Post AFRDdslMz40P13eUhE by feonixrift@hackers.town
(DIR) More posts by feonixrift@hackers.town
(DIR) Post #AFPj1SRND7DMai6JAu by thegibson@hackers.town
2022-01-13T23:19:37Z
2 likes, 1 repeats
The fact that these asshats charged with sedition were charged based in part based on Signal messages raises some questions. Although I bet it was likely just a fed lurking, or physical phone access.But the recent resignation makes my primate brain want to play connect the dots.
(DIR) Post #AFPj9HvGCSIeHqoWau by montagsoup@aleph.land
2022-01-13T23:38:56Z
1 likes, 0 repeats
@TheGibson Wouldn't be surprised if it's just from the people they're chatting with leaking their messages. It seems like a lot of alt right people are pretty eager to snitch on each other, especially when they have something to gain from it like a plea bargain.
(DIR) Post #AFPj9Nz1fMsR5GccIS by thegibson@hackers.town
2022-01-13T23:43:23Z
1 likes, 0 repeats
@montagsoup yep. That's the most likely way it went.
(DIR) Post #AFPjc0fvP7GvC2KvSK by teh_dude@freeradical.zone
2022-01-13T23:45:44Z
0 likes, 0 repeats
@TheGibson aren't those signal groups like, thousands of people large, and aren't these people the same people who filmed themselves insurrecting? not that implicitly trust signal or anything but, like, we aren't talking about people who are typically careful
(DIR) Post #AFPjc1FjFzuaz55WGO by thegibson@hackers.town
2022-01-13T23:46:30Z
0 likes, 0 repeats
@teh_dude I said right there it was probably a leak or physical access... I agree with you.
(DIR) Post #AFPjc1h1cVkKLjrJoG by teh_dude@freeradical.zone
2022-01-13T23:47:32Z
0 likes, 0 repeats
@TheGibson yeah i was affirming that. because i also wonder about signal often it makes me want to connect dots as well
(DIR) Post #AFPjc27c1f0tgCIYFc by adam@hax0rbana.social
2022-01-14T00:23:07Z
0 likes, 0 repeats
@teh_dude @thegibsonI can attest that I personally saw Signal accessing my GPS data when I was not using any GPS related features. I have since revoked its GPS permissions, obviously. It may be part of their super secret anti-spam measures opportunistically using GPS data if it can get it. It has not requested me to re-enable the permission.
(DIR) Post #AFPjiA7lBavAEhI2Eq by thegibson@hackers.town
2022-01-14T00:24:15Z
0 likes, 0 repeats
@adam š¤ā@teh_dude
(DIR) Post #AFPk31as65U9rPr2cy by adam@hax0rbana.social
2022-01-14T00:28:01Z
0 likes, 0 repeats
@teh_dude @thegibsonDue to lack of time, I haven't looked into the code, nor compared the APKs from the website vs the in-app updayer vs their website vs a self-compiled version. But it's fair to say my reaction was very much š§š¤Øš¢I had already started moving over to Matrix with people who are interested in switching, but this certainly motivated me to put more time into Matrix.
(DIR) Post #AFPsZoCJiv7LVFVrYO by adam@hax0rbana.social
2022-01-14T02:03:33Z
0 likes, 0 repeats
@starless @teh_dude @thegibson That's possible, as the warning I got was just that it was accessing my "Location", but I almost always have bluetooth turned off system-wide.I enable location services for mapping and sometimes forget to turn it off when I am done, so that's why that wasn't also disabled system-wide.
(DIR) Post #AFQ1qGFI6ntsiGp8vg by vortex_egg@hackers.town
2022-01-13T23:24:06Z
0 likes, 0 repeats
@thegibson My suspicion based on reading the indictment is that someone didn't delete their chats. Only 9 of the 11 defendants were charged with Tampering with Documents or Proceedings.
(DIR) Post #AFQ1qGjmHSHqEp5URs by thegibson@hackers.town
2022-01-13T23:39:17Z
0 likes, 0 repeats
@vortex_egg hmmmm
(DIR) Post #AFQ1qHCUYhFtfsWQCm by vortex_egg@hackers.town
2022-01-14T00:29:42Z
0 likes, 0 repeats
@thegibson Thereās some pretty wild stuff in there. I donāt know, Iām beginning to suspect these people arenāt on the level.
(DIR) Post #AFQ1qHfYocVX827dVw by vortex_egg@hackers.town
2022-01-14T00:31:20Z
0 likes, 0 repeats
@vortex_egg @thegibson Did you see the part where they tried communicating by emailing each other pictures of handwritten notes in cursive in order to avoid ādigital trackingā?
(DIR) Post #AFQ1qI6VCS3gTaj9VY by alrs@lsngl.us
2022-01-14T03:47:16Z
0 likes, 0 repeats
@vortex_egg @thegibson wouldn't that successfully defeat dragnet OCR content harvesting?
(DIR) Post #AFQ24sdk9jmzqTESpM by thegibson@hackers.town
2022-01-14T03:49:53Z
0 likes, 0 repeats
@alrs @vortex_egg i mean, plenty of tools can still harvest that data.
(DIR) Post #AFQ2CulQ8xpikUecvw by thegibson@hackers.town
2022-01-14T03:51:20Z
0 likes, 0 repeats
@alrs @vortex_egg also, I mean google indexes writing in pics, anx has for a long time... that might've worked in the days of Echelon and Carnivore...
(DIR) Post #AFQ2SijWdmcG4PIx2O by msh@coales.co
2022-01-14T03:54:21Z
0 likes, 0 repeats
@alrs @vortex_egg @thegibson maybe? But also these characters are a curiously "clever" at a superficial level and clueless at all other levels. I wonder if they think about scrubbing the EXIF data of the pictures they take of their handwritten messages before sending them, or using email service providers that aren't trivially tracked.
(DIR) Post #AFR72UqOLsTyOQn6cS by drwho@hackers.town
2022-01-14T04:24:04Z
0 likes, 0 repeats
@vortex_egg @thegibson Some of the notes weren't destroyed. They were seized.
(DIR) Post #AFR72VEqsw33cIEdkG by vortex_egg@hackers.town
2022-01-14T04:50:28Z
0 likes, 0 repeats
@drwho @thegibson Wait wait, the paper notes they wrote to avoid digital surveillance were seized and used as evidence?
(DIR) Post #AFR72VfRI5JcwkfsBc by drwho@hackers.town
2022-01-14T04:54:06Z
0 likes, 0 repeats
@vortex_egg @thegibson Yup.
(DIR) Post #AFR72W4FnpAIBiHgrg by tek@freeradical.zone
2022-01-14T16:20:18Z
0 likes, 0 repeats
@drwho @vortex_egg @TheGibson I just literally LOLed for the first time since waking up. OMG.
(DIR) Post #AFR75BhHznQhsYoh7I by tek@freeradical.zone
2022-01-14T16:20:49Z
0 likes, 0 repeats
@drwho @vortex_egg @TheGibson āSome day this will be in my museum exhibit!ā
(DIR) Post #AFR78oG754NmLQpfUm by rysiek@mastodon.technology
2022-01-14T16:21:26Z
0 likes, 0 repeats
@tek @drwho @vortex_egg @TheGibson who needs encryption with opsec that good
(DIR) Post #AFR7VgBBHozJwlQkfw by tek@freeradical.zone
2022-01-14T16:25:36Z
0 likes, 0 repeats
@drwho @TheGibson @rysiek @vortex_egg Next iteration: āthe fox is in the henhouseā, and ROT-13ād.
(DIR) Post #AFR84gWpyngfAKFghc by rysiek@mastodon.technology
2022-01-14T16:31:53Z
0 likes, 0 repeats
@tek @drwho @TheGibson @vortex_egg
(DIR) Post #AFR8bluUzYHZPe62pk by tek@freeradical.zone
2022-01-14T16:37:54Z
0 likes, 0 repeats
@vortex_egg @TheGibson @drwho @rysiek Am I doing this right?
(DIR) Post #AFR8e5upaE6u2NMLLM by rysiek@mastodon.technology
2022-01-14T16:38:19Z
0 likes, 0 repeats
@tek @vortex_egg @TheGibson @drwho certified safe and secureā¢
(DIR) Post #AFR8o5liz5DeTfrpE8 by tek@freeradical.zone
2022-01-14T16:40:06Z
0 likes, 0 repeats
@drwho @TheGibson @vortex_egg @rysiek Perfect. Iāll keep the original around as proof of ownership.- Seditiontoshi
(DIR) Post #AFRDdrblHIj3Qy9J56 by feonixrift@hackers.town
2022-01-14T15:13:34Z
0 likes, 0 repeats
@thegibsonI've long considered Signal to be almost toy security. It's good enough for government employees not wanting their boss knowing about their lesbian relationships, in my opinion it's not good enough for activists and journalists.Between server centralization, single client app (so incompatible additions are not detected), the new non-foss server component ('for security'), complete absence of metadata protection, ... It's Slightly Worse XMPP.
(DIR) Post #AFRDdsBv6reJF74BRQ by rysiek@mastodon.technology
2022-01-14T15:30:29Z
0 likes, 0 repeats
@feonixrift @TheGibson what instead, then? XMPP is simply *not usable* for most people (and I say this as someone who had set up 4 separate XMPP servers back in the day), Briar is not yet there (no iOS app, no store-and-forward), Tox is old news, and then there's a bunch of crypto scams like (checks notes) Session.This is not hypothetical, this is a tool that is needed. So, what is *viable* out there?
(DIR) Post #AFRDdsbnYeLiXNAqmG by rysiek@mastodon.technology
2022-01-14T15:39:04Z
0 likes, 0 repeats
@feonixrift @TheGibson there is also Snikket, might be solution at some point in the future, and there is DeltaChat, which has nothing in terms of metadata protection.I am ignoring everything that is not FLOSS and decentralized, obviously. So Threema, Wire, *shudders* Telegram are all out.What am I missing?
(DIR) Post #AFRDdslMz40P13eUhE by feonixrift@hackers.town
2022-01-14T15:14:25Z
0 likes, 0 repeats
@thegibsonBut I also find someone rolling over and unlocking their physical device vastly more likely than any message content compromise in Signal itself.
(DIR) Post #AFRDdt1g0R37pdHW76 by mplammers@fosstodon.org
2022-01-14T16:27:12Z
0 likes, 0 repeats
@rysiek > What am I missing?Jami:https://jami.net/@feonixrift @thegibson
(DIR) Post #AFRDdtQUWAtn4atKnA by rysiek@mastodon.technology
2022-01-14T16:32:40Z
0 likes, 0 repeats
@mplammers @feonixrift @TheGibson no no, I already mentioned crypto scams.https://jami.net/the-jami-blockchain-switches-from-proof-of-work-to-proof-of-authority/
(DIR) Post #AFRDdtnt7Bc8F9q1GC by mplammers@fosstodon.org
2022-01-14T16:48:27Z
0 likes, 0 repeats
@rysiek Thanks. The article confuses me, because it talks about both OpenDHT/Kademlia and Ethereum smart contracts.Just so I understand you; do we agree that the Kademlia / OpenDHT part is not the problem here, but the piggy backing on Ethereum smart contracts would be?If so, I'd like to understand better how Ethereum smart contracts are a scam. Are there any writings/analyses you recommend on the topic?@feonixrift @thegibson
(DIR) Post #AFRDduBdgsc3QowzHU by rysiek@mastodon.technology
2022-01-14T16:52:16Z
0 likes, 1 repeats
@mplammers @feonixrift @TheGibson yes, Ethereum is the problem.For ample evidence that a metric crap-ton of stuff built on Ethereum and similar blockchains should be approached with utmost suspicion, might I suggest scrolling through this:https://web3isgoinggreat.com/web1It's informative *and* hilarious.
(DIR) Post #AFRDducE61sclHODiq by mplammers@fosstodon.org
2022-01-14T17:18:01Z
0 likes, 0 repeats
@rysiek That was an interesting scroll indeed!Nonetheless, I have not found enough information about how these scams (many of which involving social engineering and Discord) prove how Jami's implementation may be a scam.Shouldn't we make the distinction here that actual scams that abuse some tech do not necessarily make that technology itself a scam?Perhaps you mean that the smart contracts may allow an attacker to impersonate another Jami user name?@feonixrift @thegibson
(DIR) Post #AFRDdv1OaS0s1LAJxA by rysiek@mastodon.technology
2022-01-14T17:25:03Z
0 likes, 0 repeats
@mplammers @feonixrift @TheGibson I mean that blockchain tech space is filled to the brim with scams, and I will not spend time nor effort on considering any blockchain-using project as serious and not-scammy at this stage. Especially that I have not yet seen a single such project where blockchain was actually necessary to achieve its goals. You are welcome to come to your own conclusions, of course. š
(DIR) Post #AFRDdvQD6BrXGIm8dE by feld@bikeshed.party
2022-01-14T17:34:16.390964Z
0 likes, 0 repeats
@rysiek @mplammers @feonixrift @thegibson immutable distributed databases are required to achieve these goals, or else you have counterpart risk.
(DIR) Post #AFRDjt9KSaCrx5isgi by feld@bikeshed.party
2022-01-14T17:35:26.508980Z
0 likes, 0 repeats
@rysiek @mplammers @feonixrift @thegibson immutable distributed databases are required to achieve these goals, or else you have counterparty risk.Do you trust your bank to not manipulate their ledger? The stock exchanges? They do it and we don't have the manpower or tools to audit it
(DIR) Post #AFRE9yCQJ6TV8wbgVU by docskrzyk@hackers.town
2022-01-14T17:40:06Z
0 likes, 0 repeats
@tek @drwho @thegibson @rysiek @vortex_egg You need to think about I18N - Use rot8000