Hacker Newsnew | past | comments | ask | show | jobs | submit | nervuri's commentslogin

> It also seems like this type of obfusction probably never was particularlly effective.

It actually is effective - at least it was a few years ago. See these tests:

https://www.johnplummer.com/javascript/email-obfuscation-wor...

https://web.archive.org/web/20160304042853/http://techblog.t...


Zero-width characters can be used to covertly watermark text and to figure out who copied text from a page and pasted it somewhere else. Server software can encode a hidden number between every few words, which corresponds to a server log entry with your username (if logged in), IP address, browser fingerprint, etc. I wrote more about this here:

https://nervuri.net/stega

I think the best solution to this type of problem would be a clipboard utility that warns you when you copy text which contains hidden characters, homoglyps, rarely used whitespace characters, etc.


Vim does not display them all. The only program I checked which displays all such characters is `less -U`. You can test using this file:

https://gitlab.com/nervuri/nervuri.net/-/raw/master/gopher/z...


Thanks for this! Good to add to the ol' repertoire (:

Looks like the only one Vim misses is U+17B5? Though it there could be more not listed there. Unicode is a deep dark forest.

----

For others readers, here's a non-gopher version of the article linked inside: https://nervuri.net/stega


Also 061C, E0001, E0020...E007F. And probably others, yes. The list at https://invisible-characters.com/ might contain more.

> Unicode is a deep dark forest.

Oh, indeed.


You can disable all phoning home. Have a look at https://support.mozilla.org/en-US/kb/how-stop-firefox-making...

Having a single setting that does all of this would indeed be nice.


https://github.com/arkenfox/user.js

https://gist.github.com/ryandaniels/33e443bb401dde665fce15dd...

but yes, a single setting is necessary if you want to also opt out of any _future_ telemetry settings without always having to update your prefs.


They just revert prefs don't they, add buttons back to your toolbars, etc.

Or have they reformed?


The ECASH act is so far my favorite initiative for private online payments. A government-issued open-source anonymous digital dollar, functional both online and offline, no blockchain involved, no transaction fees. I hope they can make it work technically. And I hope Americans support this. It would also pave the way for other countries.

Official site: https://ecashact.us/

Rohan Grey explaining the ECASH act: https://www.youtube.com/watch?v=BStXZH5PX1I

It would also be great for GNU Taler to take off.


The ability to make large anonymous digital transactions do make corruption and tax evasion easier to get away with. As for sanctions, I imagine they can mostly be enforced by looking at the flow of goods. The money transfers can't be traced, but the weapon shipments can be.


> - With the exception of e/OS, all of the handset manufacturers examined collect a list of all the apps installed on a handset.

/e/OS is no exception. I looked at the requests made by its "Apps" app. Every time it checks for updates, it tells the server what applications you have installed. These requests are made with a User-Agent header revealing your device model, build ID and Android version. Installed languages are also sent via the Accept-Language header. And there is no option to disable update checks; the closest you can get is to set the interval to monthly.

Contrast that with F-Droid, which downloads the package index in advance (like apt does), so it doesn't need to send the server a list of installed apps in order to check for updates.


Bombadillo: a non-web browser - https://news.ycombinator.com/item?id=25223184 - Nov 2020 (50 comments)


> there are loads of programs for polling+downloading+caching+converting news feeds

Please list a few. They might come in handy.

I know of feed2exec (programmable feed reader): https://gitlab.com/anarcat/feed2exec

Debian also has feed2imap, feed2omb (open microblogging) and feed2toot (Mastodon): https://packages.debian.org/search?keywords=feed2


The one I stripped down is feed2maildir https://pypi.org/project/feed2maildir

Prior to that I was using imm https://hackage.haskell.org/package/imm-0.3.0.0 Looking at it's github repo it seems to have morphed into a more general-purpose tool https://github.com/k0ral/imm

I also remember looking at https://github.com/sloonz/maildir-feed and its successor https://github.com/sloonz/ua which looks nice and modular, but I couldn't figure out how to compile Go with Nix :(


Thanks! It can be hard to find these things.


> Also, is Lawrence Lessig still active?

He hosts https://equalcitizens.us/anotherway/


Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: