Posts by rene_mobile@infosec.exchange
(DIR) Post #ATNQIFycRqUsxXRiWu by rene_mobile@infosec.exchange
2023-03-07T15:46:34Z
0 likes, 0 repeats
@eighthave But such an app could act as a storage provider itself, right? Thinking about Syncthing etc.
(DIR) Post #ATNpUz6SzZWTFJHZpI by rene_mobile@infosec.exchange
2023-03-07T20:29:04Z
0 likes, 0 repeats
@signalapp My old argument for an alternative to phone numbers as user identifiers still stands. I continue my claim that this keeps #Signal out of some relevant use cases and makes it much less inclusive in certain regions where phone numbers are either shared or (have to) change often.MLS or similar approaches to #federation of user identifiers is the way forwards for a global messaging service.
(DIR) Post #ATpjBZMwBtdCkbGPGi by rene_mobile@infosec.exchange
2023-03-21T06:05:51Z
1 likes, 1 repeats
@discord "Server"(Maybe "channel", "instance", "forum", etc. would be more accurate, but OTOH maybe their use of this word was also partially the reason for its success, given that it clearly but quite incorrectly purports a level of control for "server" "owners".)
(DIR) Post #AV0D3qJuflzROfV24e by rene_mobile@infosec.exchange
2023-04-24T15:35:59Z
0 likes, 0 repeats
https://github.com/rom1504/img2dataset: Erm, this is not how consent for using data from the web works....
(DIR) Post #AVZYW2VOLRsnQu2dvc by rene_mobile@infosec.exchange
2023-05-06T19:29:50Z
0 likes, 2 repeats
#WhatsApp implementing #KeyTransparency is pretty nice, and definitely an excellent step in the right direction against shadow accounts and the service provider trust problem. However, without the client being #OpenSource, it is not that meaningful. Yes, of course somebody could implement an independent monitor for the transparency log to check keys registered for an identity, but what percentage of the user base will actually do that when the only realistic way to use the service is to rely on the #proprietary client, which can still be used to maliciously target (groups of) users to break #E2EE?Secure messenger clients should both use identity security protections like #KeyTransparency and have a *default* implementation that is #OpenSource and, ideally, be distributed with #BinaryTransparency and verified through #ReproducibleBuilds. Oh, and allow other identifiers than just phone numbers (still looking at you, @signalapp - which is otherwise ticking a lot of the right checkboxes).
(DIR) Post #AVZg07z1F4zkmyC5Im by rene_mobile@infosec.exchange
2023-05-06T21:14:07Z
0 likes, 0 repeats
@reto @signalapp Yeah, that's still the main reason why I'm not using it and it's unlikely this will change. I was mostly commenting on the recent announcement on #KeyTransparency.
(DIR) Post #AWjFHlap5VdxBBXFse by rene_mobile@infosec.exchange
2023-06-15T22:03:15Z
0 likes, 0 repeats
@eighthave Building the full AOSP API docs with "m offline-sdk-docs" works for me from a current checkout. Do you get a specific error when trying to build the API reference?
(DIR) Post #AcSidFeYdOxTXyACyu by rene_mobile@infosec.exchange
2023-12-04T01:59:13Z
0 likes, 1 repeats
Later today, I am finally going to live-present a conference paper again: "Anonymously Publishing Liveness Signals with Plausible Deniability", mostly by Michael Sonntag and in cooperation with Stefan Rass and me. The topic is a cryptographic protocol for verifying that whistleblowers and other secrets holders are still alive and well, that is, generating and verifying binary signals (without further information content) sent (semi-) regularly. The most interesting aspects follow from the goal of plausible deniability: as a prover (whisteblower) or verifier, being able to plausibly claim to hold the respective other role or being part of an interaction that has already become inactive before, because stored data does not allow deciding either way when provided with the wrong decryption passphrase. Tools we use are Tor onion services and hash chains (totally not a Blockchain), prototyped as a Java library and Android app.Details at https://link.springer.com/chapter/10.1007/978-3-031-48348-6_1, preprint soon so be available at https://www.digidow.eu/publications/.
(DIR) Post #At35847Cj0JDId1oQ4 by rene_mobile@infosec.exchange
2025-04-13T08:18:37Z
0 likes, 2 repeats
If you are an #academic in the #US with a position comparable to tenured or associate professor and a solid research track record in a field related to computer science (treat this in a very broad manner) and are interested in relocating to beautiful, liberal, safe, #Austria, then please reach out to me. We'd love to welcome new colleagues in the Austrian academia!A couple of us are collecting profiles to potentially match with organizations that are looking to fund such opportunities. Full caveat: I don't yet have concrete positions confirmed, but am trying to get the funding bodies into position to do so.Please boost!
(DIR) Post #AxIz8ajvodnks0Y2eO by rene_mobile@infosec.exchange
2025-08-18T11:16:56Z
0 likes, 1 repeats
I have now also converted my remaining personal open source Git repositories (those which we don't already host at the institute's #Gitlab instance and which are not forked from or contribution to others) from #Github to #codeberg https://codeberg.org/rmayrGithub was a great improvement to make open source contributions and coordination easier, and it's a shame that the current AI hype drives everything into a single, non-sustainable niche direction... While Github is dependent on Microsoft AI stuff, my repositories are archived and will not see any further changes - I might even delete them altogether.
(DIR) Post #AxKAkhenq5UZyvU6vw by rene_mobile@infosec.exchange
2025-08-19T09:00:58Z
0 likes, 1 repeats
Big congrats to our Austrian CTF team KuK Hofhackerei (https://bsky.app/profile/hofhackerei.at) having scored 9th place at DEFCON on their first try. This was truly a nice cross-university collaboration, and I am proud of all the students having contributed at that level.
(DIR) Post #AxtixD4R4GD5rFCspU by rene_mobile@infosec.exchange
2025-09-05T07:26:46Z
0 likes, 1 repeats
TIL that Microsoft Copilot is now trying to show a "face" with different "emotions". That it's not working right now is not my issue. That MS are even more explicitly trying to trick people into thinking they are having a conversation with an actual person, however, most definitely *is*.Did this "feature" run through an ethics board review? Is the additional emotional deception of users intentional? Who actually wants that sh..?I am getting happier by the day that my current daily driver (#Framework) laptop didn't come with a Windows license and I'm certainly not going to spend any public university funds on buying this manipulatory adware... Whoever sends me documents to edit in the future: if they don't open correctly in #Libreoffice (without the "help" of Copilot), I won't be able to work on them.via @tomwarren.co.ukhttps://fed.brid.gy/r/https://bsky.app/profile/did:plc:fbtvg6jxtdroidfvq5z635xu/post/3lxxlpdy3qs2r
(DIR) Post #Ay1iqR5e6EEoZmDqAC by rene_mobile@infosec.exchange
2025-09-09T09:53:09Z
0 likes, 1 repeats
We (over 50 scientists) have put (yet another) open letter to the EU commission online, detailing while we do not believe anything has changed in the recent iteration of #chatcontrol proposals that would make it any less unsafe: https://csa-scientist-open-letter.org/Sep2025Please boost. Next week there will be (another) decision!CC @signalapp @suka_hiroaki @epicenter_works @xot @bpreneel @carmelatroncoso @cascremers @tho
(DIR) Post #AyL6CSSBqH3CMCKSFE by rene_mobile@infosec.exchange
2025-09-18T11:38:16Z
0 likes, 1 repeats
Microsoft Azure/Cloud/AD considered harmful (twice, again)...Context: https://cyberplace.social/@GossiTheDog/115220941705031025 and https://burn.capital/@Schneier_rss/115213861155394064
(DIR) Post #B0b3kKtSKrNsK1KUN6 by rene_mobile@infosec.exchange
2025-11-25T06:31:09Z
0 likes, 1 repeats
https://xkcd.com/1732/, because it's still true and #COP30 has been, unsurprisingly, another testament to human stupidity. Every single politician who actively sabotaged human survival (again) should stand in front of this graph and explain their actions to a crowd of youths.
(DIR) Post #B0fsB9TQfssL3yyY76 by rene_mobile@infosec.exchange
2025-11-27T14:48:26Z
1 likes, 2 repeats
The Letter — Stop Hacklore!https://www.hacklore.org/letterPlease read. It is good advice.
(DIR) Post #B0vy0IcU2OguUvmHtQ by rene_mobile@infosec.exchange
2025-12-05T08:56:02Z
1 likes, 1 repeats
Today is one of those days again, isn't it?
(DIR) Post #B1pLHjFLXp656tmpNo by rene_mobile@infosec.exchange
2025-12-31T23:38:50Z
0 likes, 0 repeats
Instead of a Happy one, I want to wish everybody a Stable New Year 2026, because we can all use one of those... However, strive to find happiness within. Take care of yourselves and those around you! 🥰
(DIR) Post #B1uUIixvwdyruGzV4q by rene_mobile@infosec.exchange
2026-01-03T12:51:45Z
0 likes, 1 repeats
I admit that, through 2025, I have become an #AI #doomer. Not that I believe the LLM-becoming-sentient-and-killing-humanity self-serving hype bullshit for a second. There are much more concrete impact points that may lead to or greatly accelerate several crises, each of which will actively harm humanity as a whole, and particular groups of people in particular:1. The massive amounts of (dirty) electricity, water, and raw material being wasted on GenAI **will** accelerate the climate crisis, both because of the direct pollution through building new data centers, training, and running the models as well as distracting from other efforts. "AI" will not solve the **climate crisis**. People applying it make it worse.2. Misinformation (aka., lies) is being produced at a scale never seen before. Our liberal democracies are not prepared to deal with that, and we have already seen increasing distrust of science, journalism, and the concept of political compromise. GenAI is fantastic for generating emotionalizing, polarizing, targeted bullshit. It - unsurprisingly - remains terrible at outputting balanced fact and actual novel insight. "AI" (in the form of LLMs) will not help educate the masses to make better decisions. People applying it exacerbate the **political crisis**.3. What started in Gaza will continue in other regions. Idiotic war hawks will inevitably connect the output of "AI" to target selection and direct forms of physical violence - all in the name of "efficiency" in the business of killing people."AI" will not protect our soldiers. Military using it simply kill more people, more quickly.There are actually wonderful use cases for the diverse set of methods currently summarized under the "AI" umbrella, including for scientific discovery. But the current hype around LLMs leaves me with quite a pessimistic outlook. We really, really need to get past the hype and discuss the good use cases rationally and objectively, while stopping to waste insane amounts of resources on those applications that bring much more harm than benefit.
(DIR) Post #B2ZwTpFk4cfnZucsEK by rene_mobile@infosec.exchange
2026-01-23T13:55:21Z
0 likes, 1 repeats
🌮 TACO 🌮 seems to become the standard menu item in Davos.