Hi everyone

I just upgraded feddit.ch to the most recent Lemmy Version v.0.19.2 and hope it fixes some ongoing issues with lemmy. Together with the upgrade this instance to a little performance boost to cope with the higher load.

If you want to know more about Lemmy v.0.19.2, here you go.

The pictr-rs migration is still pending and will probably cause some downtime too, but i'll keep you posted.

If you have any questions or issues, please let me know.

Hi everyone

I just upgraded feddit.ch to the most recent Lemmy Version v.0.19.1. The new version brings a lot of new features. For example, you can now block entire instances, if you don't like their content, enhanced post ranking, reworked 2fa and much more. I think the new update brings many great improvement, take a look at their change log.

I installed Version 0.19.1 over 0.19.0 because was causing some federation issues. If you like to know more, here are the recent changes to lemmy.

With the update, i also restored image uploads, so you can post your favorite images again.

The update caused some downtime, since the database somehow used all the remaining disk space and needed to do some clean up afterwards.

The next step will be to relocate the pict-rs to a different datastore, since it is using a lot of space together with the db.

If you have any questions, just let me know. If you like to contribute, you'll have some information about that in the sidebar.

Happy Xmas and enjoy your time with your loved ones.

In future, it will be easier to trace anonymous bomb threat calls in Switzerland and locate people at risk more quickly during emergency searches.

The Federal Council has introduced changes to the monitoring of telephone and internet data with effect from 1 January 2024.

The aim of the amendment is to enable more precise positioning of telephone and internet data and to continue to ensure effective criminal prosecution, the Federal Council announced on Wednesday.

During the consultation process, however, digital-savvy and left-wing circles criticised the fact that the amendment to the Act on the Surveillance of Postal and Telecommunications Traffic would lead to an expansion of surveillance.

Due to the criticism, the Federal Council has now decided not to force providers of services such as Whatsapp, Threema or Signal to remove the encryption from their chats when surveillance is ordered. ...

Regarding the ongoing CSAM problem on the lemmy instances, i will temporary disable image upload for this instance.

With this action, i hope i can also restrict possible CSAM content being cached to feddit.ch. I know this is a rather harsh measure, but i want to keep the instance running as long as i can.

There devs seem to acknowledge the issue and a lot of mods are looking for options to cope with this problem. As soon as there will be a better solution for this issue, we will be back to normal.

For now, if you want to upload images to a post or a comment, there are various sites that offer free image upload.

I hope you understand.

Edit: typos

As of right now, i temporarily removed the community from federating with our instance because of CSAM, which was and still is posted on this community. As soon as the issue is resolved, we federate again.

Sorry for any inconvenience, but this is for better for us all.

Edit: The purge command seemed to lock up the db and the instance was unresponsive for some time. I hope we god rid of the content for now. There might be some other actions taken. I hope you understand.

Sorry for any interruptions caused.

Edit 2: All files which were uploaded to the feddit.ch instance from 27.08. until now were deleted. Sorry if i disrupted any of your posts or comments. We really don't want any CSAM content on this instance an hope we got away with some cached content.

A privacy policy can lay out a lot of important information that you cannot find anywhere else. Here’s a breakdown of the most useful details contained in most policies, and how to find them.

What information are they collecting?

Look for a section with a title like “Personal information we collect” or “How We Collect and Use Your Personal Data.” This will list types of data the company gathers both “automatically” and from you directly. You may see disclosures that the company collects your location, IP address, biometrics, or information from your web browser, such as cookies or trackers. Be on the lookout for hints that the company uses a tracking technique called fingerprinting, which can identify you even when you go out of your way to decline cookies or block trackers. It does so based on information about your device such as the operating system, manufacturer, or even screen resolution, so keep an eye out for whether that data is being collected.

It is sometimes impossible to know whether the collection described in sections like this is actually happening, said Sebastian Zimmeck, an assistant professor of computer science at Wesleyan University, who studies privacy. “The reason why many privacy policies are not meaningful is because companies ‘may’ collect your information. Or they may not,” Zimmeck wrote in an email.

Location, location, location

In the information collection section, you may see terms related to your whereabouts such as “geolocation,” “geofencing,” or “geotargeting.” This signals that the company is collecting one of the most sensitive categories of data. Researchers have repeatedly shown that the unique nature of our movements can reveal private information about our lives that we may not want others to have, including places of worship, medical providers, or even political protests.

Keep an especially close eye out for the term “precise geolocation,” which the California Consumer Privacy Act defines as “a geographic area that is equal to or less than the area of a circle with a radius of 1,850 feet.”

Why are they collecting this information, and how do they use it?

Anonymization/aggregation might not be as good as it sounds. Sometimes a company might say that any data it shares has all identifying information removed. Its privacy policy might use terms like “de-identified” data in addition to “anonymous” or “aggregated” data. This sounds as if it makes information sharing more private, but there has been a great deal of research showing that it is possible and in some cases quite easy to re-identify personal data even after it has been masked or combined. It doesn’t matter if a company anonymizes your data if its “business partners” are just going to undo that work when they get it.

Code words for “ad targeting”

When a company says it uses your data to “personalize” or “enhance” your experience or “improve our services,” that can often mean it is analyzing your data for ad targeting. “Measuring the effectiveness” of advertisements or other activities can mean tracking what you click on or buy. Also look out for mentions of “interest-based advertising,” which means the company is analyzing your activity on the service and allowing third parties to infer your interests for the purpose of targeted advertising, in some cases even away from the site you’re on. If the policy talks about tracking you on other online services, this also means the company is tracking your browsing activity across the internet, not just on its service. It might do this directly or purchase the information from a third party.

...

After a short downtime, feddit.ch is now running on v0.18.4. The upgrade went flawless and the services seem to be running fine. Enjoy!

In late January 2023, almost 45 GB of source code from the Russian search giant Yandex was leaked on BreachForums by a former Yandex employee. While the leak itself did not contain user data, it reportedly contained the source code for all major Yandex services, including Metrika, which collects user analytics through a widely used SDK, and Crypta, Yandex’s behavioral analytics technology.

I got involved when a fellow privacy researcher reached out to verify what he’d found in a different part of the codebase. After spending the week digging around and verifying his findings, on Friday night I sat down with a glass of wine and decided to dig into something I was curious about. While there has been lots of speculation about what Yandex could do with the massive amounts of data it collects, this is the first time outsiders have been able to peek behind the curtain to confirm it, and what I’ve found is both fascinating and deeply unsettling.

Open source project Moq (pronounced "Mock") has drawn sharp criticism for quietly including a controversial dependency in its latest release.

Distributed on the NuGet software registry, Moq sees over 100,000 downloads on any given day, and has been downloaded over 476 million times over the course of its lifetime.

Moq's 4.20.0 release from this week quietly included another project, SponsorLink, which caused an uproar among open source software consumers, who likened the move to a breach of trust.

Seemingly an open-source project, SponsorLink is actually shipped on NuGet as closed source and contains obfuscated DLLs that collect hashes of user email addresses and send these to SponsorLink's CDN, raising privacy concerns.

feddit.ch was down for about 10-15min due to the upgrade to lemmy v.0.18.3. See the lemmy release notes for the newest changes and improvements.

I hope it runs smoothly, have fun.

Hi everyone, _Frog here

I wanted to give you an update on the current status of feddit.ch and the first month since the creation of the platform.

Where i came from:

Reddit was my home for the last 8 years or so and i loved how you just could look for anything you like and find it there. I brought many friends over, since "there's something for everyone".

But reddit changed and not in a good way. I never liked the way they tried to monetize their platform and our information on it. With ads spreading in recent year, the situation got worse. Even more trackers got implemented and reddit evolved in a massive data octopus.

Since reddit announced the their new api pricing model, i was looking for alternatives to this massive platform with thousands of subreddits and millions of users. Through various other users and subreddits and some research i came across the fediverse and really liked the idea.

I always wanted to contribute something to an open community but never had a project, i really could help with. Then i came along the idea of creating feddit.ch a lemmy instance in the fediverse. With this, i hope i can contribute to a open network and give back something to the user, the community, to you.

So here we are, one month in on the project and i'm still happy i did it.

Now comes the technical part, for anybody wondering on what and how feddit.ch actually works.

My infrastructure runs on Microsoft Azure in Zurich, Switzerland

The instance started originally with: Ubuntu Server 22.04 LTS, B2s VM (2-Core, 4GB RAM), 32GB Standard SSD (OS) [server-side-encrypted], 16GB Premium Disk (Lemmy Data) [server-side-encrypted], Public IPv4

Estimated estimated costs: ~44 CHF

Instance details right now:

Ubuntu Server 22.04 LTS, B2ms VM (2-Core, 8GB RAM), 32GB Standard SSD (OS), 64GB Premium Disk, ~20GB used (Lemmy Data and DB), Public IPv4 & IPv6 (thanks to @Broom2101@feddit.ch, SMTP over mailersend.com

Estimated monthly costs: ~88 CHF

In the image of the post, you can see the network traffic and disk i/o of the last 30 days.

I did some reservations on azure to bring down the costs, time will tell how much it really costs.

The management of the vm can only be done through a on demand jump host and the configuration is done with the lemmy ansible setup method. There is a daily backup for the worst case scenario.

I want to be transparent on how i'm doing things and what you get if you register on this instance. So if you have any questions, adjustments or ideas i'm open to hear them, just let me know.

_Frog

PS: If you like to contribute and support this instance, i setup librepay where you can donate.

As a reaction on the XSS attacks yesterday, the devs released the version v0.18.2 for the front end and now for the back end as well.

To hopefully mitigate all the open issues, that existed yesterday and allowed possible attack vectors, i now updated the instance to this latest release. With the security fixes, there are other minor improvements to the system.