fsebugoutzone.org:9999

Post AVAH71o4lValHtyurQ by craigmaloney@octodon.social
(DIR) More posts by craigmaloney@octodon.social
(DIR) Post #AVA5AiNTkEvyjpX4We by mjg59@nondeterministic.computer
2023-04-30T01:00:40Z

0 likes, 0 repeats

With Elon announcing that encrypted Twitter DMs are imminent, based on the fact that to the best of anyone&#39;s knowledge Elon hasn&#39;t (and probably can&#39;t) employ any decent cryptographers, you shouldn&#39;t trust it even if it&#39;s based on the Signal protocol for the reasons I described last year https://mjg59.dreamwidth.org/62598.html

(DIR) Post #AVA5meEbb5LytPTCEa by djcapelis@hachyderm.io
2023-04-30T01:07:59Z

0 likes, 0 repeats

@mjg59 Yes, and even if they had great cryptographers, I am very curious to see what limitations this new system has. For one, EE2E while also still allowing access via a web browser is a… tricky thing which often comes with interesting tradeoffs.

(DIR) Post #AVABgxN28XZeEH56wq by matt@mastodon.bitcoin.ninja
2023-04-30T02:14:25Z

0 likes, 0 repeats

@mjg59 least I heard, about five years ago, Twitter had encrypted DMs implemented and in testing…. So who knows what kind of ancient code they’re gonna ship.

(DIR) Post #AVAH71o4lValHtyurQ by craigmaloney@octodon.social
2023-04-30T03:15:19Z

0 likes, 0 repeats

@mjg59 I read &quot;based on the Signal Protocol&quot; much like I read The Lawnmower Man&#39;s &quot;Based on the short story&quot; in that there was a man in the film and he had a lawnmower.

(DIR) Post #AVARheYn9o87Riw3do by artemist@social.mildlyfunctional.gay
2023-04-30T05:13:59Z

0 likes, 0 repeats

@mjg59 encryption is a tool for turning problems into key management problems

(DIR) Post #AVASe2KQwdaLxU3hqK by jsmall@infosec.exchange
2023-04-30T05:24:31Z

0 likes, 0 repeats

@mjg59 I always found the part about Signal&#39;s prekeys being rated limited interesting. Rate limits are inherently difficult, if I had a bot army just download all your keys what happens? You&#39;ve described a fallback to avoid a DoS, but if I keep that up long term don&#39;t I, as an attacker, just perpetually break PFS? Does sound like a hard problem.

(DIR) Post #AVAwXVaikI5zJSTpvk by charette@lor.sh
2023-04-30T10:59:11Z

0 likes, 0 repeats

@mjg59 They run it through ROT13. To be extra careful, they run it through twice, for twice as much encryption.

(DIR) Post #AVBFN3UaGCryOmL4L2 by Strider@mastodon.cyborgcentral.net
2023-04-30T14:29:15Z

0 likes, 0 repeats

@mjg59 Straight talk, the &quot;twitter files&quot; reporters were apparently given access to internal user accounts, including DMs. Given Elon&#39;s willingness to open people&#39;s DMs to Bari f&#39;n Weiss, the fact that those DMs are going to be encrypted doesn&#39;t fill me with a ton of confidence.

(DIR) Post #AVBJj49Ut4DAdIE7Ci by feld@bikeshed.party
2023-04-30T15:20:21.506136Z

0 likes, 0 repeats

&gt; (and probably can&#39;t) employ any decent cryptographers,DJB seems like the kind of guy that would get along with Musk

(DIR) Post #AVBMtCDs2Gy8QBnJFg by skreets@kolektiva.social
2023-04-30T15:54:26Z

1 likes, 0 repeats

@mjg59 Thank you for writing this. There&#39;s more to trust than just keeping a secret. Signal, formerly TextSecure, was born out of the rustbelt anarchist culture in late 2008. We were exploring digital ways to communicate internally amongst one another. In Sep. of &#39;08 the RNC protests happened. Moxie was hip to twttr (the sms version of twitter) and we thought it could be useful to share information amongst our networks. Twttr was useful, but security was a concern, so culturally people were skeptical.The next month, back in the &#39;burgh in a dusty Steelers bar, I just got the HTC Dream / Android G1. Moxie and I met up to explore it and talk about TextSecure, (SexSecure) as the joke evolved into. The activists opposed to the &#39;08 RNC experienced a huge wave of repression. We knew there was a clear need for anarchists to secure their communication, the Super Bowl was coming up and Steelers were gonna win, and with that, the riot, as was manifested in &#39;06.I share this story because the the politic and culture Signal came from was anarchist. What birthed Signal was Moxie and Stuart, yes, and they were very much in our world. In September &#39;09 the G20 was coming to PGH and again, a need for secure communication. Naturally, TextSecure was part of that, it came from our world, had a material benefit, and we excitedly did guerrilla marketing for it. Twttr turned to Twitter and had its own trajectory but my assumption is Jack and Moxie met up in 2011 and the rest is history..Anarchists kept using Signal, and its user base started to grow, as did successive social movements throughout the states and beyond.Fast forward to Elon run Twitter of 2022, I asked Moxie why not develop encrypted DMs for Mastodon? This seemed like a natural progression given our intersecting histories, Kolektiva was a bigger instance at the time, the momentum was right. He certainly got the brains to do it... The response was both understandable and disappointing, basically it&#39;s too hard to do on distributed systems.Now, the word was Elon asked him to do encrypted DM&#39;s for Twitter, and at the time - Nov, 2022 - there was a big political and culture war between Fascism and Anarchism regarding Twitter and the Fediverse. Still is, but same old players are attacking the fediverse, Jack w/ bluesky. I do not know what direction M. personally took. Libsignal is an open protocol. Time will tell.This whole big ass story was told to illustrate context is also important. Your write up on dreamwidth was great at speaking to the technical concerns with poorly implemented products. If Twitter has encrypted DM&#39;s, then it&#39;s a win for the power dynamics that own the castle. In this case Elon, maybe next week Jack. It may be a win for its users, however, what ones? Signal was a win for anarchists and has enabled us to laugh/cry about America, organize against fascists, and stay somewhat personally connected during the ongoing social war. Our influence on its initial adoption can&#39;t be understated.Personally, I don&#39;t have the bandwidth (or back) to Mission Impossible into Twitter to see how things run there, but trust? The only people I trust are the rebels in SF who have it in them to take that building down.I think it&#39;s apparent that who we trust, with what and how are important questions for everyone. E2EE says: me and you bb, to the moon! But if your handler is some libertarian Jack off, or a fascist, then wtf are ya even doing? We, anarchists, always pose the question of autonomy and endeavor to liberate/elevate/empower ones own greatest ability (but not at the expense of others). The Jacks and Elons hold no such belief, just power over others, not power from below.E2EE encryption is great, been using PGP since the early 00&#39;s. Hell, even Zimmermann, PGP creator, was an anti-nuclear peace activist. Context. What world are we trying to build and with whom?/end rant