Could the app be using cell tower data to bypass mock location settings? The Github repository says it identifies a user’s location using cell tower data.

Planners do a lot of preparatory work before laying cables, but based on the few articles and studies I could find online, it appears they rarely share their findings with the public.

Sabotage can also be carried out without submarines. For example, a ship could drag its anchor along the seabed (whether in the Baltic Sea or the Taiwan Strait) near known locations of internet cables.

If I understand the model you proposed correctly, it basically consists of making a payment to someone (whether an instance or a central authority), obtaining tokens in exchange, giving tokens to a content creator, and the content creator exchanging them to get their money back.

Having a central authority wouldn’t work because it goes against the principles of the Fediverse and most users would prefer that there not be a single point of failure. Having an instance exchange money for tokens wouldn’t work because there is no scarcity of tokens and no guarantee that an instance honours a request.

This method could instead be replaced by content creators adding links to receive payments with people giving money to them directly.

The problem is that there is nothing meaningful you can exchange this currency for. The Fediverse is fundamentally designed to allow anyone to start a server. There is no meaningful way to reward someone with anything of value except the satisfaction of having helped grow the instance they are supporting. There is no good way to boost someone without manipulating the vote count or changing the protocol itself. Many apps already offer customizability while simultaneously being free as in free beer and free as in free speech. The main reason many people move to the Fediverse is to escape an internet where everything is “enshittified,” and most Fediverse users wouldn’t want to shift to a proprietary model.

Is there a specific “undress” button? I tried looking for proof that it exists but couldn’t find any (my searching skills clearly need work). Could you please share a screenshot or point me to a place where I can confirm that it exists?

That data might be easily accessible, but that was a choice Root made. I think that it is a safe assumption that Root knew most vigilantes keep their identity secret and, assuming a German background, had read Section 202 of the StGB and other relevant laws and court rulings. As such, Root most likely did this despite knowing their identity is at risk. It is likely they did this publicly specifically to inspire others, though I haven’t looked at all the details and there might be a different reason.

Nothing in this comment constitutes legal advice.

TL;DR: not possible with random cookies, too much work for too little gain with already-verified cookies

There is no such add-on because random cookies will not work. Whenever someone has been authenticated, Google decides the cookie the browser should send out with any subsequent requests. Google can either choose to assign and store a session id on the browser and store data on servers or choose to store the client browser fingerprint and other data in a single cookie and sign this data.

Additionally, even with a verified session, if you change your browser fingerprint, it may trigger a CAPTCHA, despite using a verified cookie. In the case of a session token, this will occur because of the server storing the fingerprint associated with the previous request. On the other hand, if using a stateless method, the fingerprint will not match the signed data stored inside the cookie.

However, this could work with authenticated cookies wherein users contribute their cookies to a database and the database further distributes these cookies based on Proof of Work. This approach, too, has numerous flaws. For instance, this would require trusting the database, this is a very over engineered solution, Google doesn’t mind asking verified users to verify again making this pointless, it would be more efficient to simply hire a team of people or use automated systems to solve CAPTCHAS, this approach also leaks a lot of data depending on your threat model, etc.

ASCII was interpreted as UTF because the function that checked whether the given text was Unicode checked the difference between bytes at even and odd positions. Many of the common phrases used to trigger this were in the 4-3-3-5 format (by letters), e.g., Bush hid the facts However, there was never any reason that this format of character placement was necessary for the bug (though even length was necessary)