@rysiek@mstdn.social
@rysiek@mstdn.social avatar

rysiek

@rysiek@mstdn.social

Hacker, activist, free-softie โ—ˆ techie luddite โ—ˆ formerly information security and infrastructure at https://isnic.is/ and https://occrp.org/ โ—ˆ my opinions are my own etc.

(he/him)

profile image: drawing of a head and shoulders of a cat-person, in a space suit.

banner image: long-exposure photo of a large tent, brightly illuminated from inside, looking as if it is made of lava

#foss #libre #privacy #infosec #fedi22

(public toots CC By-SA 4.0 if applicable)

๐Ÿ‡ช๐Ÿ‡บ ๐Ÿ‡ต๐Ÿ‡ฑ ยท ๐Ÿ‡ง๐Ÿ‡ฆ ๐Ÿ‡ฎ๐Ÿ‡ธ ยท ๐Ÿ‡บ๐Ÿ‡ฆ

This profile is from a federated server and may be incomplete. Browse more on the original instance.

rysiek, to mastodon
@rysiek@mstdn.social avatar

:blobcatpeek:

rysiek, to random
@rysiek@mstdn.social avatar

Random reminder this exists and is indeed excellent:
https://yewtu.be/watch?v=ZOHGC0zptGQ

Thank you for your attention, carry on.

Edent, to random
@Edent@mastodon.social avatar

Nowโ€ฆ what was my password half-a-dozen years ago?

rysiek,
@rysiek@mstdn.social avatar

@Edent 12345

:blobcatpeek:

baldur, to random
@baldur@toot.cafe avatar

So, yesterday I wrote a bit about how my experience with social media has been changing:

"Social Media."

https://www.baldurbjarnason.com/2024/social-media/

> I decided to lean into that and rely instead on something much simpler: Text files.

I also finally remembered to add a link to my Bluesky profile to the site footer.

rysiek,
@rysiek@mstdn.social avatar

@baldur interesting read, thank you for it.

I have to admit I did encounter the reply guy problem, but it luckily never grew to a level you describe for me.

(Not doubting your experience here, just musing!)

I do block and mute, aggressively so, so maybe that's part of the thing.

But I do wonder what could fedi do to lessen the reply-guy problem. I guess no-reply posts would be a decent first step. Also, maybe reply-guyism should also become actively moderated?.. ๐Ÿค”

laprice, to random
@laprice@mastodon.social avatar

Eww. LinkedIn, do not try to be hip.

You are not hip, you are LinkedIn.

rysiek,
@rysiek@mstdn.social avatar

@laprice inb4 it's hip to be square

rysiek, to random
@rysiek@mstdn.social avatar

A system's purpose is what it does.

https://mstdn.social/@mcnado/112514829176613312

quinn, to random
@quinn@social.circl.lu avatar

Young people are waking up every day to media about war, genocides, dead children. They are unsure of being able to make a living, scared by debt, violence, addiction, homelessness. They are unsure if the burning planet will even support their lives. They are struggling for secure basic housing after having their lives upended by a pandemic...

meanwhile the NYT:

rysiek,
@rysiek@mstdn.social avatar

@quinn

image description:

Screenshot of a headline of an article in the Opinion section, published May 1, 2024.

Text:

Are Smartphones Driving Our Teens to Depression?

256, to random
@256@mastodon.social avatar

The Way Things Work (1994)
Personal Computer

rysiek,
@rysiek@mstdn.social avatar

@256 wow and already it was promoting Mastodon!

rysiek, (edited ) to telegram Polish
@rysiek@mstdn.social avatar

Czy jest bezpieczny?
(nie, nie jest)
https://oko.press/komunikator-telegram-bezpieczenstwo

> Na stronie internetowej komunikatora znajdziemy informacjฤ™, ลผe โ€žwiadomoล›ci sฤ… silnie szyfrowaneโ€. Podobnie Telegram promuje siฤ™ m.in. w mediach spoล‚ecznoล›ciowych.

> To mocno sugeruje, ลผe wiadomoล›ci wymieniane za pomocฤ… tego komunikatora sฤ… dostฤ™pne tylko dla ich nadawcรณw i odbiorcรณw โ€“ i ลผe nikt poza nimi nie moลผe odczytaฤ‡. Takie szyfrowanie nazywane jest โ€žend-to-endโ€.

> W kontekล›cie Telegrama jest to jednak mylฤ…ce.

1/๐Ÿงต

rysiek,
@rysiek@mstdn.social avatar

> Dla rozmรณw komunikator ten ma dwa tryby. Domyล›lnie wiadomoล›ci szyfrowane sฤ… miฤ™dzy naszym urzฤ…dzeniem a serwerami Telegrama. Firma nazywa to โ€žczatami w chmurzeโ€. Wysyล‚ane przez nas wiadomoล›ci sฤ… szyfrowane, ale tylko miฤ™dzy nami a infrastrukturฤ… komunikatora, po czym miฤ™dzy tฤ… infrastrukturฤ… a odbiorcฤ… wiadomoล›ci. Podobnie wiadomoล›ci, ktรณre odbieramy.

> To zdecydowanie nie jest szyfrowanie end-to-end.

> Operator usล‚ugi ma peล‚ny dostฤ™p do treล›ci naszych rozmรณw wykorzystujฤ…cych ten tryb.

2/๐Ÿงต

rysiek,
@rysiek@mstdn.social avatar

> Drugim, opcjonalnym trybem, sฤ… tak zwane โ€žsekretne czatyโ€. W tym trybie wiadomoล›ci sฤ… faktycznie szyfrowane end-to-end i dostฤ™p do nich powinniล›my mieฤ‡ wyล‚ฤ…cznie my i nasi rozmรณwcy.

> Niestety, โ€žsekretny czatโ€ trzeba wล‚ฤ…czyฤ‡ oddzielnie dla kaลผdego kontaktu. A rozmowy w tym trybie dziaล‚ajฤ… wyล‚ฤ…cznie pomiฤ™dzy konkretnymi urzฤ…dzeniami โ€“ jeล›li uruchomimy โ€žsekretny czatโ€ dla danego kontaktu korzystajฤ…c z Telegrama w naszym telefonie, nie bฤ™dziemy mogli tej rozmowy kontynuowaฤ‡ np. z laptopa.

3/๐Ÿงต

rysiek,
@rysiek@mstdn.social avatar

> โ€žSekretne czatyโ€ nie sฤ… teลผ dostฤ™pne dla grup ani kanaล‚รณw.

> Spoล‚ecznoล›ฤ‡ osรณb zajmujฤ…cych siฤ™ kryptologiฤ… wydaje siฤ™ byฤ‡ zgodna, ลผe to, w jaki sposรณb ten protokรณล‚ Telegrama jest zaprojektowany, generalnie nie budzi zaufania.

> Przy projektowaniu i implementacji protokoล‚รณw szyfrowania bardzo ล‚atwo o nieoczywiste bล‚ฤ™dy, a protokรณล‚ Telegrama wydaje siฤ™ mieฤ‡ sporo miejsc, w ktรณrych takie bล‚ฤ™dy mogฤ… siฤ™ czaiฤ‡.

> Podobne obawy sprawdziล‚y siฤ™ w przypadku poprzedniej wersji tego protokoล‚u.

4/๐Ÿงต

rysiek,
@rysiek@mstdn.social avatar

> Czy wiฤ™c Telegram korzysta z szyfrowania? Tak.

> Czy moลผliwe jest korzystanie z szyfrowania end-to-end za jego pomocฤ…? Tak, ale w bardzo ograniczonym zakresie, tylko jeล›li pamiฤ™ta siฤ™, by je wล‚ฤ…czyฤ‡, i przy uลผyciu protokoล‚u, ktรณremu kryptolog by nie zaufaล‚.

> Twierdzenie na tej podstawie, ลผe โ€žTelegram jest szyfrowanyโ€, jest jak twierdzenie, ลผe pizza jest zdrowฤ… ลผywnoล›ciฤ…, bo jest na niej plaster pomidora.

5/๐Ÿงต

rysiek,
@rysiek@mstdn.social avatar

Jest teลผ wiele innych problemรณw z Telegramem.

Wbrew obietnicom na swojej stronie internetowej, spรณล‚ka wydaje siฤ™ wspรณล‚pracowaฤ‡ ze sล‚uลผbami i dostarczaฤ‡ dane osรณb korzystajฤ…cych z tego komunikatora na polecenie sฤ…dรณw.

A jego protokรณล‚ zaprojektowany jest tak, ลผe umoลผliwia dokล‚adne ล›ledzenie osรณb z niego korzystajฤ…cych poprzez obserwacjฤ™ sieci. Z czego, najwyraลบniej, korzystaล‚y rosyjskie sล‚uลผby w okupowanym Chersoniu.

Wiฤ™cej w tekล›cie.

6/๐Ÿงต/koniec

rysiek,
@rysiek@mstdn.social avatar

@MartinBe

> Natomiast kwestia telegrama i jego trybรณw pracy zaleลผy przede wszystkim od samego uลผytkownika.

Otรณลผ nie. Telegram celowo wprowadza ludzi w bล‚ฤ…d, odpowiedzialnoล›ฤ‡ moralna jest tu po jego stronie.

Zrozumienie tego wymaga jednak minimum empatii.

Pomaga teลผ doล›wiadczenie w pracy z osobami, ktรณre majฤ… dostฤ™p do wraลผliwych informacji. Czฤ™sto ลผyjฤ… w ogromnym stresie, ล‚atwo wtedy popeล‚niฤ‡ bล‚ฤ…d.

Narzฤ™dzia komunikacji, ktรณre twierdzฤ…, ลผe sฤ… bezpieczne, muszฤ… to braฤ‡ pod uwagฤ™.

rysiek,
@rysiek@mstdn.social avatar

@MartinBe oczywiล›cie wszyscy zdajemy sobie sprawฤ™, ลผe akurat Ty byล› w ลผyciu ลผadnego bล‚ฤ™du nie popeล‚niล‚.

Dlatego โ€“ dobra wiadomoล›ฤ‡! โ€“ ten tekst nie jest dla Ciebie.

Moลผesz go spokojnie zignorowaฤ‡, i wrรณciฤ‡ do czytania "changelogรณw i manuali". Wyjdzie to nam obu na zdrowie. :blobcatcoffee:

rysiek, to RaspberryPi
@rysiek@mstdn.social avatar

Remember that surveillance tech adjacent cop that had hired a while back?

I wonder how that went.

rysiek,
@rysiek@mstdn.social avatar

Context from 2022:
https://petapixel.com/2022/12/09/raspberry-pi-under-fire-by-creators-who-are-upset-it-hired-a-former-cop/

rysiek, to Facebook
@rysiek@mstdn.social avatar

We are getting ready to expand our Torment Nexus experiences in your region.

To help bring these experiences to you we will kidnap your firstborn, based on our legitimate interest.

This means you have a right to object. If your objection is honored we might return your firstborn at some point.

We have updated our firstborn policy. Pray we don't update it any further.

rysiek,
@rysiek@mstdn.social avatar

@oliof by having a firstborn you obviously agreed to the terms of the Torment Nexus Firstborn Policy.

Why else would you have had a firstborn in the first place, if not to do just that?

rysiek, to telegram
@rysiek@mstdn.social avatar

Telegram in 2020[1]:

> Q. Will you have ads?
> No.

Telegram in 2024[2]:

> Q. Will you have ads in my private chats and groups?
> No.

โ€ฆbut also:

> In 2021, Telegram launched Sponsored Messages โ€“ minimalist, privacy-conscious advertisements that can appear in certain public channels.

Hey, but at least they still promise not to sell your data, so that's fine. I'm sure they would never go back on this one. ๐Ÿคก

[1] https://web.archive.org/web/20200229080907/https://telegram.org/faq#q-how-are-you-going-to-make-money-out-of-this

[2] https://telegram.org/faq?setln=en#q-how-are-you-going-to-make-money-out-of-this

rysiek,
@rysiek@mstdn.social avatar

Telegram[1]:

> Private

Also Telegram[2][3][4][5]:

attaches a plain text auth_key_id to every message, thus allowing tracking user activity by anyone passively listening on the network

[1] https://telegram.org/?setln=en
[2] https://core.telegram.org/techfaq#q-how-does-end-to-end-encryption-work-in-mtproto
[3] https://core.telegram.org/mtproto/description#key-identifier-auth-key-id
[4] https://core.telegram.org/mtproto/description#authorization-key-auth-key
[5] https://www.pwnallthethings.com/p/russia-is-spying-on-telegram-chats

rysiek,
@rysiek@mstdn.social avatar

Like, how is this protocol not designed specifically to cater to someone who has access to a system like โ€“ oh, I don't know โ€“ SORM? :blobcat0_0:

rysiek, to random
@rysiek@mstdn.social avatar

Maybe, hear me out here, maybe it was not the best of ideas to put all Web eggs into a single Google basket? ๐Ÿค”

But who could have known, right? :thaenkin:

sigh

rysiek,
@rysiek@mstdn.social avatar

@rox_lukas also, uncontrollable cost and unexpected security issues.

rysiek,
@rysiek@mstdn.social avatar

@wiktor sure. I even made the same point today:
https://mstdn.social/@rysiek/112513221030560788

First off, though, the toot you're responding to was not about user-facing stuff. It was about infrastructure stuff.

Secondly, we should, in general, be able to recognize the danger of centralized services. Even if decentralized stuff means a bit more friction.

Centralized services are easier to build and make easy to use. And then they suck the air out of the room, in the sense of funding and attention. Fuck that.

rysiek,
@rysiek@mstdn.social avatar

@wiktor any kind of friction continues to be treated as absolute reason not to use a given service. I am so tired of that.

While I strongly believe that tech โ€“ especially FLOSS โ€“ needs to do so much better as far as UI/UX is concerned, I do also feel that there is some responsibility of people using such services to recognize that there is value in not sleep walking into a walled garden.

Especially when they are in fact techies deploying a site that cannot work without 5 different CDNs. ๐Ÿคก

  • All
  • Subscribed
  • Moderated
  • Favorites
  • โ€ข
  • JUstTest
  • khanakhh
  • kavyap
  • thenastyranch
  • everett
  • tacticalgear
  • rosin
  • Durango
  • DreamBathrooms
  • mdbf
  • magazineikmin
  • InstantRegret
  • Youngstown
  • slotface
  • megavids
  • ethstaker
  • ngwrru68w68
  • cisconetworking
  • modclub
  • tester
  • osvaldo12
  • cubers
  • GTA5RPClips
  • normalnudes
  • Leos
  • provamag3
  • anitta
  • lostlight
  • All magazines
    •