finally public! My new #opensource web-app to learn #esperanto!

  • Privacy @lemmy.ml
    🦊 helloyanis :veripawed3: @furries.club

    The European Comission is looking for feedback on forcing retention of metadata from all communication services for "a reasonable period of time", for purposes of criminal investigation!

  • Fediverse @lemmy.world
    🦊 helloyanis :veripawed3: @furries.club

    Have you ever wondered how Lemmy and Mastodon federate?