Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/david_chisnall/statuses/112795731208184076">david_chisnall (david_chisnall@infosec.exchange)'s status on Tuesday, 16-Jul-2024 19:37:51 JST</a><a href="https://infosec.exchange/@david_chisnall" title="david_chisnall@infosec.exchange"><img src="https://gnusocial.jp/avatar/241214-48-20240302204654.webp" width="48" height="48" alt="david_chisnall" style="position: absolute; left: 0; top: 0;">david_chisnall</a><div><a href="https://infosec.exchange/@patrickcmiller/112795157896170739" rel="in-reply-to">in reply to</a><ul><li></ul></div></section><article><p><a href="https://infosec.exchange/@patrickcmiller">@patrickcmiller</a> </p><p>End-to-end encryption to protect all keystrokes and cursor movement in real time.</p><p>Is this satire?  What is the remote 'end' to which keystrokes and cursor movements are being sent that needs encryption?  And why are keystrokes and cursor movements being sent anywhere?</p><p>Do they just mean that they use TLS for their web apps (in which case, that's table stakes)?</p><p>For keystrokes and mouse movements encryption isn't sufficient, you need to add noise or traffic analysis can reconstruct them with high probability.</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/3381675#notice-6654838">In conversation</a><time datetime="2024-07-16T19:37:51+09:00" title="Tuesday, 16-Jul-2024 19:37:51 JST">about 4 months ago</time> <span>from <span><a href="https://infosec.exchange/@david_chisnall/112795731208184076" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@david_chisnall/112795731208184076">permalink</a><h4>Attachments</h4><ol><li><article><header><div>Domain not in remote thumbnail source whitelist: time.is</div><h5><a href="http://time.Is/">Time.is - 正確な時刻、どんな時間帯でも</a></h5><div></div></header><div>7百万地点、57言語、原子時計と同期。</div><footer></footer></article></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
david_chisnall (david_chisnall@infosec.exchange)'s status on Tuesday, 16-Jul-2024 19:37:51 JSTdavid_chisnall
in reply to
- Patrick C Miller :donor:
@patrickcmiller
End-to-end encryption to protect all keystrokes and cursor movement in real time.
Is this satire? What is the remote 'end' to which keystrokes and cursor movements are being sent that needs encryption? And why are keystrokes and cursor movements being sent anywhere?
Do they just mean that they use TLS for their web apps (in which case, that's table stakes)?
For keystrokes and mouse movements encryption isn't sufficient, you need to add noise or traffic analysis can reconstruct them with high probability.
In conversationabout 4 months ago from infosec.exchangepermalink
Attachments
1. Domain not in remote thumbnail source whitelist: time.is
  Time.is - 正確な時刻、どんな時間帯でも
  7百万地点、57言語、原子時計と同期。

Public

Embed Notice

HTML Code

Corresponding Notice