Others have written about how windows does it, but here’s some more details.

A window which runs with higher privileges (even just elevated to admin but still with your same account) cannot be read by normal privileges. You can see this when you use a custom screenshot program with some privileged system utility, but it’s key combo does not work when the higher privileged window is active (in the foreground, selected). The screenshot program could not access UI elements in the privileged window, and can’t send messages to it, but it can still see it rendered and capture it.

There’s also a feature called “secure desktop”. This is a bit like opening a new desktop with it’s separate “window namespace”. It’s distinct so much that it doesn’t have the taskbar and start menu, and by default it would be blackness, but you don’t notice it because the system takes a screenshot before opening it and sets that as background.
Admin utils rarely use this feature, as I know this is only used for the User Account Control window that appears when a program is asking for elevated permissions. This is where you type your password, or just accept or deny the elevation request.
The Keepass password manager can also make use of this feature for the unlock prompt, but it can’t use it that effectively, because the new secure desktop can be found in some way by other programs if it was not created with elevated privileges. It writes about this in it’s documentation.
Even though Linux nowadays has a password prompt dialog, it does not have anything similar to this secure desktop thing as I know.

Other than that, on windows (maybe linux too?) processes of the same user and privilege level can read each other’s memory. Without elevation. It’s quite complicated but it’s always there.
And like with gdb and strace on linux, there are ways on windows too to analyze or modify at runtime how a process works.

What controller? That does not seem to be a problem with the portal concept, but a pretty weird bug in the implementation of some part of it.

I don’t understand your point. If they don’t have enough access to install a keylogger, then they can’t grant permission to themselves. That’s why you want to keep them from being able to do that.

Besides that, you won’t be able to get your drivers signed for windows to accept them, so it’s basically futile anyway

Can’t we basically call this a remote access trojan?

You may also try to run qb in a container that somehow has a basic graphical environment, and waypipe it to your desktop pc.

Never done that, but having been wanted to try it out.

I would recommend to put them inside /mnt for internal disks. It’s a bit more organized that way, and by looking at the path is easier to know that it’s in an internal drive.

Mounting to a specific location should not affect the permissions of the drive. But in the case of NTFS and some other filesystems, Linux is not compatible with their permission model, so it is simplified by e.g. making all files be only accessible by root.
You can override this default with mount options, or change the permissions to sensible values with chmod and chown, but I’m not sure if changing them will have negative side effects on the windows side so the latter may not be a good idea.

FDE requires third-party software (veracrypt)

There’s bitlocker, I think it was added in 7 or Vista. What do you mean?
But other than that, I would rather use VC too.

standard system utilities (think ssh, git etc.) are not available on a fresh install

Hmm, depends. It has a built in openssh client and server, but the “feature” (automatically installing package) is off by default. It can be enabled at install time with the use of the standard windows image modification tools (DISM I think?)

And then you’re supposed to download and install .exe files from the internet? Since microsoft controls what goes in the windows store

I think it’s better that Microsoft does not have that much control over software distribution.

But again, most things you want aren’t there, and you can’t even trust the things that are there.

Of course you can’t, nobody can tell by looking at the store page if it was modified by anyone, including Microsoft.
The amazon app store for android explicitely tells that they are adding tracking code to every uploaded app, and to make this possible they replace the digital signature of apps uploaded. Google with the play store does not tell anything like this afaik, but for a few years now it also basically compromised the digital signatures of developers, by requiring the private keys to be mandatorily handed in for continued app updates.
I don’t trust that these companies that already rely on mass surveillance as a revenue stream, they won’t add tracking code to apps unauthorized by the devs. If not right now, it will happen in the future.

For some reason, a billion dollar company cannot curate a software repository of the same quality as the ones maintained by unpaid volunteers in the Linux world.

Besides quality, I think open source distro’s repository and it’s packagers are largely more trustable. They are not motivated financially to modify the packages in unwanted (by the user) ways, and they are transparent.

So yeah, I think it’s just not there yet. Maybe in a few years windows will be a viable alternative for desktop systems.

I think they are drifting farther and farther away.
It was an option. But the shitshow of 11… thanks that’s too much. I’m not installing that for anyone. And 10 is soon end of life…

I wanted to search for the postman tracker’s address, so went to check on notbob.i2p. website unreachable. Isn’t this a relatively fairly popular site here?

Edit: on a second try it now loaded in ~10 seconds.
This latency is probably not to much of a problem, but two things:

• the instability that it couldn’t even start loading the site, and it’s regularity
• if a text site with few graphics takes this much time to transfer, bittorrent and movies will be even worse because that’s often not compressible

1-2 days is slow but acceptable I think. It’s a compromise.

But for some reason for me it’s much slower, even though I run a router that participates in routing and usually has 50+ or even 3 digit share ratios, with ~80 GB traffic a day in both directions, so it must be integrated well.

Now I realized I have only tried a single I2P torrent yet, and it was just 2 MB, and my experience was coming from both i2p sites and outproxies often being very slow or unreachable with the common tunnel settings.

I apologize for the confusion

Meta is working to address these concerns

Sure, they are working to solve these concerns by teaching their LLM to lie and obfuscate, and by becoming so big nobody sues them anymore. I’m sick of this.

It’s pretty hard to not use their services when among else even fucking university courses only upload their content there.

Fixed a word, it was supposed to be unavoidable, not unavailable.

Depends on the penalty

I2P and it’s sub 100 kb/s speed? Series, games would never finish downloading, but then also only those torrents are accessible through I2P that are published to an I2P tracker, there is no DHT (yet?). Clearnet torrents and clearnet peers are not accessible through I2P.

Or is it something on my end that makes it that slow? ISP download bandwidth is stable and much higher.

I can’t morally justify blocking ads and viewing their content for free.

I can’t morally justify anything they are doing, and have been doing for many many years already. Yet I use their public services because they are unavoidable. But I would never give money to such a company.

Ads need to be tailored to the user when delivered

1. It does not. If you install a new browser and open YouTube the first time, they’ll be able to show ads to you
2. They could be tailored based on other factors too, like country, region, or even household by the IP

I think the backend could just generate the ad ridden video feed for the specific user. Most probably it would be very resource intensive, but I can only hope so… but then I also don’t know much about HLS and other fragmented streams so it might not be a performance problem at all.

like a linked list

I think the full list of chunks is (currently) known beforehand. That’s how yt-dlp can download on multiple threads, but also how it can show the number of total fragments relatively quickly on the progress bar

How?

By the way, yes, it is.

The player does not have to be elevated. With an unelevated player the file exploiting such a vuln would be able to execute code with the privileges and access of the player

The way I understood was that it’s not a problem if the system does something bad because the newcomer I directed there won’t know anyway.

Sorry if that is not what you meant, but the comment has read like that.