On another note, I tried to make a throwaway on `old.reddit.com`. I couldn't find a way to make an account without using an email. I had to manually type in `old.reddit.com/register` to get to a form that would let me not type in an email and even then it wasn't obvious that the email wasn't required.
If you pay close attention, you might notice that the email address field isn't required on the old.reddit.com signup popup. Press next without filling it in and you get the username/password part of registration.
> This completely unintuitive trick also works on reddit.com.
Honestly, it's not so much of a trick, but that the form is a dark pattern.
IMHO, they probably really, really want to require email addresses to register, but are trying to avoid the backlash from power users (aka their content source) that would happen if there wasn't a workaround. Every time someone gets ticked off about this, there's probably a comment within 5 minutes with instructions, and all outrage energy drains away.
Agreed (in fact I referred to it as a dark pattern in another comment).
@grumple pointed out that throwaway accounts that can't be easily linked to the poster are essential to some reddit communities, which may play a part in why this feature is still available.
They appear to be A/B testing the email requirement. I tried reddit.com on desktop again just now, and in some sessions it lets me skip the email but in others it says the email is required.
> I would've never guessed it's still possible to create an account without using an email or a phone on any site in 2022 ... why do they keep the functionality?
Is this a joke? Participation is assumed to be only on the basis of anonymity. If the baker requested your name, there would be something very wrong around your parts.
Intrusive requests would mean refusal of participation.
It's not intrusive to ask for an email. It's a slight barrier against spam (trivially bypassed but still) and of course it's mandatory for resetting accounts, informing users about stuff (like Terms of Service changes). I honestly cannot remember the last time a website let me register without an email.
I can read one possible such «time» one click away (on your username).
It is not intrusive only if you can give a random address. It would be intrusive if all you had available was an address already used for other services. It is intrusive to ask you for, or coming to know, your name.
That must be a recent change. Because at least as recently as early this year, you could just click "continue" while leaving the email field blank and create an account.
It's still possible for me, I think @NowhereMan just didn't realise the email field could be left blank. Dark pattern working as intended, most likely.
Since I like to build custom electronics using JLCPCB, I went on there and looked for RISC-V chips. I found the ESP32-C3 and a dozen or so Chinese chips that seemed to only have Chinese datasheets. It seems that things are still pretty immature in RISC-V adoption. I will be getting a ESP32-C3 dev board to tinker with at least.
The projects I work on need long time horizons and industrial or automotive environmental specs. RISC-V will be hardware cosplay (h/t n-gate!) until that time, as far as I can see it.
I am surprised automatic shifting technology doesn't exist. Wireless electronic shifters are readily available now, in addition to power meters. We have devices to shift and devices to tell us when to shift. All that is needed is to marry the two together.
It does exist, in the form of a CVT and controller invented by a company called NuVinci. I built a cruiser bike with the manual CVT version years ago. It worked but the hub was very heavy. If you were stopped in high gear and you pushed down on the pedal really hard to start going it would occasionally slip. Once you got going it was pleasant to use but don't expect to win any races.
They must not have sold very many of them because Fallbrook-NuVinci went into chapeter 11 and enviolo bought the tech.
The Vanmoof bikes have automatic shifters. I don’t like them because they are unpredictable, and you feel the difference. It’s jarring. The Cowboy is single speed, which works pretty well because of the motor. That’s my preferred configuration. But at high speeds it does feel like I’m at a spinning class, and it sounds like this system could fix that.
A lot of bots are written by really unsophisticated people though, often just following online guides. Raising the bar lowers the number of adversaries.
You can never eliminate the risk, but it's just one more point of friction which is also a not-so-unreasonable speed bump to enable for real users.
Maybe, but, no one gets my mobile number, not my bank, no one.
It's not in my name, I pay cash for it, I share my contacts with no one, etc.
I won't have it linked to me, and with how you can so readily be location tracked when someone knows your number, I am astonished so many people give it out.
Other people share your contact though, unless you exclusively associate with people equally paranoid. You simply can’t have an anonymous phone number these days unless you actively switch numbers all the time which if you get accused of something will be used as evidence against you.
I have a voip number forwarded for incoming. I have no caller id for outgoing.
Thus, even with google having my name linked to a number, it does not link to my cell phone.
Reply to comment below:
No one gets my real mobile number, so that is solved.
Why would I care if my VOIP number is in address books. That's the point of it, and why I have it
I'm not trying to hide from the government, I am preventing Google, FB, etc from linking my mobile to me, and preventing random people from tracking my location, which is trivial when they know your mobile number.
If you host your own pbx, you can consider it as a proxy to your cell phone, and even do it over vpn. You cant track that further than the pbx server ip
It only takes one contact to have your real number in your name, or even better also associated with your VoIP number in their address book, to lose your "anonymity".
That was my thought. The value of a piece of metadata is inherent in its context as a node within a network. You might have disparate pieces of information about a group of people, but weighing their connections by similarity/proximity/etc. allows you to develop assumptions about individuals, even if all you know is their phone number and who had that phone number in their contact list.
Specifically, from the point of view of network analysis, a missing or unknown node becomes suspect when various connections point to it. In the era of high connectedness, that seems like kicking a goal on your own team if you're playing the "be anonymous" game.
This level of automatic tracking would require all players (VOIP company, network providers (eg, via wifi), cell phone companies, Google + Facebook + Apple, along with significant tracking effort...
Just to find out that phone #5 is Pete.
Whilst it could be done, things aren't quite that far along yet. Further, I believe you are presuming I intend to remain unknown from all parties.
I believe you, and a few other commenters here are jumping to an extreme interpretation. My goal is to cut automated tracking.
A key example may be photo radar, and those license plate covers which make plates illegible (presumably). In this case, should a police officer, or the government in general want to track you, yup, they could.
For example they could go through video looking for you again. Your exact car. Including, the covered plate! It really wouldn't be that hard to do, but it would take time. Effort.
However, plate readers are networked, and databases are being kept of car movements. Having that plate cover breaks this automatic tracking, even if a dedicated person may want to track.
So you raise the bar. You remove automation.
And that's the guts of it. Because profitability in this business is won by doing a few simple things, and then collecting massive amounts of data. Remove any degree of automation, and it is no longer profitable to track someone.
I bought my phone with cash, my sim card, my minutes with cash, used a fake address and name, signed up to Google with a different fake name, bought a play card with cash, which was basically zero effort for me.
I do this whenever I buy a new phone. A new, clean slate.
I then, using my already existing infrastructure, only allow people to reach my mobile via a voip number. Done.
Yet everyone here thinks this is loads of work, with zero benefit. Welp, I disagree.
How does my VOIP number being in my friend's address book, enable Google to see that address book, and learn my mobile number?
My goal is not to ensure no one is capable of tracking me ; that's literally impossible. However, I do not want:
* Google to get my name, contact info, etc via my phone itself
* Google to link to me, by seeing my mobile phone in another person's contacts
This is why I give no one my mobile number.
If the Government, or if someone was suing me, or I was up to "no good", an exhaustive search would likely bear fruit. So? That's an entirely different animal.
> * Google to link to me, by seeing my mobile phone in another person's contacts
I'm pointing out that it takes only one of your friends or acquaintances to add your real mobile number to their address book alongside your VoIP number to ruin your system. People don't think twice about giving apps access to their address book. They're also regularly scooped up by malware.
Your scheme requires you to have perfect OpSec 100% of the time. Just human nature says you've probably goofed and given out your mobile number once or twice. There are enough huge database leaks that your info has probably been leaked by someone you don't even know.
I'm pointing out that it takes only one of your friends or acquaintances to add your real mobile number to their address book alongside
I said I don't give my mobile number out. Do you believe my friends work diligently to find this number out? And how would they get it? And why do you believe they would get it so easily.
I don't even know my number without looking in 'about phone'.
Your scheme requires you to have perfect OpSec 100% of the time. Just human nature says you've probably goofed and given out your mobile number once or twice.
I don't understand why you think I would do that? Or how it would happen by accident.
When someone asks my number, why would I give a number I never do, instead of the number I always do. Why would I even memorize my real number? I really don't understand why you think this is hard, tricky.
Or think it is a "scheme".
I use cash almost everywhere too. I have a friend who thinks this is strange, and sketchy. Cash. Sketchy. I just get bewildered when I encounter these types of thought processes...
Any toll-free number you call - at least within the +1 country code - can see your outbound number even if you hide it.
So if you’re in the USA and you have ever called your bank’s toll-free from your mobile they already have your cell phone number. you can try to sell yourself by googling for toll-free ANACs which will read your number back to you
This is helpful info, but I use voice on my mobile sparingly, and use my voip line most of the time. (I have a cordless + desktop voip phone at home and work).
And how might voice recognition play into this too? If you're not easily identified then you may draw more attention and more effort spent to determine who you are.
Do you mean SMS? I don't see a requirement that you use that. Yeah, that would be a pain. My SMS goes to a voip number that emails me the message, and that works most of the time, but a few jerky sites reject it. I just figured that the 2fa slows down requests to 2 per minute or whatever, the speed of TOTP codes changing.
I also don't know what a verified account is. If it's just email-confirmed then yeah, that is trivial. If it is a payment card that worked, or even further a shipping address that worked, that can be more annoying to game.
I had thought that it was only the Pi Zero series that had strict quantity limits, and that people were supposed to be able to buy lots of 4's if they wanted to.
Also, for most users (not all) there isn't really a pressing need for a 4, since the 400 has been plentiful and is basically a 4 in a different form factor, with an attached keyboard. I figured if I wanted a 4 before they became available again, I'd just get a 400. What I really want is some more Zeros and Zero W's, but I think those are both being replaced by the more power hungry and expensive Zero W2.
You dont need to hand over your mobile number, just get a raspberrypi, install freeswitch and sign up to a free voip number which happens to be in the range of numbers used by mobile phone operators.
https://www.sipgatebasic.co.uk/
I really dont know how they think they can use 2FA to stop all but the most basic of bots from buying up rpi's.
Unless you cycle across town every time you swap SIMs, I don't think this will help much. Just the fact that those two SIMs ping the same cell towers is enough for a bunch of data aggregators to correlate the numbers back to the same person.
2FA is not even remotely secure via sms, as shown 100 times over. The only reason google loves it so much, is it links your real life name to your accounts.
Use a seperate mobile number for all your 2fa, that way if one of your mates has say Truecaller - your number/name/email is not going to be out there with association.
This ads friction to the process of automating the buying process. Preventing bots is an endless cat and mouse game, every protection you put in place will be circumvented eventually. You just have to keep changing tactics and adding new layers. That’s what they are doing here.
Realistically the best protection that they could put in place is a rate/qty limit on the credit card being used. It can still be automated by using stolen cards, or one of the services that instantly creates new card numbers for you. But again it adds friction.
Also limiting the number of orders to delivery addresses would be a easy mitigation.
It wouldn’t surprise me if they are doing both of those already though.
These trivial mitigations at least filter out low-effort script kiddies. People gaming the system “for real” will put incredible effort into getting around your countermeasures. You always have to be one step ahead of them.
It may be “trivial” to someone with a high level of expertise. But the number of moving parts required in that automation does add a significant barrier to most the of “script kiddies” that are using bots.
You still need to automate account creation and setting up of a TOTP token, that’s not “easy” for a lot of people.
Low device limit per phone number/payment card, with the standard checks for VOIP would probably make things painful enough for most. Heck, outsource the bot checking and require a Facebook/Gmail/Apple/Twitter/whatever login. Intrusive as heck, but it works relatively well since those companies have already whacked a million moles.
You're misreading, you have to "verify" your account first as well as set up MFA.
Verifying just consists of confirming your email via a one-time token. Setting up MFA presumably just makes sure there's no impetus to hack a bunch of old accounts.
Perhaps for buying a ras-pi specifically, they'll require SMS verification.
SMS is hard to create large numbers of fake accounts because getting access to large numbers of phone numbers that aren't all in the same block is pretty hard.
There are several services that offer exactly this for 6-20 cents per verification, with a wide variety of numbers and geos, VOIP or Real ATT/Verizon Mobile etc, and easy to use API's.
Where in the world do they plan to hire people for these rates?
In India, the country with lowest the Big Mac Index as in [1], it would take 6.48h for the human-bot to pay for a Big Mac. And this excludes energy and internet bills and money transfer fees. The numbers just don't work.
That isn't the labor rate, that is the solve rate most captha are easy to automate. You are buying the image recognition and their random click like a human algorithm. Probably even have some intentional wrong clicks like someone who misses... they have a few humans (who make more than that rate) but only for the new ones that they haven't seen before, once they know that one it is automated.
I post the above in hopes that you realize captca isn't useful for anything and stop annoying me with them.
>The process of solving reCAPTCHA V2 Invisible is similar to the recognition of reCAPTCHA V2: we take the captcha parameters from the page in the form of the data-sitekey parameter and the page URL and transfer it to the 2Captcha service, where the employee solves it, after which the response is returned to us in the form of a token, which we need enter in the appropriate field to solve the captcha
I was under the impression these invisible "captcha" were much more difficult since a bunch of metadata just gets scooped off the device and sent in to some proprietary Google algorithm. I'd think it'd be hard for the service to generate enough unique fingerprints to prevent Google from detecting it's the same service solving them but maybe recaptcha just sucks
I'm guessing that most scammers haven't figured these exist yet. Or maybe the hit rate on scams is so low it isn't profitable anymore even at these rates?
I've been using the eye dropper a lot lately. It's great for making websites usable. It even works on mobile for disabling hostile ux elements such as "xyz is better with the app" nags.
I must’ve purged over 50% of visual elements from Fandom wikis with my uBlock filters. It’s outrageous how much garbage is served. I wonder what their UX design meetings look like.
A site:reddit.com/r/DaystromInstitute/ search with a plugin to redirect www. to old. if you're not logged in can replicate a lot of what Memory Alpha has from all the discussion. At least until Reddit finishes alienating everyone interested in weird niche discussion in favor of clickbait.
Even for areas where there is a community wiki (e.g. uesp, combineoverwiki), Google seems to prefer the Wikia/Fandom version with all the crap on the pages.
And a lot of those community wikis that originally set up not on Wikia intentionally, like minecraft, terraria and wowpedia wikis, ended up on Gamepedia which Wikia took over and reeled them back in.
Similarly, disabling the social features on SO was very useful. The "Hot network questions" block to the side is needlessly distracting and adds 0 value.
Well, the icons are just terrible, utterly insipid and lacking in power. It needs labels rather than icons, and better names for “zapper” and “picker” too (something like “remove elements from this page” versus “block elements from this site”).
I’m not sure if browsers apply height limits to these popups, but if not, almost every time there will be oodles of space for full labels and replacing the two single rows of buttons with columns. And even if scrolling is introduced, that’d still be better.
At least they now have tooltips - I remember when choosing "Advanced mode" (which you need for a lot of features) just disabled tooltips in the UI, on the theory that advanced users shouldn't need them! I (and likely many others) argued how crazy an assumption that was, that just because we understood how HTML and JS worked, we should remember a bunch of icons and what the dev decided they meant. Thankfully they were willing to listen and change the decision, and the UI is a lot better for it.
If you have some pull here, it would be really nice to have popups added to the grid in the middle of the dropdown where the colored boxes are. I use these very rarely and can never remember which column of colored boxes do what.
This is one of the best hidden features of uBlock. While we're on the topic, how does one effectively block facebook ads?
I've got simple rules to chop the ads from LinkedIn, but if you do an inspect on FB, they've been very sneaky about how the elements are set up, eg it doesn't just say "Sponsored" in a string, it's a weird mash that ends up looking like that when rendered but hard to nail down.
Then again I'm more of a backend dev, so maybe that's why I don't know what to do.
> weird mash that ends up looking like that when rendered but hard to nail down.
It is designed to be very hard to select automatically. It is also why I don't use Facebook more than 5 minutes a week - it is among the only services where ads annoy me.
> *Important News*: 4th September 2021: Sponsored Posts Issue: It seems Facebook have just changed their code for Sponsored Posts, so some people have started seeing Sponsored Posts in their Newsfeed again, I am working on fixing this, please be patient, thanks! *UPDATE* It seems for some people the sponsored posts are only getting through if your Newsfeed is set to "Top Posts", if you switch to "Most Recent", the Sponsored Posts should in theory disappear. The good news is that FBP has an option to keep you permanently on the "Most Recent" feed when you visit the Newsfeed, so that could possibly solve the issue for now, give it a try and let me know if that solves it for you. In the meantime, I will continue working on a more robust fix.
Open the FBP options screem by clicking the "FBP" button in the navigation bar at the top of the page.
Under the "Further options" heading there is a setting titled "News Sort: Most Recent". Tick that option, then click the "Save and Close" button.
As mentioned above this is not guaranteed to fix hiding the sponsored posts, but a lot of people are reporting success with it, as Facebook seem to pepper the "Top Posts" version of the Newsfeed with more ads than the "Most Recent" version, and "Top Posts" is Facebook's default setting for the Newsfeed.
This has the strange effect of removing every item in the feed, causing it to flash while waiting for a refresh, forever. Skeleton -> flash of new item -> skeleton -> etc
The eye dropper is also quite useful for writing userscripts and userstyles directly on Android; I tap the element, hit preview to see what happens (margins, padding, border collapse, etc), type a note at the end of the element name and sirens it to the clipboard, then move on. Back in the editor, I just paste my notes from the clipboard, and I can quickly write up a stylesheet override for a dynamic webpage without resorting to debugging on my desktop.
I don't understand why Firefox mobile can't be used to debug another Firefox mobile, I I'd love it if I could open devtools off to the side and see a live tree view instead of manually prefixing the URL with `view-source:` only to find out the html doesn't actually include any content.
This feature is so good but so confusing to use, really the best thing about ublock beyond the ad-blocking. I use very extensively, I almost wish it was a standalone tool, so that the filtering aspects could be shared more easily.
For some reason, Content Blockers on iOS only work on Safari. Other browsers on iOS are not allowed or able to implement them.
uBlock Origin is also more fully featured than Content Blockers, which don't have the on-demand whitelisting features and toggles. However, since uBlock Origin is only available as a browser extension, it can only be used with a browser that supports extensions. No browser on iOS is able to support uBlock Origin.
Firefox Focus on iOS blocks 78% with all tracker blocks are enabled, and 62% with the last “Block other content trackers” option disabled. Percentage figures are from test on https://d3ward.github.io/toolz/adblock.html.
Firefox Focus is a nice browser for certain use cases, but it can't compare to uBlock Origin, which scores 100% on that test for me on a fresh install with default settings (using Firefox on Android and desktop).
It's interesting how Firefox Focus on iOS also acts as a Content Blocker for Safari, but I find AdGuard to be more comprehensive on iOS.
Increasing YouTube ad display rates on mobile drove me to using the (somewhat clunky) AdGuard share button in safari that blocks ads when using YT in Safari. I’m just glad there is some option on iOS.
It is funny that Android has better adblock features (uBO on Firefox).
I was replying specifically to the first paragraph in the parent comment that other apps on iOS are not able to implement content blockers. Firefox Focus does appear to do just that. Obviously, not as effectively as uBlock Origin (thanks for testing!) but uBO isn’t yet available to install on Firefox on iOS.
(Edit since I can’t reply):
Firefox Focus does appear to implement iOS content blocker since it appears as an option under Safari settings for content blockers.
Firefox (standard and Focus) and other iOS browsers can block ads and trackers, but not as comprehensively as that API can. That API is limited to Safari due to platform restrictions, which I hope get removed in the future.
Firefox Focus appears under Safari settings > content blockers, along with more typical blockers like AdGuard. I think they both implement Content Blocker API.
The way Firefox Focus is implemented on iOS is a little complicated, since it's both a browser and a Content Blocker. As of 2017, Firefox Focus uses WKWebView as the webview component: https://github.com/mozilla-mobile/focus-ios/pull/507
WKWebView does not support the Content Blocker API. Ad blocking apps that use the Content Blocker API are only compatible with Safari and the SFSafariViewController component, which is very feature-limited and not suitable for a full web browser app:
As a workaround, Firefox Focus uses script injection to block ads and trackers within the browser part of itself, but the Content Blocker part of Firefox Focus only affects Safari:
However, both Firefox Focus and Safari (with the Firefox Focus Content Blocker enabled) score 78% on that test, so Firefox Focus might be good enough for web browsing on iOS if you're comfortable with its feature set and don't need the additional filter lists or custom rules that another third-party Content Blocker would offer.
Apple should still allow third-party browsers to use third-party Content Blockers, since this restriction is an unnecessary handicap for any non-Safari browser on iOS.
Brave on iOS only scores 77% for me with the default settings, which includes the "Block cross-site trackers" Shield setting. Do you have some other setting enabled?
One rather effective way to get much higher (approx 99%) on iOS is to use a DNS over HTTPS provisioning profile (or app), and use a DNS server that blocks ads.
If you run your own server, you can get to 100% by turning on blocking for a couple of hosts not in standard blocklists that this test has highlighted.
The DNS setting applies to most or all apps, as far as I can see, as it's applied as a system level provisioning setting. iOS 15 gives more visibility of this in the UI, but it works in iOS 14.
Yandex Browser on Android [which is based on Chrome] supports Chrome extensions. I'm running it with uBlock Origin, Privacy Badger and a few others. If an extension won't load directly from the Chrome Webstore you can toggle 'Developer Mode' under 'chrome://extensions' and load the downloaded and unpacked CRX directly.
I had high hopes for Kiwi Browser but, unfortunately its text-reflow feature has been broken since forever. Yandex Browser is the only one available on Android that ticks both those 'must have' boxes for me: full support for extensions and a functional text-reflow feature --without which a huge swathe of the web is unreadable for me, due to microscopic text sizes.
I know other browsers have their own built-in ad-blockers, but I prefer to use uBlock Origin across all my devices so, when I setup a new one, I can just import my existing rules & settings, built up and tweaked over many years, rather than start from scratch.
It also blocks the paywall in some webs that aren't too well designed (the content is loaded under a frame that hide it). It's great to have such a good tool.
