ddnomad

joined 1 year ago
[–] ddnomad@infosec.pub 2 points 11 months ago

And E2EE is only available on phones, circa a couple of years ago anyways

[–] ddnomad@infosec.pub 1 points 11 months ago (1 children)

Telegram’s servers are located in US, Singapore, Netherlands (and maybe some other countries) from what I’ve gathered. And all chats that are not E2EE’ed are stored there, encrypted at rest at best with keys in the same database, or somewhere else that can still be accessed in automated way. Maybe it is not even encrypted at rest.

The point is, all those countries are either in 5 eyes or have information sharing agreements with 5 eyes countries. So as far as I’m concerned, TLAs can still have their fingers in those pies, in addition to Telegram’s overall shadiness and Russian ties. So maybe you get KGB strongman keeping a watch over your chats too.

This is not something I’d have much confidence in to be honest.

[–] ddnomad@infosec.pub 31 points 11 months ago* (last edited 11 months ago) (8 children)

Switch to Telegram

You know it’s not even E2EE by default, and when it is it uses a homegrown algo that is not exactly well spoken of? (at least V1)

[–] ddnomad@infosec.pub 1 points 1 year ago (1 children)

My point is that you should not excuse big corporations for clearly overstepping their bounds when it comes to moderation (as in “minority report” style moderation).

For Google, it would probably be even cheaper to only check URLs in collections that were shared with anybody, at a point the owner attempts to share them. Instead, they preemptively hide them from you, because “this set of characters offends us”.

This is something people should be angry about, not find an excuse for.

[–] ddnomad@infosec.pub 1 points 1 year ago (3 children)

Scary illigal content here

I guess we test and see whether I get banned.

Also, it’s not the same. A link to a website is not “pirated content”. A link to a website in a “collection” not shared with anybody is not publicly available pirated content.

Why would Google preemptively ban a set of characters that does not constitute a slur and is perfectly legal to exist?

[–] ddnomad@infosec.pub 2 points 1 year ago (6 children)

I’d not expect the private booth to have the club’s employee sitting there and waiting for me to do something that is against the rules preemptively.

We mostly argue about semantics, but in this instance you are trying to excuse some very questionable behaviour by companies by saying something along the lines of “well you better go and live in a forest then”. And I don’t think that’s a good take.

For example, how many Lemmy instances are fine with you direct linking to piracy torrents?

Irrelevant, as all content on Lemmy is public in a proper sense of this word.

[–] ddnomad@infosec.pub 1 points 1 year ago (8 children)

Words used to have meaning, you know. Like, for example, the word “private”.

[–] ddnomad@infosec.pub 2 points 1 year ago* (last edited 1 year ago)

Mullvad is trusted. They are pretty open with their policies, exist for a long time already, not involved in any privacy scandals (to my best knowledge), charge flat and fair fee without 60% sales and other dubious marketing practices. It is one of the better VPN providers, not in 5/9 eyes (they are in 14 eyes though), you can buy a subscription with crypto, which (assuming crypto was acquired anonymously too) is a good start for some privacy guarantees.

Pretty much every cyber security professional I know uses Mullvad in one way or another, usually as part of a more complex solution.

But all in all, please bear in mind that VPN is not some magic silver bullet to preserve your privacy and anonymity. With VPNs you basically shift your trust from your ISP to the VPN provider. That trust you put into the provider, it is still a requirement. Not to mention that a good chunk of tracking is happening on a lower level nowadays, so if you use Mullvad on Windows / any Apple device etc. do not expect to become untraceable :)

[–] ddnomad@infosec.pub 23 points 1 year ago* (last edited 1 year ago) (3 children)

Use Firefox or Safari, the more people use Chromium-based browsers the faster we get to the situation where Google completely owns the Internet (and they almost do now).

[–] ddnomad@infosec.pub 4 points 1 year ago

Books, online courses. Education in depth, ideally.

[–] ddnomad@infosec.pub 0 points 1 year ago

Books, online courses. Education in depth, ideally.

view more: next ›