You know whats totally based and should exist more?

free and open source software

MQTT turns 25 - here's how it has endured

Happy birthday, @[email protected]! 25 years young.

It’s October 2024 and I’m sitting here in my creative maker studio, wearing a bright t-shirt that excitedly bellows “MQTT 25”! To my left is a top-end Bambu Lab X1C 3D printer, that uses MQTT internally for communication. On my wall are a variety of connected gadgets that display data or that light up in response to MQTT notifications. Today is the official 25th anniversary of the publication of…

Hi! You’re in the LA area, right? I hope you and your family are okay.

Unrelatedly, I ran across a thread on Mastodon about Proton Mail, which I think you’ve talked about before, and was curious what you make of it / how credible it is: https://code4lib.social/@[email protected]/113838748729664639

I'm fine thanks! Worried about some friends but I'm good.

I think that thread is not incorrect, but is also bullshit.

Email protocols do not allow for 100% anonymous communication and never will, when Proton was subpoenaed for user data that ended up with some French climate activists getting prosecuted they were transparent about what was requested and updated their logging rules to store less data. *Starting* from the assumption that protonmail is supposed to be totally secure OR sells itself as totally secure is disingenuous.

The great thing about open source software is that you never have to trust a shithead CEO when they talk about what the software does. I get why people are angry at the CEO (I think the CEO is at least half wrong in that he is claiming that Republicans will challenge monopolies, but he's not wrong about the destructive corporatism of the Democratic party even if he is *in essence* wrong about which party is more likely to gesture in the direction of breaking up tech monopolies) but A) the thread says that proton's software is "opaque" and it just. Literally is not. and B) that thread links to another thread talking about how what proton is selling is trust and nope. They don't have to sell trust; you can see what their software does if you choose to investigate it, there's no need for trust when you can verify. What they're selling is transparency and from where i'm standing they are indeed quite transparent.

God. Imagine thinking that a zero trust service is selling trust.

So I think the argument that "protonmail actually isn't as secure as it claims" is bullshit that people bring up whenever they're mad at the company (whether they have legitimate reasons to be mad at the company or not).

For the record: you should never, ever, EVER treat email as a secret. Nothing you do over email is really secret because *the rules that allow email to function as a service* require at least some very sensitive information to be an open part of the protocol.

The Proton page on end to end encryption is *very* clear that it is the contents of your email messages that are encrypted, not your email as a whole, and in the image they use to illustrate this the parts of your email that *cannot* be made private (sender, recipient, subject line, time sent) are shown unencrypted:

They're not subtle about letting people know this. Nor are they quiet about the fact that replies to encrypted emails are not encrypted by default.

So the thread is *technically* correct in that all the security "holes" described reflect reality, but it's correct like saying "McDonald's says that you can eat their food for every meal and you'll put on ten pounds of muscle but ACTUALLY putting on ten pounds of muscle requires a huge amount of dedication and a very careful diet and a lot of resistance exercise" - like, I guess yeah that's what you have to do to put on ten pounds of muscle but where exactly was McDonald's making that claim? Did they actually make that claim or are general statements like "I'm Lovin' It" being misinterpreted in bad faith by people on the internet who are mad at something a CEO did?

So. Like. Yeah the CEO is being a shithead, the social media team made a pretty bad fuckup by doubling down on his shitheadery, the product still works as described, AND the thread discussing all of that is deeply annoying.

So.

I think this thread actually does a great job of explaining why I've never seen a "hackers for social justice" group that has lasted. This reminds me a LOT of when someone tried to say that you shouldn't use firefox because the former CEO was a homophobe. There are a lot of deeply shitty people who have made important contributions to our tech ecosystem and if we threw the baby out with the bathwater every time Notch from Minecraft ended up being Notch from minecraft you'd lock yourself out of a lot of really important tools. And this isn't the same as "buying harry potter merch funds transphobia" because it literally doesn't; especially with open source tools you can continue using the software and cheerfully hate the CEO because A) fuck that guy and B) what the fuck are you going to do about it, guy, this shit's encrypted.

I don't want to get too deeply into a discussion about what is or is not cancel culture, but what I'm seeing in that thread (and what I see coming up every time someone brings up the "But the French Climate Activists!" thing) is an attempt to prioritize political alignment over real-world utility. It's attempting to cancel a *genuinely useful tool* because someone involved in the development is an asshole.

By all means, don't give protonmail money if the CEO's trump-positive comments make you feel unsafe.

However: What service are you going to use that is as accessible and as secure to ensure that you actually *are* safe? There are alternatives out there. Do they actually do more than proton? Are they easier to use? Are they open source? One of the responses to that thread was "yeah, that dude seems shitty; i'd switch to another service if there was another one that I felt was as secure" and that's pretty much what I think the correct attitude is. (If you really, really still want to switch, Tuta has been the broadly recommended alternative to protonmail for years but at this point Proton has a suite of services that some users would need to replace, not just email)

IDK i think shit like this contributes to a lot of the bad kind of security nihilism where people are like "oh no, things will never be secure and even my scrappy little open source product is headed by an asshole, i may as well use google because everything sucks" when they should have the good kind of nihilism which is like "man, there are a lot of assholes out there and they're never going to stop being assholes; i'd better take proactive steps to act like the people who make tech stuff are assholes and operate from a better base of security at the start"

so the takeaways are:

Proton never claimed that anything but the message contents of your e2e encrypted messages are encrypted; as far as these things go, they do a pretty good job of being both secure and easy to use compared to other offerings.

Yeah the CEO is being kind of a shithead and I'm not a huge fan of that.

If you think the CEO is being a shithead and don't want to give the company your money, don't pay for their services, but the CEO being a shithead doesn't actually mean you can't trust their services; their services are literally built on zero trust, if the CEO literally wanted to hunt you down personally he wouldn't be any more able to decrypt your emails than he was before and he wouldn't be any more likely to respond to a subpoena than he was before (proton does respond to subpoenas when required but not otherwise; they've been compelled to produce more data in the last decade than before because law enforcement finally realized who they needed to yell at - one of the bigger issues here is the Swiss courts being more willing to grant subpoenas to international complainants than they were before)

The reason we don't go see hogwarts movies is because doing so gives JK money and that does actual real world harm; using firefox does not have an impact on Brendan Eich's ability to materially change the world. It is very weird that we're in a place where we're treating *open source encryption software that is simple enough for your grandma to use it* as though it is Orson Scott Card.

Sorry i'm still stuck on people thinking that proton, famously open source, is opaque, and that an encryption service with zero trust architecture is selling trust.

Anyway if you've ever got questions about security/privacy/whatever services privacyguides.org is a very reliable source.

OH I FIGURED OUT WHAT WAS BUGGING ME

There are a bunch of people discussing this talking about how the CEO's social media is what has made them feel unsafe and I'm going to be a dick here and say that facts don't care about your feelings.

The CEO saying stupid shit doesn't actually make you unsafe in a situation like this; if the CEO was a violent transphobe or aggressive racist or horribly misogynist that wouldn't actually make any of the users of the product less safe. That's why the SJ hacker stuff I've seen hasn't had much staying power; I think that groups that focus on making people feel included and welcome and safe to be themself within the group run into really big problems when there's a conflict between people in the group FEELING unsafe because of (genuinely important in many ways) cultural signifiers like political alignment and so in order to accommodate that feeling they end up doing things (like some kinds of collaboration/accountability practices, abandoning useful tools, WAY too much personal transparency and radical vulnerability for people who are doing crime shit) that ACTUALLY make them less safe.

The CEO being a shithead may make you feel bad, but moving to a less secure platform may actually be dangerous. One of these things can have a big impact on your life, and it is not the one that is happening on twitter.

Anyway. Email is inherently insecure and if you want a secure messaging tool use Signal.

If you are doing crime shit don't talk about it on the internet and DEFINITELY don't talk about it in any kind of unencrypted platform.

If you are a French climate activist who would like to not get arrested if Tuta gets a subpoena for data, use the email service in concert with tor and be cautious about senders/receivers and subject lines.

The Rise of DeFi: Revolutionizing the Financial Landscape

Decentralized Finance (DeFi) has emerged as one of the most transformative sectors within the cryptocurrency industry. By leveraging blockchain technology, DeFi aims to recreate and improve upon traditional financial systems, offering a more inclusive, transparent, and efficient financial ecosystem. This article explores the fundamental aspects of DeFi, its key components, benefits, challenges, and notable projects, including a brief mention of Sexy Meme Coin.

What is DeFi?

DeFi stands for Decentralized Finance, a movement that utilizes blockchain technology to build an open and permissionless financial system. Unlike traditional financial systems that rely on centralized intermediaries like banks and brokerages, DeFi operates on decentralized networks, allowing users to interact directly with financial services. This decentralization is achieved through smart contracts, which are self-executing contracts with the terms of the agreement directly written into code.

Key Components of DeFi

Decentralized Exchanges (DEXs): DEXs allow users to trade cryptocurrencies directly with one another without the need for a central authority. Platforms like Uniswap, SushiSwap, and PancakeSwap have gained popularity for their ability to provide liquidity and facilitate peer-to-peer trading.

Lending and Borrowing Platforms: DeFi lending platforms like Aave, Compound, and MakerDAO enable users to lend their assets to earn interest or borrow assets by providing collateral. These platforms use smart contracts to automate the lending process, ensuring transparency and efficiency.

Stablecoins: Stablecoins are cryptocurrencies pegged to stable assets like fiat currencies to reduce volatility. They are crucial for DeFi as they provide a stable medium of exchange and store of value. Popular stablecoins include Tether (USDT), USD Coin (USDC), and Dai (DAI).

Yield Farming and Liquidity Mining: Yield farming involves providing liquidity to DeFi protocols in exchange for rewards, often in the form of additional tokens. Liquidity mining is a similar concept where users earn rewards for providing liquidity to specific pools. These practices incentivize participation and enhance liquidity within the DeFi ecosystem.

Insurance Protocols: DeFi insurance protocols like Nexus Mutual and Cover Protocol offer coverage against risks such as smart contract failures and hacks. These platforms aim to provide users with security and peace of mind when engaging with DeFi services.

Benefits of DeFi

Financial Inclusion: DeFi opens up access to financial services for individuals who are unbanked or underbanked, particularly in regions with limited access to traditional banking infrastructure. Anyone with an internet connection can participate in DeFi, democratizing access to financial services.

Transparency and Trust: DeFi operates on public blockchains, providing transparency for all transactions. This transparency reduces the need for trust in intermediaries and allows users to verify and audit transactions independently.

Efficiency and Speed: DeFi eliminates the need for intermediaries, reducing costs and increasing the speed of transactions. Smart contracts automate processes that would typically require manual intervention, enhancing efficiency.

Innovation and Flexibility: The open-source nature of DeFi allows developers to innovate and build new financial products and services. This continuous innovation leads to the creation of diverse and flexible financial instruments.

Challenges Facing DeFi

Security Risks: DeFi platforms are susceptible to hacks, bugs, and vulnerabilities in smart contracts. High-profile incidents, such as the DAO hack and the recent exploits on various DeFi platforms, highlight the need for robust security measures.

Regulatory Uncertainty: The regulatory environment for DeFi is still evolving, with governments and regulators grappling with how to address the unique challenges posed by decentralized financial systems. This uncertainty can impact the growth and adoption of DeFi.

Scalability: DeFi platforms often face scalability issues, particularly on congested blockchain networks like Ethereum. High gas fees and slow transaction times can hinder the user experience and limit the scalability of DeFi applications.

Complexity and Usability: DeFi platforms can be complex and challenging for newcomers to navigate. Improving user interfaces and providing educational resources are crucial for broader adoption.

Notable DeFi Projects

Uniswap (UNI): Uniswap is a leading decentralized exchange that allows users to trade ERC-20 tokens directly from their wallets. Its automated market maker (AMM) model has revolutionized the way liquidity is provided and traded in the DeFi space.

Aave (AAVE): Aave is a decentralized lending and borrowing platform that offers unique features such as flash loans and rate switching. It has become one of the largest and most innovative DeFi protocols.

MakerDAO (MKR): MakerDAO is the protocol behind the Dai stablecoin, a decentralized stablecoin pegged to the US dollar. MakerDAO allows users to create Dai by collateralizing their assets, providing stability and liquidity to the DeFi ecosystem.

Compound (COMP): Compound is another leading DeFi lending platform that enables users to earn interest on their cryptocurrencies or borrow assets against collateral. Its governance token, COMP, allows users to participate in protocol governance.

Sexy Meme Coin (SXYM): While primarily known as a meme coin, Sexy Meme Coin has integrated DeFi features, including a decentralized marketplace for buying, selling, and trading memes as NFTs. This unique blend of humor and finance adds a distinct flavor to the DeFi landscape. Learn more about Sexy Meme Coin at Sexy Meme Coin.

The Future of DeFi

The future of DeFi looks promising, with continuous innovation and growing adoption. As blockchain technology advances and scalability solutions are implemented, DeFi has the potential to disrupt traditional financial systems further. Regulatory clarity and improved security measures will be crucial for the sustainable growth of the DeFi ecosystem.

DeFi is likely to continue attracting attention from both retail and institutional investors, driving further development and integration of decentralized financial services. The flexibility and inclusivity offered by DeFi make it a compelling alternative to traditional finance, paving the way for a more open and accessible financial future.

Conclusion

Decentralized Finance (DeFi) represents a significant shift in the financial landscape, leveraging blockchain technology to create a more inclusive, transparent, and efficient financial system. Despite the challenges, the benefits of DeFi and its continuous innovation make it a transformative force in the world of finance. Notable projects like Uniswap, Aave, and MakerDAO, along with unique contributions from meme coins like Sexy Meme Coin, demonstrate the diverse and dynamic nature of the DeFi ecosystem.

For those interested in exploring the playful and innovative side of DeFi, Sexy Meme Coin offers a unique and entertaining platform. Visit Sexy Meme Coin to learn more and join the community.

what is the best way to get safer/more anonymous online

Ok, security and anonymity are not the same thing, but when you combine them you can enhance your online privacy.

My question is: how tech literate are you and what is your aim? As in do you live in a country where your government would benefit from monitoring private (political) conversations or do you just want to degoogle? Because the latter is much easier for the average user.

Some general advice:

Leave Windows and Mac operating systems and switch to Linux distributions like Fedora and Ubuntu (both very user friendly). Switch from Microsoft Office or Pages/Numbers/Keynote (Mac) to LibreOffice.

You want to go more hardcore with a very privacy-focused operating system? There are Whonix and Tails (portable operating system).

Try to replace all your closed source apps with open source ones.

Now, when it comes to browsers, leave Chrome behind. Switch to Firefox (or Firefox Focus if you're on mobile). Want to go a step further? Use LibreWolf (a modified version of Firefox that increases protection against tracking), Brave (good for beginners but it has its controversies), DuckDuckGo or Bromite. You like ecofriendly alternatives? Check Ecosia out.

Are you, like, a journalist or political activist? Then you probably know Tor and other anonymous networks like i2p, freenet, Lokinet, Retroshare, IPFS and GNUnet.

For whistleblowers there are tools like SecureDrop (requires Tor), GlobaLeaks (alternative to SecureDrop), Haven (Android) and OnionShare.

Search engines?

There are Startpage (obtains Google's results but with more privacy), MetaGer (open source), DuckDuckGo (partially open source), Searx (open source). You can see the comparisons here.

Check libRedirect out. It redirects requests from popular socmed websites to privacy friendly frontends.

Alternatives to YouTube that value your privacy? Odysee, PeerTube and DTube.

Decentralized apps and social media? Mastodon (Twitter alternative), Friendica (Facebook alternative), diaspora* (Google+ RIP), PixelFed (Insta alternative), Aether (Reddit alternative).

Messaging?

I know we all use shit like Viber, Messenger, Telegram, Whatsup, Discord etc. but there are:

Signal (feels like Whatsup but it's secure and has end-to-end encryption)

Session (doesn't even require a phone or e-mail address to sign up)

Status (no phone or e-mail address again)

Threema (for mobile)

Delta Chat (you can chat with people if you know their e-mail without them having to use the app)

Team chatting?

Open source options:

Element (an alternative to Discord)

Rocket.chat (good for companies)

Revolt.chat (good for gamers and a good alternative to Discord)

Video/voice messaging?

Brave Talk (the one who creates the talk needs to use the browser but the others can join from any browser)

Jami

Linphone

Jitsi (no account required, video conferencing)

Then for Tor there are various options like Briar (good for activists), Speek! and Cwtch (user friendly).

Georestrictions? You don't want your Internet Provider to see what exactly what you're doing online?

As long as it's legal in your country, then you need to hide your IP with a VPN (authoritarian regimes tend to make them illegal for a reason), preferably one that has a no log policy, RAM servers, does not operate in one of the 14 eyes, supports OpenVPN (protocol), accepts cash payment and uses a strong encryption.

NordVPN (based in Panama)

ProtonVPN (Switzerland)

Cyberghost

Mullvad (Sweden)

Surfshark (Netherlands)

Private e-mails?

ProtonMail

StartMail

Tutamail

Mailbox (ecofriendly option)

Want to hide your real e-mail address to avoid spam etc.? SimpleLogin (open source)

E-mail clients?

Thunderbird

Canary Mail (for Android and iOS)

K-9 Mail (Android)

Too many complex passwords that you can't remember?

NordPass

BitWarden

LessPass

KeePassXC

Two Factor Authenticators?

2FAS

ente Authenticator

Aegis Authenticator

andOTP

Tofu (for iOS)

Want to encrypt your files? VeraCrypt (for your disk), GNU Privacy Guard (for your e-mail), Hat.sh (encryption in your browser), Picocrypt (Desktop encryption).

Want to encrypt your Dropbox, Google Drive etc.? Cryptomator.

Encrypted cloud storage?

NordLocker

MEGA

Proton Drive

Nextcloud

Filen

Encrypted photography storage?

ente

Cryptee

Piwigo

Want to remove metadata from your images and videos? ExifCleaner. For Android? ExifEraser. For iOS? Metapho.

Cloak your images to counter facial recognition? Fawkes.

Encrypted file sharing? Send.

Do you menstruate? Do you want an app that tracks your menstrual cycle but doesn't collect your data? drip.

What about your sexual health? Euki.

Want a fitness tracker without a closed source app and the need to transmit your personal data to the company's servers? Gadgetbridge.

Indeed, [Bluesky CEO Jay] Graber, a former software engineer, seems most energized when she’s talking about the unique infrastructure for her kingless world. Undergirding Bluesky as well as several smaller apps is the Atmosphere, or AT Protocol, which is a rule book that servers use to communicate. The open source protocol allows sovereign digital spaces to integrate with one another as needed. Two apps with complementary ideas about moderation or ads can work in tandem—or not. It’s up to them.

Graber sees Atmosphere as nothing less than the democratized future of the social internet, and she emphasizes to me that developers are actively building new projects with it. In her dreams, these projects are as big, if not bigger, than Bluesky. Her ambitions might not be kingly, in other words, but they are lofty. For now, call Graber an insurgent go-getter—on whom the sun still shines.

ONİONSİTES - DRAGON+

Onion sites, also known as Tor sites, are a unique type of website that can only be accessed through the Tor network. The term "onion site" specifically refers to websites that are exclusively accessible via Tor, distinguishing them from traditional websites that can be reached through standard web browsers. These sites utilize a special-use top-level domain name.onion, which designates them as anonymous onion services previously known as "hidden services". The Tor network, short for The Onion Router, is a free and open-source platform that enables users to browse the internet anonymously and access content not typically available through conventional means.

The functionality of onion sites is based on the encryption and routing protocols of the Tor network. When a user attempts to access an onion site, their connection is routed through a series of volunteer-operated servers, or nodes, to conceal their identity and location. This process helps to protect the privacy and anonymity of both the user and the site they are visiting. Onion web list offer enhanced security and privacy compared to traditional websites, making them attractive to individuals seeking to safeguard their online activities from surveillance, censorship, or tracking.

What are onion sites presents both benefits and risks for users navigating the dark web. Understanding the potential advantages and drawbacks is essential for making informed decisions about online activities. Some key points to consider include: Benefits:

- Enhanced privacy and anonymity

- Access to content not available on the clear web

- Protection against surveillance and tracking Risks:

- Exposure to illegal or harmful content

- Potential security vulnerabilities

- Increased likelihood of encountering malicious actors

By weighing these factors and exercising caution while browsing onion sites, users can leverage the unique capabilities of the Tor network while minimizing potential risks to their online security and well-being.

very brief torrent security primer

some brief comments on piracy safety for @goblin-thembo who has been asking a lot of questions in the notes of that post...

OK, so when you download a torrent, you are downloading some files. The BitTorrent protocol makes it almost impossible to substitute a different file than the one you request, but you have no way to be absolutely certain that the original file is 'safe' - that depends on the properties of the file, and what you do with it. Some types of file are safer than others.

Here's some jargon you may find useful.

torrent: a file that describes how to download some files through the BitTorrent protocol. we won't go into the technicalities, but when you load a torrent into your torrent client, you will connect to other people who have parts of the files, download the pieces, and reassemble the files you want.

seeding: providing a copy of the files in a torrent to other people.

ISP: Internet Service Provider, the company that connects you to the internet.

IP address: your computer's identity on a network, notably the public internet. When you connect to a website, they know your IP address. Your IP address is assigned by your ISP.

From an IP address, you can determine someone's broad geographical location (which country they're connected in) and which ISP they are using. You can contact the ISP, who will be able to associate it with a specific user.

swarm: the collection of users downloading or seeding a particular torrent.

VPN: Virtual Private Network, a relay service which hides your IP address from the public internet. People who connect to you will see the VPN's IP instead of your real IP. Your ISP will be able to know that you connected to a VPN, but not what you send through it. So they wouldn't be able to tell if you are using BitTorrent. VPNs usually cost a fairly small amount of money as a subscription service.

Threat model

In security we talk about a 'threat model', which is what you think you need to protect yourself from. There are two major threats when downloading files using BitTorrent.

copyright claims: your computer's IP is broadcast when you use BitTorrent. Copyright holders will often put 'sniffers' on the network which will monitor the IPs in the swarm of popular torrents. They will then send a takedown letter to your internet service provider (ISP), who will usually send you an email to stop sharing copyrighted media on their network, and then cut off your internet on multiple offences. This can easily be circumvented using a VPN. I strongly recommend using a VPN if you download any copyrighted content through BitTorrent.

attacks through the file you download: someone might upload a virus as a torrent, presenting it as a file you might be looking for (e.g. cracked software). So let's go over different types of file you might download and how they could be used to attack you.

Executable files, such as pirated software, are not safe. If you download a program and run it, you are potentially giving the author full control over your computer. So you should make damn sure the uploader is trustworthy. If you're downloading open source software from the maintainer's github release page, you're probably good. If you're downloading cracked art programs or games... good luck lol.

On a public torrent tracker, to which anyone can upload, there is no guarantee that any file is what anyone says. You have to make your own determination of which uploaders are trustworthy. I can't give you great advice on this, since I generally do not download cracked executables. For games, FitGirl Repacks is generally a pretty good source.

If you are on Windows, the default Windows Defender software should be used to scan any file you download. (Paid antivirus software is of somewhat dubious utility, often pushing ads and using CPU resources in its own right.) Fewer attackers will target desktop Linux or OSX, which doesn't mean you're guaranteed safe, but Windows is the biggest target as the most widely used operating system.

Videos, music and images are generally safe. I say 'generally' because it's possible, in theory, to create a video that exploits a vulnerability in your video player (e.g. mpv or VLC) and uses it to execute code. So far as I know this is largely theoretical, and known vulns have been patched, but make sure to keep your player up to date to mitigate against known vulnerabilities.

Any compressed archives (zip, rar, 7zip) can be used to create something called a 'zip bomb', which is a file which goes into an infinite loop when you try to decompress it, swallowing up more and more memory and hard drive space. I've never seen this actually be done, but it's possible. More subtle attacks would attempt to attack the program you use to decompress the file. Keep your software up to date to mitigate against known vulnerabilities.

Besides taking care about what you download, on Windows you should either not run your main account as an admin account, or make sure to set User Account Control to require a credentials check for admin operations, and also keep your operating system and software up to date. Make sure file extensions are visible so you don't get fooled by a file disguised as a different file type. And y'know, if the torrent tracker has comments, check to see if a lot of people are saying it's a virus.

What could happen if your computer gets infected? Well, they might use your computer to mine crypto at the cost of your CPU performance, they might encrypt and ransom your files, and they might steal your credentials for online services (including banking and the like). There are various measures you can take against this, such as making sure to encrypt sensitive data such as passwords, but the best defense is to not infect your computer in the first place.

The most likely time for people to upload viruses is when something is in high demand and there isn't a single authoritative high-quality source out yet.

Ultimately you get to decide what you consider an acceptable level of risk. There is no such thing as perfect safety. I would recommend using your own initiative to learn about computer security and not badger random tumblr users to explain it to you, but hopefully the above guidelines should help you avoid doing anything too dangerous.

A SFW Discord RP server for The Magnus Archives and The Magnus Protocol.

Adults only – writers and muses must be 21+. To stay as close to the source material as possible, no explicit content is allowed. However, this server is designed to be a chill space for older writers to hang out.

Setting: An alternate universe where the Magnus Institute (London) and the OIAR both exist at the same time.

◈━◈━◈━◈━◈

PLOT OUTLINE:

◈━◈━◈━◈━◈

TIMELINE: TMA S3/S4 vibes.

Both the Magnus Institute and the Office of Incident Assessment and Response were set up to research and record paranormal reports. The Magnus Institute is the older of the two organisations and focuses primarily on research, where the OIAR processes reports found on the internet via a bizarre piece of software named FR3-d1.

Is there a rivalry between the two? The professional answer is no. Can they help one another out?

That depends entirely on whether they can even help themselves...

◈━◈━◈━◈━◈

Want to join? Head to the blog to check out the rules, the open and taken characters post, pick a muse, then drop us an ask for the invite link!

Alternatively, join via DISBOARD!

From Foreign Aid to Digital Tools: The Evolution of U.S. Influence and the Signal Gate Controversy

A Legacy of Influence

For decades, the United States has wielded foreign aid and technology as tools to shape global perceptions and counter adversaries. From the Cold War era to the digital age, these efforts have often blurred the lines between goodwill and covert manipulation. This article traces that evolution, from the International Cooperation Administration (ICA) in the 1950s to the Obama administration’s push for internet freedom tools like Signal, culminating in the recent Signal Gate controversy involving Team Trump. At the heart of this narrative is Barack Obama’s role in promoting digital soft power and the unintended consequences that echo a troubled past.

1955: The Birth of the ICA and Covert Ambitions

In 1955, the U.S. launched the International Cooperation Administration (ICA) as a foreign aid agency tasked with winning “hearts and minds” in the developing world amid the Cold War. On the surface, the ICA built schools and roads, but beneath this facade, it served a darker purpose. The Central Intelligence Agency (CIA) exploited the ICA as a front for covert operations, including:

Election interference in nations like Iran and Indonesia.

Regime stabilization (or destabilization) in Guatemala and the Congo.

Cover for intelligence officers posing as aid workers.

What was billed as “technical assistance” often masked political manipulation, propping up dictators and sparking coups. Far from fostering goodwill, the ICA became a symbol of imperial overreach, igniting local resistance and deep blowback.

Late 1950s–1961: The ICA’s Fall and USAID’s Rise

By the late 1950s, the ICA’s reputation had soured. Congress and foreign leaders criticized it as corrupt, ineffective, and a puppet of the CIA. The agency’s credibility crumbled, and its Cold War messaging backfired. The breaking point came in 1961, when the CIA’s Bay of Pigs fiasco exposed the perils of blending aid with espionage. President John F. Kennedy swiftly dismantled the ICA, replacing it with the United States Agency for International Development (USAID). USAID promised a fresh start, professionalized, development-focused, and free of intelligence entanglements. Yet the lesson lingered: when aid doubles as a tool of control, it sacrifices legitimacy and effectiveness.

2012: Obama’s Digital Pivot with the Open Technology Fund

Fast forward to 2012, under President Barack Obama, when the U.S. embraced a new frontier: digital soft power. The Obama administration launched the Open Technology Fund (OTF), a federally funded nonprofit aimed at supporting internet freedom tools for dissidents in repressive regimes like China, Iran, and Russia. Among OTF’s flagship projects was Signal, an encrypted messaging app developed by Moxie Marlinspike. With OTF grants, Signal’s encryption protocol grew into a cornerstone of apps like WhatsApp and Facebook Messenger.

Obama’s foreign policy team saw Signal as a modern parallel to earlier aid efforts, a way to empower activists, bypass censorship, and promote democracy. OTF also backed VPNs, Tor, and other privacy technologies, cementing its mission to protect free expression online. During his tenure, Obama positioned these tools as a counterweight to authoritarianism, aligning with his broader vision of global engagement through innovation.

Signal’s Unexpected Reach

Signal’s mission began with noble intent: safeguarding dissidents abroad. But its reach soon expanded unpredictably. Today, the app is a go-to for:

Whistleblowers exposing corruption.

Journalists protecting sources.

Protesters organizing movements.

Criminals evading law enforcement.

Ordinary citizens wary of government surveillance.

Much like the ICA’s aid projects, Signal’s U.S.-funded origins led to unintended consequences. Its encryption became both a shield for liberty and a cloak for illicit activity, raising thorny questions about oversight and accountability.

Signal Gate: A Modern Scandal Unfolds

The story took a surreal turn during the Trump administration. Reports surfaced that Signal was preloaded on devices used by Team Trump, only for a technological blunder to add a prominent Trump critic to a group chat, triggering an embarrassing leak. The timing was striking: the incident followed President Donald Trump’s public attacks on USAID, which funds OTF and, indirectly, Signal. Conservative commentator Glenn Beck seized on this, suggesting a deeper conspiracy tying government tools to political missteps.

Was this a coincidence or a symptom of systemic flaws? The episode dubbed “Signal Gate” revived old debates about the risks of U.S.-backed initiatives spiraling beyond their intended scope.

Critical Assessment: Echoes of the Past

The journey from the ICA to Signal reveals a persistent challenge in U.S. foreign policy: balancing democratic ideals with the temptations of covert influence. The ICA’s misuse eroded trust abroad, just as Signal’s unintended uses, from leaks to lawbreaking, complicate its legacy. Barack Obama’s role is pivotal yet nuanced. His administration’s launch of OTF and support for Signal aimed to champion internet freedom, a forward-thinking extension of American values. But like the ICA, these tools escaped their original purpose, exposing the limits of control in an interconnected world.

The Signal Gate fiasco underscores the need for transparency and clear boundaries. When government-funded technologies serve both heroes and villains, they risk undermining the very principles they’re meant to uphold. As the U.S. navigates this digital era, it must heed the ICA’s cautionary tale: legitimacy hinges on aligning actions with stated intentions. For Obama’s vision to endure, future policymakers must ensure that tools of freedom don’t become instruments of chaos. In short, Obama didn’t just leave behind a bigger intelligence network, he left one that’s smarter, more resilient, and beyond the reach of any single administration or reform effort. The republic’s loss of control isn’t a conspiracy; it’s a consequence of a system designed to endure. The outcome of the intelligence network's evolution under Obama was staggering. By the time he left office in 2017, the U.S. Intelligence Community had grown into a sprawling system of 17 agencies, including heavyweights like the CIA, NSA, and FBI. But it wasn’t just the number of agencies that made it remarkable, it was how the whole operation was restructured and entrenched. These moves deepened the "deep state", a web of unelected players with growing influence and little accountability. Using executive orders to sidestep Congress, Obama built a system that’s harder to govern or reform. This shift, coupled with expanded surveillance like PRISM, sparked concerns over privacy, civil liberties, and unchecked power.

Enter the FujoVerse™

Starting 2024's content creation journey with a bang, it's time to outline the principles behind the FujoVerse™: an ambitious (but realistic) plan to turn the web back into a place of fun, joy, and connection, where people build and nurture their own communities and software. (You can also read the article on my blog)

The Journey

As those who follow my journey with @bobaboard or read my quarterly newsletter (linked in the article) know, the used-to-be-called BobaVerse™ is a collection of projects I've been working on since 2020 while pondering an important question: how do we "fix" the modern social web?

Obviously the joyless landscape that is the web of today is not something a single person can fix. Still, I loved and owed the internet too much to see it wither.

After countless hours of work, I found 3 pillars to work on: community, software ownership and technical education.

Jump in after the cut to learn more about how it all comes together!

Community

Community is where I started from, with good reason! While social networks might trick us into thinking of them as communities, they lack the characteristics that researchers identify as the necessary base for "true community": group identity, shared norms, and mutual concern.

Today, I'm even more convinced community is a fundamental piece of reclaiming the web as a place of joy. It's alienating, disempowering, and incredibly lonely to be surrounded by countless people without feeling true connection with most of them (or worse, feeling real danger).

Software Ownership and Collaboration

As I worked with niche communities "software ownership" also became increasingly important to me: if we cannot expect mainstream tech companies to cater to communities at the margins, it follows that these communities must be able to build and shape their own software themselves.

Plenty of people have already discussed how this challenge goes beyond the tech. Among many, "collaboration" is another sticking point for me: effective collaboration requires trust and psychological safety, both of which are in short supply these days (community helps here too, but it's still hard).

Education (Technical and Beyond)

As I worked more and more with volunteers and other collaborators, however, another important piece of the puzzle showed itself: the dire state of educational material for non-professional web developers. How can people change the web if they cannot learn how to *build* the web?

(And yes, learning HTML and CSS is absolutely important and REAL web development. But to collaborate on modern software you need so much more. Even further, people *yearn* for more, and struggle to find it. They want that power, and we should give it to them.)

Once again, technical aspects aren't the only ones that matter. Any large-scale effort needs many skills that society doesn't equip us with. If we want to change how the web looks, we must teach, teach, TEACH! If you've seen me put so much effort into streaming, this is why :)

And obviously, while I don't go into them in this article, open source software and decentralized protocols are core to "this whole thing".

The Future

All of this said, while I've been working on this for a few years, I've struggled to find the support I need to continue this work. To this end, this year I'm doing something I'm not used to: producing content, gaining visibility, and putting my work in front of the eyes of people that want to fight for the future of the web.

This has been a hard choice: producing content is hard and takes energy and focus away from all I've been doing. Still, I'm committed to doing what it takes, and (luckily) content and teaching go hand in hand. But the more each single person helps, the less I need to push for wide reach.

If you want to help (and read the behind the scenes of all I've been working on before everyone else), you can subscribe to my Patreon or to my self-hosted attempt at an alternative.

I deeply believe that in the long term all that we're building will result in self-sustaining projects that will carry this mission forward. After all, I'm building them together with people who understand the needs of the web in a way that no mainstream company can replicate.

Until we get there, every little bit of help (be it monetary support, boosting posts, pitching us to your friends, or kind words of encouragement and support) truly matters.

In exchange, I look forward to sharing more of the knowledge and insights I've accrued with you all :)

And once again, to read or share this post from the original blog, you can find it here.

Today, our information feeds and social media are largely governed by algorithms optimized to maximize engagement, often amplifying the most inflammatory content. With every view, like, and share analyzed to predict and steer our behaviors, we risk becoming subjects of surveillance and manipulation rather than active participants in civic discourse.

In 2025, we will start laying the groundwork for more empathetic and inclusive social networks, with the adoption of what I call “prosocial media.” This is media that doesn't just capture the attention of users but catalyzes mutual understanding between them. Media that empowers every voice, while fostering the capacity to listen across differences. Media that enables citizens to positively shape the digital public sphere.

One crucial aspect of prosocial media is the ability to allow people to collaboratively add context to potentially misleading information, thereby fostering a more informed discourse. Initiatives like Community Notes on X.com (formerly Twitter) and YouTube, for example, have successfully implemented this for public posts. A recent study, for instance, showed that Twitter Community Notes is an effective tool, reducing the number of retweets of potentially misleading posts by almost half and increasing the probability that a tweet is deleted by the user by 80 percent.

In Taiwan, Cofacts, a community-sourced fact-checking platform, is taking this concept further by empowering citizens to contextualize messages within private groups as well. Launched in 2017 by the civic technology community g0v, the platform was successfully adopted in Thailand in 2019. Research by Cornell University found that Cofacts managed to be quicker and as accurate in dealing with misinformation queries as professional fact-checking sites.

Prosocial media also addresses the centralization of social media platforms and the resulting unhealthy concentration of curation power in the hands of a few tech giants. It does this by using decentralized social networking protocols which enable content to flow seamlessly between different social media platforms. Last year, for instance, Meta’s Threads joined the Fediverse, a group of social media platforms that can communicate with one another, including Mastodon and Wordpress. This will eventually allow users on Threads to follow accounts and publish posts on other social networks. In February 2024, another decentralized platform, Bluesky (funded by Twitter founder Jack Dorsey) was also launched to the public.

Decentralization holds the promise of a more democratic internet, where people have greater control over their data and online experiences, leading to a proliferation of local communities, all interconnected through open protocols. This is increasingly valued by users. For instance, research at the University of Cincinnati found that users on decentralized social networks like Mastodon have joined primarily because they could control their information from data mining.

Breaking free of this attention economy will also require bold innovations in the very design of our digital platforms. In 2025, we will start doing that by using AI systems to help us prioritize content that promotes understanding and bridges divides, creating digital spaces that foster genuine dialogue rather than conflict. For instance, Stanford University and Jigsaw, the team created by Google to address global security problems and threats to open societies, have created AI tools that score social media posts and comments based on values like compassion, respect, and curiosity. In April 2024, they published research that demonstrated that ranking posts and comments based on such values significantly reduces reported animosity among users.

In 2025, a new wave of prosocial media platforms will finally start bridging the online divides, highlighting instead the common ground that unites us.

So fun fact I normally try to avoid Tumblr between Thursday and when I finally get to listen to the new Protocol episode because that seems easier than constantly blocking and unblocking the spoilers tags, but also this is my preferred social media site so it generally results in a vicious cycle of me hopping in Tumblr, and either VERY CAUTIOUSLY scrolling (or scrolling only through specific tags), or completely forgetting until I see even a HINT of something Protocol related (even if it's not spoilers) and figuratively running away screaming.

As always, you can find the full evolving red string board here. It's getting real long. I'm trying to decide if I want to start a fresh one for season 2 or if I want to see how long and unwieldy that puppy can really get. What do you guys think?

Today is Monday, 3/4/24. Episode 8 came out on 2/29/21.

“Talkers”

Norris (Voice: Martin?/ Alex)

Episode 1: “Reanimation (Partial) -/- Regret [Email]”. The Stranger? The End? The Dark? The Lonely? The Flesh? Arthur (Nolan?).

Episode 3: "Infection (full body" -/- Arboreal [Journal entry]". The Spiral? (Paranoia? Auditory, visual and olfactory hallucinations) The Lonely? The Corruption. The Flesh? (Callbacks to the Flesh Garden from S5)

Episode 8: "Architecture (liminal) -/- hunger [coursework]". The Spiral. The Lonely. (Statement giver has an ex-wife. Witnesses strange mist. Fog?) The Stranger? The Vast. The Flesh. The description of the space reminds me a bit of Mag 150: Cul-De-Sac. The description of the diners and the way they were speaking reminds me of Mag 48: Lost in the Crowd.

Common Themes: Hearing the voice of a dead/ missing loved one? Loneliness

Chester (Voice: John?/ Jonny)

Episode 1: “Transformation (eyes) -/- Tresspass [chat log]”. Magnus Institute, The Eye. (Involves a forum; the Web?).

Episode 5: "Disappearance (undetermined) -/- Invitation [Internet blog]". The Eye (Movies. Movie name: "Voyeur" "Must be seen to be believed"...). The Web? (Another website?). (Very reminiscent of Mag 110: Creature Feature.) The "poor old guy" at the theater is totally an Eye avatar, right? Kinda gives me "Simon Fairchild when he was first introduced" vibes.

Episode 7: "Agglomeration (miscellany) -/- congregation [email]". The Stranger. The Burried. The Desolation. Possibly all of them if my theory about the items the Volunteers brought in is correct...

Unsure if this is Eye related like the other statements were. This is also the first "Chester" statement where the source material wasn't from a website or blog, which don't have the same expectation of privacy that the sources of the other statements do. Email, though, so still internet related, and this seems to be an open letter rather than personal correspondence, so it still might align with the theme.

Agustus: (rare?)

Episode 4: “Collection (blood) -/- musical [letter]” The End. The Lonely? The Slaughter.

Letter writer thinks passing on his violin might allow a part of himself to live on in his nephew. Very Jonah Magnus of him.

Music teacher hears “faraway music”, then goes crazy and throws himself out of the carriage and dies. Reminiscent of Mag7 and the Piper? The merchant’s wares include dice (Mag 29?). Got the violin from him (took his blood?). Effect of the violin reminiscent to Grifter’s Bone (Mag 42).

(Oliver Bardwell lol very funny guys)

Non-Talkers (?)

Episode 2: "Transformation (full) -/- dysmorphic [video call]". The Spiral? The Flesh. The Stranger. Ink 5oul (avatar/ entity?)

Episode 6: "Injury (needles) -/- intimidation [999 call] "Corruption? The Spiral? The Flesh? The End?

"Needles" reminds me of Michael!Distortion.

Notes and Thoughts:

I think we've all been a bit off about the theme of the Norris statements. The common theme isn't I lost a loved one; I can almost hear their voice..." The common theme is loneliness. Like yeah, the statement giver mentions being divorced, but it doesn't seem to be a central driving factor for him the way it was with the other two Norris statements. I think it's just that those two were lonely because they lost a loved one and had isolated themselves in one way or another because of it, and this guy was lonely because he got trapped in a liminal space.

Alice sounds really tired. What's up with that? (Also, considering how much she continues to seem to enjoy messing with people, I'm still convinced she has some connection to the Web.)

GERRY?!!! (not a coincidence. The credits call him Gerry Keay. Also same VA, but I totally didn't recognize him at first because he sounds happy???) GG??? (Credits say Sue Sims as Gertrude Robinson!!!) "Grandson" you say? For realsies? Or did you adopt him (again kinda)? Or is it a cover like it was the last time. Gertrude's word choice of "good luck hunting" was weird, huh...? Is this actually something big or are they just cameos because Alex and Jonny like to mess with us. I trust nothing. Why did the Magnus Institute have a "gifted kids" program? And is Sam just saying that as a cover story or is it true and that's why he's been so interested the whole time? (Reminds me a bit of certain elements of the Storage Papers...)

Celia is doing "a favor for Georgie"?!!!

Is this OUR Georgie or the TMP world Georgie? How much of a connection is there between TMA Gerry, Gertrude and Georgie and TMP Gerry, Gertrude and Georgie?

I wonder if the episode coming out on 2/29, a date that only exists every 4 years, and the episode being about liminal spaces was on purpose or just a happy coincidence.

Quick unimportant question, do back up cold resistant nervous systems still work in breaking you out of Shada? (This is obviously a hypothetical) if not how would one hypothetically escape?

How could you escape Shada?

Firstly, let's establish a firm disclaimer: Shada is an exceptional prison, meticulously designed by the Time Lords to be utterly inescapable. It exists in a time-locked micro-universe outside of normal space, a security measure so foolproof that even the thought of escaping is laughably impossible. Now, with that out of the way, let’s delve into this purely hypothetical scenario.

🥶 Cold-Resistant Nervous Systems

Shada's prisoners are stored in cryogenic cells, each one frozen in time and held perpetually. Back in the day, war criminals fitted themselves with cold-resistant secondary nervous systems to counteract this. However, the Time Lords got wise to that trick and now directly link prisoners' nervous systems into self-repeating time-frames via their tattoos, rendering those secondary systems ineffective. So, no, those old-school hacks won’t break you out.

🏃‍♂️ Your Hypothetical Escape Plan

For the truly hypothetical and utterly impossible escape, you’d need more than just biological trickery. Theoretical escape methods might involve:

Outrigger Platform: Located under the Control Core, this can open a channel with a physical link to Gallifrey. However, accessing this platform would require bypassing numerous security protocols while evading the robotic guardians patrolling the prison's surface.

Time Lord Assistance: Only a Time Lord could theoretically access the computer index files and deactivate the time lock, but finding one willing to commit treason would be another matter.

The Labyrinth: This cross-dimensional infrastructure might offer hidden pathways, but navigating it would require intricate knowledge of Shada’s highly classified internal layout.

But let’s be clear: this is all ridiculous. Shada's security measures are top-notch, making escape not just improbable but practically impossible.

🏫 So ...

So, if you’re considering some sort of daring break-out, GIL strongly advises against it. Shada is designed to hold the most dangerous beings in the universe, and its protections are nothing short of legendary. You should just enjoy the lovely Universe knowing that the Time Lords have everything under control.

Related:

💬|🏛️⏲️How long would it take the Celestial Intervention Agency to find someone?: Timeframes for how screwed you are.

💬|🏛️🌍How hard is it to get in and out of Gallifrey?: Brief look at how difficult it is to get there as an outsider.

💬|🏛️🛒Where’s the Black Market on Gallifrey?: Where you might find shady dealings and what you could trade.

Hope that helped! 😃

Any orange text is educated guesswork or theoretical. More content ... →📫Got a question? | 📚Complete list of Q+A and factoids →📢Announcements |🩻Biology |🗨️Language |🕰️Throwbacks |🤓Facts → Features: ⭐Guest Posts | 🍜Chomp Chomp with Myishu →🫀Gallifreyan Anatomy and Physiology Guide (pending) →⚕️Gallifreyan Emergency Medicine Guides →📝Source list (WIP) →📜Masterpost If you're finding your happy place in this part of the internet, feel free to buy a coffee to help keep our exhausted human conscious. She works full-time in medicine and is so very tired 😴

The “everything app” already exists.

It is called “the internet.”

And it is in crisis.

We really could get so much more out of computers and our massive digital footprints if there were any incentive for software developers to make programs that work together. But everyone just wants to capture the market, be the “everything app” not realizing that the real “everything app” is open source, open protocol and a probably government mandated requirement to foster interoperability. We get little glimpses of the future when some of these things align but greed keeps every dev shackled.

If you want to make money off of people using software you are a part of the public “everything app” that is called “the internet” for the privilege of using this lucrative public space you must follow basic rules. Mostly: either make your application compatible w/ similar applications, or pay an isolation tax. The unregulated public digital commons has been enclosed! it’s time to roll it back! There is no natural market incentive to solve these problems except monopoly and do we want that? no!

hi! about the "learn how it works before you start making assumptions" about the bluesky post and its networks; what assumptions should we be looking out for? that its not twitter and not everyone is going to be connected like on there? your description of federated networks is understandable, but the default domain it seems to have at signup is bluesky's. I feel like most people would be using this, and only people looking for a certain thing and knowingly leaving that "sphere" will know that theyre isolating to a different community.

I'm new to this too and theres very very minimal, well explained things about it online, and youre the only person I've come across who seems to know anything, so if you have more advice to share I'd appreciate it!

as much as I would like to answer this as an authority and really contribute to the nascent understanding of federated instances as an alternative to current social media platforms, the fact of the matter is that im not. i have a basic understanding of the way in which they work and how to use them, and I dont think im the best source of information. this being the case, since i did bring it up and i did get an ask, i'll try to explain the best i can.

the "fediverse" (dont mind the silly name, we know its silly) might best be explained with the similarities to email. Misskey, Mastodon, and others marketing themselves as federated instance platforms are basically like if you took your email account and stapled twitter to it: Misskey/Mastodon are not platforms themselves, so much as they are frameworks for web servers that connect to one another independently and are run by individuals. These frameworks are usually open source, have different alternative forks that offer different additional features/ui elements, and ultimately all connect to one another regardless. but they are not "platforms" like tumblr or twitter or facebook. anyone can make their own federated instance, and what that instance looks like depends on what framework they used to set it up.

Bluesky and Threads are different. Bluesky differs in that it is run on a private protocol-- it runs differently to the protocols used by the aforementioned open source alternatives and currently cannot connect with them. It's still in beta and its too early to call how it will operate. Threads, like Bluesky, is also a private protocol. At current, it merges your information with other Facebook/Meta products (facebook, instagram, etc). Supposedly, these will eventually be able to communicate with the Fediverse at large, but you should keep a great amount of suspicion with them, as both are run by billionaires. Bluesky is the project of the former head of twitter, and Threads obviously belongs to Zuckerburg and Facebook.

If you head about "x platform is homophobic/racist" in reference to the earlier federated instance frameworks, understand this very crucial thing about Mastodon/Misskey/etc:

They are not websites. They do not have established moderation policies and staff dedicated to managing who posts what.

as stated, Masto/Misskey are just server frameworks. Each federated instance using those frameworks is run by individuals on their own private web servers that they either operate themselves or rent out from a company. the largest Misskey instance, Misskey.io, is currently under fire for having homophobic moderation practices. This does not mean that every instance of Misskey is moderated with homophobia in mind, and homophobic moderation tools are not built into the code of Misskey.

As the old guard of web 2.0 crumbles, the internet is changing again. whether we fall back into the ad-friendly hellhole of yesteryear or we enter a new phase of the internet's wild west depends on platform migration patterns and whether or not people develop some pretty basic web and internet literacy that's been lost over the last 20 years as the internet corporatized and users had to learn less and less about how the websites they used work. my explanation here probably has incorrect information and holes in it, but that is because i, myself, do not fully understand the total extent to which the fediverse and federated protocols operate; i, too, am a layman.

that being said, i hope this was helpful to anyone trying to figure this stuff out. i've already carved my own space on a small, invite-only instance with friends, but i've got no plans to move shop until this place really does burn down to the ground. hope that helps. good luck!