> Basic stealth addresses can be implemented fairly quickly today, and could be a significant boost to practical user privacy on Ethereum. They do require some work on the wallet side to support them
So how easy is it realistically? I hope it's not going to un-ergonomic like PGP where novices are sometimes seeing to be pasting their private key into e-mails and sending things in plaintext which should have been ciphertext, or otherwise leaking info.
I imagine you have to be really careful not to mess things up here.
There’s no reason for there to be any sharp edges or foot guns.
The “meta-address” published by the receiver has everything in it needed to generate a one time address on the sender side, and it should all “just work” from a sender’s wallet perspective once a standard is reached.
There’s nothing a sender can do wrong really unless the wallet code is broken. On the receiver side the private key will never look like an “address” so it would be hard to confuse the two.
> A DID controller is an entity that is authorized to make changes to a DID document. The process of authorizing a DID controller is defined by the DID method.
> The controller property is OPTIONAL. If present, the value MUST be a string or a set of strings that conform to the rules in 3.1 DID Syntax. The corresponding DID document(s) SHOULD contain verification relationships that explicitly permit the use of certain verification methods for specific purposes.
> When a controller property is present in a DID document, its value expresses one or more DIDs. Any verification methods contained in the DID documents for those DIDs SHOULD be accepted as authoritative, such that proofs that satisfy those verification methods are to be considered equivalent to proofs provided by the DID subject.
/? "Certificate Transparency" blockchain / dlt ... QKD, ... Web Of Trust and temp keys
What does Interledger Protocol say about these an in-band / in-channel signaling around transactions?
> A registry of "Payto Payment Target Types" is described in Section 10. The registration policy for this registry is "First Come First Served", as described in [RFC8126]. When requesting new entries, careful consideration of the following criteria [...]
DID URIs are probably also already payto: URI-scheme compatible but not yet so registered?
> ILP addresses provide a way to route ILP packets to their intended destination through a series of hops, including any number of ILP Connectors. (This happens after address lookup using a higher-level protocol such as SPSP.) Addresses are not meant to be user-facing, but allow several ASCII characters for easy debugging.
The 'Best viewed with Internet Explorer'[0] GIF triggers severe nostalgia.
IE was the dominant browser at the time, and these propaganda buttons just reinforced the idea that IE was the only browser you should be using. Still see the odd site saying 'Works best in Chrome' as if Chrome was the new IE.
Personally though, if your site is one of those annoying SPA (Single Page Apps) and doesn't work in Lynx[1], you're doing it wrong IMHO.
Nearly tempted to put a button on my sites saying: 'Best viewed in Lynx'.
Recently enough to have been unacceptable, the director of our internal apps team decided to only support IE when they redid the intranet site. This, in a place that installs Firefox on all endpoints and proxy logs showing less than 50pct IE usage.
He was unamused when I started posting "screenshots" with "best viewed in ie" logos added.
To this day I have encountered several sites (sort of public, behind logins) that refuse to load if "Gecko" is in the user agent and display variations of "This site requires Google Chrome or Microsoft Edge to work. Please install one of these browsers and ensure it is up to date to proceed."
A user agent spoof extension solves the problem because there's actually nothing used that Firefox doesn't support. Maybe there was, one day, but someone forgot to keep up, or didn't want to.
This has happened for me within the last 3 months with both a widely known financial application provider rhyming with "I'm a twit" and an educational software provider rhyming vaguely with "Crack jorts"
The Netscape banners do it for me, as the time when Netscape was dominant was a great time for me. The internet was a huge vault for me, and every time I dialed in I felt that rush. Every minute counted because we paid by the minute.
Netscape is also Mozilla's spiritual father.
Lynx didn't have JS support. Which was a blessing and a curse.
I have a Glinet[0] router that has Tor functionality and 'torifies' your connection, so even if there's some JS 0day that executes trying to decloak me, the adversary just gets a Tor IP instead of my home connection IP.
Note: I connect to Tor from my torified Glinet router which is doing Tor-over-Tor which is considered 'dangerous'[1] but I do it anyway.
This might be overkill for most, and I'm not doing anything illegal (I mostly browse clearnet sites instead of hidden services anyways).
If you read through the 10 year old presentation linked[0] you'll see they have ways to break just running over Tor. You really need to be running Tor on the machine, possibly via a VPN (like Mullvad or VPS+Wireguard/SSH), and either using Tor Browser, Whonix/Tails, or QubesOS.
My (updated) understanding is that running all things via Tor is slow without as much benefit as just a normal VPN and that if anything you use throw away VMs or Tor Browser sessions to avoid any way to correlate. Also note that a well known attack is simply knowing a connection is currently happening (preferably a long-running one) and cutting off the internet in suspected areas until the connection drops. So I guess either you need to avoid long running connections (I think you could do this in the local firewall?) or have redundant network connections like Dual ISP or ISP + LTE on something like Opnsense (cause wow, is it difficult to do this on Linux. I intend to blog about it someday soon).
Revisit old notes and take action on them. Be a bit more adventurous online, try out new services, websites, tools, no-code solutions like Zapier etc
Be more active on Twitter. I know it's a strange place to hang out on now, and my timing is probably wrong, but I want to leverage it and gain some new friends and learn a thing or two.
Stop doomscrolling. I'm a news junkie, and need to stop reading so many gloomy headlines. I want to pay attention to what interests me. I will still glance at world news just to get a feel for where we're at and what's going on, but I will not binge on news like I used to.
> Neeva is 100% ad-free and never sells or shares members' data with any third party. Neeva's Free Basic membership is completely free and full-featured, allowing members to search both the web and connected personal accounts like Gmail or Dropbox (subject to certain usage limits), set news and shopping preferences, and search from multiple devices.
> To earn money, Neeva offers a Premium membership tier where some members choose to pay a monthly fee and receive best-in-class privacy-protecting tools, as well as other exclusive insider benefits.
Looks like the $$$ they get from premium subscriptions finances their 'free' offering, but as with all services with this model I am skeptical of anything 'free' since it could be powering their AI and later down the line that will be potentially abused or weaponized.
Thanks for the link - I tried to find a pricing page or equivalent but obviously didn't look hard enough. One thing to note is that the basic search appears to only allow 50 queries per month, and limited use across devices, so it seems they are really just using it as a teaser. That makes me feel better about the product actually, as it suggests against a business model of trying to monetize personal information.
It is half the price of Kagi though, so either they have a lower cost structure somehow or they are currently running it at a loss
Certified ailurophile[0] here. I've found the gentle hum of purring very soothing, almost like having a hot chocolate on a cold day, or chicken soup. It's very comforting, and I'm lead to believe the specific frequency of the hum is in line with nature and The Universe itself. It has the same frequency of the Omm mantra which is apparently the frequency our bodies emit when we're in full health and homeostasis or in a meditative trance.
There is nothing that has made me at peace more than my little feral kitten that is now 17 and Senior but healthy and no pain sits on my chest cavity when I’m laying down, tucks her paws under her chest, then purrs away squinting.
I can feel it resonate in my body and it feels like a special gift not everybody gets…the love of a feral feline.
Purring is one of the minor technological/genetic innovations in Margaret Atwood's pre/post apocalypse Maddaddam trilogy, though not involving cats as we think of them.
> Uncertainty does not mean things will get worse. It only means we know less and have less control.
People naturally loath feeling out of control. Sometimes control is an illusion, other times it has a solid foundation and is not a mirage. The trick is to recognize real control and see some value in that. We cod ourselves when control is an illusion.
Every computer science problem eventually ends with The Unicode Problem and its various agendas. Personally I avoid Unicode in my editor and use ASCII at all times. If I have to deal with Unicode, I escape it into the relevant ASCII equivalent and normalize things like emojis to ASCII. This avoids various headaches down the line, since Unicode is not cross-compatible across devices and having everything in ASCII is a saner way to approach that.
> This avoids various headaches down the line, since Unicode is not cross-compatible across devices and having everything in ASCII is a saner way to approach that.
Did you mean to say that not all programs support Unicode? It's been a long time — at least a decade — since I ran into a device which doesn't support it at all, as opposed to something like PHP code which has built-in support but didn't enable it.
So how easy is it realistically? I hope it's not going to un-ergonomic like PGP where novices are sometimes seeing to be pasting their private key into e-mails and sending things in plaintext which should have been ciphertext, or otherwise leaking info.
I imagine you have to be really careful not to mess things up here.