Recent searches
Search options
#e2ee
I'm looking forward to that recording and the forum link, happy to move the discussion there :)
@haaase has excitedly recommended the local first conference again and again, but I haven't attended yet.
So far I've been following @nextgraph from a distance. And while @coagulate is currently based on @VeilidNetwork for private storage and #E2EE without leaking meta-data, I'm always looking for interesting frameworks built around matching values.
CDT Europe, as part of the steering committee of the Global Encryption Coalition, joined 88 other civil society organisations, companies, and cybersecurity experts in a letter to the European Commission, raising serious concerns about the future of #encryption in Europe.
Strong encryption is not a barrier to security, it is a fundamental pillar of it. We need to defend it, not undermine it.
Постквантовая криптография для современной почты
Электронная почта — это сервис и хранилище самой конфиденциальной информации пользователей. Следовательно, он нуждается в надёжном сквозном шифровании, также как мессенджеры. Компьютерная индустрия продолжает готовиться к распространению квантовых вычислений . Поскольку некоторые операции на квантовых компьютерах выполняются экспоненциально быстрее, чем в бинарной логике, современные шифры будут скомпрометированы. Как только это произойдёт, то расшифруются все современные данные, собранные и сохранённые в рамках политики “Harvest now, decrypt later” в 2010−2020 гг. Включая переписку по электронной почте и в мессенджерах.
09.05.2025: GnuPG announces release of 2.5.6 for public testing, finalized PQC algorithms are supported.
Source: https://lists.gnupg.org/pipermail/gnupg-announce/2025q2/000492.html
PQC: https://wikipedia.org/wiki/Post-quantum_cryptography
GnuPG: https://mastodon.online/@blueghost/111974048270035570
Harvest now, decrypt later: https://mastodon.online/@blueghost/111357939714657018
@silhouette @richi @signalapp @torproject
1. You completely miss the points! There is no "#TechnicalNecessity" to demand #PII like a #PhoneNumber - espechally for a "#privacy"-focussed messenger!
2. & 3. #Signal is able and willing to comply with #Cyberfacism and pushing a #Shitcoin (#MobileCoin) makes it trivial to criminalize the App for "illegal & unregilated banking". If #Moxie or @Mer__edith cared they'd yeet that thing (or didn't even integrate it to begin with!) to avoid the attention. And yes Signal does restrict the App functionality when using a phone number from #Russia & #Iran (among other nations), thus affecting not only those in need of safe comms but by sending a verification code to them, earmarking them for police & intelligence. Which bings.me to the 1st agrument.
4. #Tor has a stellar record in terms of stability, integrity and censorship circumvention. DIY'ing something instead if following almost two decades of solid progress is absurd and violates "don't roll your own crypto" as a rule!
5. Only with #SelfCustody can you protect your own data. Or do you really expect Staff from Signal to not talk when facing lifetime in jail? If they have the keys, they can decrypt it, thus their #E2EE is just a "#TrustMeBro!" concept. I mean, what prevents them from being forced into backdooring all comms to @icij as per #NSL? Any "guarantee" without self-custody is worthless by virtue of being unenforceable!
Signal pushing #TechPopulism instead of teaching folks that their #ComSec is worth diddly-piss wothout.#OpSec, #InfoSec & #ITsec is dangerous!
- And yes claiming "JuSt UsE sIgNaL!" is dangerous in the era of #Trump's #cyberfacist regime acting as it does (like with the #ICC)!
Not to mention there are better options that don't do that shite (i.e. demand PII) and just work. @monocles / #monoclesChat & @delta / #deltaChat for example can adapt way better to said risks and ain't run by a #VCmoneyBurningParty!
@eighthave Agreed. People talking about #PQC and breaking #e2ee in the future, while closed source apps, OSes and #ClientSideScanning ML/AI agents can simply take a detour around it today!
Ever wonder how easy it would be for proprietary software like #WhatsApp to get around the end-to-end encryption? #TeleMessage provides a real world example. This is why there is no replacement for Free Software when it comes to privacy.
İnsanlara Whatsapp'ın,Telegram'dan daha güvenilir olduğunu anlatamıyorum.
Not:Signal,matrix,XMPP,SimpleX,Session,Briar,Thremaa ile karşılaştırmıyorum Telegram ile Whatsapp'ı karşılaştırıyorum sadece.
#Whatsapp #Telegram #mahremiyet #güvenlik #Meta #DijitalGüvenlik #dijital #E2EE #MarkZuckerberg #mesaj
@dangillmor If anyone with a @garmin watch is pissed off about #Garmin retroactively revoking owners' #RightToOwn in favour of #enshittification, or if anyone else is in the market for a new smart watch, ask the #UNAWatch company and its personnel what technical and legal means they will use to guarantee they can never follow Google #Fitbit and Garmin into the same anti-consensual ¹ business model.
A technical guarantee is a hardware-based means to flash the firmware which the firmware itself cannot prevent using, paired with complete published open-access documentation of the hardware for independent developers. A legal guarantee means a permanent and irrevocable commitment to a full refund if the company ever engages in coercive tied selling, as by making use of any watch feature dependent on an online service the feature can function without, on a paid or non-#E2EE online service (save only if the owner opts into sharing data, and then making that data available to those with whom the owner elects to share), or an an online service the owner cannot replace, at the owner's sole discretion, with self-hosting or a competing service of their choice.
¹ The standard word "non-consensual" means the person didn't voluntarily say "yes"; I use "anti-consensual" here to mean the person said "no"—or the perpetrator knew beforehand the person would say "no" if given a chance—and the perpetrator did it anyway. It's bad enough not to ask; companies enshittifying already-purchased goods are instead acting in knowing and direct defiance of owners' refusal. The business model Garmin is adopting, following Fitbit, is actively contemptuous of consent ².
² Burying supposed "consent" in a EULA doesn't ethically count: if the owner cannot effectively refuse the change, or if continued full use of the original functionality—or anything else for which consent isn't strictly necessary (in the GDPR sense)—is conditioned on supposed "consent," then it isn't freely given, and so isn't valid consent.
DNIP Briefing #23: Friends & Fiction - Das Netz ist politisch https://dnip.ch/2025/05/06/dnip-briefing-23-friends-fiction/ #DNIPbriefing #MetaPlatforms #MarkZuckerberg #Datenschutz #privacy #ArtificialIntelligence #SocialMedia #unplugUSA #MemoryWorker #MemoryWorkers #InternetArchive #DonaldTrump #Switzerland #Schweiz #DOGE #ElonMusk #SignalGate #Verschlüsselung #encryption #E2EE #End2EndEncryption #EndToEndEncryption #EpicGames #Apple 
#AppStore #AppleAppStore #Y2K38 #Automotive
@huntingdon @EUCommission That is nothing to do with #Apple. That is #SIgnal's own deliberate choice not to interoperate with other #E2EE messaging systems. Right @Mer__edith?
We've launched a CryptPad instance running on our own hardware. We're only accepting a certain number of beta testers at the moment. if you'd like to beta test it - fill out the below form, and we'll reach out!
https://crypt.unredacted.org/form/#/2/form/view/U1EpdUZo3k5IkQf1jsbUS+g22iHkRR3R0O9DDd70uFo/
Here's a question: Can #Signal build into itself a way to prohibit ANY communication or interaction with the completely nonsecure clone of itself known as "TM SGNL," given that the latter is built from the same code and uses the same protocols? Because it sure seems to me that an impenetrable wall needs to be erected between the 2. #encryption #e2ee
Whilst I've de-googlified much recently, there's one Achilles heel that I have - using Google's Family Link.
The kids are 16 and 14 - so we won't be using it for too much longer.
That said, trialling Paralino as an end-to-end encrypted, privacy-first location sharing app as a successor to Family Link. It's EU-based so conversant with Europe's tougher stance on tech firms.
It is worse than you thought. Not only did Hegseth et al use a non certified, not approved messenger. They did not even use the original app #signal, they use #TMSGNL from israelian company #TeleMessage.
Besides the fact, since this got known they got hacked twice, it also became apparent that TeleMessage can access all chats in plain text. No #E2EE. In order to be able to fulfill retention obligation, they send all chats in plain text to #MS365 mail.
Read the details.
https://micahflee.com/despite-misleading-marketing-israeli-company-telemessage-used-by-trump-officials-can-access-plaintext-chat-logs/
I've written major new sections concerning deployment issues surrounding the G3P in a typical client-side password hashing scenario.
I touch on:
1. Second Secrets and 2SKD
2. Account Separation
3. Vagaries of public salt servers
4. Private Salts
5. Dynamic testing
6. Login page testing
7. Passphrase Generation
8. Passphrase Assistance
9. External Checksums
10. Smartphone keyboards
11. Virtual Memory
Whew! If you have any interest in these topics, let me know what you think!
Russian authorities continue to demand the impossible, namely that we give them user data we don't have. Today the Moscow City Court rejected our objections and sided with the communication surveillance authority Roskomnadzor and the Federal Security Buereau (FSB). Not too surprising. Many more details and next step considerations you can find in this press release
We are excited to be part of the biggest annual event of the Local First community, namely, the Local First Conference in Berlin, from Monday 26 to Wednesday 28 of May !
The first day is called the Community Day, with workshops and unconference activities, plus an after-party.
We will be presenting NextGraph and the feature called "Social Queries" during that day at 16:30. It is free entrance.
Hope to see you there!
#localfirst #p2p #e2ee
more info here
@zhenech : you are mistaken.
You DID successfully browse to https://www.brother-usa.com. Your browser had a succesful https connection to mentioned domain, without certificate errors.