[-] mike@postit.quantentoast.de 7 points 1 year ago

I figured I could simply upload them on our webserver, so here you go:

[-] mike@postit.quantentoast.de 6 points 1 year ago

I can't imagine the sound of a room with like 20 pupils, each hammering on such a keyboard.

[-] mike@postit.quantentoast.de 2 points 1 year ago

I'll do that! Question is where to post it. Lemmy doesn't support videos.

227

When 4 IBM Model M keyboards showed up during a cleanup at work (university) and I was asked if I wanted one, I of course said yes!

It's an IBM model M 1394540 from 1992 with the PS2 connector and the detachable cable. The keyboard and cable are in very good condition, even the manufacturing sticker on the back looks pretty good! All keycaps present, all keys work. It just needed "some" cleaning which ended in a 3h long process haha.

It will definitely be my daily driver for the next few weeks. I haven't decided yet if I will use it long term. I'm actually very happy with my modded Keychron Q6. Maybe I'll try some lube on the stabilizers and perhaps a little tape mod.

The best part was that I got to take a second Model M with me, which I will give to a good friend. This one is also in great condition.

It was an incredible day!

59

GDPR Compliance Check

For those who haven't heard of it before, Gumb is

A platform for managing meetings, gatherings, and events for communities of any size. - gump.app/en

I have investigated this app because it is used by a club where I am occasionally active.

Landing Page / Homepage

Fonts: The landing page is using google fonts, so those fonts are loaded (8 requests) from fonts.gstatic.com when opening the website. The first issue here is that google fonts are not listed in the privacy policy at all. Second, by a German court ruling google fonts are not compliant with the GDPR:

The use of external font services cannot be based on Art. 6 § 1 p.1 f GDPR, as the use of the fonts is also possible without having to establish a connection from visitors to external servers. - LG München Az. 3 O 17493/20

Images: Furthermore the website is loading images from firebasestorage.googleapis.com (105 requests). Following the argumentation of the previously mentioned court ruling, using firebase for images could also be considered non-compliant because images could easily be served without having to establish a connection from visitors to external servers.

Youtube Embed: The website includes a youtube iframe (13 requests to www.youtube.com) with an introduction video. While youtube themself offer an iframe option called "Enable privacy-enhanced mode", the Gumb homepage embeds the »normal« iframe that places tracking cookies which again violates the GDPR. The iframe furthermore sends

  • 6 requests to play.google.com/log,
  • 4 requests to https://googleads.g.doubleclick.net
  • 1 request to https://static.doubleclick.net
  • 4 request to https://jnn-pa.googleapis.com

Tracking: The website uses, as stated in their privacy policy, Google Analytics (GA) which results in a request to https://region1.analytics.google.com/g/collect... and https://www.googletagmanager.com. However, writing "we use GA" in the privacy policy is not sufficient. GA requires consent from the website visitor.

There are a few more unnecessary requests, but I think the point is clear.

All of that is happening without any consent from the visitor!

Mobile App

Gumb offers mobile Apps for Android and iOS, of which I only checked the Android version. While I can't say for sure that the app violates the GDPR because it immediately asks for credentials, the Exodus Privacy Report (of the latest version 1.0.84) still looks rather bad:

  • Amazon Analytics
  • Amazon Mobile Analytics
  • Google Analytics
  • Google CrashLytics
  • Google Firebase Analytics
  • Google Tag Manager

Web App

Next to mobile apps, Gumb offers a web app too. Well, what can I say - there are requests to

  • https://fonts.googleapis.com
  • https://www.googletagmanager.com
  • https://region1.analytics.google.com/g/collect...
  • https://www.google.de/ads/...
  • https://stats.g.doubleclick.net/g/collect...
  • https://ipgeolocation.io/

even without being logged in or any given consent.

Conclusion

For a tool from Switzerland with paid subscription plans and the purpose of managing events/meetings etc. it uses a lot of google (tracking) services... Very sad to see as the app looks otherwise really modern and useful. Do today's developers know that applications like Gumb can be implemented without selling their users' soul to google?

[-] mike@postit.quantentoast.de 1 points 1 year ago

I thought this would be visible with my link. Specifically shared the "show changes" Link but that doesn't seem to work.

3

In case you need a quick laugh, have a look at this CVE report.

For context: quote DVWA Repo:

Damn Vulnerable Web Application (DVWA) is a PHP/MySQL web application that is damn vulnerable. Its main goal is to be an aid for security professionals to test their skills and tools in a legal environment, [...].

[-] mike@postit.quantentoast.de 1 points 1 year ago

That one was really difficult and IMO the solution wasn't the best possible move...

30

I stopped at level 24, but it was super funny!

[-] mike@postit.quantentoast.de 5 points 1 year ago

That's an interesting question. At the time being, I think the only way is to do regular backups and store them at a friends for example. That way an instance can be restored after the server has been taken.

Really the only way is to not save anything, or perhaps some sort of blockchain for all the comments and posts?

Blockchain is an interesting thought - or maybe something similar to Matrix. All instances have their own copy of a post and sync with each other. That way it doesn't matter if one instance disappears. Though, that would probably not comply with the Fediverse idea? Interesting thought experiment non the less!

[-] mike@postit.quantentoast.de 8 points 1 year ago

I get your point. Then, why not start your own instance with rules that you approve? I know, easier said than done, but that's the nice thing about the Fediverse. Next to the general purpose instances, there are many "themed" ones with focus groups such as musicians, journalists and so on.

[-] mike@postit.quantentoast.de 7 points 1 year ago* (last edited 1 year ago)

You lying to yourself or have unfounded expectations.

Nobody mentioned any expectations hm...

Everything on Mastodon is in plain text, there is no encryption, and servers get mirrored.

That's 100% correct, and I think it's important to explain that to non-techy users.

It’s only the login info that stays with the instance [...]

Technically yes, but I'd cut the "only" because login info includes the users email. So in case of a raid or data breach, I'd like to know about it.

The entire point of why Mastodon was ever started was censor evertbody that has the wrong opinion. Twitter wouldn’t delete people because of what they believe, so Mastodon was developed to ban IP address so only approved speech could exist on the internet as far as they are concerned and can avoid ackniwledging the real world. A high number of people on there, especially the admins, live in cult

I don't know what places on Mastodon you've visited, but that's not the point of Mastodon or the Fediverse in general at all. But we don't have to start a discussion about that since you seem to already have made up your mind about it.

[-] mike@postit.quantentoast.de 10 points 1 year ago* (last edited 1 year ago)

As far as I know they seize everything if there's a warrant. No matter whether it's relevant for said warrant.

Edit: Sorry, misunderstood your comment; Don't know what the reason for the warrant was.

38

cross-posted from: https://postit.quantentoast.de/post/18942

I thought this might be of interest to other users as well as admins.

48

I thought this might be of interest to other users as well as admins.

mike

joined 1 year ago