7212·
5 months agoGermany, there’s a time and place for everything. This is like supporting a "sovereign citizen’s " right to freedom during a murderous rampage. It’s giving “blue lives matter” during George Floyd’s murder.
- 2 Posts
- 22 Comments
Joined 3 years ago
Cake day: June 28th, 2021
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
2·6 months agoFor anyone considering Session messenger:
The Session developers dropped Perfect Forward Secrecy because it would be hard to work around it.
First things first, let’s talk about what we’re leaving behind: Perfect Forward Secrecy (PFS) and deniability.
Source: https://getsession.org/session-protocol-explained
In plain English, they dropped a security feature for their convenience to the detriment of their users’ security.
For anyone unsure what PFS provides:
The value of forward secrecy is that it protects past communication.
Source: https://en.wikipedia.org/wiki/Forward_secrecy
The Session devs also claim:
Session provides protections against these types of threats in other ways — through fully anonymous account creation, onion routing, and metadata minimisation, for example.
Reading between the lines, we can interpret that as introducing security through obscurity, which is generally considered bad practice - https://cwe.mitre.org/data/definitions/656.html
What’s wrong with Briar? https://briarproject.org/
Censorship-resistant peer-to-peer messaging that bypasses centralized servers. Connect via Bluetooth, Wi-Fi or Tor, with privacy built-in.
I think the reason these apps don’t take off is the compromises they make in order to work the way they do. When you do need them, you best hope you’re able to get them and get others to use them as well.
your attitude/personality is ugly. do better.
5·10 months agoOoh silverbullet looks nice too, thanks. Link for the lazy: https://silverbullet.md/
If you’re on Firefox on desktop/laptop, check out Bypass Paywall [0]. It was removed from the firefox add-on store due to a DMCA claim [1], but can be manually installed (and auto updates) from gitlab. The dev even provides instructions on how to add custom filters to uBlock Origin [2], so you don’t have to add another extension but still get some benefit.
[0] https://gitlab.com/magnolia1234/bypass-paywalls-firefox-clean
[1] https://winaero.com/mozilla-has-silently-removed-the-bypass-paywalls-clean-add-on-from-amo/
[2] https://gitlab.com/magnolia1234/bypass-paywalls-clean-filters
ah, not super intuitive. I see it now, thanks!
Fixed! Thank you 🙏 The Voyager app doesn’t give you comment previews so I didn’t catch it was broken.
Because they get your profile picture, name, and email address when you click accept. I went through with it just to test, but definitely getting some data from its users.
You’re right, but security and privacy is about layers, not always 100% effective mitigations, especially not when the mitigation is a function (contact discovery) that requires a private list (your contacts) be compared against another one. For anyone where this is an actual security risk, they don’t have to to share their contacts. They will not know which of their friends/family are on Signal, but they can still use the service.
This feature does protect users in that any legal court order for Signal to present who is friends with who (as almost every other messaging provider has actual access to your list of contacts) is not possible. They’ve been subpoenaed multiple times[0] and all they can show is when an account was created and the last day (not time) a client pinged their servers.
Lastly, I’m not sure if this is even a feature or not but it wouldn’t be too difficult to introduce rate-limiting to mitigate this issue even more. As an example, its very unlikely that most people have thousands (or even tens of thousands) of people in their contacts. Assuming we go just a step beyond the 99th percentile, you can effectively block anyone as soon as they start trying to crawl the entire phone number address space, preventing the issue you’re describing.
Not necessarily.
Signal has people who are experts in their field. They engineer solutions that don’t exist anywhere else in the market to ensure they have as little information on you as possible while keeping you secure [0]. This in turn means high compensation + benefits. You don’t want to be paying your key developers peanuts as that makes them liable to taking bribes from adversaries to “oops” a security vulnerability in the service. In addition, the higher compensation is a great way to mitigate losing talent to private organizations who can afford it.
[0] Signal has engineered the following technologies that all work to ensure your privacy and security:
This is a nice surprise. Didn’t even know this was in development. Can’t wait to test it out!
I plan on making it available inside my own network, not public. This way if someone makes it past my security, I at least have something that might “catch” them in the act and disable my network so I can intervene. Just another security layer.
for anyone wanting to avoid giving “X”, formerly known as Twitter, any traffic, here it is.
Fair point, but do note that https://wormhole.app is just a web-client for the wormhole protocol. There’s a reference implementation and there’s - personally - a much better go-based implementation (wormhole-william) that also has a few clients built using its API:
- rymdport: A cross-platform Magic Wormhole graphical user interface
- riftshare: Desktop filesharing app
- tmux-wormhole: tmux wormhole integration
- wormhole-william-mobile: Android wormhole-william app
may not meet your requirements but have you taken a look at https://wormhole.app ?
How are you liking OMV5? Pros/cons?
As someone who’s been wanting to test (and maybe move to Podman) in the future but hasn’t really spent any time on it, what features have Red hat removed from Podman?