Post Ax5fTIJazQfBfaLSO8 by avoca@gladtech.social
(DIR) More posts by avoca@gladtech.social
(DIR) Post #Ax4XZkOIWXTDgw9OaG by 0xabad1dea@infosec.exchange
2025-08-11T21:10:34Z
1 likes, 1 repeats
It's totally reasonable to be more cautious these days, but don't let that drive you to have opsec panic attacks that aren't founded in common sense. For example... it makes no sense to be worried someone might figure out you're queer or a leftist if you're too open about your politics while posting... on fediverse, the queer leftist social media platform. They already know, chief.
(DIR) Post #Ax5ZuUoc1T2YX4RMiu by ambiguous_yelp@social.coop
2025-08-12T00:50:06Z
0 likes, 0 repeats
@0xabad1dea It makes sense 2 have an arsenal of privacy & anonymity tools, but not 2 always b totally private bc u sacrifice authenticity accountability & discoverability all of which r important for building movements. That being said there r contexts in which a public social network more private than mastodon makes sense, for that I recommend #Simplex over alternatives (matrix, deltachat briarproject cwtch signal) details here https://social.coop/@ambiguous_yelp/114586803022221116 & here https://social.coop/@ambiguous_yelp/114892908675289611
(DIR) Post #Ax5ZuVl6VzpPSTo4tU by avoca@gladtech.social
2025-08-12T07:48:34Z
0 likes, 0 repeats
@ambiguous_yelp @0xabad1dea I'm interested in why you would recommend Simplex over Delta Chat and don't mention Session at all in your summary.Having tried all the messaging options you mentioned, and then some, my conclusion was Simplex was too restrictive when it came to multi-platform, multi-OS, app integration.With Delta Chat you can have any number of instances of the app on multiple devices, completely synchronised.There is zero KYC, as in, no phone numbers, no email addresses, in fact no identifying data at all.No metadata is collected or stored. The system is totally decentralised, FOSS, incredibly easy to self-host a server/relay. Extremely efficient and has a very good UX and UI.I found Simplex, et al, horribly difficult to setup and is very limited in multi-platform usability.You also forgot to mention that Delta chat is fully functional when installed on TAILS OS when configured using SOCKS5. To my knowledge this alone makes Delta Chat unique amongst the competition.I even prefer to use Session over Simplex, et al as my secondary service. Even that has a better UI, UX and multi-device/platform app. than Simplex.Finally, I have one piece of advice for people using Signal. Stop it!One day it will turn around and bite you, as it did to me.
(DIR) Post #Ax5ZuWKYOCBVEQOO9I by ambiguous_yelp@social.coop
2025-08-12T08:04:53Z
0 likes, 0 repeats
@avoca @0xabad1dea wouldnt any of these apps work in tails, my understanding with socks proxys is they just replace your internet connection so anything can be routed through it. Anyway simplex has quantum resistant encryption which only signal shares. This protects against store now decrypt later attacks https://www.youtube.com/watch?v=-UrdExQW0cs
(DIR) Post #Ax5ZuWwU7AWf848gGu by avoca@gladtech.social
2025-08-12T08:16:04Z
0 likes, 0 repeats
@ambiguous_yelp @0xabad1dea No, none of the other apps are installable on TAILS OS. Some can be used over TOR, but not from within TAILS. Its a Chatmail bonus.Quantum Resistant Encryption sounds wonderful, but you only need it if your messages are stored at some point by a central server. Delta Chat messages are not. Ergo, post-quantum decryption is moot in this case. Besides, I have two post-quantum proof email clients that I subscribe to if I need them, one of them on a TAILS OS USB stick paid for, anonymously, with Monero. I mean, how far do you want to go...Plus, I will be dead before Quantum Computers are scalable enough to be bothered with my stuff.Again, sounds great, but a sensible approach to the subject is needed at the moment, IMHO.Too me, the most critical things about my messaging app. were. 1. Is it FOSS/Decentralised. 2. Can I use it on my laptop, desktop, multiple phone's(1x iOS, 1x GrapheneOS and 1x LineageOS), and my tablet, at the same time, fully synchronised, and will my pig-ignorant family use it. Delta Chat ticked all the boxes, and was the only one.I'm not being critical of your choices, I'm just wondering if you have considered other things than the headlines.
(DIR) Post #Ax5ZuXjl9xwPatC24m by ambiguous_yelp@social.coop
2025-08-12T08:37:44Z
0 likes, 0 repeats
@avoca @0xabad1dea I disagree that store now decrypt later isnt an imminent issue, experts estimate classical encryption will be broken in next cpl decades given the exponential growth of quantum computers, this is covered in the video I linked above edit: the video doesn't give names to experts but it does resonate with what many experts are saying
(DIR) Post #Ax5ZuYeTl5JMQnjKU4 by avoca@gladtech.social
2025-08-12T08:44:27Z
0 likes, 0 repeats
@ambiguous_yelp @0xabad1dea Fair enough, no problems.I disagree that Quantum Computing is advancing at anywhere near an "exponential" rate.What's the current max. they have achieved? 2 qubits? Mmmmm...Anyway, to each their own.But again, if they don't have your messages and you are anonymous anyway, good luck to them. If they can't prove it, they'll get you anyway.And we are only talking HEAVY State actors with those capabilities anyway.99.9999% of folk don't need it as much as they need a great little decentralised messaging app. IMHO, Delta Chat is that app.
(DIR) Post #Ax5ZuZgduWdVdnkZUm by ambiguous_yelp@social.coop
2025-08-12T08:51:58Z
0 likes, 0 repeats
@avoca @0xabad1dea physical cubit growth is exponential so far, it doesn't matter if the conversion rate is 1000-1 if you are scaling exponentially https://en.wikipedia.org/wiki/List_of_quantum_processors
(DIR) Post #Ax5ZuaTYydlg5WddkO by 0xabad1dea@infosec.exchange
2025-08-12T08:55:39Z
1 likes, 0 repeats
@ambiguous_yelp @avoca
(DIR) Post #Ax5a3BbSp1mrYNQyYq by 0xabad1dea@infosec.exchange
2025-08-12T08:25:21Z
1 likes, 0 repeats
it makes me sad when I see people twist themselves in “but opsec!” anxiety knots over things like “I can’t post that I had a nice birthday party this weekend, then strangers on the internet will know that I was born in approximately mid-June!” my sibling, there’s only 365.25 birthdays and we all have one, yours is in hundreds of databases that have leaked dozens of times, and whether strangers on the internet know you had a nice birthday party with your friends or not has absolutely no bearing on any risk of any kind, you’re just performing trauma your mom gave you in 1996 when she heard there were kidnappers on the internetunless you really ARE the one leading the resistance or whatever, in which case @‘ing me to tell me how wrong I am and how much opsec you need is not very good opsec
(DIR) Post #Ax5fTIJazQfBfaLSO8 by avoca@gladtech.social
2025-08-12T09:02:06Z
0 likes, 0 repeats
@ambiguous_yelp @0xabad1dea Agreed, but, my understanding is, the current problem developers have is finding a substrate that doesn't require minus a bazzillion degrees to maintain a suitable error corrected stability.I have no doubt these problems will be overcome, eventually, but I feel this public declaration of panic over data centres and the so called 'store now, decrypt later' srategy of governments gets a lot of 'clicks', but in real terms might be jumping the gun a little.Anyway, who knows what Quantum Computers will come up with to obfuscate any perceived State advantages.
(DIR) Post #Ax5fTJUGdEnHIyLUf2 by ambiguous_yelp@social.coop
2025-08-12T09:06:04Z
0 likes, 0 repeats
@avoca @0xabad1dea In terms of store now decrypt later storage is v cheap, state surveillance agencies already store lots about you public telephone records emails website history, its not a stretch to think there is bandwidth to store all encrypted traffic, or at least a subset of it, google amazon and microsoft probably do the datacentre work
(DIR) Post #Ax5fTKHBhLvRkhEYue by avoca@gladtech.social
2025-08-12T09:10:17Z
0 likes, 0 repeats
@ambiguous_yelp @0xabad1dea Agreed, which is why we all need to move from the 'phone' infrastructure to a decentralised data model. Self-hosted, portable, cheap, easy to setup and take down networks are, at least, part of the solution.You don't need a SIM card to use Delta Chat.Heck, even NYM VPN are using Onion routing these days.
(DIR) Post #Ax5fTLE2AYzshClYdU by ambiguous_yelp@social.coop
2025-08-12T09:57:56Z
0 likes, 0 repeats
@avoca @0xabad1dea isnt that just security by obscurity though, if its not safe to route your protocols traffic through ISPs then trying to hide the traffic on an air gapped network doesn't make it more secure
(DIR) Post #Ax5fTLn8454OS3BaL2 by 0xabad1dea@infosec.exchange
2025-08-12T10:07:01Z
1 likes, 0 repeats
@ambiguous_yelp @avoca what? no, that's not what security by obscurity means. "security by obscurity" is when you just cross your fingers and hope no-one notices. an air-gapped network is... an actual countermeasurebut I don't think they were talking about air gaps anyway, I think they were talking about there being no "data at rest" storage point under centralized control. It absolutely *is* a stretch, a massive one, to think that anyone out there can afford to store ALL encrypted traffic indefinitely just in case they can decrypt it in 20 years, or that more than a tiny tiny fraction of that would even be worth decrypting after it's more than a year old. There's a lot of rolling 30-day retentions so they can look back after a massive incident, but the amount of raw internet traffic that's being *permanently* recorded is vanishingly small. Money and physics are both real and finite