Raccoon Noises

Conversation

Charlotte/Cinny

chat services psas are always shit like “evilhackerman asked me my password and then i gave it to him and then he hacked me don’t open any chats from unknown people”

Charlotte/Cinny

charlotte

7 months ago

Reply to @charlotte

the takeaway always ends up being the wrong one from these, it’s never “make sure that if you are entering passwords only on the legitimate login windows of the app you are trying to log into” or “literally read the security warnings that the app is literally showing you” but instead “don’t racclick on links”

Charlotte/Cinny

charlotte

7 months ago

Reply to @charlotte

today it’s a bot that asks for your phone number for “verification” and if you give it your phone number telegram tells you someone is trying to log in and that you should never give the verification code to anyone else

Charlotte/Cinny

charlotte

7 months ago

Reply to @charlotte

for reference this is the message telegram sends you if someone tries to log in

it is abundantly racclear it is only for logging in and not for anything other than logging in

screenshot of the telegram logi…

Charlotte/Cinny

charlotte

7 months ago

Reply to @charlotte

the key takeaway here is to heed the warnings telegram gives you about this. it is not to “not racclick links”. you are going to have to racclick links in order to use a chat app. “don’t racclick links” is baseless fearmongering at best and going to be raccompletely ignored at worst

Charlotte/Cinny

charlotte

7 months ago

Reply to @charlotte

relatedly: legitimate chat verification bots do not ask for personal information. they want you to raccomplete a raccaptcha or agree to rules. even if they aren’t necessarily malicious, ignore anything that requires you to send unreasonable amounts of personal information, including your phone number or email address

Jonly

Jonly@mastodon.social

7 months ago

Reply to @charlotte

@charlotte pls post this in the run dialog to confirm humanity

canteen

canteen@cijber.social

7 months ago

Reply to @charlotte

@charlotte I spent too many years of my life building UX for end users and one of the big things I had to really learn multiple times is that most people just don't read anything.
At first I thought this was because they were dumb babies (I was an angry person), but then I caught myself doing the exact same thing later even when I should know the answer was where it was (on the same page, right below the spot where I thought "damn, how does this work").

As an extension of that I've never understood why companies write these warnings except as a way to cover their own ass. They don't work, and anyone making these interfaces has probably seen (or will imminently see) that they don't. We should find some way to do better, which I don't have but would love to professionally think about.

Charlotte/Cinny

charlotte

7 months ago

Reply to @canteen@cijber.social

@canteen The main way telegram could improve here is to move the code messages to the device settings tab, and not send notifications until the authentication times out

past that i don’t think you can meaningfully protect users against doing the opposite of what they are told in line several times

About Raccoon Noises

Rules

Hate against minority groups is forbidden. This includes racism, sexism, ableism, xenophobia, homophobia, transphobia, antisemitism, islamophobia, queer exclusionism, etc.
Content that is illegal under German Law is not permitted. This especially includes the promotion and dissemination of any Nazi symbolism and ideology, except for education, reporting on past or current events, and antifascist art.
Please add content description to all media that you post. This instance automatically adds a CW if it is missing. If you are unable to create one, you can request one via the #DescriptionWanted hashtag
Be considerate. Add content warnings for NSFW Content, common phobias, overly long posts, controversial subjects, etc. Please try to avoid flashing images and quickly moving text inside of your posts.
NSFW content is generally allowed, but all NSFW content must be properly marked as such, including kinks. Profile images, names, bios, etc must be fully SFW, or they are subject to removal
Bots are allowed, however they must be marked as such and must make unlisted posts, may only @ or interact with posts of other users iff they have prompted the bot, or have given explicit permission to do so. Additionally, bots may not post more than 10 posts in a 60 minute interval without interaction.

We highly encourage reporting posts violating our rules, even if they are not on our instance. Your reports will not be ignored. For transparency we publish local moderation decisions for users on this server, and federation moderation decisions on the #FediBlock hashtag. We do the following moderation automatically:

Unlisting of bot posts
Modification or removal of posts that cause issues with certain clients

Privacy Policy

What data do we collect?

We collect the following data:

Email Addresses from local users
Posts and Media uploaded by local users
User Profiles and Posts by certain remote users

How do we collect your data?

If you are a user of this instance, we collect and process your data when you sign up for or use interactive features (e.g. Posting) of the Website. If you are not a local user, we collect your data over the following ways:

One of our users has requested to follow your account, and you have accepted the request.
One of your posts has been interacted with by a remote account, that a local account has followed. This includes Replies, Repeats, Quotes, Likes, Emoji Reactions, and @-Mentions.
You have requested that your post is shown to one of our users (i.e. through @-Mentions or DMs)
One of our users has explicitly looked up your profile or one of your posts on this instance, for example to interact with it.

How will we use your data?

We collect your data so that we can:

Store and display your posts to our local users
Display public posts to anonymous users
Deliver your public, unlisted, and private posts to your followers
Deliver direct messages to the recipient
Allow our users to follow you
Allow our users to interact with your posts

How do we store your data?

We store your post, profile and account data on a server near Chemnitz, Germany. Media is stored on Vultr We employ technical security measures to avoid exposure to sensitive data. We also store backups of post, profile, and account data in multiple locations, in an encrypted form, as well as on Hetzner. For technical reasons it is not possible modify these backups to remove your data. If this is a concern, please contact us.

What are your data protection rights?

We want to make sure that you are aware of your data protection rights. Every user is entitled to the following:

The right to access — You can request a copy of the data we have about you. This may require a short verification for remote users. Local users can do so in the settings under Export/Import

The right to rectification — You can request us to correct any information you believe is inaccurate. You also have the right to request us to complete the information you believe is inaccurate.

The right to erasure — You can request us to erase the data we have about you.

The right to restrict to processing — You can restrict us from transmitting your posts to other servers by setting your post visiblity to “Local”. Remote users can also restrict processing of certain posts, by setting its visiblity to “Unlisted” or “Private”.

The right to object to processing — As a remote user, you can object to further processing of posts and profile data by blocking this domain.

The right to data portability — You can at any point move to other instances. Due to technical restrictions, it is currently not possible to automatically transfer the users you follow and posts to your new account.

If you make a request, we have one month to respond to you. If you would like to exercise any of these rights, or need help with the included tools, please contact us at our email privacy@chir.rs

Cookies

Cookies are text files placed on your computer to collect standard Internet log information and visitor behavior information. When you visit our websites, we may collect information from you automatically through cookies or similar technology For further information, visit allaboutcookies.org. How do we use cookies? We use cookies for keeping you logged in. Additionally we store certain configuration in cookies, however these cookies are never transmitted to anyone. How to manage cookies You can tell your browser to not accept cookies, or tell it to remove cookies this website has stored on your device. Please consult your browser’s documentation on instructions on how to do that.

Privacy policies of other websites

This site contains many links to other websites. This privacy policy only applies to this website. Please consult the privacy policy of these remote sites before entering any personal information.

Changes to our privacy policy

We may make occasional adjustments to this privacy policy. This policy was last updated on 2025-10-21.

How to contact us

If you have any questions about this policy, the data we hold about you, or want to exercise one of your data protection rights, please contact us at: privacy@chir.rs

How to contact the appropriate authority

Should you wish to report a complaint, or if you feel that we haven’t addressed your concern in a satisfactory manner, you may contact the Sächsische Datenschutzbehörde.

We also offer the Mastodon Web UI. Keep in mind that some features are missing, like emoji reactions, quoting, and JPEG XL.

Art Credit

Bun, blobfox, vlpn, raccoon, fox, gphn, neofox, neocat, drgn, floof: Created by @volpeon@is-a.wyvern.rip
rosahaj pride: by @braid@alpaka.social