• 1 Post
  • 437 Comments
Joined 10 months ago
cake
Cake day: March 9th, 2024

help-circle



  • Syn_AttcktoScience Memes@mander.xyzElsevier
    link
    fedilink
    English
    arrow-up
    2
    ·
    6 months ago

    Unless you know specifically what they’re adding or changing this wouldn’t work. If they have a hidden ‘barcode’ and you add another hidden ‘barcode’ or modify the image in a way to remove some or all of theirs, they’d still be able to read theirs.



  • Syn_AttcktoScience Memes@mander.xyzElsevier
    link
    fedilink
    English
    arrow-up
    12
    ·
    edit-2
    6 months ago

    This is a great point. Image watermarking steganography is nearly impossible to defeat unless you can obtain multiple copies of the ‘same’ file from multiple users to look for differences. It could be a change of a single 5-15 pixels from one rgb code off.

    rgb(255, 251, 0)

    to

    rgb(255, 252, 0)

    Which would be imperceptable to the human eye. Depending on the number of users it may need to change more or less pixels.

    There is a ton of work in this field and its very interesting, for anyone considering majoring in computer science / information security.

    Another ‘neat’ technology everyone should know about is machine identification codes, or, the tiny secret tracking dots that color printers print on every page to identify the specific make, model, and serial number (I think?) of the printer the page was printed from. I don’t believe B&W printers have tracking dots, which were originally used to track creators of counterfeit currency. EFF has a page of color printers which do not include tracking dots on printed pages. This includes color LaserJets along with InkJets, although I would not be surprised if there was a similar tracking feature in place now or in the future “for safety and privacy reasons,” but none that I am aware of.


  • Syn_AttcktoScience Memes@mander.xyzElsevier
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    6 months ago

    Good question. I believe the browser “Print to PDF” function simply saves the loaded PDF to a PDF file locally, so it wouldn’t work (if I’m correct.)

    I’m not an expert in this field, but you can ask on StackExchange or the author of MAT or exiftool. You can also do it yourself (I’ll explain how) by making a PDF with a jpg file with your metadata, opening it and printing to pdf, and then extract the image Do let us know your findings! I’m on a smartphone so can’t do it.

    If you do try it yourself, a note from the linked SE page is that you won’t be able to extract the original file extension (it’s unknown, so you either have to know what it is, or look at the file headers, or try all extensions), so if you use your own .jpg with your own exif data, rename to .jpg when finished (I believe exif is handled differently based on file type.)

    There are multiple tools to add exif data to an image but the exiftool website has some easy examples for our purpose.

    (do this as the first step before adding to the PDF)

    (command line here, but there are exiftool GUIs)

    exiftool -artist=“Phil Harvey” -copyright=“2011 Phil Harvey” YourFile.jpg

    Adds Phil Harvey and the copyright information to the file. If you’re on a smartphone and have the time and really have to know, then hypothetically there should be web-based tools for every step needed. I’m just not familiar with any and it’s possible the web-based tool would remove the metadata when creating or extracting the PDF.



  • It’s not, technically, but if I have sensitive documents on my phone and a law officer is trying to get me to unlock my phone, I will be entering and/or putting the duress code into my phone. GrapheneOS has ‘lockdown’ button by ‘restart’ and ‘shutdown’ all of which will require a passphrase to unlock, even if you normally have fingerprint enabled for X hours each time of use.

    So it’s semi-related in that GrapheneOS protects against this type of attack.




  • Syn_AttcktoScience Memes@mander.xyzElsevier
    link
    fedilink
    English
    arrow-up
    65
    ·
    edit-2
    6 months ago

    Unfortunately that wouldn’t work as this is information inside the PDF itself so it has nothing to do with the file hash (although that is one way to track.)

    Now that this is known, It’s not enough to remove metadata from the PDF itself. Each image inside a PDF, for example, can contain metadata. I say this because they’re apparently starting a game of whack-a-mole because this won’t stop here.

    There are multiple ways of removing ALL metadata from a PDF, here are most of them.

    It will be slow-ish and probably make the file larger, but if you’re sharing a PDF that only you are supposed to have access to, it’s worth it. MAT or exiftool should work.

    Edit: as spoken about in another comment thread here, there is also pdf/image steganography as a technique they can use.




  • Syn_AttcktoAsklemmy@lemmy.mlWhy does Firefox get more errors than Chrome?
    link
    fedilink
    arrow-up
    4
    arrow-down
    1
    ·
    edit-2
    6 months ago

    Funny, we get more complaints about DuckDuckGo browser than anything else, and that’s one of the few we don’t test on. I know this because I make it a point to have someone from CS tell me about consistent pain points users are having. I wonder how many complaints about Firefox not working your customer service team is getting daily and you just don’t hear about it because they’ve been told to tell users “just say Firefox isn’t a supported browser and to try installing Chrome.”

    You should ask someone in CS. Whichever agent bullshits the least (not the manager) - you might learn something.

    Almost 3/10 people accessing your sites are using Firefox. All those “images not loading right or whatever” are probably blatant to them, making them think “wow, what an absolute shit website.”

    3 out of 10.



  • This sounds like the kind of thing a Zoomer who has no memory of life before the Internet – or the Internet of the '90s before the advertisers got a hold of it, for that matter – would write.

    To clear that up, I’m coming up on 40. We got our first family computer with a 56k modem in 1995. I’m not saying ads are a good thing, I’m telling you that 99% of websites are ad-powered.

    Back then companies had websites as a novelty, or way to find information about their company. All the newspapers that had websites were simply putting their major articles on the internet as a bonus, and as a business strategy to push subscriptions for their physical paper. Most everyone still purchased a subscription to their physical newspapers and magazines. Now, basically nobody has a newspaper or magazine subscription unless it’s online, but most people still don’t… The tech savvy use archive.ph and similar, and the old and non tech-savvy use their 3-article limit and might buy a month subscription to read an article they really have to read, or maybe even a year like the old days, but most don’t pay for a subscription at all, and that’s where the ads come in.

    However, since social media has become the dominant news-spreading mechanism, many or most don’t even read articles. They read headlines and talk shit or ask questions in the comments section, of things which were answered in the article. In the 90s those people would be reading the articles as something to do, and to stay somewhat informed. Today, their smartphone would ding or buzz before they finished the first article.

    P.S. I’m Degoogled and use Graphene without GSF on my main profile so I use Aurora, Neo Store, and F-Droid. Currently using Boost installed with Aurora. What’s a good recommendation for a good, fast, FOSS Lemmy client that doesn’t show ads that I can get with F-Droid?



  • Those are not businesses. They are free projects which a dedicated person (or group of people) donate their time and energy to produce.

    Wikipedia has their semi-annual donation drives and many (not most, but enough worth mentioning) FOSS devs are salaried by companies like Google and Microsoft and are allowed to work on patches to out-of-scope projects on company time provided they’re still fulfilling their main roles. There are also Liberapay, Open Collective, Ko-fi and such but for the majority of FOSS devs not funded by large corps, just developing a large and widely-used program because they want to, donations rarely ever cover as much as they would make at a 9-5. There are also nonprofits that distribute donations to FOSS devs. For most it is a money pit, but to them the passion is worth more. They do it for the love, not the money.

    These are not businesses.


  • Sucks that I have to preface but people can be jumpy here. This is genuine curiosity, I’m actually asking, because it’s really probably something I should already know. Can you explain the nuance to me please?


    My understanding, speaking mostly of apps/websites, I know jobs can be much different:

    Most places have the first factor as a password.

    First factor (or “login”) = username+password pair.

    For the longest time that was all there was, “your login” was just a login, which meant a username and password combination. Then 2FA/MFA (“2 factor authentication / multi-factor authentication”) came along in the form of username+password combo plus SMS/email/Google Authenticator/Yubikey/etc to verify as the 2nd form of authentication. You can have 3FA 4FA 5FA whatever if you want and if it’s supported by the app/website. So 2FA is MFA, but MFA is not necessarily 2FA.

    I know jobs can be set up a lot differently.