I'm a long time fan of this podcast! Great to see it appearing on hacker news. I would recommend going back and listening to all 99 previous episodes and the 2 since this one also.
Same here. He does a great job of making quite technical shows very accessible, and many of the shows are just a really great story. Other particularly good episodes - The LinkedIn Incident [0], Information Monopoly [1] and OxyMonster [2]
Darknet Diaries is entertainment first and foremost. It's also a for-profit podcast where it's advertising becomes a problem.
I say this disappointingly, as I like good technical podcasts, but I have found very few in the security space which work well for me.
The information density is low. There's a whole lot of unnecessary back-and-forth banter between hosts and the the typical kind of old-school AM radio type bullshittery. A 30 minute segment often based on a four paragraph blog post.
The other big problem I have with the show is that the advertisement model has a whole lot of dark patterns. It's been sometimes difficult to tell which segments are "sponsored" (paid adverts) and which is attempted-NEWS/info. In fact, most of the shows are just one advert after another, and the guest speakers are often sleazy and leave out important information. That makes Darknet Diaries a misinformation source for me. I stopped trusting what I was hearing after awhile.
I like how NSO simultaneously claims they "hav nothing to do with the software after it's sold" but can also "shut down the software at any time, we have the technology".
So pegasus operators probably have some sort of licensing data that gets sent. Either way this is no different than them selling guns to terrorists and then being like, "but they said they were going to use the guns to FIGHT terrorism. No way we could have predicted that. Whoopsie-daisy!"
Yay, a blank dark page. Thank you, page author, for contributing to making the Internet an inaccessible shithole and requiring Javascript to read simple text.
"Please don't complain about website formatting, back-button breakage, and similar annoyances. They're too common to be interesting. Exception: when the author is present. Then friendly feedback might be helpful."
Here's another way of looking at it: Does this page really need to execute code on its users' machines? Why is this such an acceptable thing in the first place?
> Why is this such an acceptable thing in the first place?
Because before we had local desktop applications that were substantially less secure, with far greater default access rights (even root/admin in many cases).
Webapps that execute in a silo-ed virtual machine with only access to their own data (without express permissions), is a substantial security improvement (and also doesn't require the user to install anything).
To be honest the people who want to visit a website, for free, and then insist on how that website is delivered are super entitled. If you don't want to execute a site's code in a browser's secure context then don't, but you cannot whine about it like they owe you.
"To be honest the people who want to visit a website, for free, and then insist on how that website is delivered are super entitled."
This is a very poor argumnet - stealing data is a crime.
Why should people accept being victims of robbery just because they are in a free library or music concert?
Secondly, many websites have a paid plan - OneDrive, Xero, Flikr, LinkedIn, YouTube, etc. This is a terrible attitude: "I gave you candy for free, so don't complain if it's poisoned"
That’s a bit warped of a comparison - 99% plus of website JS isn’t a poisoned Apple that will cause some kind of real harm.
That (in your analogy) everyone giving candy on Halloween provides a potential threat vector for a serial killer to occasional slip one in is them taking advantage of an ecosystem that everyone desires, not a malicious act from everyone giving out candy.
> No, the site owner is usually gaining money from his users (through ads, tracking, etc). This is an incredibly dishonest statement.
Which you're purposely trying to avoid by disabling JavaScript, thus mooching and demanding that they design the site around your niche desires.
NoJs users are negative revenue users. They cost the same as a revenue user but block revenue streams. Then feel like more resources should be spent on just them.
You're then asking businesses to pay to place ads that you cannot assure them were actually viewed by anyone. It can work, but companies will pay more for ads that can prove they were even rendered let alone uniquely.
Many business models don't work with reduced revenues, thus you can embed ads in content, take the lower revenue, but then need to structure your business around the lower total revenue.
Typically, when businesses have goals like these they end up instead just doing a membership model wherein it is ad-less but the users/audience is paying them directly for content production.
Generally no, as botnets can and do trivially spoof that kind of activity to burn competitors ad budgets or generate more revenue for the ad networks or websites.
Yes, it does. Not using JavaScript to present documents is the default, you actually need to devote time to make it the other way. Relying on JavaScript significantly increases your failure surface. Outdated browsers, buggy extensions, network failures, poor error handling - it becomes much more likely for your content to not display even when the user does not actually turn JavaScript off.
I'm not sure what the ratio is. What I do know is that there is a concept that, to me used to be a well known concept, that web developer's are encouraged to follow called "graceful degradation". I wish more people would pay it some attention.
Whether it's due to capabilities of a browser or extra security measures a user would like to practice graceful degradation allows content to be shared with more people than not.
I have JS enabled, but don't allow third-party JS.
Sorry, for the author, but I'm not going to enable google-apis and other google spyware scripts to load on my browser just to see what they're up to in this blog post.
As someone who supposedly wrote an article about fighting spyware, they should know better that to require loading google scripts in order to see a simple page.
A better question is, what % of web developers test their JS rendering on the array of browsers it's guaranteed to encounter, or consider what happens when very basic privacy tools are in use?
Those aren't relevant questions for this case, however. The page isn't failing to render without JS, it's failing to render without third party JS. For a group whose nominal message is bragging about their hax0r skills, it's pretty clumsy to build in a single point of fail dependency on code they don't control, then require their users to run it.
No idea, but I browse without js (enabled on a case-by-case basis). I'd say 10-15% of the links from the HN front-page are broken without js, I generally move on to the next one.
Anecdotally, based on my own data, roughly 0.2% to 0.3% after excluding bot/crawler UAs (and I run a website more likely to be visited by "techy" users, probably lower for the general population).
Just a note that you've framed the question as "without JS turned on" but it's not always a choice; there are people who don't have access to sufficiently new hardware or reliable telecoms that it will work as intended.
As an example, for the past ten years I have had to browse with a tablet that crashed every time JS was enabled (luckily I could recently justify the expense of a new one, so that won't be the case any more when it arrives)
I have JS turned on on my phone, yet this website did not render. I am using content blockers, yet there are no trackers on this site so I’m not sure what exactly is being blocked!
> Another page that doesn't render at all without JS
I find it ironic. For a site that discusses privacy/cybercrime/surveillance you would expect it works with JS turned off. I imagine many of their visitors visit the site with the Tor Browser Bundle. And I'd say roughly 33% of those have the 'safety slider' set to 'safest' which blocks JS globally.
