> "In late 2022, I blogged about the work needed to develop a specification for end-to-end encryption for the #fediverse. I sketched out some of the key management components on GitHub, and then the public work abruptly stalled. A few of you have wondered what’s the deal with that. This post covers why this effort stalled, what I’m proposing we do next."
Hi @kepano, I am at the point of getting the payed #Obsidian Sync but one thing holding me back is whether or not the paths/note names are obfuscated.
Notes that are e.g. named to a person are for example considered to be personal data and I cannot afford them to be breached in case the sync server gets hacked, not to mention other sensitivity that can be in note names.
I searched the #E2EE pages and using startpage, but can’t find indisputable proof. Can you/anyone help me out on this?
Der Messenger #Telegram ist für eine sichere Kommunikation nicht geeignet - standardmäßig sind die Nachrichten nicht einmal Ende-zu-Ende verschlüsselt. Besser geeignet sind #Signal oder #Threema. Übrigens: Elon Musk ist das Paradebeispiel eines Trolls. Einfach ignorieren. 😉
» @signalapp Chefin kritisiert Karners Entwurf zu Messenger-Überwachung:
Die Regierung will Messenger-Dienste stärker überwachen. Wenn man im Datenschutz eine Tür öffnet, öffne man sie für alle, warnt @Mer__edith «
…und doch wollen mir Menschen immer wieder beibringen, dass die nichts zu verbergen haben. Eine Auswirkung von der Übernahme von deren mentalen Wahrnehmung und Privatsphäre, was ich als sehr übel empfinde.
🧵 …ausführliche Informationen über sichere online Kommunikation, auch Infos von der @Mer__edith vom @signalapp, könnt ihr auf der @epicenter_academy Webseite nachlesen:
»Sicher kommunizieren:
Viele Stellen interessieren sich für unsere private Kommunikation. In diesem Kapitel erfährst du, mit welchen Maßnahmen du die digitale Kommunikation sicherer gestalten kannst.«
#e2ee is a goal, not a promise. As far back as I can remember, forums like those supporting #Enigmail and #gpg were staffed with volunteers from the privacy community who repeatedly insisted on answering questions, like, "Is <this> (whatever this might be) totally secure?" with stock questions like, "What is it that you consider 'totally secure?" or answers such as, "Secure is a relative term, nothing is completely secure, how secure do you need your mission's communications to be?"
Phrases such as, reasonably secure should be indicators of how ridiculous it is to assume that any secure platform isEVERcompletely, and totally secure.
That begs the question, "Exactly how secure do you require your communications to be?" The answer is always, ... relative.
Which means that you should always believe Ellen Ripley when she says, "Be afraid. Be very afraid!"
Bemerkenswert, wenn solche wichtigen Projekte nicht mehr im freien Fediverse bekannt gemacht werden, sondern auf Threads.
Es geht um nichts anderes, als eine E2E Verschlüsselung für AP.
♲ threads.net/
You have to analyse every Apple announcement through the lens of how it will use it to maintain its market power and attack regulation. So, will Apple’s promised Rich Communication Services (RCS) support make iMessage fully interoperable at least with Google’s Messages? What would the most grudging compliance with Chinese 5G regulations look like?
Google apparently makes RCS support ubiquitous regardless of carrier support (via IP), as well as using a specific telco gateway. Will Apple do the same, or push individual telcos to enable RCS support on their networks? (Many already do.)
Apple won’t support Google’s end-to-end encryption extension but instead work to standardise it in RCS. How long will that take?
Trade body GSMA is responsible for the RCS standard. Telcos in the past, unlike Internet developers, have been most open to developing backdoored encryption standards for mobile communications. Will Google and Apple be able to override this here?
I haven’t tried digging out a good translation of the relevant Chinese 5G regulations, but they are allegedly the source of Apple’s change of mind on RCS support. Supporting it within a single country of course does not mean support anywhere else in the world. Many (most?) of the DMA gatekeepers are trying to limit DMA benefits to their EU users (and in Apple’s case withdrawing them once a user leaves the EU for 30 days!)
"Discord wyłącza boty „szpiegowskie”, które zbierały i sprzedawały wiadomości użytkowników.
Po tym, jak w zeszłym tygodniu 404 Media poinformowało o usłudze, Discord zamknął teraz wiele kont typu scraping i twierdzi, że rozważa podjęcie kroków prawnych."
I recently saw a conversation between two people I respect that ended poorly. This being a social platform, shortage of mutual understanding is not surprising. Most of the time, I just back away slowly, but this time, the topic is important enough, and I think I can see a framing that can help make conversations about it less antagonistic.
When different people prioritize different kinds of assets and threats, it's easy to end up comparing risks that can't be compared or balanced.
For a protester, the assets they need to protect are identity and location history. The threat they need to protect it from is local law enforcement. If a hostile foreign government operated platform such as #TikTok is less likely to volunteer their data to FBI, it's a bit safer for their use case than domestic platforms other than #E2EE messengers. 2/
"While the UK government adopted powers that could allow the private messages of everyone in the UK to be scanned, it did concede that this could not be put into practice without jeopardizing people’s security and privacy.
ORG has called for Ofcom to publish regulations that make clear that there is no available technology that can allow for scanning of user data to co-exist with strong #encryption and #privacy.“
Proton Mail automatically encrypts/decrypts messages between Proton Mail accounts via OpenPGP/PGP.
Proton Mail supports automatically encrypting/decrypting messages between Proton Mail accounts and external email accounts that support OpenPGP/PGP or GnuPG/GPG.