You have two WPA3 APs which share a password but have different SSIDs. You as the user know that one of them is not secure somehow. You might also have a VPN configured to disable automatically only on the secure SSID.
An attacker creates an AP near, with the secure SSID, and relays your connection to the insecure one. The client device will show secure SSID but connection security will be degraded, and VPN will disengage.
Not sure how many networks would actually rely on SSID or would have two WPA3 APs with different SSIDs one of which is vulnerable somehow. Sounds a bit exotic.
But authors show one good case with eduroam, where they make university devices from Campus A connect to spoofed APs relaying to less secure devices in Campus B. Client devices still think they are connected to Campus A and disengage VPN.
And there an attacker can theoretically MITM into plain text traffic. Because it's time to go TLS.
Signal is an unfeasible alternative to Telegram or any other cloud based messenger while it remains all local storage-only. Do you really want to be forced to keep all the furry stickers people use etc. in your constrained local storage you can't expand easily?
@sneexy yeah, that's kinda the point, that I don't want to remove my old conversations in favor of e2ee. I don't talk about anything so confidential all the time (or at all) that I wouldn't want the service provider to see the contents.
If E2EE is a must, Signal could come with some sort of personal cloud solution tho, that would allow Signal to store large amounts of data encrypted in a cloud or a NAS you point it to and it would pull data partially on demand.
@sneexy automatic chat backups is not the same as pulling data from cloud partially, backup still forces you to keep a full image of your chat data locally, it seems.
Also in my experience, backups just fail silently in the background sometimes and you learn that you lost your chats only post factum. That wasn't with Signal I believe tho, just a bad experience.
Google is pushing AI so hard they'd rename Google I/O to Google A/I.
Yeahhh, you're right, I'm giving them ideas.
But look, from this class name in Google Pixel, it seems like they get paid for every use of "AI":
com.google.android.apps.miphone.aiai.app.wallpapereffects.AiAiWallpaperEffectsGenerationService
Lmao, this was the worst Google I/O ever, every single thing announced is about AI and not a single feature is in general availability today: either private beta or "available later this year".
Of course you two idiots have no clue about your competitors, the fact Signal was initially funded by a US gov open fund is common knowledge for anyone who mindfully considered encrypted messaging and googled about it at least once
YouTube you absolute monster, you show me seal videos in recommended, and I do love watching them, but I shouldn't be watching them, and pressing "Not interested" on them feels so rude because I love them.
It's kind of frustrating that .xyz gets abused so much for spam and stuff. I'm afraid of one of my domains for email just getting sent to spam solely because of its tld. I already can't use it on Steam.
Google Chrome added an unnecessary popup when you add a bookmark, hiding options to edit the bookmark or delete if it was accidental (a common case for me) behind an extra click.
No, clicking the bookmark button again doesn't un-bookmark it, it just closes the popup.
I'm not sure what purpose this popup is supposed to serve. To clear confusion if the bookmark was indeed saved when you clicked the button? Was it really a problem? Never seen anyone confused with the old behavior.
