Notices by F. Maury ⏚ (x_cli@infosec.exchange)

@delta Good attempt, but I'll resist the urge of adding you to my talk :D Please implement PFS to be a candidate for the next one: https://cfp.pass-the-salt.org/pts2025/talk/7K9MEV/ ;)

@delta

> What does PFS have to do with minimizing metadata?

Absolutely nothing. You are correct.

The thing is the research behind this talk is an unpaid independent research, done on my free time. So I had to set some arbitrary criteria to filter the dozens of applications to study. If people want me to study a specific application, my rate is 500€/day (which is lower than my standard rate; a sacrifice I am willing to make because I think there is a social value to this work).

My belief is that E2EE, PFS and ephemeral messages are the minimum requirements for a secure messaging application to be taken seriously.

These are beliefs. Some people might have different beliefs and that's obviously OK.

So when people ask me "Have you considered Delta Chat?", my answer is "lol, no, they don't even have PFS; let's talk about serious applications".

The truth is I did fund Delta Chat, studied it and even contributed to its translation. There is value in Delta Chat, and I am not denying it. But if I have to use an application to secure my communications, Delta Chat is not a valid option for me. Sorry.
---
> Can you link a real-world case where PFS played a role and protected someone from repressive persecution?

PFS protects against the recovery of past communications that were recorded and ultimately decrypted after the attacker gets access to the key material. People able to setup dragnet surveillance are generally working for intelligence services and law enforcement. They don't tend to brag about their methods in the press.

Still, the NSA (Prism) showed to the world that there are nations recording large amount of Internet traffic. Pegasus showed that mobile phone surveillance and key extraction are a thing.

The (almost) general adoption of ephemeral messages shows that the public is aware that when law enforcement forcefully unlocks your phone, you don't want to have your personal conversation lying around. But what about your key material?

Well, if you don't have PFS, law enforcement will get their dirty hands on it... and with that, they will get access to all past conversations that you thought were confidential because you used ephemeral messages.

My point is ephemeral messages are pretty much useless if your adversary recorded your encrypted conversations and you don't have PFS.

So do I have a real-world case where PFS played a role? No.
Do I know real-world cases where ephemeral messages prevented law enforcement from accessing someone's data? Yes.
Do I know real-world cases where traffic was recorded and decrypted on the side thanks to the lack of PFS? Yes. I even worked for a company building surveillance appliances that do that... (not being too proud about that but hey... not having PFS is a serious flaw in my book).

@Natouille Contradiction détectée 😅

@elzen (je m'inscris en faux sur cette affirmation ; il s'agit de la seule interprétation de @elzen des textes que j'ai fournis et qui, à mon avis, disent l'exact opposé :))
@crowdagger @parleur @lanodan

@lanodan Les lois applicables, c'est toujours les mêmes depuis 20 ans : la LCEN et la LCEN2.

@crowdagger @elzen @parleur

@parleur
Loin de moi l'idée de défendre des racistes.

Je rappelle néanmoins qu'en droit, un hébergeur est un hébergeur tant qu'il ne fait d'action de choix éditoriaux ; autrement tant qu'il se contente de supprimer le contenu qui est manifestement illégal dès lors que celui-ci lui est signalé et dans un délai raisonnable. Dès lors que ses actions de modération s'étendent des décisions sur du contenu qui n'est pas manifestement illégal, alors il devient éditeur, et il est responsable légalement des propos tenus sur sa plateforme.

Est-ce que des messages que tu assimiles à du dog whistle (je te crois sur parole ; je m'y connais pas assez) sont qualifiables de manifestement illégal ? Par définition, j'ai l'impression que non.

Zéro confiance en Olvid.

https://web.archive.org/web/20250228063029/https://infosec.exchange/@x_cli/114071933034464431

1) L'État ne représente pas un risque selon eux ;
2) Épandage de la peur et du doute sur les concurrents ("nos concurrents sont des outils de surveillance de masse", sans justification) ;
3) Usage de post-vérité : "nous avons été audité, contrairement aux autres, que les gogos croient sur parole" ;
4) emploi de comptes marionnettes/ferme à trolls pour poster de la désinformation sur les concurrents (https://mastodon.top/@atchi150585/114078339465195398)

Ne tombez pas dans le piège. Déconseillez Olvid.

@rgacogne
I second that opinion, but the structure has to be a non-profit. This is why I refuse to fund Thunderbird.
@rakoo @exception @sarahjamielewis

Donc l'#ANSSI sort un guide sur la sécurisation des serveurs ACME.

**PAS UNE mention de DNSSEC**

Fucking amateurs

#infosec #acme #cybersecurity

@solene
Nope. Not IPv6 related 😉

Check your #DNS skills:

On GNU/Linux:

ping broken-by-design.fr => name resolution OK

resolvectl query broken-by-design.fr => name resolution OK

wget https://broken-by-design.fr => Temporary lookup failure

apt update => Temporary lookup failure

What did the user (sudoer) change on their system to break it?

For those of you on Atomic Desktops (Fedora Silverblue) wanting to run Signal Desktop and not trusting the non-official flatpak (which is broken anyway...): you can install Signal Desktop on a toolbox.

toolbox create -d ubuntu -r 24.04
toolbox enter ubuntu-toolbox-24.04
<run the commands to install signal desktop as indicated by the Signal website>
apt update && apt install -y alsa

and boom ! You can run Signal Desktop!

Toolbx is an excellent tool, including for running applications with graphic displays. Audio and video calls work too!

@solene Random noise can be nullified given enough input data. Sounds inefficient.

@soatok Out of curiosity, would you please care explaining to me why you consider DNSSEC to be off-limits? I believe it is a key component to secure the ACME protocol, which is the basis of so many modern PKIs. I wouldn't know how to do in it without DNSSEC.
This is not me trying to evangelize about it, but trying to understand what are the alternatives? Do you consider that ACME is a mistake?

@ryanc Yeah, but at the same time, the concurrent protocols was using ASN.1. So yeah. SMTP is kinda cool in regard.

@Mer__edith
Yet, the flatpak is said to be published "by Signal Foundation". If that's not the case, the package is usurping Signal Foundation identity and people using Flatpak oriented distros are targeted by this usurper. Can you request a takedown, please?
@apicultor @briankrebs

@soatok It also shows a complete lack of understanding of the mindset of cryptographers.

Cryptographers call cryptanalysis breaking a few rounds of AES. They deprecate hashing algorithms at the first sign of weakness. I mean, MD5 has still no 2nd preimage attacks but the general recommandation is not no longer use it, even if this property still holds.

Cryptograhers do not wait for a vulnerability to be dramatically practical to raise flags. It just is the way it works. They take no chance, and I feel safer that way.

People need to understand that.

@ryanc
Maybe they are not sure about your partner gender and neutral is neutral?

@feditips
Thanks. I did not know about that sort of groups.
One drawback I see is that such groups are centralized. If the provider goes dark, members would lose everything. Hashtags are decentralized by nature and thus would be more resilient. Am I missing something?

@jerry I am strongly against this kind of lists. I chose this instance because I trust your judgement and your moderation policy. Outsourcing censorship feels dangerous.