Post AQ2TOTKfRwJTYe2AWe by NumberHill@social.tchncs.de
(DIR) More posts by NumberHill@social.tchncs.de
(DIR) Post #AQ0fpjHx2k6Zzubiee by mjgardner@mastodon.sdf.org
2022-11-26T20:53:05Z
16 likes, 34 repeats
ATTENTION EVERYONE WRINGING THEIR HANDS OVER “#MASTODON ADMINS CAN READ MY DIRECT MESSAGES”: #SysAdmins have *always* been able to read your #email and DMs unless encrypted, including at the big #SocialNetworks and Internet providers. We used to have t-shirts that said, “I READ YOUR EMAIL.” It’s just hitting now because you got used to places where the admins were kept away in their cubicles and data centers instead of greeting you at the front door.#privacy #security #InfoSec #cybersecurity
(DIR) Post #AQ0fpkobMpogjStJBY by mjgardner@mastodon.sdf.org
2022-11-26T21:05:26Z
2 likes, 2 repeats
Oh, and #Slack, #Discord, #Steam, etc., all down the line too. Unless they have end-to-end #encryption where *you* and *only you* have the *only* private key, it’s not #private. No exceptions.#privacy #security #InfoSec #cybersecurity
(DIR) Post #AQ0fplkNu02NcfvSFc by mjgardner@mastodon.sdf.org
2022-11-26T21:09:14Z
1 likes, 0 repeats
Is this worrisome on “free” services where “you (and your data) are the product”? You betcha.
(DIR) Post #AQ0xbpPJIOTw5xZQhs by nephryn@mastodon.lol
2022-11-26T22:31:14Z
0 likes, 0 repeats
@mjgardner How about #Signal?
(DIR) Post #AQ0xbpvDNm0DguUuR6 by mjgardner@mastodon.sdf.org
2022-11-26T22:45:33Z
0 likes, 0 repeats
@nephryn @signalapp is well-known to be end-to-end #encrypted. Only conversation participants hold keys https://support.signal.org/hc/en-us/articles/360007320391-Is-it-private-Can-I-trust-it-#Signal #E2EE #encryption #security #InfoSec #privacy
(DIR) Post #AQ0yEUsxWrSBk2sSCu by vandys@noagendasocial.com
2022-11-27T02:12:19Z
0 likes, 0 repeats
@mjgardner If you care about DM privacy: Get a de-Google'ed Android phone. Install Briar from fdroid.org. If that's too much trouble, just DM over Mastodon, and stop worrying.
(DIR) Post #AQ1d4wIeqOCNzVSVM0 by lanodan@queer.hacktivis.me
2022-11-27T09:49:24.130896Z
0 likes, 0 repeats
@mjgardner > We used to have t-shirts that said, “I READ YOUR EMAIL.”I quite want that kind of t-shirt.And with a lot of services the admins are in control of the encryption software because of how webapps works, so it can be rendered nil.
(DIR) Post #AQ24p0yqTJwYafO20e by mmu_man@m.g3l.org
2022-11-27T15:00:50Z
1 likes, 0 repeats
@mjgardner we should update the tshirts: "I READ YOUR EMAIL (JUST LIKE GOOGLE)"
(DIR) Post #AQ2A9u2jxViGvXzJmC by Jason@scots.network
2022-11-27T01:44:34Z
0 likes, 0 repeats
@mjgardner Nobody's worried unless they've got something to hide. In which case use WhatsApp.
(DIR) Post #AQ2A9uiZRzAp1HYiye by CanaryKazjmir@noagendasocial.com
2022-11-27T16:00:39Z
0 likes, 0 repeats
@Jason @mjgardner BullShitFully vaccinated I presume?
(DIR) Post #AQ2BBy2k9poBrmXPEW by YTFoidLover1488@poa.st
2022-11-27T16:12:14.624733Z
0 likes, 0 repeats
@mjgardner You forgot one thing.I’m in your DMs
(DIR) Post #AQ2P2mGFzaSY4qN2h6 by Brantgaard@mastodontech.de
2022-11-27T03:15:54Z
0 likes, 0 repeats
@mjgardner I'm just seeing this now. This is not good. Of course, one can object:1. don't write anything important in DM.2. why should my admin read my DM? He must have more important things to do. With the arguments you could do without all door locks. It can't be. I don't want an admin to have the opportunity to read my DM.
(DIR) Post #AQ2P2mwRSkCgBg6jRo by mjgardner@mastodon.sdf.org
2022-11-27T03:19:17Z
0 likes, 0 repeats
@Brantgaard Yay, someone gets it! Thanks for not making any counter-arguments from scale, regulation, or “nothing to hide.”
(DIR) Post #AQ2P2nP9jzAjcjXfCi by Brantgaard@mastodontech.de
2022-11-27T03:23:56Z
0 likes, 0 repeats
@mjgardner Even if we have nothing to hide. There are things we don't want to share with everyone. These are very personal things. I have to be able to trust that these things are private.
(DIR) Post #AQ2P2nsvxGzX75TRcO by Brantgaard@mastodontech.de
2022-11-27T03:28:05Z
0 likes, 0 repeats
@mjgardner "Mastodon Help - GuideAnyway remember that Mastodon is designed to spread interactions and not for privacy: your Instance admins can read all your messages, including direct ones, just like on every other big social network. For encrypted messaging there are other and more specific platforms."I think my goodbye is set.
(DIR) Post #AQ2P2oFGcEr8ELvHQe by mjgardner@mastodon.sdf.org
2022-11-27T03:36:33Z
0 likes, 0 repeats
@Brantgaard Or just use it for what it is? You don’t have to pipe all your interactions through here.
(DIR) Post #AQ2P2oaBMTaPHDhz1s by Brantgaard@mastodontech.de
2022-11-27T03:44:12Z
0 likes, 0 repeats
@mjgardner It's not even so much about me. German authorities also use Mastodon. Now I imagine they also interact with each other, perhaps sharing things with each other that are not intended for the public. I hope that the authorities also realize that Mastodon is not a safe place for certain communications.
(DIR) Post #AQ2P2p8DJwoAyldA4e by Brantgaard@mastodontech.de
2022-11-27T03:48:31Z
0 likes, 0 repeats
@mjgardner I used an app called AI Dungeon to write stories. Then I found out that the admin could read all the stories, even the private ones. Fortunately, I never wrote private things in my stories. The problem is. My trust in AI Dungeon was irreparably damaged. The thing with Mastodon shocks me too.
(DIR) Post #AQ2P2pYRkPnAI7u6xk by hackbod@mastodon.social
2022-11-27T06:33:55Z
0 likes, 0 repeats
@Brantgaard @mjgardner Are you going to stop using e-mail as well? You shouldn't assume something provides complete privacy unless otherwise stated, at best you should think maybe you have complete privacy if something explicitly says it is end-to-end encrypted.
(DIR) Post #AQ2P2q8bZyiQ6GozK4 by mjgardner@mastodon.sdf.org
2022-11-27T06:59:29Z
0 likes, 2 repeats
@hackbod @Brantgaard Of course I haven’t stopped using email. Where possible I use #OpenPGP. You can find my key fingerprint in my profile and can look up my full key using a variety of means.Where that’s not possible, I use a shared secret and expiring messages via #ProtonMail: https://proton.me/support/password-protected-emails
(DIR) Post #AQ2TOTKfRwJTYe2AWe by NumberHill@social.tchncs.de
2022-11-27T17:30:05Z
0 likes, 0 repeats
@lanodanNot sure if you really are saying that e2e can be rendered nil. Proper e2e encryption implementations would never allow that to to happen, priority #0 is ensuring the privacy of private keys.@mjgardner
(DIR) Post #AQ2TOU1YsSclhg6QNs by lanodan@queer.hacktivis.me
2022-11-27T19:35:04.722432Z
0 likes, 0 repeats
@NumberHill @mjgardner With control over the software (in a webapp the web server controls it) you choose where the decrypted part goes and typically you can also dump the private keys.
(DIR) Post #AQ2UEkCDzmIyv00gpU by NumberHill@social.tchncs.de
2022-11-27T19:39:25Z
0 likes, 0 repeats
@lanodanOk, but when it's not standard behaviour of the webapp an admin would need to show criminal intention here, right?@mjgardner
(DIR) Post #AQ2UEkpDenUsrwFpbs by lanodan@queer.hacktivis.me
2022-11-27T19:45:07.301393Z
0 likes, 0 repeats
@NumberHill @mjgardner Except basically no browser keeps logs of what it fetched and executed. (And caching can be controlled)
(DIR) Post #AQ2Yq0ujCYcDIaqxd2 by paul@notnull.click
2022-11-27T20:37:09.036494Z
0 likes, 0 repeats
@mjgardner can we do those t-shirts again? but change "email" to "tweets"?
(DIR) Post #AQ2Yv2gK3aTeEGVrUW by paul@notnull.click
2022-11-27T20:38:04.147404Z
0 likes, 0 repeats
@mjgardner ... "and so can my mum"or something like that
(DIR) Post #AQ4gzvGSFVmEceAgcq by Jason@scots.network
2022-11-28T21:18:01Z
0 likes, 0 repeats
@CanaryKazjmir Me? Nope not vaccinated. Why would I put poison into my body?
(DIR) Post #ASlIconloonutNvn3w by iska@mstdn.starnix.network
2023-02-17T06:21:42Z
0 likes, 0 repeats
@mjgardner the fact that this had to be said is dissapointing on its own.
(DIR) Post #ASlJM5E1bT56rNnNYW by realcaseyrollins@social.teci.world
2023-02-17T06:29:54.738070Z
0 likes, 0 repeats
Yep, and this is what I like about #Matrix and #Tox. Complete #E2EE, in the case of #Tox there aren’t any hosts at all.
(DIR) Post #ASoEqcjreH8BBvJMki by realcaseyrollins@social.teci.world
2023-02-18T16:23:30.056436Z
0 likes, 0 repeats
Doesn’t #Briar only support certain platforms? It’s not completely cross platform afaik. And I never enable syncing on #Matrix, it’s the buggiest part of the protocol from my experience. And I’m lazy 😄
(DIR) Post #ASoSbBbLf3DC2arReC by realcaseyrollins@social.teci.world
2023-02-18T18:57:37.083337Z
1 likes, 0 repeats
I think I tried #Jami once and it puts you in a centralized contacts database without your permission…big no-no for privacy, no matter how secure the #E2EE connections are during #P2P communications
(DIR) Post #ASoUYXAvC4hZzSMa36 by sj_zero@social.fbxl.net
2023-02-18T19:19:31.319599Z
0 likes, 0 repeats
It's really easy to get caught off-guard with different systems and end up relying on someone else's largesse for key services. Arguably, DNS is still a risk factor for everyone on the fediverse, but for now that's still not too dangerous. Once it becomes too dangerous I'm sure someone will come up with a decentralized alternative.