1
0
Fork 0

New post: Woman who would have been revered prophetess 4,000 years ago now relegated to clicking links, opening tabs

This commit is contained in:
Lethe Beltane 2022-11-01 04:14:03 -05:00
parent cf478cd095
commit 75023b6eb6
Signed by: lethe
GPG key ID: 21A3DA3DE29CB63C
6 changed files with 60 additions and 1 deletions

55
blog/2022/november/ld.html Executable file
View file

@ -0,0 +1,55 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Woman who would have been revered prophetess 4,000 years ago now relegated to clicking links, opening tabs - Archive - MayVaneDay Studios</title>
<link href="../../../style.css" rel="stylesheet" type="text/css" media="all">
<meta name="author" content="Vane Vander">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
</head>
<body class="mayvaneday">
<article>
<div class="box">
<h1>Woman who would have been revered prophetess 4,000 years ago now relegated to clicking links, opening tabs</h1>
<p>published: 2022-11-01</p>
</div>
<hr>
<div class="box">
<p>One of the funniest genres of emails I get in relation to my personal projects is the man (it's always been a man, <em>every single damn time</em>) who clearly has no idea how I manage to keep Let's Decentralize running and thinks he can improve on operations and fails immensely.</p>
<p>Nothing will top the Lokinet dev who came into my inbox unsolicited one day, looked at my site, and thought to himself, "Oh dear. An SVG of an outdated logo. You know how I can fix this? Being a condescending ass and then sending her the <em>blurriest JPEG</em> that's ever existed and demanding she use that as the logo instead." Needless to say, I did not change the logo. I instead put a note in the Lokinet section stating that the daemon doesn't seem to work when compiled from source (no sites will connect) and that the Lokinet developers haven't yet proven themselves trustworthy enough to not secretly be injecting other code into their precompiled binaries. "Chief" did not bother me again after that. (Despite the source code having been fixed for Debian since, the build instructions for FreeBSD conveniently omit that <code>libtool</code> and <code>automake</code> also need to be installed. And it doesn't compile. Maybe stop jerking off your shitcoin for a few minutes and fix that?)</p>
<p>I also occasionally get random scripts claiming to automate the task of checking if every individual site on each link list is still up. As if, if I wanted to use a script, I'm not perfectly capable of writing one myself. But the problem with these scripts, or any automation really, is that they invariably only check to see if the server returns the HTTP status <code>200 OK</code>. There are a lot of failure modes that require action on my part to keep the list safe and organized that would still return <code>200 OK</code> in a script:</p>
<ul>
<li>A completely blank page.</li>
<li>A site that was innocuous when I added it to the list, like a search engine or an anonymous mail service, that has now sold out and become a CSAM distributor. I remove these the instant I find them.</li>
<li>An instance of a privacy frontend, like Nitter (for Twitter), becoming an instance for a different frontend that proxies a different service, like Invidious (for YouTube). I keep these, but move them to their new proper sections.</li>
<li>A message from the admin stating that they aren't going to be running the site anymore and that it should be removed from the user's bookmarks and link lists.</li>
<li>A misconfigured nginx server that used to serve a hidden service but doesn't any longer, but the hidden service is still configured in Tor. The request for the hidden service hits nginx, but since it's no longer a defined site, nginx redirects the request to whatever site has been configured as default, meaning the user is now browsing a clearnet site. The clearnet site then returns <code>200 OK</code>, misleading the script into thinking the check was successful.</li>
</ul>
<p>The difference between Let's Decentralize and other collectors of Tor links is that I individually click on <em>every single link</em>, <em>every week</em>, to check to see if the site is still what it was when I last checked it. I used to be able to do this in a single Sunday morning before I went to work, but now the Tor list is so damn long that I have to limit myself to an hour a day for my own sanity and start on Thursday or Friday so that I can still push the finalized list every Sunday. I don't know of any other link lists or Hidden Wiki clones that do this. They simply do what the people sending me the scripts want me to start doing and check for an HTTP <code>200 OK</code> response. That's why you go onto sites like "Fresh Onions" and see a bunch of CSAM and porn and scam markets <a href="../may/divide.html">clogging everything up</a>, or find a list that's organized but everything is horrifically outdated and half of the sites are dead and there's been no new additions since the list was originally uploaded.</p>
<p>Speaking of no new additions, I'm starting to hit the upper wall of services to add that aren't pornography or markets. You may have noticed that, over the course of this year, the Tor link list has more than tripled in size. This isn't due to a <a href="https://web.archive.org/web/20221030085838/https://www.britannica.com/science/Cambrian-explosion">Cambrian explosion</a> of new hidden services, but because my methods of finding them has gotten better. If I somehow, despite my myriad backups both online and offline, managed to completely lose the files to Let's Decentralize and had to bootstrap the list again from scratch, here's how I would go about finding hidden services:</p>
<ol>
<li>Find one of the legion <a href="https://archive.ph/0E2yB">Hidden Wiki</a> clones floating around. Most of the sites linked there are for cryptocurrencies or markets, but near the bottom is usually a small collection of blogs and personal pages. Add those personal pages to the list and check to see if they have any lists of their own; if they're on the darknet, they usually have at least a small handful.</li>
<li>Go to one of the "Fresh Onions" mirrors. (I can't link any because, as I stated before, these are flooded with links to CSAM.) Click on anything that looks interesting from the first few pages. As long as it's not porn or a market or displaying highly objectionable material, it goes on the list. Note that sometimes the links can be marked red for "not available" when really their web servers have just been configured to block requests from suspected web scrapers.</li>
<li>Go to <a href="http://juhanurmihxlp77nkq76byazcldy2hlmovfu2epvl5ankdibsot4csyd.onion/onions/">Ahmia's list of known onion services</a> and <a href="../may/divide.html">manually scrape the titles from all of them</a> to try to find ones that look interesting. I picked Ahmia because it claims to remove URLs to sites that distribute CSAM. I wish all Tor hidden service search engines did that...</li>
<li>Sign up for a free Shodan account. Shodan lets you search by HTTP headers. Because the "Onion-Location" header is <a href="https://web.archive.org/web/20221029072927/https://community.torproject.org/onion-services/advanced/onion-location/">often used to signal that a site has a mirror on Tor</a>, you can find hidden services (whose clearnet mirrors haven't blacklisted Shodan's IP ranges in <code>iptables</code>) by handing Shodan the following query in the search box:</li>
</ol>
<p><code>onion-location -http.title:&quot;Globaleaks&quot; -http.title:&quot;Sign in&quot; -http.title:&quot;Hack This Site&quot; -http.title:&quot;302 Found&quot; -http.title:&quot;Log in&quot; -http.server:&quot;GlobaLeaks&quot;</code></p>
<p>Free accounts on Shodan can only view the first two pages of results. This can be bypassed, <em>kind of</em>, by going to the left sidebar and right-clicking each country code to open it in a new tab. The query above also filters out by title certain sites that have lots of duplicate mirrors or are just blank pages. If Shodan didn't restrict free accounts to only the first two pages of a search, this wouldn't be a problem. You can theoretically <a href="https://web.archive.org/web/20221030175723/https://account.shodan.io/billing">pony up $50 one time to get access to twenty pages per search</a>, but that seems a bit pricey considering that finding Tor hidden services is the only thing I'd use it for.
<ol start="5">
<li>Lurk in places like r/onions and the technology boards on imageboards and other places online where people discuss Tor. Invariably there will be threads where people ask for links to hidden services or show off ones that they've made themselves.</li>
</ol>
</p>
<p>Personally, given the amount of effort I've put into Let's Decentralize since I broke it off from MayVaneDay a few years ago, I'd rather just trust my backups. Although I suppose I will die one day, maybe sooner than later, and someone else will inherit all this mess. If you, the reader, think you can do this better than me, are <em>you</em> prepared to take up all the effort detailed above and relegate yourself to clicking links and opening tabs?</p>
</div>
<hr>
<div class="box">
<p align=right>CC BY-NC-SA 4.0 &copy; Vane Vander</p>
</div>
</article>
<script data-goatcounter="https://stats.letsdecentralize.org/count"
async src="//stats.letsdecentralize.org/count.js"></script>
<noscript>
<img src="https://stats.letsdecentralize.org/count?p=/blog/2022/november/ld.html">
</noscript>
</body>
</html>

View file

@ -105,7 +105,7 @@
</table>
<p>Conclusion: <strong>as far as Tor-available email providers go, ProtonMail has the highest deliverability</strong>. SecTor.City has piss-poor deliverability, but they work for the purposes of getting a ProtonMail account. <strong>If you don't want to daisychain email providers together like this, Onion Mail comes in second</strong> but also has a relatively low quota of emails you can send per day on the free plan, a fact which considerably slowed my research for this post down.</p>
<p>But anonymous email addresses are kind of useless if you don't already have someone you want to talk to. So I took my new plethora of addresses and attempted to sign up for some mainstream social media sites.</p>
<p>Reddit isn't nearly as hostile to Tor users as I had expected. They accepted my Onion Mail address without issue. However, reCAPTCHA, better known as "please click seven thousand traffic lights", kept accusing my IP of being part of a botnet. I had to restart Tor Browser no less than <em>seven</em> tims (I counted) before I got a clean IP that reCAPTCHA would let through. My problems with Reddit after that were less "ew, Tor user" and more "AutoMod is set to remove posts/downvotes from extremely new accounts"... until suddenly the "join" button on subreddits stopped working. Although maybe that was just Jett trying to keep me from purposely wading into cringe.</p>
<p>Reddit isn't nearly as hostile to Tor users as I had expected. They accepted my Onion Mail address without issue. However, reCAPTCHA, better known as "please click seven thousand traffic lights", kept accusing my IP of being part of a botnet. I had to restart Tor Browser no less than <em>seven</em> times (I counted) before I got a clean IP that reCAPTCHA would let through. My problems with Reddit after that were less "ew, Tor user" and more "AutoMod is set to remove posts/downvotes from extremely new accounts"... until suddenly the "join" button on subreddits stopped working. Although maybe that was just Jett trying to keep me from purposely wading into cringe.</p>
<p>Something with Tor Browser's implementation of uBlock Origin prevented me from completing the Twitter signup, even via the <a href="https://twitter3e4tixl4xyajtrzo62zg5vztmjuricljdp2c5kshju4avyoid.onion">hidden service</a>. Smashing the F12 button on my keyboard revealed that uBlock Origin was blocking a third-party domain used to load "Arkose challenges", which Twitter uses instead of captchas. For example, one of the "Arkose challenges" shows six images of monochrome dice with symbols on them, and you have to pick the image where two of the dice have the same symbol on top. Temporarily disabling uBlock Origin allowed me to complete these, but then Twitter threw a "we can't complete your signup right now" error. So I booted up Falkon and configured it to use a random proxy from <a href="https://openproxylist.com">this free proxy list</a>. It worked for a few hours until my account was locked for "suspicious activity". I did another "Arkose challenge" to prove I was a human, but I ended up locked out of the account anyway because Twitter demanded I give them a phone number.</p>
<p>I didn't test Facebook or Instagram despite a Tor hidden service for Facebook existing because I already knew I'd get locked out of any account I made in five minutes with a demand to see my driver's license. Tumblr works fine if you can get past the billion captchas every time you want to log in. Ovarit works fine if you have an invite code, although I don't know why you'd want to join <a href="./ovarit.html"><em>that</em> cesspit given recent events</a>. I'm sure ThePinkPill will work fine once (if) registrations open up again.</p>
<p>In conclusion, the "age" of anonymous email is <em>far</em> from over. Providers who don't need to know any information about you are still alive and well. As with anything that research-allergic boomers or technological doomers think is dying, anonymous email is still out there... you just have to know where to look.</p>

View file

@ -18,6 +18,7 @@
<div class="box">
<h2>2022</h2>
<ul>
<li>November 1 - <a href="./2022/november/ld.html">Woman who would have been revered prophetess 4,000 years ago now relegated to clicking links, opening tabs</a></li>
<li>October 25 - <a href="./2022/october/email.html">Anonymous email is still alive and well</a></li>
<li>October 24 - <a href="./2022/october/ovarit.html">Short statement on the Ovarit situation</a></li>
<li>October 6 - <a href="./2022/october/yggdrasil.html">Theoretical design for a female-only internet</a></li>

View file

@ -1,5 +1,6 @@
# MayVaneDay ASS (https://tilde.town/~dzwdz/ass/) feed
2022-11-01 https://mayvaneday.org/blog/2022/november/ld.html Woman who would have been revered prophetess 4,000 years ago now relegated to clicking links, opening tabs
2022-10-25 https://mayvaneday.org/blog/2022/october/email.html Anonymous email is still alive and well
2022-10-24 https://mayvaneday.org/blog/2022/october/ovarit.html Short statement on the Ovarit situation
2022-10-06 https://mayvaneday.org/blog/2022/october/yggdrasil.html Theoretical design for a female-only internet

View file

@ -44,6 +44,7 @@
<div class="box">
<h3>Announcement Box</h3>
<ul>
<li>2022-10-31: <span class="lesbian">Congratulations on graduating, Jett!</span> I'm so very proud of you! I can't wait to see all you'll accomplish in this next chapter of your life.</li>
<li>2022-10-24: Sorry, I ended up being wrong about the below. I still feel like shit, but I'm back to writing. Task failed successfully?</li>
<li>2022-10-18: Not much motivation to write lately. Still reeling from the betrayal and loss of a dear friend... and also finally getting some new dressers in my room. Not sure of the direction I want to take this site in the future. <del>Don't expect anything new until November at the very least.</del></li>
<li>2022-10-07: If there was a website dedicated to harassing someone I loved, I'd do everything I could to get it taken offline, "freeze peach" be damned. Maybe I'm just built different.</li>

View file

@ -53,6 +53,7 @@ article a, ul a, td a, .bruh {
pre {
font-size: small;
overflow: auto;
}
hr {