fran

joined 3 months ago
[–] fran@lemmy.dbzer0.com 1 points 1 week ago

When discussing privacy, a crucial question arises: what's your comfort level with exposure? Are you posting via Tor, or are you more relaxed about your online footprint?

The truth is, everyone has a different threat model. To avoid confusion, you should be clear throughout your discussions about what your threat model is. Some users face high-stakes surveillance in oppressive regimes, while others are simply ad-averse and not concerned with anonymity. Then there are those who prioritize absolute privacy no matter how small the data leakage is.

In reality, privacy doesn't have to be overwhelmingly complex. However, things get murky when you have a weird mix of yielding data to multiple, potentially untrustworthy, data collectors – including corporations and governments. Consider your daily habits: do you regularly use a credit card, or activate your phone's cellular connectivity? While many are comfortable surrendering their purchase records (credit card) and location history (credit card + phone) to data collectors (which often retain this information indefinitely), others bristle at the idea of relinquishing so much personal data without discernible benefits.

[–] fran@lemmy.dbzer0.com 2 points 3 months ago* (last edited 3 months ago) (2 children)

Even assuming an observer somehow knows the serial number of a spent bill, there is no central database tracking cash transactions. There is no history attached to cash, and no further trail for the observer to follow. While it is unlikely that an observer knows which specific bill you owned, it is downright impossible for the observer to know how you came into possession of said bill, or how it will be spent in the future.

I'd push back on this. Many people get cash from a bank ATM. Businesses often deposit the cash they receive back into a bank. Truthfully I think there are very few hops between the cash withdrawal and deposit, and banks can easily check serial numbers and associate them with you. So an observer like the government/financial authority can probably piece together in most cases how you came into possession of a bill based on ATM withdrawal and where you spent it, based on deposit.

I think this same method is why Bitcoin's privacy is lacking. Satoshi said in the Bitcoin paper that privacy can be maintained by ensuring our addresses remain pseudonymous. In reality, that's just too difficult to do and too much information is leaked because addresses can be tracked and traced and labelled especially when going to and from exchanges when people want to pay for things that do not accept cryptocurrency. So, although I don't think Bitcoin's privacy is better than cash, mostly to the point that serial numbers are not recorded on non-bank cash transfers, I think it's wrong to say cash is "downright impossible" to track.

[–] fran@lemmy.dbzer0.com 2 points 3 months ago

Interestingly, Jukebox from OpenAI was trained on what appears to be copyrighted music and involved styles and renditions that explicitly referenced specific artists. It's now four years old though. The demo songs don't seem to be available anymore on Soundcloud.

There is MusicLM from Google (2023) - no lyrics. Also, AudioCraft from Meta (2023) - also no lyrics as far as I can tell.

 

Only recently did I discover the text-to-music AI companies (udio.com, suno.com) and I was surprised about how good the results are. Both are under lawsuit from RIAA.

I am curious if there are any local ones I can experiment with or train myself. I know there is facebook/musicgen-large on HuggingFace. That model is over 1 year old and there might be others by now. Also, based on the card I get the feeling that model is not going to be good at doing specific song lyrics (maybe the lyrics just were absent from the training data?). I am most interested in trying my hand at writing songs and fine-tuning a model on specific types of music to get the sounds I am looking for.

[–] fran@lemmy.dbzer0.com 2 points 3 months ago

The Tor client itself is lightweight. It's the application you want to run behind the onion service (http server, etc.) that is probably going to limit you in terms of hardware. You can run an onion service on a Raspberry Pi. Any version in fact, even the first one.

[–] fran@lemmy.dbzer0.com 2 points 3 months ago

Llama 3 70b is almost as good. Self-host it and sleep well at night.

[–] fran@lemmy.dbzer0.com 5 points 3 months ago (1 children)

Depends on your location and standards. Lots of the Tor relays are in Europe, so if you are here the connectivity is pretty good. Bandwidth is usually up to 2 MB/s and latency usually goes from 300ms - 1.5 seconds. Initial connections to a server might take longer (5-7 seconds). For browsing the web and playing non-HD videos it's fine in my opinion.

[–] fran@lemmy.dbzer0.com 4 points 3 months ago (3 children)

If you don't share the onion link with others and just use it for yourself, no one ever discovers it, unlike the public internet where you get crawled by port scanners all the time. Also there is a public key whitelist feature if you want to restrict who connects.

[–] fran@lemmy.dbzer0.com 3 points 3 months ago* (last edited 3 months ago)

It's easy. Just edit your Tor configuration file (torrc) to enable an onion service. This one forwards from the onion service on port 80 (so users don't have to specify a port number in the URL) to a local HTTP server running on your machine on port 8000:

HiddenServiceDir /var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:8000

Change the directory path based on your operating system. Specify a directory that doesn't exist yet so Tor can set the correct permissions on it. Next, start or restart Tor. Then just read the onion service's hostname in the hostname file created in that hidden services directory.

You can then run any HTTP server on localhost:8000 and anyone connecting to your onion service can access it. In Python this might be as simple as python3 -m http.server --bind localhost 8000 --directory . to share the files current directory (but be aware that there are some security considerations, like symbolic links, to be aware of. Just use this for testing.) For production servers you will want a "real" http server.

 

It amazes me that onion sites aren't everywhere. They are easy to spin up, you don't have to pay anything and can run it from your own home. No need to purchase a domain, worry about expiration, have an open port. Built-in DoS protection. Anonymity and authentication by default. No need to configure HTTPS. Sure, uptime is on you and there is some latency/bandwidth limits to be considered, but once you are over that, onions are a solution to many problems and the benefits are enormous.