GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Soatok Dreamseeker (soatok@furry.engineer)'s status on Wednesday, 23-Oct-2024 00:47:52 JST Soatok Dreamseeker Soatok Dreamseeker

    Session be like

    "We're metadata-resistant. Also, we recently passed the 1 million user milestone. Don't ask how we distinguish unique users!"

    https://www.404media.co/email/9ee8f6a1-348a-4fb1-b1b3-30c8898d7581/?ref=daily-stories-newsletter

    In conversation 9 months ago from furry.engineer permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: www.404media.co
      Encrypted Chat App ‘Session’ Leaves Australia After Visit From Police
      from @josephfcox
      After federal police came to an employee’s house to ask questions, encrypted messaging company Session has decided to leave Australia and switch to a foundation model based in Switzerland.
    • Haelwenn /элвэн/ :triskell: and feld like this.
    • Embed this notice
      feld (feld@friedcheese.us)'s status on Wednesday, 23-Oct-2024 00:47:58 JST feld feld
      in reply to
      @soatok oh good i was wondering about them
      In conversation 9 months ago permalink
    • Embed this notice
      feld (feld@friedcheese.us)'s status on Wednesday, 23-Oct-2024 02:33:20 JST feld feld
      in reply to
      • Graham Sutherland / Polynomial
      • jaKa Močnik
      @soatok @jkmcnk @gsuberland I don't know if intercepting messages without PFS is such a huge threat vector as people make it out to be though.

      Q: How are they getting your key?

      A: They seized and unlocked your phone.

      Even criminals are too dumb to have all their chats set to a short timer for auto-delete, the feds just read your scrollback :laugh:

      Isn't it also using TLS so they'd have to crack the TLS PFS too?
      In conversation 9 months ago permalink
    • Embed this notice
      jaKa Močnik (jkmcnk@mastodon.social)'s status on Wednesday, 23-Oct-2024 02:33:21 JST jaKa Močnik jaKa Močnik
      in reply to
      • Graham Sutherland / Polynomial

      @gsuberland just "yeah, we're forking a sophisticated e2e messaging protocol" is enough for the bells to ring, never mind the sting ops. :D @soatok

      In conversation 9 months ago permalink
    • Embed this notice
      Soatok Dreamseeker (soatok@furry.engineer)'s status on Wednesday, 23-Oct-2024 02:33:21 JST Soatok Dreamseeker Soatok Dreamseeker
      in reply to
      • Graham Sutherland / Polynomial
      • jaKa Močnik

      @jkmcnk @gsuberland Didn't Session also remove forward security?

      In conversation 9 months ago permalink
    • Embed this notice
      Graham Sutherland / Polynomial (gsuberland@chaos.social)'s status on Wednesday, 23-Oct-2024 02:33:23 JST Graham Sutherland / Polynomial Graham Sutherland / Polynomial
      in reply to

      @soatok having just watched that DEFCON talk by the 404media guy about the FBI running one of the biggest encrypted phone companies as a sting op, the words "Signal fork" are some of the loudest alarm bells ever.

      In conversation 9 months ago permalink
      Haelwenn /элвэн/ :triskell: likes this.
    • Embed this notice
      Soatok Dreamseeker (soatok@furry.engineer)'s status on Wednesday, 23-Oct-2024 07:14:45 JST Soatok Dreamseeker Soatok Dreamseeker
      in reply to
      • Graham Sutherland / Polynomial
      • jaKa Močnik
      • feld

      @feld @gsuberland @jkmcnk Making things ephemeral eliminates so many attack vectors. Long-lived secrets are undesirable.

      In conversation 9 months ago permalink
    • Embed this notice
      feld (feld@friedcheese.us)'s status on Wednesday, 23-Oct-2024 07:14:45 JST feld feld
      in reply to
      • Graham Sutherland / Polynomial
      • jaKa Močnik
      @soatok @gsuberland @jkmcnk yes that is true, but to make sure we're on the same page:

      Tor already has PFS

      Signal, if it didn't have PFS, would still have PFS via its usage of modern TLS

      So the question is: how could they even intercept the E2EE messages that don't have PFS in the first place?
      In conversation 9 months ago permalink
    • Embed this notice
      Soatok Dreamseeker (soatok@furry.engineer)'s status on Wednesday, 23-Oct-2024 07:33:05 JST Soatok Dreamseeker Soatok Dreamseeker
      in reply to
      • Graham Sutherland / Polynomial
      • jaKa Močnik
      • feld

      @feld @gsuberland @jkmcnk I think this is asking the wrong question

      Building PFS into a protocol costs almost nothing and makes security proofs easier, simplifies analysis, and lets us focus on other areas of the attack surface.

      PFS should be the default for any protocol designed after the 1990s, and any design that doesn't include it should justify their choice to exclude it, rather than the converse.

      In conversation 9 months ago permalink
    • Embed this notice
      feld (feld@friedcheese.us)'s status on Wednesday, 23-Oct-2024 07:33:05 JST feld feld
      in reply to
      • Graham Sutherland / Polynomial
      • jaKa Močnik
      @soatok @gsuberland @jkmcnk I don't disagree, but unless there's a reasonable vector here this discussion is just a circle jerk about MAXXXX possible security posture.

      Why not also write your Signal messages using a One Time Pad lol
      In conversation 9 months ago permalink
    • Embed this notice
      feld (feld@friedcheese.us)'s status on Wednesday, 23-Oct-2024 07:47:03 JST feld feld
      in reply to
      • Graham Sutherland / Polynomial
      • jaKa Močnik
      @soatok @gsuberland @jkmcnk Still another layer
      In conversation 9 months ago permalink
    • Embed this notice
      Soatok Dreamseeker (soatok@furry.engineer)'s status on Wednesday, 23-Oct-2024 07:47:04 JST Soatok Dreamseeker Soatok Dreamseeker
      in reply to
      • Graham Sutherland / Polynomial
      • jaKa Močnik
      • feld

      @feld @gsuberland @jkmcnk Because one-time-pads don't offer protection against chosen-ciphertext attack.

      In conversation 9 months ago permalink
    • Embed this notice
       (mint@ryona.agency)'s status on Wednesday, 23-Oct-2024 08:08:57 JST  
      in reply to
      @soatok >what are webserver logs
      In conversation 9 months ago permalink
    • Embed this notice
      Jess👾 (jesstheunstill@infosec.exchange)'s status on Tuesday, 12-Nov-2024 13:34:16 JST Jess👾 Jess👾
      in reply to
      • Graham Sutherland / Polynomial
      • jaKa Močnik

      It is frustrating that Signal still insists on requiring a phone number for everyone who uses their app, though. At least they finally made usernames so you don't have to share your phone number with others, but I don't really want to share it with Signal either.

      @jkmcnk
      @gsuberland @soatok

      In conversation 9 months ago permalink
      Haelwenn /элвэн/ :triskell: likes this.

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.

Embed this notice