Category: Blog

Thoughts about IT, Data, Work Culture

When “Access Control” to sensitive Data is just a Number in a URL

Not long ago, I covered the Merkur hack from Lilith Wittmann – a glaring example of careless handling of sensitive data. And today, here we are again! Another service, another broken-by-design system. This time: the hotel chain Numa, exposing tens of thousands of identity documents to anyone with a URL and a browser.

What happened

I just came across this report by this post on Mastodon from the CCC. Their (german) post describes what happened. I’ll briefly try to outline it:

Continue reading When “Access Control” to sensitive Data is just a Number in a URL

A New Era of Social Media – Video by Elena Rossini

If you are not following Elena Rossini, you might have missed her really great video about the Fediverse. I find it a very nice and clean way – not focusing on technology but on us, the users. She doesn’t lecture or explain too much – she just shares what she’s found: a space that feels more human. No ads, no algorithmic pressure, just room to breathe and exchange. No ads, no algorithmic pressure, just us.

This video is a colorful introduction to the Fediverse, guided by filmmaker & Fediverse advocate Elena Rossini. Watch now to discover a whole new world of social media, one where privacy is respected, users are empowered, and Big Tech has no say.

Elena Rossini at: Introducing the Fediverse: a New Era of Social Media

Go check it out at Introducing the Fediverse: a New Era of Social Media!

And of course, follow @_elena@mastodon.social on Mastodon as well 🙂

PeerTube and Platform Control

I didn’t even plan to blog something today, but a couple of things came together around PeerTube that convinced me to drop a post today. But, maybe before we start … PeerWHAT? you might ask.

Interlude: What is PeerTube?

TL;DR: An open source / self hosted YouTube

PeerTube is a video platform that works a bit differently from sites like YouTube. Instead of one company running it, PeerTube is made up of many small, connected servers – so there’s no central control. You can watch, upload, and share videos just like you’re used to, but without ads or tracking. PeerTube also connects with other platforms like Mastodon, so videos can reach more people across the Fediverse. It’s a privacy-friendly option for discovering and sharing content on your terms.

A more technical description can be found on Wikipedia: PeerTube – Wikipedia

So what happened …

Continue reading PeerTube and Platform Control

DNS4EU: a private, safe, and independent European DNS resolver

Recently I switched my DNS Resolver to one of the European public DNS resolvers | European Alternatives mainly for privacy reasons after reading Cloudflare’s blog post about analytics in their free-tiers.

But I missed the malware protection. But today I just got aware of DNS4EU For Public!

DNS4EU is an initiative by the European Commission that aims to offer an alternative to the public DNS resolvers currently dominating the market.

https://www.joindns4.eu/about

It offers 5 different flavours:

  • Unfiltered resolution
  • Protective resolution: Blocks access to known malicious and fraudulent websites
  • Protective Resolution With Child Protection
  • Protective Resolution Ad-blocking
  • Protective Resolution With Child Protection & Ad-blocking

And also with some step-by-step guidelines for configuring DNS settings on a variety of platforms.

Just cool 🙂

Take Back the Stream: Support PeerTube’s Mobile App

Big Tech dominates online video. Algorithms, Ads, and tracking define what we see and who gets heard. PeerTube offers a real alternative – decentralized, open-source, and powered by its users, not corporations.

Now, PeerTube is taking a critical next step: building its first official mobile app. Framasoft, the nonprofit behind the project, has launched a crowdfunding campaign to make it happen.

Continue reading Take Back the Stream: Support PeerTube’s Mobile App

I found my replacement for LinkedIn!

If you’ve followed me, you might have noticed that I had pulled back my activities on LinkedIn gradually: I posted less, stopped interacting and deleted my content.

But I kept returning – only to feel the same mix of disappointment and annoyance every time. Eventually, I asked myself: Why did I keep coming back – even though it never felt useful?

Continue reading I found my replacement for LinkedIn!

AI Agents: Loyal Only to the Prompt

Recently I thought “If AI scrapers are scraping my website, would a prompt injection work? Just adding invisible Prompt commands …?”

And just today, a colleague sent me this link to an article about prompt injection in GitLab Duo: Remote Prompt Injection in GitLab Duo Leads to Source Code Theft:

TL;DR: A hidden comment was enough to make GitLab Duo leak private source code and inject untrusted HTML into its responses.

https://www.legitsecurity.com/blog/remote-prompt-injection-in-gitlab-duo

Well – it shows: damit! Someone else was faster! 😀

But besides that: it confirms a paranoid thought that I have been harboring for quite a while. Any output of an AI system must not be trusted blindly.

Continue reading AI Agents: Loyal Only to the Prompt

Torture for Bitcoin: When Crypto Gets Brutally Real

It’s one thing to know that each password can be stolen by kidnapping a person knowing the passwords and then “convincing” them to reveal it. But really reading that it (very likely) happened … feels strange.

I just read an heise article (Um Bitcoin zu stehlen: US-Kryptoinvestor hat wohl wochenlang Touristen gefoltert), citing an NBC-article (Crypto trader tortured Italian man in NYC home in bid to steal his bitcoin).

Oh well, that’s one of the services that traditional banks do. Making suchthings harder. Maybe not fully impossible, but harder than “enter password”.

Why “Open” may not Always be Enough

If you care about open source, open data, or open standards, you should read “What we in the open world are messing up in trying to compete with big tech“.

I found it a good critique on Open Source and why “technology” and an OpenSource Licence may not be enough to compete with BigTech players. The author doesn’t argue against OpenSource but he points some quite valid points.

You might say “look at your own GitHub repo first” but wait: The difference in my view is: Do you open-source something just to make it available for others as well or do you make an OpenSource project to compete with a commercial product / to position yourself as a valid alternative

Anyways, give it a read – and maybe follow his Blog as well!