i understand how people have learned to love ActivityPub, and we are all wanting to defend it, we share this
a Google (Facebook) getting into the email (ActivityPub) business has not made email worse, its just an option. sure, surveillance ridden and cop friendly, ok, then dont use it
i was thinking last night how awesome it was when WhatsApp adopted the Signal protocol and gave 2 billion users worldwide strong content privacy by default. is it ever going to be a utopia? lol no
This is a request to all FOSS projects who only use matrix for communicating with the community.
Please consider bridging your rooms with IRC or XMPP.
India has banned Element, the most widely used Matrix client. I know it's just a client, but to be safe it's wiser to stay away from matrix for a while. So please help us in this regard.
Twitter was not great but at least there was one place, a place of record. Now there are at least 3 and posting to all feels like pissing in the wind. Where do we go from here.
Yes, sure, the internet is ‘open’ but as we’ve all experienced : quickly embraced by #SiliconValley#VC corporate interests who centralized & commercialized all human experiences and interactions it enabled.
Decentralized federated services is the right path and there’s ample device compute power in consumers hands but we need resilient Tech & Commercial models that easily blends / bridges private (#E2EE#encryption) and public (open) spaces – otherwise we're fucked.
Client-side scanning of private chat messages was top of the Today programme political debate this morning with @Mer__edith and Ciaran Martin, former Head of the National Cyber Security Centre.
Client-side scanning is a technology that intercepts and checks chat messages on mobile phones before being encrypted.
@Mer__edith: these are mass surveillance measures that operate at scale. The government has used sleight of hand to put them in.
Will client-side scanning impact UK’s international reputation?
Ciaran Martin: it’s an unhappy situation. UK could take reputational hit for introducing it in law but then never actually use it. The language of the debate is toxic. We should stop shouting at each other and get around a table.
ORG's Policy Manager, Dr Monica Horten agrees, there needs to be a grown up debate about client-side scanning and other proactive measures in the #OnlineSafetyBill.
@EwanCroft AFAIK re: the #ActivityPub protocol, what we can direct messaging thanks to birdsite language is really just a one-to-one post. Even if #Mastodon established #E2EE#encryption over AP, it's unlikely to federate well at this stage. Perhaps better to keep #Matrix as the #Fediverse go-to for that?
🤔 The #EU quite obviously can't do anything about legislation in other democracies, let alone dictatorships, apart from being a positive example for respecting the UN charter for #humanrights (which itself is toothless because now the despots are lobbying for their stooges to run key international organizations!).
The point being that representative democracy must and will address any harebrained attempts to deprive citizens of inviolable right to privacy instead of corporations (or anyone who can afford lobbyists!) deciding a suitable compromise that also appeals to the sharks.
Democracy worldwide in under attack, but the defence against interference must become more sophisticated than denying free citizens' private communications. In fact those very dictatorships hostile to democracy would love to see democracies panic and ban #E2EE (end-to-end-encryption) because that would only help validate their repression.
And wrt. to your initial lobbying battle cry again, #Apple Corp is just about the least qualified nominally western corporation to lobby over any privacy issues in Europe because they've bet their entire corporate body on being in #CCP's good graces for over two decades now.
In diesem Dokument bestätigen diverse EU-Mitgliedsstaaten, dass die “Slippery Slope” zum Bruch und Zugriff auf #E2EE durch die #Chatkontrolle ihr Ziele ist
Deutschland setzt sich für den Schutz von #E2EE
“die Bundesregierung ist dabei, geeignete Technologien zu erproben. DE hält es für notwendig […], dass keine Technologien eingesetzt werden, die die Verschlüsselung stören, schwächen, umgehen oder verändern.”
The Platformer's recent article about Twitter claims that Twitter's encrypted DMs are not end-to-end encrypted:
"These messages are not encrypted end to end, making them vulnerable to so-called man-in-the-middle attacks."
This is wrong. Twitter's encrypted DMs truly are end-to-end encrypted. That is, no one other than the sender and recipient can decrypt the messages. However, Twitter does not provide a mechanism for users to verify the public key of other contacts. And this makes the design vulnerable to man-in-the-middle attacks.
Users negotiate a shared key to start an encrypted conversation using their public keys. After the negotiation phase, both the sender and recipient agree on a shared key to encrypt/decrypt messages in the conversation. Thus, every user has to trust that Twitter delivers the correct public key of the DM counterpart. Otherwise, an attacker can intercept the communication between one user and Twitter and act on behalf of the victim to negotiate the shared key with the DM counterpart. In the end, the attacker obtains the shared key and can decrypt [also alter and re-encrypt] the messages in the encrypted DM.
This major flaw does not disqualify the communication from being end-to-end encrypted. Twitter can easily overcome this flaw by letting users view the fingerprint of their own public keys.
If you've followed my work for a long time, you've watched me transition from a "#linkblogger" who posts 5-15 short hits every day to an "essay-#blogger" who posts 5-7 long articles/week. I'm loving the new mode of working, but returning to linkblogging is also intensely, unexpectedly gratifying:
Kutcher, it seems, has learned nothing from SESTA/FOSTA. Now he's campaigning to ban working cryptography, in the name of ending the spread of CSAM. In March, Kutcher addressed the #EU over the "#ChatControl" proposal, which, broadly speaking, is a ban on #EndToEndEncrypted Messaging (#E2EE):
"Unfortunately, #Converso is not open source and their website is totally silent on cryptographic primitives and protocols, which is highly unusual for a self-proclaimed 'state-of-the-art' privacy application."
"Highly unusual" is the understatement of the century. If anyone believes encryption software can reliably protect their privacy without publishing full source code, I have a bridge they may wish to purchase.
Interessant wäre evtl auch ein Federated Chat Service...
Hab ein bisschen nachgedacht und möglicherweise ist das sogar mit #activitypub zu machen.
So ein bisschen "back to the roots" mäßig, zurück in Richtung TS3. Wobei natürlich die Frage wäre wie viele Leute bereit wären ihren eigenen Server zu hosten wenn Dinge wie #Discord existieren
SimpleX E2EE messenger for iOS and Android has no user IDs at all – It could be the most secure and private messenger ever
Other apps have user IDs: Signal, Matrix, Session, Briar, Jami, Cwtch, etc. SimpleX does not, not even random numbers. This radically improves your privacy.
When users have persistent identities, even if this is just a random number, like a Session ID, the ...continues
Given the increase of delusional/ignorant sentiments in governance groups, leading them to believe that removing encryption will help them fight crime or protect certain groups online (e.g. children), it's definitely time to reach out to your #EU#MEP.
Don't hesitate to point out arguments (even the obvious ones) and facts ranging from technical feasibility all the way to what depends on our ability to safely and securely communicate and remain anonymous online.