hirihit640

what remote desktop protocol do they use?

what security stuff?

I think either Bazaar or GNOME software center does tell you if an app asks for more permissions, I forgot which one though

So you thought this meant they would break the law? Nobody else expects that. There are more reasonable ways to interpret the messaging

from the start I asked for a company that obstructed court order. Show me where I moved goalposts

sounds like they complied with the court orders? Proton also doesn't log IPs, unless ordered by court. I'm willing to bet that if a court ordered Mullvad to start logging all traffic, they would comply, at least until they were able to move jurisdictions or something

source? I have heard good things about Mullvad but I'm pretty sure they would not break laws

Very cool. I personally use a double wireguard network: a wireguard vpn at home for all my services, and then since my home network is behind a double NAT and impossible to access publicly, I use a second wireguard tunnel to a VPS, to forward traffic to my internal wireguard network. The only thing the VPS can see is encrypted wireguard packets.

Edit: it seems like this service is more for public or shared services (like a public blog), rather than private personal services, so wireguard is less of an option

If you're a developer I recommend the stepsecurity article, a detailed breakdown of the attack. Some highlights about the nx-console attack:

• the malicious version of the extension was only up for 11 minutes before getting detected and taken down, but apparently that was enough to compromise a developer at Github
• portions of the malware were hosted on nx-console's public Github repo, though hidden in a dangling orphaned commit
• data was exfiltrated through 3 channels, including using a victim's Github credentials to publish the data on their own repos
• the malware looked for credentials like Github and AWS tokens, likely for future supply chain attacks, and may be the first to steal AI credentials (in this case Claude API)

From the bleepingcomputer article:

"As always this is not a ransom, We do not care about extorting Github, 1 buyer and we shred the data on our end, it looks like our retirement is soon so if no buyer is found we will leak it free," the cybercriminals said. "If you are interested. Send your offers to the communications below, we are not interested in under 50k, the best offer will get it"

The stealing of AI credentials reminds me of a lemmy post from last year: the first ai agent worm. Imagine a virus that uses AI agents to dynamically probe systems and evolve to spread through infrastructure, meanwhile stealing AI credentials to pay for the tokens that the agents are consuming, a self-funding AI virus!

name a VPN company that obstructed a federal court order

Sorry for necro but your ideology is fascinating. It sounds like you believe offline people deserve the same benefits as online people. Why do you believe this? Why shouldn't the world move towards an expectation of online existence?

If I were to guess, your goal is not offline existence, but privacy, and doing things offline guarantees privacy, the same way that high-security environments use airgapped machines. But that's just a means to an end. There are other ways of achieving privacy, like using vetted open source software that take privacy seriously, for example a fediverse client running in Tor browser. Privacy does not necessitate being offline. Going to a cafe to download articles to read offline, is not really offline either. It's just an intermittent internet connection