_Messages_ are ephemeral, immutable objects that contain the following information:
1. An incrementing id that is unique per server.
2. A server.
3. A URI for the _payload being referred to_.
4. A type.
5. Any routing information.
So I could say:
Create {
id: <uuidv7>
server: <uri>
canonical_uri: <uri>
from: <originating user>
to: [<list of users>]
}
That's it. No payload. There are other fields that may be interesting here, but we're being a bit minimalist.
3/
A certain org responded to my Subject Access Request for internal emails about me by clipping them to basically only include my name.
So I did a FOI request narrowly aimed at the same emails.
They refused on privacy grounds, claiming they couldn't meaningfully redact the personal information. They cited a law prohibiting disclosure of personal information.
That law does not apply where there is consent to release the information.
So I sent them a request for an internal review, and included:
I, Mx Ryan Castellucci, consent to the disclosure of any and all of my personal information to Mx Ryan Castellucci.
They'll probably still refuse, but their justification should be creative.
Here’s how I used AI to clone a 60 Minutes correspondent’s voice to trick a colleague into handing over Sharyn's passport number. I cloned Sharyn’s voice then manipulated the caller ID to show Sharyn’s name on the caller ID with a spoofing tool.
The hack took 5 minutes total for me to steal the sensitive information.
So, how do we protect ourselves, our loved ones, and our organizations?
1. Make sure the people around you know that caller ID is easily faked (spoofed) and that voices can also be easily impersonated.
2. If they receive a dire call from “you”, verify it’s really you with another method of communication (text, DM, FT, call, etc) before taking an action (like sending money). Kind of like human MFA.
Some suggest setting up a secret “verification word” with their folks ones so that if someone impersonates & demands money/access etc you can ask for the verification word to see if it’s a real crisis. This won’t work for all people but could work for some. If it’s a match, use it.
In general, I recommend keeping advice simple: if premise of call is dire use a 2nd method of communication to confirm a person is in trouble before taking action (like wiring money or sensitive data). Rapid text, email, DM, have others message repeatedly — before wiring money.
Bottom line is:
Scammers use urgency & fear to convince victims to take actions (like sending money, data, etc).
If premise of a call, text, email, or DM is too dire (or too good to be true), that’s a likely scam.
Use a 2nd method of communication to check it’s real before taking action!
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.