@aral @joynewacc Hi Aral! Please add the instance I admin https://privacysafe.social to the list

Signups are snowballing, LFG https://privacysafe.social #social #fediverse

@GossiTheDog @microsoft my money's on AI bot for this. Probably taking notice of the fediverse because of threads.net

We're seeing an uptick in signups and, more importantly, user activity at privacysafe.social this week The sustainable growth model we've been building toward is on the horizon.

We want a self-sufficient community with consistent growth but a critical mass of active users. And we're getting there!

feather friendly #caturday

@grumpasaurus @diverdutch metric or imperial?

@samhenrigold thanks! just curious mostly.

seems like very unlikely to be a privacy issue and maybe a security issue in contexts where you might be worried about side channel attacks and should be airgapping anyway.

@samhenrigold oh, I don't think it was put there for the purpose of surveillance.

but we know all these sensors in phones can be used for similar purposes, gyroscopes accelerometers etc. So I am always looking the the potential privacy harm / security hole

@samhenrigold oof. there's got to be a way this can be used for #surveillance.

How accessible is this to any developer besides Apple (who likely already knows what device you're on, when you're sleeping etc.) ?

@calyxinstitute @calyxos You could even generate a third keypair and use that for releases after the audit, so that the latest keys were never on a release with the old ones you're concerned about.

This all seems like something to worry about only if the current private key was compromised / exposed and you said that didn't happen.

I'm confused by your latest update @calyxinstitute @calyxos but perhaps I'm missing something.

Doesn't Android allow for there to be an intermediary "bridge" / migration release signed with both old and new keys, if there is no key compromise *and* you folks just pushed an OTA update with the old key?

AFAIK this is how LineageOS does it.

#privacy #security

https://calyxos.org/news/2025/08/27/last-ota-update-before-new-calyxos-release/

I was 21,440,926 minutes old when I learned what a charger plate was 🫥

@ib @pluralistic @privacysafe @Mastodon

No worries, I knew someone would ask

We are currently pushing repos to #github because that's the world's biggest source code directory. Not having repos there greatly reduces our reach, PRs, and issues filed, equivalent to delisting ourselves from #Google.

Internally, we use self-hosted #Gitlab. If you would find it of value, I can push this @privacysafe #social UI repo to @Codeberg as well.

Let me know.

@pluralistic @privacysafe

For the list of UI/UX changes we made to @Mastodon that make our #privacy respecting #social community different, friendly *and* familiar for users of #BigTech platforms, see our #opensource repo here https://github.com/PrivacySafe/privacysafe-social-ui

"The #Fediverse is our best hope for an #enshittification -resistant alternative." @pluralistic

Sign Up FREE for @privacysafe #social

https://privacysafe.social/auth/sign_up

No Ads, No Spyware, No #AI Manipulation. Simple Rules, Honest Moderation, Zero Fees.

Shoutout to the @ivycyber team for building the @privacysafe software, which is definitely not vibe coded. Like what we do? Check out our products and support our work: https://ivycyber.com

This project isn't malicious and the examples are limited and therefore "fake" - but the lesson is real. #AI prompt systems can spit out code fast and automated bots can fill the web with it.. whether or not it's complete crap.

Of course, the source code is published. Want to make #VibeCrap even worse? Fork it, add your awful ideas, and submit a pull request. https://github.com/profdiggity/vibe-crap

Insecurity Demos:
• Fake XSS
• Clickjacking
• CSRF auto form
• Cookie flags gone wrong
• Open redirect
• Prototype pollution

These demos are safe and purposefully limited, but they're proof that bad coding can lead to security nightmares.

Features include:
• Chaos Control Panel
• Layout thrashing + forced reflows
• Node spam into the thousands
• Glitchy canvas animations
• Mutation observer meltdowns
It’s a Hall of Shame for bad practices.