this post was submitted on 10 Oct 2024
318 points (99.7% liked)

Privacy

31737 readers
608 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
all 50 comments
sorted by: hot top controversial new old
[–] kionite231@lemmy.ca 120 points 2 weeks ago (2 children)

It's always heart breaking to see IA in trouble :(

[–] threeganzi@sh.itjust.works 75 points 2 weeks ago* (last edited 2 weeks ago) (4 children)

Yeah, what kind of hacktivist group would go against Internet Archive? Not activists for good at least.

Edit: according to another article they are a pro-Palestinian group. Still not sure about their motives for Internet Archive.

BlackMeta, also known as SN_BlackMeta, appeared in November 2023 and has a history of claiming responsibility for attacks against organizations in Israel, the United Arab Emirates, and the United States. In May, the group claimed responsibility for a multiday denial-of-service attack on the San Francisco-based Internet Archive. In April, the group claimed to have attacked the Israel-based infrastructure of the Orange Group, a French provider of telecommunication services in Europe, the Middle East, and Africa. The group also targeted organizations in Saudi Arabia, Canada, and the United Arab Emirates.

Dark Reading

[–] sanpo@sopuli.xyz 48 points 2 weeks ago (1 children)

They're not hacktivists, they're just assholes.

[–] cyberpunk007@lemmy.ca 40 points 2 weeks ago (1 children)
[–] LiveLM@lemmy.zip 28 points 2 weeks ago* (last edited 2 weeks ago) (2 children)

When someone asked the group who claimed responsibility on Twitter, they said this:

They are under attack because the archive belongs to the USA, and as we all know, this horrendous and hypocritical government supports the genocide that is being carried out by the terrorist state of "Israel".

Later they made a long Tweet saying even more.

I'll be fully honest, I do not get it. At all.
You'd think they'd be attacking some government website or even FAANG if they really wanted to say something.
Looking through their feed, seems like most of their attacks are DDOS. Guess IA was one of the few they actually managed to breach.

Picking on easy targets is lame.

[–] abrahambelch@programming.dev 8 points 2 weeks ago

Yeah me neither. I don't think they understand the consequences of their own actions either. All that matters to them is "USA bad, good". They'd probably also burn down the fields in a country they import their food from.

[–] interdimensionalmeme@lemmy.ml -1 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

When faced with an unstoppable death machine, you don't attack it is impervious. You savage it were it hurts most.

[–] LiveLM@lemmy.zip 3 points 2 weeks ago* (last edited 2 weeks ago)

...eh, is IA really where it 'hurts most' though?
Hell, I bet most bigwig company execs would be thrilled if it went down, they're giving the influential people of the 'death machine' a reason to smile.

[–] NauticalNoodle@lemmy.ml 18 points 2 weeks ago

hmm, a faux hacktivist group certainly would be an excellent and easy way for an intelligence agency to try and redirect anger. hypothetically speaking, of course.

[–] whydudothatdrcrane@lemmy.ml 27 points 2 weeks ago

IA is a pillar of internet activism, and an exceptional instance of the spirit of the web pioneers. No real hacktivist would take them on. These guys are spooks, black hat, or corporate actors.

[–] lemmeBe@sh.itjust.works 34 points 2 weeks ago (3 children)
[–] ganymede@lemmy.ml 33 points 2 weeks ago* (last edited 2 weeks ago) (3 children)

no idea

but google cache is being shut down, then google announces they'll be participating with IA.

now this.

really not a good time in history for our ability to easily document web history to be getting messed with.

[–] PrincessLeiasCat@sh.itjust.works 26 points 2 weeks ago (1 children)

I feel like google cache has been gone for years. Remember when you could choose to see the cached version of almost any site that came up in your search results? I want to have nice things again.

[–] ipkpjersi@lemmy.ml 4 points 2 weeks ago

Yeah, Google Cache does seem like it has been gone for years. I can't even recall the last time I was able to use it.

[–] sakuragasaki46@feddit.it 6 points 2 weeks ago

Google shut down their cache and "teamed up" with IA to offload the work to someone else's server, so they don't pay for it.

[–] INHALE_VEGETABLES@aussie.zone 5 points 2 weeks ago

I just hope they backed up geocities

[–] gndagreborn@lemmy.world 4 points 2 weeks ago

if assholes are willing to ransom a pediatric burns hospital for money, they would have the required lack of empathy to attack the IA.

[–] AceFuzzLord@lemm.ee 1 points 2 weeks ago (1 children)

Horrible people like to see the greatest things humanity has ever done burn to the ground. That's my guess.

[–] lemmeBe@sh.itjust.works 11 points 2 weeks ago (1 children)

I mean in terms of a hacking accomplishment, it's like you beat up a disabled person. 😐

[–] INHALE_VEGETABLES@aussie.zone 0 points 2 weeks ago

Odd throwback to the epilepsy website hack.

[–] sakuragasaki46@feddit.it 26 points 2 weeks ago

Those corporate scums (Hach*tte, H*rperCollins, P*nguin…) paid for it. I am 100% sure. Don't prove me wrong.

They claimed to be pro-Palestinian because they want Israel to be on the right

[–] helpImTrappedOnline@lemmy.world 21 points 2 weeks ago (3 children)

Friendly reminder: If you haven't diversified your passwords yet, get a password manger and do it!

Its not an if someone gets hacks, its when.

I don't know if this hack included any user and password, but if it did, they will try the combo on other sites.


KeePassXC, works great but you are responsible for your own file and syncing it between devices. (I use syncthing, but a cloud drive is a viable sync method, its all encyptyed) (iOS options limited)

Bitwarden, great if you don't want to worry about the file and everything syncs on its own. (There is a self hosted version, if you prefer).

Avoid anything paid or tied to a major corporation, they have proven time and again they cn not be trusted to keep our data safe.

[–] threeganzi@sh.itjust.works 9 points 2 weeks ago (2 children)

I’m using 1Password and have been happy using it. Any reason not to use it, aside from not being open source?

[–] jjlinux@lemmy.ml 7 points 2 weeks ago

For something that literally holds all your credentials, just it being closed source should be enough of a concern.

[–] helpImTrappedOnline@lemmy.world 2 points 2 weeks ago

You're trusting a third party to store, protect and not loose your passwords behind a vault you never see.

Google had messed up pretty bad a few months ago. Last pass has had issues. I'm unaware of 1pass having issues, but I don't exactly pay close attentions. https://www.keepersecurity.com/blog/2024/08/01/google-password-manager-loses-millions-of-passwords/

These days its not if something bad happens, its when and how bad.

Keeping your database private, also reduces the risk of random attacks a lot. If you're passwords aren't part of a big data leak, they can't use them. Hackers are after the big payouts or the easy payouts. They're less likely to spend a lot time trying to crack your one database, when they can move on to the next guy who keeps them all in a word doc.


If you do have reason to keep using 1pass for whatever reason, be it convince or lack of time to switch, I highly recommend at least getting your important (email, bank, etc) passwords duplicated to something like Keepass (back that file up too) so if/when 1pass ever looses your passwords, you at least have a solid starting point for recovery. Its also good way to familiarize/try out a few options with out dedicating to a full switch.

[–] csm10495@sh.itjust.works 2 points 2 weeks ago

And if self hosting bitwarden seems tough, look at vaultwarden instead. It's a one-container all in one bitwarden-compatible container.

[–] electric_nan@lemmy.ml 2 points 2 weeks ago

They only got salted hashes AFAIK. Still it is absolutely good advice to use a password manager.

[–] django@discuss.tchncs.de 18 points 2 weeks ago (1 children)

Reminds me of those people who tested how fireproof the library of Alexandria was. Thanks a lot assholes!

[–] OhVenus_Baby@lemmy.ml 1 points 2 weeks ago (1 children)
[–] django@discuss.tchncs.de 1 points 2 weeks ago

I have actually no idea, who exactly burned it down finally.

[–] muntedcrocodile@lemm.ee 15 points 2 weeks ago (2 children)

What user data do people have on ia?

[–] AndyMFK@lemmy.dbzer0.com 23 points 2 weeks ago* (last edited 2 weeks ago) (2 children)

Haven't looked much into the breach, but probably the biggest issue is passwords. If unencrypted, and a user uses the same generic password for their email or bank or whatever, that possess a serious concern.

This highlights the importance of not reusing passwords

Edit: looks like passwords were hashed with bcrypt, which is really quite excellent. Very unlikely anybody is getting actual passwords from this leak.

[–] Quail4789@lemmy.ml 4 points 2 weeks ago (2 children)

If someones reusing their passwords then their passwords will likely be found very easily with rainbow tables.

[–] sneezycat@sopuli.xyz 2 points 2 weeks ago* (last edited 2 weeks ago) (1 children)

If your password is long/complex enough, it ain't going to be on a rainbow table. But yeah.

[–] Quail4789@lemmy.ml 1 points 2 weeks ago (1 children)

People reusing passwords probably also aren't using long and complex passwords.

[–] sneezycat@sopuli.xyz 3 points 2 weeks ago (1 children)

why not? they may have one long pass that they remember and use for everything, can't be bothered to remember more of them.

[–] XTL@sopuli.xyz 3 points 2 weeks ago

That's probably correct, horse battery staple.

[–] muntedcrocodile@lemm.ee 2 points 2 weeks ago (1 children)

Rainbows tables are mostly irrelevant lately. Well at least if u follow proper salt and proper reccommendationa.

[–] ipkpjersi@lemmy.ml 2 points 2 weeks ago

Which bcrypt does, since it generates a unique salt per-password.

[–] ipkpjersi@lemmy.ml 1 points 2 weeks ago

I'd hope that passwords would be unencrypted, really they should be hashed ;)

[–] JohnyRocket@discuss.tchncs.de 3 points 2 weeks ago (1 children)

Hopefully they didn't store to much financial info from donations, otherwise I am a bit coocked...

[–] muntedcrocodile@lemm.ee 1 points 2 weeks ago

This is why monero should be the future.

[–] DavidGarcia@feddit.nl 8 points 2 weeks ago

well well well, the archiver becomes the archivee

[–] dingdongitsabear@lemmy.ml 8 points 2 weeks ago

fucking edgelords... IA has trouble staying on its feet without this sorta crap.

this has "kicking puppies for palestine" energy - not sure where I've read this but it's an apt analogy.

[–] Fish@midwest.social 2 points 2 weeks ago* (last edited 2 weeks ago)

Now I'm glad that I made disposable email addresses for most of my accounts a couple of months ago. With all the data breaches, it seems that email aliases are essential. I use SimpleLogin.

For the sake of simplicity, I also bought a domain to use for all those email addresses