Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
-vim-31257yAnd you know the worse thing, if you use like super private app to send messages (via phone number), but then that person spies on everything, YOU’RE F🤬CKED!!!!!!!!!!!!
-
@FrodoSwaggins Two of my friends regularly take Instagram pictures around me. They always go like 'yo, could you stand somewhere else for a second? ' - 'what why..... ' - 'insta picture!' - ah thanks for the notif and not including me by default!
-
@irene Nope! Just the fact that I can choose not to share my address with you is a form of privacy :)
-
donuts236787y@linuxxx you can choose but it's going to shared anyway... How would you know?
Sorta like the placebo effect -
donuts236787yAnd if all the standards are gone, you'd have nothing left since whatever is left becomes the standard, ... , 0
-
-vim-31257y@irene well he’s fanatic of privacy and you’re telling him the only way to have privacy is to be dead (which is still not exactly true), but it was mostly sarcastic, forgot the ‘/s’
-
@Jop- And that's why I'm going to compile it myself. Then I'll at least have a truly open source version. (they literally have a guide on how to do that)
Being forced to use a specific client doesn't mean that you're not in control... -
@peacWhis As for the technology it uses it's quite secure yes.
I'm personally a Tutanota user, just like that service more overall :) -
b3b340667yThere's that one dude in my class that always takes instagram pictures of everybody and I really have to control myself to not kill him one day. Like wtf.
-
Sure messages and calls are end-to-end encrypted in Signal so even though it's their servers they can't read messages or listen to calls even if they wanted to. But that is privacy, not control of you're data. Their client, their server so to me they control you're data and not you. Plus if you're paranoid about privacy you will assume that anyone who can, do log your (un)encrypted data. Don't get me wrong I am a signal user and have been for a long time but even I don't trust their playstore version and compile my own
-
@mee4895 From a technical standpoint, E-Mails are the worst (actually popular) way to communicate over the internet.
-
@linuxxx Do you know Mailvelope? Looks like a proper (and extremely simple) solution to provider-independent email encryption.
-
@LrdShaper Signal doesn't control your data (they don't *have* it, so they can't decide to do anything with it / 'control' it).
But they zu control availability of their service, because it's not a distributed server model. And that's the big drawback of signal. -
@theCalcaholic That's very true. I'm fine with that and I use a decentralized chat service as well :)
-
@linuxxx I know, and I still use Signal. :)
It's still one of our best available options, even with that shortcoming. -
@irene That's way to generalized. Decentralized can (and should) mean that you can host it your own. Tor, for instance is a perfect example of a decentralized network.
-
@irene Routing it through third parties has nothing to do with something being not secure or not by default. If those parties take care of their security it's alright.
By end to end encrypting your data, third parties can do whatever they want with your data of course. But only with the encrypted version. They can't see the content thus making it unusable for them. That guarantees ones privacy. -
@irene That's incorrect! Tor has been deanonymized because someone controlled a big portion of the tor nodes.
That would have been a lot easier without the networks decentralized architecture.
However a decentralized architecture doesn't automatically provide security - but it doesn't prevent it either. However it avoids a single point of failure which could be compromised a lot easier than a whole network. -
@irene Let me give an example of how decentralizing a messenger can add to security (given it has a good protocol in the first place):
let's say we have a messenger X which has a protocol looking like this:
- messages consist of a unencrypted header which only contains the target server
- it contains a second header which is asynchronously encrypted with the target servers public key and only contains the receiver's identifier
- it contains a body which is asynchronously encrypted with the receivers public key and contains sender, source server, the message and metadata (like time of sending).
The message is sent from client a on server 1 to client b on server 2.
Compared to a single server architecture the data that is seen by each server is cut in half - server 2 only sees the recipients id, while server 1 only sees the sender ip (not even his id) and the target server.
So if you hijack either of the servers you only get half of the conversation metadata and none of the content. -
@irene I think you're massively overestimating this 'someone' you're talking about. It's not feasible for anyone to decrypt today's properly encrypted messages in the next 10 years. Of course there are many ways to screw up security, but if you're really consequent about it (and good at what you're doing) it is and stays secure.
To quote Edward Snowden: "Encryption works. Properly implemented strong crypto systems are one of the few things that you can rely on. Unfortunately, endpoint security is so terrifically weak that NSA can frequently find ways around it."
By the way, another good reason to use encryption power default for as many things as possible is that it makes mass surveillance unfeasible or at least very expensive, even in the case that the applied cryptography isn't particularly strong. -
@irene Well it is! That's not even the question. Cryptography is not considered secure if it is impossible to crack. It is considered secure, if cracking it is unfeasible in a time frame during which the data is relevant.
Of course, there might be a problem with one crypto algorithm or another. But most regular and well tested algorithms will be fine; that's just what history and all the leaks tell us.
Does that mean, you're 100% safe? No, but you can minimize the risks enough to confidently pin your hopes on it. -
What are your preferred apps/services? Side story: people in my Cyber Security class insisted on having Facebook messenger as our default ways of communication and documentation sharing....
-
@Charmesal I use Signal and Riot for messaging and Tutanota for mail :) (next to hosting my own mail server :P
"could you please just use the standard messaging/social networking thingies? That way it'll be way easier to communicate!!"
Oh I don't mind using standard tools/services which everyone uses at all.
Just a few requirement: they don't save information that doesn't need to be saved, leave the users in control of their data (through end to end encryption for example) and aren't integrated in mass surveillance networks.
Aaaaaand all the standard options which everyone uses are gone 😩
rant