How can I check to see if a given Onion Service is still in-use?

To be clear: I'm not asking about just Onion Services bound to port 80. Of course I can just curl it, but that won't tell me if the Onion Service is running something on another port.

I'm trying to find an XMPP server that uses an Onion Service. I found several lists of XMPP servers and their .onion names, but I expect most of these services are offline.

2n3tvihf4n27pqyqdtcqywl33kbjuv2kj3eeq6qvbtud57jwiaextmid.onion
32qywqnlnqzbry42nmotr47ebts3k6lhiwfob6xniosmepz2tsnsx7ad.onion
4colmnerbjz3xtsjmqogehtpbt5upjzef57huilibbq3wfgpsylub7yd.onion
6voaf7iamjpufgwoulypzwwecsm2nu7j5jpgadav2rfqixmpl4d65kid.onion
6w5iasklrbr2kw53zqrsjktgjapvjebxodoki3gjnmvb4dvcbmz7n3qd.onion
7drfpncjeom3svqkyjitif26ezb3xvmtgyhgplcvqa7wwbb4qdbsjead.onion
ae3w7fkzr3elfwsk6mhittjj7e7whme2tumdrhw3dfumy2hsiwomc3yd.onion
chillingguw3yu2rmrkqsog4554egiry6fmy264l5wblyadds3c2lnyd.onion
fzdx522fvinbaqgwxdet45wryluchpplrkkzkry33um5tufkjd3wdaqd.onion
gku6irp4e65ikfkbrdx576zz6biapv37vv2cmklo2qyrtobugwz5iaad.onion
gois4b6fahhrlsieupl56xd6ya226m33abzuv26vgfpuvv44wf6vbdad.onion
j4dhkkxfcsvzvh3p5djkmuehhgd6t6l7wmzih6b4ss744hegwkiae7ad.onion
jabjabdea2eewo3gzfurscj2sjqgddptwumlxi3wur57rzf5itje2rid.onion
jaswtrycaot3jzkr7znje4ebazzvbxtzkyyox67frgvgemwfbzzi6uqd.onion
jeirlvruhz22jqduzixi6li4xyoweytqglwjons4mbuif76fgslg5uad.onion
jukrlvyhgguiedqswc5lehrag2fjunfktouuhi4wozxhb6heyzvshuyd.onion
mrbenqxl345o4u7yaln25ayzz5ut6ab3kteulzqusinjdx6oh7obdlad.onion
nixnet54icmeh25qsmcsereuoareofzevjqjnw3kki6oxxey3jonwwyd.onion
qawb5xl3mxiixobjsw2d45dffngyyacp4yd3wjpmhdrazwvt4ytxvayd.onion
qwikoouqore6hxczat3gwbe2ixjpllh3yuhaecixyenprbn6r54mglqd.onion
qwikxxeiw4kgmml6vjw2bsxtviuwjce735dunai2djhu6q7qbacq73id.onion
razpihro3mgydaiykvxwa44l57opvktqeqfrsg3vvwtmvr2srbkcihyd.onion
rurcblzhmdk22kttfkel2zduhyu3r6to7knyc7wiorzrx5gw4c3lftad.onion
szd7r26dbcrrrn4jthercrdypxfdmzzrysusyjohn4mpv2zbwcgmeqqd.onion
xdkriz6cn2avvcr2vks5lvvtmfojz2ohjzj4fhyuka55mvljeso2ztqd.onion
xiynxwxxpw7olq76uhrbvx2ts3i7jagqnqix7arfbknmleuoiwsmt5yd.onion
xmppccwrohw3lmfap6e3quep2yzx3thewkfhw4vptb5gwgnkttlq2vyd.onion
ynnuxkbbiy5gicdydekpihmpbqd4frruax2mqhpc35xqjxp5ayvrjuqd.onion
yxkc2uu3rlwzzhxf2thtnzd7obsdd76vtv7n34zwald76g5ogbvjbbqd.onion

I don't want to eliminate them just for not running an HTTP server (eg port 80, 443, 8080, etc). Nor do I want to eliminate them for not running on a common XMPP port (5222, 5223, 5269, 5298, 8010). I'm trying to find something that checks if an Onion Service has been used in the past days/weeks without requiring me to test a connection on a given port.

My understanding is that Onion Services will (by default) generate and publish hidden service descriptors (HSDir).

Is there some way I can query the Tor directory of HSDirs to see if a given Onion Service is still active?

cross-posted from: https://slrpnk.net/post/29618613

cross-posted from: https://slrpnk.net/post/29617623

The linked fedi comment is a bit alarming. In a GDPR region, a prospective mortgage borrower was denied a home loan because the bank knew how much he spent on wine.

The post gets errors (as if it were censored?), but I can reach it only within a slrpnk.net cache of the comment. I will quote it here in case others also cannot reach the comment:

Anonymity is very important.

Here's a example why, that recently happened to a workmate:

He applied for a mortgage to buy a house. The application was denied 3 times, despite his having been employed at the same place for 20 years, paid all his bills on time and never received so much as a parking ticket. Finally, after insisting heavily and threatening to sue, his bank provided the reason why: his purchasing habits included too much alcohol.

Or said another way: the bank watched what he purchased when doing his groceries for years and quietly classified him as a wino and potential deadbeat.

I can tell you, when I do my groceries, and back when I still smoked, I never paid for alcohol or tobacco with anything other than cash, for that very reason. The only things I pay for with plastic paint the portrait of a boring working stiff with no habits out of the ordinary. For the rest, it's cash-only.

And if you want another example of why anonymity is important: a few years ago, I sought the help of an underground surgeon to perform a certain type of surgery on me that my stupid doctors here refused to perform, despite my quality of life going to shit (it's a long story...)

Guess what: underground surgeons don't take credit cards. The man changed my life for the better but I certainly don't want my local health insurance to know about it. Was it illegal? Hell yes. Was it justified? Hell yes. Legal and right are two different things.

And similarly, I expected many women post Roe v. Wade would like to have the opportunity to get an abortion out of state anonymously without going to jail.

That's why anonymous payments are essential: they are the last rampart between you and unjust laws and prejudice.

This story should really get some serious press. I tried searching the enshitified web for stories similar to this and got no hits. WTF.

How are banks getting such detail as to know what people are buying?

My expectation: the bank should only know the total amount of the grocery store transaction, not an itemised list of what someone buys. WTF is going on here? It’s a data minimisation failure on the part of the grocery store and also on the part of the bank who over-collected data. And most importantly, the payment processor. What possible grounds does the payment processor have to put that data in the protocol and pass it along?

And a transparency failure. On what scale is this happening in the EU?

I hope, at least, that the 3 denials were from the applicants own bank.

cross-posted from: https://piefed.social/c/Europe/p/1426423/danish-eu-council-presidency-drops-chat-control-it-s-dead-for-now

The Danish government will no longer push for chat control! > > Here's a machine translation of what the Danish newspaper Berlingske has to say about it. > > Fair warning: The journalists in Berlingske don't seem to have the slightest idea what they are talking about, and are enthusiastically gobbling up the Kool-Aid served to them by Danish Minister of Justice Peter Hummelgaard, a man who is on the record claiming that privacy is not a human right (it is). Don't expect to gain any worthwhile neural connections in your brain by reading the below. > > *** > >

Danish proposal on digital child protection dropped after German criticism >

> Danish EU presidency could not create support for proposals to scan messages for abuse material. > > The government will no longer force tech giants to scan citizens' messages for imagery of sexual abuse of children. > > The Danish EU Presidency is thus withdrawing its proposal after Germany and later the ruling Moderates have opposed it. This is stated in a written comment. > > "This will mean that the injunction will not be part of the EU Presidency's new compromise proposal and that it should continue to be voluntary for tech giants to track down material with child sexual abuse," Justice Minister Peter Hummelgaard said. > > He sits at the table end in the work to get the CSA regulation adopted under the Danish EU Presidency, which lasts until the New Year. > > The regulation was originally proposed by the European Commission in 2022. It will be able to force tech companies to scan the contents of private citizens’ images and videos on encrypted services. > > But both Germany and since the Moderates withdrew their support for the proposal because it was too intrusive. > > Hummelgaard, however, believes that Denmark's proposal was less intrusive than the EU Commission's original proposal. And he highlights that Save the Children, Unicef, Children's Terms and Digital Responsibility gave their clear backing. > > However, the risk of losing an important tool is highly weighted. > > "Right now, we are in a situation where we risk completely losing a central tool in the fight against sexual assault against children, because the current scheme that allows for voluntary scanning expires in April 2026," he said. > > That's why we have to act no matter what. We owe it to all the children who are subjected to monstrous abuses, says Peter Hummelgaard. > > The government's original proposal will break with fundamental freedoms and will potentially result in mass surveillance of citizens in the EU, the critics said. Among other things, they count hundreds of scientists and experts, the Dataetian Council and the tech giants themselves. > > Germany has directly called it "mass surveillance" in the past. > > "The mass surveillance of private messages must be taboo in a rule of law," the German Ministry of Justice wrote at X. > > Save the Children calls the previous volunteer tracing via scanning a "huge success" and is frustrated that there was no backing for a compromise. > > "We are deeply concerned and frustrated that there has been no European support for a compromise where tech companies may be required to track down and remove photos and videos with sexual assaults on children," senior adviser at digital child protection Tashi Andersen said in a written commentary.

We're thrilled to announce that BusKill was the recipient of a $1,031 microgrant from FUTO!

Can't see video above? Watch it on PeerTube or on YouTube at youtu.be/Qr0VusrG1jE

We're elated to see BusKill join the ranks next to CryptPad, ExifTool, KeePassXC, Whonix, Wireshark, Tor Project, Calyx, and numerous other awesome projects that have received grants from FUTO.

Iterate with us!

Want to print your own BusKill cable? We'll cover your expenses for filament, magnets, and pogo pins.

We plan to use these funds to document our 3D-Printable BusKill Dead Man Switch. And we need your help!

The BusKill project is looking for a volunteer to write the documentation describing how to print and build your own BusKill cable. The documentation will be written for our Sphinx Documentation Site in reStructuredText and pushed in git.

If you have access to a 3D-Printer, please contact us to receive funds to buy the components needed to document the build of a 3D-Printed BusKill.

What is BusKill?

BusKill is a laptop kill-cord. It's a USB cable with a magnetic breakaway that you attach to your body and connect to your computer.

Watch the BusKill Explainer Video for more info on PeerTube or youtube.com/v/qPwyoD_cQR4

If the connection between you to your computer is severed, then your device will lock, shutdown, or shred its encryption keys -- thus keeping your encrypted data safe from thieves that steal your device.

Support BusKill

We're looking forward to continuing to improve the BusKill software and looking for other avenues to distribute our hardware BusKill cable to make it more accessible this year.

If you want to help, please consider purchasing a BusKill cable for yourself or a loved one. It helps us fund further development, and you get your own BusKill cable to keep you or your loved ones safe.

Buy a BusKill Cable
https://buskill.in/buy

You can also buy a BusKill cable with bitcoin, monero, and other altcoins from our BusKill Store's .onion site.

Stay safe,
The BusKill Team
https://www.buskill.in/
http://www.buskillvampfih2iucxhit3qp36i2zzql3u6pmkeafvlxs3tlmot5yad.onion/

France’s data protection watchdog CNIL on Wednesday fined Google €325 million ($380 million) and fast-fashion retailer Shein €150 million ($175 million) for violating cookie rules. The record penalties target two platforms with tens of millions of French users, marking among the heaviest sanctions the regulator has imposed.

cross-posted from: https://lemy.lol/post/48506189

TLDR: Drug dealers in Catalonia have started to adopt GrapheneOS en masse leading to Catalan police suspecting anyone with a Google Pixel is a drug dealer

cross-posted from: https://lemmy.sdf.org/post/38321143

TikTok was fined 530 million euros ($620 million) in May by the Data Protection Commission over European data transfers to China, though the Chinese social media giant had insisted this data was only accessed remotely.

The DPC on Thursday said it had been informed by TikTok in April that "limited EEA user data had in fact been stored on servers in China," contrary to evidence presented by the company.

The regulator said it had expressed "deep concern" in its previous investigation that "TikTok had submitted inaccurate information".

[...]

cross-posted from: https://piefed.zip/post/131103

Like it or not, artificial intelligence has become part of daily life. Many devices — including electric razors and toothbrushes — have become AI-powered," using machine learning algorithms to track how a person uses the device, how the device is working in real time, and provide feedback. From asking questions to an AI assistant like ChatGPT or Microsoft Copilot to monitoring a daily fitness routine with a smartwatch, many people use an AI system or tool every day.

While AI tools and technologies can make life easier, they also raise important questions about data privacy. These systems often collect large amounts of data, sometimes without people even realizing their data is being collected. The information can then be used to identify personal habits and preferences, and even predict future behaviors by drawing inferences from the aggregated data.

An assistant professor of cybersecurity at West Virginia University, studies how emerging technologies and different types of AI systems manage personal data and how we can build more secure and privacy-preserving systems for the future.

A cryptosystem is incoherent if its implementation is distributed by the same entity which it purports to secure against.

cross-posted from: https://lemmy.bestiver.se/post/441870

Comments

cross-posted from: https://europe.pub/post/1436138

cross-posted from: https://lemm.ee/post/66697931

cross-posted from: https://programming.dev/post/31946686

cross-posted from: https://programming.dev/post/31949654

cross-posted from: https://lemmy.nz/post/23935860

Google warns “passwords are not only painful to maintain, but are also more prone to phishing and often leaked through data breaches.” And that’s the real issue. “It’s important to use tools that automatically secure your account and protect you from scams,” Google tells users, and that means upgrading account security now.

Google says “we want to move beyond passwords altogether, while keeping sign-ins as easy as possible.” That includes social sign ins, but mainly it means passkeys. “Passkeys are phishing-resistant and can log you in simply with the method you use to unlock your device (like your fingerprint or face ID) — no password required.”

This is just one of their excuses, to keep their users inside google's walled-garden

cross-posted from: https://lazysoci.al/post/27786565

cross-posted from: https://lemmy.zip/post/40314191

Just a little bit more privacy invasion. C'mon, juuuust a little.. 'till you no longer notice.

cross-posted from: https://lemm.ee/post/65027473