Notices by Phillip Hallam-Baker (hallam@infosec.exchange)

Latest push by Putin’s people in Congress, traitors Hawley, etc. is a ban on using VPN technology.

This has nothing to do with US security and everything to do with keeping the dictator who paid for the campaigns that put them in Congress happy. Dictators like Putin, Trump and Netanyahu hate VPNs because they allow their censorship schemes to be bypassed.

@gabek @evan I think I have something that can fit your requirements.

I have been building cryptographic infrastructures for 30 years now, I made contributions to PKIX, WebPKI and SAML. For the past 4 years I have been working on what I consider the unfinished business - PKI for end users.

Since I can’t be bothered to do usability testing, I have adopted the principle that there must be absolutely no additional steps required to achieve security. So E2E chat must look exactly the same to the user as regular chat, which Signal showed is possible. Same for configuring mail clients for S/MIME, OpenPGP, etc.

I am currently working on adding end to end secure chat. From there, there is a really easy bridge to end to end secure voice and video by leveraging WebRTC. My original plan was for this to be phase 3 or 4 but I brought that forward due to the bird site fiasco and the UK criminalization of cryptography bill.

The Mesh is an open service so anyone can run a Mesh service, users of one service can interact with users of any other service just like with SMTP email. It is also possible for users to switch from one provider to another without switching costs. All the specs are open and the reference code is open source.

The protocol suite currently supports 2FA, contact exchange, bookmarks and password management, all completely E2E secure with a 2120 or better work factor throughout. It is not currently PQC but that can be added later.

My long term goal is to allow each Internet user to obtain permanent personal identifiers which do not expire or require any renewal fees. It is not possible to do this for free at a global level and do it right. But I can do it to an absurd degree of fidelity for $0.10 per name which seems fair in comparison to the cost of ICANN names. We will have to spin up a not for profit to manage that and stop people turning it into another yacht buying fund.

The biggest threat to Twitter under Musk is a multi-platform app that serves Twitter, Mastodon and other services.

Such an app would act as a catalyst for moving to other platforms by lowering the switching cost

I have a scheme for a multi-platform app that Space Elmo can't block. Click on the Twitter feed and it takes you to the Web interface if the API is down.

The client ID will be set to whatever works since my client is built around WebView which is a wrapper around Chrome.

Happy to share this idea with other client developers. My goal is to get people to use end-to-end secure communications, not to have to write the entire client myself.

@evan Why do philosophers drink herbal tea?

Because proper tea is theft.

@evan And it is a spectacularly bad take.

There were over two dozen network hypertext systems before the Web. Best known was Gopher but there was also HyperG and quite a few more. Only one to survive was Adobe Acrobat.

Same was true of SAML, we had 20 vendors selling AAA schemes. SAML made 21.

The reason it is not a problem is that it is market share that is important, not the number of standards. If you have 20 standards and none of them meets more than 20% of use cases, you are never going to get to a ubiquitous standard.

If you have a spec that can meet 90% of use cases and none of the incumbents has more than 20% market share, then it stands a really good chance of becoming the dominant standard.

I have thought about this problem. JSON is not quite what is needed because binary floating point numbers don't round trip and so saving the data changes the results.

I proposed a set of tiered extensions to JSON that are all supersets, every JSON-B deserializer will accept JSON as well. JSON-B adds binary encoding so data doesn't expand with every encryption pass due to the need for Base64 encoding.

JSON-C adds compression. JSON-D adds binary encoding of floating point values in IEEE format and also Intel extended floating point.

There are many binary JSON encodings around. Mine is the only one that is backwards compatible as far as I know.

https://www.ietf.org/archive/id/draft-hallambaker-jsonbcd-23.html

@mekkaokereke @evan @markallerton @ks

Agree but for different reasons.

Centralization is going to come to Mastodon because someone is going to put up a search engine. And that search engine will become a point of centralization.

@datn @darius @mekkaokereke @ks @markallerton @evan

And furthermore, the right wing trolls who prompted Elmo to buy Twitter are not going to allow their audience to leave without a fight.

The NAZI little turds are going to be coming to Mastodon to wreck it, just like they did in Gamergate and the Sick Puppies etc. etc.