- This topic has 26 replies, 1 voice, and was last updated 3 months, 2 weeks ago by
.
-
Posts
-
Apologies if this is widely known
Well, I did not know. So thank you!
It does work but I am a little wary of it. It struck me as unusual because of the method Twitter/X has deployed to stop scraping, ie. shutting down guest accounts. So this can only be someone using an actual twitter/x account to scrape. The POAST fediverse thing is administered by someone calling themselves animegrafmays and in a reddit post this person has stated that they are running the nitter instance. The Fediverse wiki describes what it is. From the same wiki there is a description of the POAST network.
That’s as much as I can find out for now. I’d be careful.
Thanks ET you seem to know a bit about it
Being behind the times due to my advanced age, I am not sure what you mean – what should I be careful of? I haven’t had access to a bank account for over twenty years, what else could be done to me?
X is owned by the richest and run by members of the Western “intelligence” communities, which now includes Mossad – if these entities don’t induce one being careful, noth8ng will lol
What sort of thing are you thinking of – fake tweets, recording the IP addresses of people using it? What is the direction of your thought here?
Will, I only know what I dug up searching this morning and it’s all in the links above.
The guy who originally developed and maintained Nitter stated that there was now no way to scrape without having an account to log in with. A single account with many people using it to see tweets will quickly get rate limited because X will see that as abnormal. I don’t know how this guy is getting around that rate limiting. Perhaps not enough people know about this instance as yet and the rate limiting isn’t triggered or something else, I don’t know what.
Yes, that instance must get your IP as you use it but as you say so would twitter/X if you use it and so also does your ISP/Mobile provider. I’m not thinking of fake tweets. I am wondering why some of the other nitter people haven’t done this too. I guess I am wondering why twitter/x hasn’t shut this down quickly.Thanks ET, I get your point now – that is a very good explanation, you made me feel like a “ Master of the Universe” as it clicked. You reason clearly and now you have got me thinking about the why of it
I would only use it to check in on a couple of people. When nitter died I noticed I didn’t miss it. It’s use as a source for research material was supplemental for me, the sources were available elsewhere. Yet with the current election I have used to check in on Mr Murray’s account, to keep up with events in Blackburn
Yes it is a good question: why does this unexplained exception exist and persist? Surely it can’t last long?
I have got to say that for now it works well and quickly. It requires to allow javascript from poast.org but nothing else and that’s ok. I don’t know how it’s getting around the throttling issue, perhaps using multiple accounts and juggling them somehow. If anyone is interested the reddit thread is here.
“I guess I am wondering why twitter/x hasn’t shut this down quickly”
In your reply above, the notion of a limited quantity emerged in my mind
When Nitter died, as I say I didn’t miss it. The idea of me joining X or even clicking on X content was a non-starter. I did click on a few links but the functions were so limited, I realised I could get the info elsewhere
Then poast starts and you, rightly say, why has not this been stopped? It makes me wonder. It seems unlikely that the former intelligence assets who run X don’t know about it. Nitter was only chance of a person like me, consuming this content and becoming habituated with the workings of this type of information system. Apparently Twitter’s original designers copied the neurological model of the endorphin rewards experienced by crack-cocaine addicts lol
Back in the early 90’s, there was a lot of discussion amongst IT industry bigwigs concerning how content was to conceptualised – they wanted to “push” content onto desktops and were against desktop users finding the content they wanted to consume themselves. When the explosion of internet came, the idea of “pushing” content receded into the background but did not go away. I see it in the workings of X, not so much in the individual behaviour of its users ie their tweets but in the chain of events that occur after a user has made a statement, has created content.
Obviously if one can push content, one can create narratives, counter-narratives or whatever. These constructs set people in motion, alter behaviour and can on occasion create completely new behaviour – ever wonder why pairs of used trainers hang on telephone lines all over the country – the world?
“ever wonder why pairs of used trainers hang on telephone lines all over the country – the world?”
Erm, no, not really :D. That would be because I didn’t know until you mentioned it that it was/is a thing. Now I have searched for a reason I am none the wiser LOL.
As for nitter, it had a large number of people using it in its prime and a lot of folk helping to maintain it, host instances etc etc. If this guy can do it I am surprised there are not a number of the folk formerly involved in nitter doing the same thing. Here’s hoping they do.
But yes Will, I am still skeptical.
Yes where is the army that makes this service possible?
The trainers must be a ghetto thing. About twenty five years ago pairs of trainers started appearing on telephone wires, thrown over and entangled by the shoes laces, in the ghettos I habituated. I asked around and for several years heard nothing convincing
Then I had a drink with a guy who I had grown up with, who had risen high in the ranks of the local OCGs and claimed he frequented the local “Playboy Mansion” !? He mentioned that it was a code connected with drug dealing, police informers and the territory claimed by gangsters
This individual is highly intelligent and ticks 95% of the boxes on the Hare checklist for psychopathy. He has a legend built on the many public, ferocious acts of violence he has carried out – he’s definitely “in with the in-crowd” and might well know this info but I just noted what he said. He was very subtle, saying the sign could mean different things, at different times, in different place dependent on the current dynamic amongst the local (dis) organised criminals and didn’t claim to “know” about it, just general info
Then I met a younger crowd on the same trajectory and they claimed it was to show attackers the general location of a drug dealer who was slated to be robbed by other criminals
During the recent medical emergency I watched thousands of dvds coz I wasn’t on the internet and had a lot of spare time on my hands. In one of these films from the early 90’s someone slung a pair of trainers over a telephone wire strung from a lamppost were they hung by the laces, as all the ones I had seen in “real life”. The purpose of the act, as depicted in the film, was communication.
Life imitating art or something more mathematical?
I was led to believe that trainers hung over telephone wires indicated where drugs would be available at certain times. The availability on a night to night basis was indicated by a firework (usually a rocket) being let off.
I’ll take your word for it Jon
Before the year say 2000 I had never seen anyone messing with telephone wires apart from occasional vandalism. I can’t remember when I first saw it, I was struck by high up they were and yet they appeared to be thrown.
I suppose anything can be sign for anything but this felt odd when I saw the film that the motif appeared in first. Trainers were just getting big and the possibility that the behaviour your talking about above was generated by the film, however abstracted is very powerful – monkey see, monkey do. Probably what Bernais and Goebbells’ were inspired by, when turning information into a mind changing weapon delivered by radio waves
Philip K Dick has written several stories that discuss how powerful the instantaneous dissemination of info can be in synchronising the behaviour of aggregated masses of people, allowing this population, fed on controlled information sources, to harbour the most fantastic of illusions
I do remember seeing clackers on overhead wires back when I was a kid. Never understood the attraction of those things. I’ve never really noticed trainers before but I bet I’ll see them everywhere now that I am in the know :). Thanks for that Will, I’ll never unknow that :D.
ET, at 10:55 on June 27 you wrote “It requires to allow javascript from poast.org but nothing else and that’s ok”, but from your POAST link on June 22 at 11:04 –
– “Poast, also stylized as poa.st after its URL, is one of the largest fediverse glownigger honeypots currently in operation.”
It occurs to me that POAST could be other kinds of honeypot as well, and as malicious JavaScript is the most common way of exploiting and compromising target computers, I think I’ll avoid the POAST instance of nitter. If POAST is indeed a honeypot it would explain why this instance has been permitted to remain operational.
That was my initial misgiving Clark, a honeypot, and I posted links to what I’d found about poast. However, X, telegram and other social media that I personally don’t use also allow similar crap to be posted. Also, any site requiring you to input data such as say CM twitter will require some javascript.
I have scanned it on some url malware checker sites without issue but I’ve no idea how reliable they are.
As Will says, do I really care they know I am checking CM’s twitter?
ET – “I have scanned it on some url malware checker sites without issue but I’ve no idea how reliable they are.”
But POAST is administered by graf / animegrafmays, who looks utterly unreliable; hostile even. Graf can change POAST JavaScript at will. So what a url malware checker sees is not necessarily the same as what gets delivered to any given users’ computers.
The fediverse.wiki also mentions child porn. One of the earliest posts at Wikileaks was an essay by a former child porn sysadmin. The essay said that such material was illegal basically everywhere, making it was impossible to host in any jurisdiction. So instead they ran a campaign of infecting any internet-connected Windows computers that they could, installing server software upon them without their users’ knowledge, and using this infiltrated server software to host the illegal material. The child porn organisation didn’t host the content themselves at all. Instead they ran only indexing software, which connected paedophiles to their requested material on the remote infected systems. You may have seen Windows systems that “run very slow”, yet access their hard disks and internet connections continually, even before the user has launched any applications.
I’m not saying that this is necessarily what POAST is up to; I’m merely pointing out an example of dangers that may exist.
Hey Jon you’ve got me thinking – the shoe thingy is on the decline round here but the random discharge of a single firework takes place on a much more than regular basis. So maybe if someone have drugs to sell, they discharge a single firework and see what happens, dispensing with the arduous task of wrapping trainers round telegraph wire?
As to “h9neypots”, any memories of previous stories or consequences of being entrapped by such? Is the poast thing a hang out for self-confessed extremists? Or is there more to it than this? I’m using an old tablet – is the sort of stuff that can happen to tablets the same as PC’s?
Will, I don’t know the answers to your first three questions.
As to the last, pretty much any computer system can be compromised. Windows was by far the weakest for a long time. One major reason for this was because people installed software from any source anywhere on the internet, and the Windows system was set to permit this. Systems that only install from regulated app stores are a lot less vulnerable, in the sense that just persuading the user to deliberately install what turns out to be malware can’t be done.
But systems can still be subverted into installing malware. The major routes for this are through software that hasn’t had its updates or is no longer supported, and through JavaScript. Years ago I read that adverts are a major malware route. I don’t know if this is still the case, but ad blockers like UBlock Origin also block known malware sources.
UBlock in Expert Mode can also block JavaScript globally, and then selectively whitelist the few sources of it you really need. This is a hassle at first, as you learn how to use it and then work out what needs whitelisting for the various sites you use…
…and that’s why I’m avoiding the POAST instance of nitter. I’d need to whitelist POAST as a JavaScript source to use it, but since this discussion I definitely don’t trust it. So, with big thanks to ET for doing the research, it’s bye bye POAST for me 🙂
OK so, do we know of or can we find effective tools to detect malicious javascript? Bloody hell, there is just too much knowledge to find out.
ET, no I don’t know of any way to detect malicious JavaScript, so I concentrate on reducing my system’s exposure by whitelisting only the JavaScript that a given web page or site will not work without.
Malicious JavaScript exploits vulnerabilities in the JavaScript interpreter or ‘engine’, which is effectively part of the browser. I have seen some of these exploits years ago. Typically they are long strings of characters including many special characters such as question marks, slashes, etc., that have special meanings in JavaScript; they just look like gobbledegook. Each special character invokes some aspect of the interpreter, so blocking that character would disable certain functionality. By stringing a load together some obscure state of the interpreter is accessed and exploited.
Having said that, I had heard of the Free Software Foundation’s “Free JavaScript Campaign” and the GNU LibreJS browser extension. When I went looking for them for this comment, I found that the FSF has also now released JShelter, a browser add-on that attempts to protect against malicious JavaScript. I have never used either and I’ve no idea how effective they are. Info and links here:
I’ve just noticed that JShelter shares a developer with NoScript, which is a good sign.
Also on the former link (in #99284) I discovered a browser add-on called LibreDirect, which automatically redirects from many popular commercial websites to privacy front-ends, eg. Twitter to Nitter, YouTube to Invidious. I then installed this add-on into my instance of Firefox and it seems to work fine. The user can choose which instance they wish to use in LibreDirect’s settings, which also provides a list of around forty websites that can be buffered through privacy front-ends. A similar list is also available here:
OK, I installed the JShelter add-on into Firefox. However, I had trouble posting to the forums. I’ve had to disable two of its three functions; JavaScript Shield and Fingerprint Detector. Network Boundary Shield doesn’t seem to cause a problem. On this sites Cloudflare challenge page, JavaScript Shield results in the message “Your browser is out of date”. More details as I post more comments.
This instance of nitter doesn’t require javascript but it doesn’t always work right away due, I presume, to being rate limited. If you’re not in a hurry you can try it again after a time.
