For example it is terribly difficult to self host email, and very few people actually do it.
I read this a bunch of times and put off trying it because it sounded like such a hassle. Eventually I did and… it wasn’t bad at all. I just had to add a few extra DNS entries. I haven’t had any delivery problems.
Sort of. This is apparently done on-protocol so anyone can issue verifications, but they’re only shown in the official client if they’re from BlueSky or someone approved by BlueSky.
A better way to do this would be to let users subscribe to verifiers the way they can labelers. Better still would be for the label to indicate what the verifier has verified about the account, like “nytimes.com says this person is an employee of the New York Times”, which is something labelers can already do.
So I really think they should have just leaned into labelers.
It appears to depend on Bluesky designating entities to do the verification.
I think the existing domain-based verification system is a better way of doing that. Something like Mastodon’s verified links might be a nice addition. This more centralized system is… not what I hoped for.
TOR is designed to resist surveillance and censorship by ISPs or national governments. Communications are encrypted in transit, and there’s no way for a node to tell whether it’s talking to another relay node or the end user.
It’s fairly easy for a website to detect that a user is accessing it via TOR; there are lists of exit nodes like this one which a firewall or intrusion detection system can update programmatically. Many websites block or limit access via TOR using such lists, making it unsuitable for use cases such as the one I’m discussing.
I couldn’t care less what the employer wants. This almost certainly doesn’t violate any criminal laws, but could lead to loss of employment.
I care that my friends can be somewhere they’re physically safe while making enough money to be OK.
They are going to find out regardless
Probably not. This is the sort of organization that will do the bare minimum to tick a compliance checkbox and no more. That likely includes IP geolocation and maybe checks against well-known datacenter IPs. It’s very unlikely to include latency checks, and does not include monitoring agents on remote machines. My friends have accepted there’s some risk of employment loss, but would prefer to mitigate it.
Stop trying to cheat the system
Fuck the system.
This is similar to what I had in mind. I was thinking of software and a paid subscription while this is a hardware device with free access. It does appear to reward people for acting as exit nodes in a more or less ethical manner (depending on how you feel about weird cryptocurrencies).
This is a concern about a remote employer detecting that they’re working from outside the USA, not surveillance. TOR is not an appropriate solution.
There are many, some of which are easily found with a web search for “residential VPN”. That also comes up with a bunch of untrustworthy listicles with affiliate links to the “best” options.
Some of these are extremely shady, using malware to turn unsuspecting victims into exit nodes. Some gain access with consent by offering payment or some other benefit; this probably violates ISP TOS, but I don’t care about that.
Yes, this is the DIY VPN server at a relative’s house option.
it’s light on AI
Good. I have yet to see a preloaded AI feature on a phone that I want to use. The one I actually want is correctly deciding of I want to be disturbed with a given notification.
Maybe. The bad actor here seems to be the government of China, and the linked page says:
The individuals most at risk include anyone connected to: Taiwanese independence; Tibetan rights; Uyghur Muslims and other ethnic minorities in or from China’s Xinjiang Uyghur Autonomous Region; democracy advocacy, including Hong Kong, and the Falun Gong spiritual movement.
I can imagine them casting a wide net.
Each participant is sent a separate copy of each message encrypted with their own key.
A problem is that some sites that don’t need cookie banners use them anyway due to a poor understanding of the law and excess of caution.
And I think we’d all agree a sophomore dating a college student would be pretty imbalanced.
I was a college student at 17, but I think you had a larger age difference in mind. I do think we can all agree there should be laws against adults sexually exploiting teenagers.
Yes, though legally that’s a bit of a grey area. It’s only really entrapment if law enforcement or informants entice the offender to commit a crime they weren’t predisposed to commit. I imagine it would be an uphill battle to convince a judge or jury of that when it comes to meeting minors for sex.
The decoys were careful so that it would never even be a question.
I remember looking up the people To Catch A Predator worked with and reading some of their chat logs. The decoy was always very upfront in giving an age unambiguously below the age of consent in their jurisdiction, and never initiated conversation about sex or suggested meeting in person.
Of course, the decoy would always agree to do so if the offender asked, but the criminal conduct was unambiguously criminal, and unambiguously the offender’s idea. What we see in this article appears to abandon that sort of rigor to manufacture more opportunities to confront someone.
We’ve decided, as a society, that humans cannot consent until 18.
Older criminal laws were based on that idea, usually called “statutory rape”. Modern laws about sexual abuse of children usually ignore the concept of consent entirely to allow for more nuance.
One example of nuance is exceptions for people close in age so that non-abusive relationships between teenagers don’t suddenly become crimes when someone has a birthday. Another is that consent is often a factor in the severity of the penalty.
It’s on a VPS. Whether that’s really self-hosted may depend on how much of a purist you are, but it’s fully self-managed, not SAAS.
It’s recommended to have a PTR record mapping your IP address to your domain, which you wouldn’t be able to do with a residential connection from a typical ISP. I do send mail from multiple domains though and I haven’t had issues with deliverability. What I do not send is any kind of high-volume mail, which would likely attract a different kind of scrutiny.