see also previous thread in this community on this topic from a month ago

For each participant, Dialog logs a membership status, every retreat the person has attended, a biography, a home city, and a private access token. WIRED is not publishing the tokens, which function as login credentials, or the personalized account links that contain them.

This is an odd thing to say given that neither Wired nor their source (“the Swiss hacktivist maia arson crimew”) appear to be publishing any of the actual data whatsoever, beyond the handful of mostly nonspecific references to it in the article text. (Eg, lots of sentences like “The website directory names sitting Trump administration officials, two US senators, six members of the Paypal Mafia, a former Middle East chief of intelligence, and a sitting ambassador to the United States, along with the founders and directors of many of the country’s largest surveillance, data-broker, and advertising-data companies.” - omitting names of any of these people.)

Also, the linked archive says:

Update 6/16/2026, 5:47 pm EDT: WIRED updated this article to correct a conflation of two people named Jeff Epstein. A small revision was also made to address a security concern raised by a Dialog representative.

Someone helpfully had already made an earlier archive before that, so we can see what information Wired journalists Dell Cameron and Yulia Almazova removed at the request of a Dialog representative: where it now says “The retreat is scheduled for August 12-16 at a venue near Dublin” it originally said “The retreat is scheduled for August 12-16 at the Powerscourt Hotel outside Dublin”.

tuta is (like proton) snake oil. (here and here are two of my old comments about why…)

Mailbox.org lets you keep your own private key.

Every email provider lets you keep your own private key if you do encryption using the interoperable OpenPGP standard using software running on your own computer. Many email providers will recommend that you do exactly that, and will helpfully instruct you about how to do so (eg, the more reputable options in this thread such as migadu.com, mailbox.org, posteo.de, and even fastmail.com all have instructions for how to use some implementation of pgp to encrypt your email).

Meanwhile any company selling non-standard “email encryption” (eg, proton and tuta) which is not compatible with pgp (or, in the corporate world, s/mime, which is also a standard…) is firmly in the snake oil business and should be distrusted and boycotted regardless of which shitty youtubers they’re sponsoring this week.

Companies now block older browser versions

Now? This has been happening since the dawn of the web. At least the screenshot you pasted represents all of the big three rendering engines - it used to be common to see “Internet Explorer version XYZ required”, sometimes with javascript to prevent you from using the site with any other browser (even if in some cases it would actually work fine if you simply spoofed your user agent string).

I have used kinda retro devices to surf the web at times

Most websites became HTTPS-only sometime after the snowden disclosures in 2013.

Over time old versions of TLS have been deprecated and eventually support for them is dropped from browsers and web servers alike. So, a browser from even 15 years ago literally cannot connect to most webservers today.

Planned obsolescence is terrible but it’s a minor factor here: it’s actually dangerous to use even (especially?) a slightly-out-of-date web browser because every new release fixes vulnerabilities which can be exploited to run malicious code on your computer. The planned obsolescence which prevents people from being able to have an up-to-date browser comes mostly from proprietary operating system vendors; to have up-to-date software while continuing to use somewhat older computers you need to use free/libre software.

As others have said it is a huge amount of work to maintain a fork of such a complicated piece of software.

Especially around security: web browsers constantly process potentially-malicious data, which gives them a large attack surface. Every browser regularly has new vulnerabilities discovered which must be fixed. Hard forking a browser means that, even ignoring any bugs in the new code the fork has added, every time a bug is discovered and fixed in the code they forked from someone needs to analyze the upstream’s fix and port it to the fork. The more they diverge, the more work this is. Failing to do this work lets any malicious website exploit the bugs and install malware on users’ computers.

The 2021 paper OSRM-CCTV: Open-source CCTV-aware routing and navigation system for privacy, anonymity and safety says they published source code at https://github.com/Fuziih but I don’t see it there now (though there is a related project called cctv-exposure).

The final published version of the paper seems to be paywalled; it’s probably on scihub but there is also a preprint of it here on arxiv.

https://github.com/FNBIP/ghost-route (just 3 commits, from February this year) says it is inspired by the paper and “extended to a production-grade multi-mode threat routing system”. It’s a node app you run locally (there doesn’t appear to be a public instance currently) which would be nice if it could work offline but unfortunately “Offline mode with pre-downloaded OSM tiles” is still on the roadmap and it currently lists “A Mapbox GL JS token (free tier works)” as a requirement (which is probably why there isn’t a public instance - someone would need to pay mapbox if they wanted to run it for other people).

I have not tried it; if anyone reading this has or does please post here about how it works!

sure.

moderator reports still don’t federate to other instances

you are mistaken. reports are federated from the reporter’s instance to the community’s instance, as well as to the instances of all moderators of the community, and to the instance of the user who posted the comment or post being reported.

The visual option is the normal reCAPTCHA (eg) and the audio option is the (quite difficult) thing they’ve been subjecting blind people to for years. Presumably they will keep offering desktop users these options (at least in many/most cases) for a long time still; this new phone-required extra-invasive CAPTCHA is just a hint of where they’re heading. (But already it is apparently actually required for Android users in some cases: https://reclaimthenet.org/google-broke-recaptcha-for-de-googled-android-users …)

Is this something that websites opt into and add to their own site?

Yes.

reCAPTCHA is google’s “anti-abuse” service which many websites use to prevent slightly increase the cost of operating automated crawlers (which somewhat ironically google operates one of the largest of itself, for their search engine).

Before neural networks could solve CAPTCHAs reliably, spammers were solving them with human labor; solving services like anti-captcha.com (intentionally not a clickable link…) today use a mixture of automated and human solvers.

In the future google is apparently building, solving services will need farms of able-to-run-a-recent-android-release mobile devices with some kind of trusted computing hardware, each one of which they’ll have to use sparingly enough to keep usage of its unique ID under some plausibly-human threshold.

And even if you do have a phone and are willing to identify yourself with it, if it is too old to run a recent enough Android you also will sometimes be denied services for being unable to pass a robots’ “human” test.

🤮

Any website using this will simply cease to exist in my eyes.

as i wrote in another recent thread on this topic:

for some reCaptcha-using websites there actually aren’t alternatives. eg many governments, healthcare providers, public utilities, etc are using it :(

I would guess not, given the other recent news about degoogled Android devices also being unable to pass reCAPTCHA.

i generally agree, although for some reCaptcha-using websites there actually aren’t alternatives. eg many governments, healthcare providers, public utilities, etc are using it :(

A Motorola phone soon shipping with GrapheneOS isn’t just a rumor but it doesn’t help with the problem of Google making their very popular robot detection service classify deGoogled Android users as non-human.

more info here: https://reclaimthenet.org/google-broke-recaptcha-for-de-googled-android-users