fsebugoutzone.org:9999

       Posts by leip4Ier@infosec.exchange
 (DIR) Post #A2K0ko3IaVXAMhMsj2 by leip4Ier@infosec.exchange
       2020-12-18T09:49:33Z
       
       0 likes, 0 repeats
       
       16 2 27 _ 18 2 12 4 17 2 10 8 2 _ 4 _ 20 15 17 2 _ 27 5 20 20!!
       
 (DIR) Post #A2K8EdhgKNk6dUQgds by leip4Ier@infosec.exchange
       2020-12-18T11:13:16Z
       
       0 likes, 0 repeats
       
       @wolf480pl i can&#39;t x.x
       
 (DIR) Post #A2K9utHys5yp5e7R0i by leip4Ier@infosec.exchange
       2020-12-18T11:32:09Z
       
       0 likes, 0 repeats
       
       @wolf480pl yeah, that was my intention
       
 (DIR) Post #A2KD1oo8EPiN549VE8 by leip4Ier@infosec.exchange
       2020-12-18T12:07:06Z
       
       0 likes, 0 repeats
       
       @wolf480pl yep
       
 (DIR) Post #A2KDQzfF0J7bzWzwae by leip4Ier@infosec.exchange
       2020-12-18T12:11:34Z
       
       0 likes, 0 repeats
       
       @wolf480pl yep
       
 (DIR) Post #A2LJZ8KjRwKa4ud6XY by leip4Ier@infosec.exchange
       2020-12-19T00:54:57Z
       
       0 likes, 0 repeats
       
       i&#39;m not sure it&#39;d work in real life, but what if?a distributed social network in which each user has a set of signing keys. one key is used to sign public posts, another is for private ones. the user also signs the list of people who can see private posts. posts are announced to the network and then copied by other peers. but, if someone shares a private post to someone who shouldn&#39;t have access, software of that user generates a proof that it received a post it shouldn&#39;t&#39;ve and broadcasts it.
       
 (DIR) Post #A2LJau4DSkToPXkT4K by leip4Ier@infosec.exchange
       2020-12-19T00:55:14Z
       
       0 likes, 0 repeats
       
       then everyone who received that proof block the bad person, effectively banning them from the network. same for distributing deleted posts.it could use maybe a bloom filter instead of a list of allowed users. and also this system would require all network interactions to be signed.
       
 (DIR) Post #A2LJlSeJk1x8YtfX8a by leip4Ier@infosec.exchange
       2020-12-19T00:57:17Z
       
       0 likes, 0 repeats
       
       (i&#39;m not sure the problem i&#39;m trying to solve existed in the first place, it&#39;s just sleepythoughts, i don&#39;t know if they make sense)
       
 (DIR) Post #A2LKKaYyJHo3F1v1Bg by leip4Ier@infosec.exchange
       2020-12-19T01:03:31Z
       
       0 likes, 0 repeats
       
       @varx isn&#39;t there a way to reliably synchronize time? i assumed that any broadcasts are silently dropped if the time difference is more than like 10s.
       
 (DIR) Post #A2MCaIOX1SDR3EyRua by leip4Ier@infosec.exchange
       2020-12-19T11:11:30Z
       
       0 likes, 0 repeats
       
       @cassidyjames i hope it can be disabled, i like how it currently works..
       
 (DIR) Post #A2Mrc9lYAfUwzPkMAy by leip4Ier@infosec.exchange
       2020-12-19T18:50:33Z
       
       1 likes, 0 repeats
       
       @chjara do you need all of them? D:
       
 (DIR) Post #A2gm3YqwdX2PQVXzk0 by leip4Ier@infosec.exchange
       2020-12-29T09:23:06Z
       
       1 likes, 0 repeats
       
       i was so excited when #mikrotik announced #DoH support, but now i&#39;ve used it for what, at least half a year? and it seems like either CPUs in low-end routers aren&#39;t powerful enough to handle tls, or routeros doesn&#39;t do it correctly. whichever it is, my router just hangs and fails to retrieve the records once in a while.
       
 (DIR) Post #A2gmdElQnuxXXxypFY by leip4Ier@infosec.exchange
       2020-12-29T09:29:36Z
       
       1 likes, 0 repeats
       
       plus public DoH resolvers aren&#39;t as stable as regular dns ones. both nextdns and adguard that i used were sometimes down for like noticeable time.so i guess i&#39;ll disable it. i recently learned that my isp logs all https connections, including the certificate domain, so it&#39;s largely pointless anyway.
       
 (DIR) Post #A2hBtrqpkDoyGEX9Ki by leip4Ier@infosec.exchange
       2020-12-29T14:12:28Z
       
       0 likes, 0 repeats
       
       @fence javascript
       
 (DIR) Post #A2rlNpmbRF0oVhB8j2 by leip4Ier@infosec.exchange
       2021-01-03T16:37:21Z
       
       0 likes, 0 repeats
       
       @lx they see the domain name in sni
       
 (DIR) Post #A2rlvxpc1Ki3JmrQBs by leip4Ier@infosec.exchange
       2021-01-03T16:43:32Z
       
       0 likes, 0 repeats
       
       @lx oh, i meant that isp logs contain either sni or the ip address of each website i ever connected to. so whether or not they see my dns requests, they know which websites i browse.
       
 (DIR) Post #A2rml6QPpThujuSZf6 by leip4Ier@infosec.exchange
       2021-01-03T16:52:36Z
       
       0 likes, 0 repeats
       
       @lx ech won&#39;t save us either, see https://dl.acm.org/doi/10.1145/3340301.3341133. tldr: you can learn what website the user is browsing from the ip addresses they&#39;re connecting to. even if it&#39;s a cdn, patterns are relatively unique, since resources are usually loaded from multiple other ip addresses.
       
 (DIR) Post #A2rmyAMsTsAIjV2BbU by leip4Ier@infosec.exchange
       2021-01-03T16:55:15Z
       
       0 likes, 0 repeats
       
       @lx seems so
       
 (DIR) Post #A2rnqxgVL5IpK5LKJk by leip4Ier@infosec.exchange
       2021-01-03T17:05:04Z
       
       0 likes, 0 repeats
       
       @lx i think that for most people, vpn in a country that doesn&#39;t share data with theirs too easily is a decent compromise
       
 (DIR) Post #A2ro2C529mTV9iAkBE by leip4Ier@infosec.exchange
       2021-01-03T17:07:09Z
       
       0 likes, 0 repeats
       
       @lx whoa, lucky!