Conversation

Notices

1. Embed this notice
   Asta [AMP] (aud@fire.asta.lgbt)'s status on Wednesday, 06-Nov-2024 16:03:35 JST Asta [AMP]

   Hey everyone! A couple good things to remember:
   
   Signal is your friend! https://signal.org/
   Be careful about what you post on corporate and federated social media. You don't need to self censor but you should take extra spicy discussions to something like Signal!
   
   (people: please feel free to add hot tips for helping people keep things private!)
   
   #security #secureCommunications

   • Embed this notice
     Asta [AMP] (aud@fire.asta.lgbt)'s status on Wednesday, 06-Nov-2024 17:25:11 JST Asta [AMP]

     in reply to

     There are no secure DMs in the fediverse; this is basically the equivalent of walking onto a street and chatting with a friend. Whether anyone hears you is just about whether or not they're listening.
     
     So! The safest data is the data that never existed. So don't rely too much on DMs; switch to something else!
     
     #activityPub #fediverse

   • Embed this notice
     Asta [AMP] (aud@fire.asta.lgbt)'s status on Wednesday, 06-Nov-2024 17:25:12 JST Asta [AMP]

     in reply to

     It's true that a lot of servers in the fediverse are probably run by cool people, but remember that everything you say is copied many, many times over to many, many different databases. For example, my single user instance here federates with like, 11,000 fucking instances, I am not joking. That means this little post could be copied into 11,000 databases, give or take, depending on the nature of the instances I'm federated with.
     
     So in theory, let's say I posted something, like, I dunno, "fuck dtolnay". Any one of those servers could take offense with that and be shitty to me about it. And I don't control their retention policies.
     
     So! While we don't have to worry about Mark "My Cold Dead Eyes Are The Mark of the Beast" or Elon "I fucked my own cybertruck and liked it" being shitty about our stuff here, it's not a bad idea to consider the nature of the fediverse when writing spicy things that could be prone to misinterpretation.
     
     #activityPub #fediverse

     pettter and Joachim repeated this.
   • Embed this notice
     pettter (pettter@mastodon.acc.umu.se)'s status on Wednesday, 06-Nov-2024 18:56:13 JST pettter

     in reply to

     @aud Signal is a US organisation with servers in the US and operating under US wiretapping laws and officially only works on US-controlled operating systems. It's a lot better than Facebook messenger and certainly better than fediverse DMs (where's that E2E encryption AP extension?), but I think taking their word for what is accessible the US security state is naive in the extreme.

   • Embed this notice
     Asta [AMP] (aud@fire.asta.lgbt)'s status on Wednesday, 06-Nov-2024 19:42:15 JST Asta [AMP]

     in reply to

     • pettter

     @pettter@mastodon.acc.umu.se as far as wiretapping goes, the encryption (assuming it is robust, correctly implemented, and also not trivially cracked) make that pointless unless I’m mistaken, right? Without access to the key, they’d just get noise. Definitely, though, the “US controlled operating systems” is a weak link for sure, particularly if there’s a method of obtaining said key.
     
     I think it’s probably wise to assume no encryption will help you stave off the eye of Sauron when it’s aimed directly at you, but if you want to make sure you don’t catch it by accident signal is probably a good choice.
     
     Do you have any suggestions for communication programs not entirely controlled by US entities? (this is a genuine question but because I’m tired it reads as sarcastic to me so I’m writing this to make it clear it’s something I’m genuinely curious in!)

   • Embed this notice
     pettter (pettter@mastodon.acc.umu.se)'s status on Wednesday, 06-Nov-2024 19:42:15 JST pettter

     in reply to

     • F-Droid
     • Briar Project

     @aud I think @briar has a lot of good stuff going for it, for example. I'm also a shameless advocate for XMPP + OMEMO as an underrated federated alternative to Signal with the right apps, but the main problem for both of these are again the 'running on US operating systems' thing. Briar at least has an official release on @fdroidorg and an APK on their own website.

   • Embed this notice
     Alexandre Oliva (moving to @lxo@snac.lx.oliva.nom.br) (lxo@gnusocial.jp)'s status on Tuesday, 12-Nov-2024 04:03:24 JST Alexandre Oliva (moving to @lxo@snac.lx.oliva.nom.br)

     in reply to
     GNU Jami development is led by a Canadian company, FWIW
     Asta [AMP] and mangeurdenuage :gnu: :trisquel: :gondola_head: 🌿 :abeshinzo: :ignucius: like this.
   • Embed this notice
     mangeurdenuage :gnu: :trisquel: :gondola_head: 🌿 :abeshinzo: :ignucius: (mangeurdenuage@shitposter.world)'s status on Tuesday, 12-Nov-2024 07:20:34 JST mangeurdenuage :gnu: :trisquel: :gondola_head: 🌿 :abeshinzo: :ignucius:

     in reply to

     • Alexandre Oliva (moving to @lxo@snac.lx.oliva.nom.br)
     @lxo @aud This :this: