If you've followed my work for a long time, you've watched me transition from a "#linkblogger" who posts 5-15 short hits every day to an "essay-#blogger" who posts 5-7 long articles/week. I'm loving the new mode of working, but returning to linkblogging is also intensely, unexpectedly gratifying:
Kutcher, it seems, has learned nothing from SESTA/FOSTA. Now he's campaigning to ban working cryptography, in the name of ending the spread of CSAM. In March, Kutcher addressed the #EU over the "#ChatControl" proposal, which, broadly speaking, is a ban on #EndToEndEncrypted Messaging (#E2EE):
Interessant wäre evtl auch ein Federated Chat Service...
Hab ein bisschen nachgedacht und möglicherweise ist das sogar mit #activitypub zu machen.
So ein bisschen "back to the roots" mäßig, zurück in Richtung TS3. Wobei natürlich die Frage wäre wie viele Leute bereit wären ihren eigenen Server zu hosten wenn Dinge wie #Discord existieren
Just saw someone implementing user authentication for an #E2EE application by taking the users password, running it through libsodium's crypto_pwhash with a fixed salt derived from the user's email address, before sending the (email, hash) pair to the remote server.. and I'm just like "is this secure?"
I'd always thought you'd want a construct like SRP6a for conducting the authentication between client & server (without the server learning the user's password)... #security#cryptography
#Telegram was blocked in my country (#Brazil) yesterday on all ISPs, and soon they will be removed from App Store and Play Store ... that's why decentralized communication apps are so important, apps like #Session and #Matrix are trending here right now.
The #UK#OnlineSafetyBill is a poorly written proposal which would have devastating effects for privacy and availability of online services in the UK, breaking end-to-end encryption. Please sign this petition and boost for visibility.
https://www.privacyguides.org/en/ For LGBTQAI+ people needing privacy and anonymity tools right now, I really like this site for that purpose. It can take time to navigate, though, if it's unfamiliar. And I realize this doesn't solve all the issues, but in terms of people trying to track your identity/location, it can be helpful in that regard.
Client-side scanning is like having a “government-supplied CCTV camera in every room of your house.” It puts faith in “an unknown algorithm to detect bad things, which get reported to a private moderation team provided by the people who built your house” - Matthew Hodgson, CEO of @element
"Open Rights Group warned that what it called “a form of chat surveillance” is being slipped in through “a back door measure” in the legislation. Its paper went on to call for E2EE private messaging services to be put out of scope of the bill entirely."
Treating an entire population as a suspect whose private messages must be scanned is neither necessary nor proportionate to tackle public policy issues. The spy clause in the Online Safety Bill (UK) must be removed. It's a tool of mass surveillance.