Notices by Chester Wisniewski (chetwisniewski@securitycafe.ca), page 2

It's getting harder and harder to not publicly say critical things about the competition...

Great! TransUnion, whom I have the pleasure of receiving free credit monitoring from due to the MGM Casino breach in Sept, has a policy of only allowing 15 characters or less. Not like anything important is on the line or anything. Oh, they get bonus points for letting me skip the password with a trivial security question! #InfoSec #NotAFeature @boblord @thorsheim

@atomicpoet @iameli It sounds good, but I don't see it being possible without compromising many people's safety. Suggesting it is safe without having studied the underlying risks is dangerous and irresponsible. (2/2)

@atomicpoet @iameli federation by definition will decrease security and privacy. We all want a pony, but it's just not possible. Side channel attacks, differential communication analysis, key distribution/generation and many other issues make federation a dangerous compromise.

We would all like CSAM to be eliminated, but it isn't possible to have secure & private communication and yet still scan for it. Similarly federation requires compromises that would put many people at risk. (1/2)

@atomicpoet @iameli I'm sure the women and minorities who will be stalked and harassed when their privacy is impacted by your proposed solution will find solace in the world being a more just place.

@atomicpoet @iameli I don't disagree, but you are making a decision for others. You are asking they sacrifice their safety and security to achieve some misinformed version of fairness. My 30 years of working in security and privacy tell me this is a very bad way to solve the problem you are trying to solve. You are trying to reinvent SMS, which we already have and is already terrible.

@atomicpoet @iameli Being a zealot helps no one. Understanding risks, benefits and politics are all important factors. Spreading misinformation and then insisting that people should work harder to achieve likely impossible goals is not helping anyone.

Is Meta evil? Absolutely. Is federation the answer to all problems? Absolutely not. Stick to what you know and work to help people make better choices.

@atomicpoet What? I'm quite sure that WhatsApp uses the Signal protocol these days.

@atomicpoet I don't think Federation is really possible with secure protocols like Signal. WhatsApp apparently completed the transition in 2016 https://signal.org/blog/whatsapp-complete/