thenewoil, to email
consideration, to random

@CenDemTech applauds Meta for taking this action to enhance the security of the billion+ Messenger users. Indeed, we helped form the Global Encryption Coalition a few years ago in part to encourage companies to extend E2EE to their services. Encryption protects dissidents, journalists, human rights defenders, victims of domestic violence, government officials who handle national secrets, and everyone else against unwarranted eavesdropping."

https://cdt.org/insights/cdt-welcomes-rollout-of-encryption-by-default-for-facebook-messenger/

nixCraft, to random
@nixCraft@mastodon.social avatar

Are you using Dropbox cloud storage? You do not want 3rd party AI technology partners to have access to your Dropbox files? Flip this switch, which is on by default. Go to web->account-> settings- 3rd party AI. Please turn it off. Please boost so everyone know how bad this move is … 😡

kkarhan,
@kkarhan@mstdn.social avatar

@olives @nixCraft OFC is gonna lie about that.

Why else would solutions like [have] exist[ed]?

It's only when the has of all the keys!

If ut were properly encrypted, their !" would not be able to see anything but random noise.

The sad part us that Dropbox didn't get fined for this breach of trust by @EU_Commission or anyone else - or at least not in a way that it would be considered a penalty for them...

mikka, to random German
@mikka@medic.cafe avatar

The whinging about Treads is sad.

There are a number of ways this can go:

  1. Threads won't federate. Happy now?
  2. Threads federates, you don't subscribe to anyone on the instance. Happy now?
  3. Threads federates, you blacklist the whole instance in your user blacklist. Now happy?
  4. Threads federates, you subscribe to a few people whose writing you like. Happy?
  5. Threads federates. Threads users realize, they can jump ship to another Instance and still talk with and to and about their friends. Threads loses users. Happy!
kkarhan,
@kkarhan@mstdn.social avatar

@mikka ASnd yes, if it was my decision, like / , and would be blocked...

If I had the funding, I'd explicity start an eMail provider that blocks everything but - encrypted [ PGP/MIME ] eMails and forces everyone to properly encrypt their shit.

Because I ran out of spoons and 10+ years after and there is no excuse to act like a Snitch!

https://medic.cafe/@mikka/111553030936431498

Em0nM4stodon, to privacy

Tiny Privacy Tip About Encryption News 🔒🎉

As end-to-end encryption becomes more popular (yay! :rainbowdance:​),

Celebrate yes,

But also remain skeptical about how this word is used and if this claim warrants your trust.

Do not trust blindly.

End-to-end encryption is a wonderful protection when well implemented. But not all apps that use end-to-end encryption are equals.

Verify that:

  1. The provider is trustworthy :blobcatthinkingglare:​​

  2. Trustworthy third-parties have verified and confirmed the provider's claims 🔍​

  3. Metadata is also encrypted and/or that, ideally, its collection is minimized :blobcatpeekaboo:​

  4. Solid security measures protect the data as well (For example, if your data is end-to-end encrypted from your password but your password is vulnerable then your data is vulnerable as well) 🛡️​

  5. Encryption is truly end-to-end, meaning only the sender and the receiver can access the data and nobody else ​:ablobcatpeek:​

Finally keep in mind that even if a service uses minimal encryption (for example one that still collects a lot of unencrypted metadata) it is still better than the same service using no content encryption at all,

BUT there are almost always much better services that offer truly complete and well implemented end-to-end encryption for their services.

Always favor the latter when you have a choice 🔒✨

#TinyPrivacyTip #Privacy #Encryption #E2EE #RootForE2EE

4enzikat0r, to Facebook

The #Facebook #Messenger application is getting a security overhaul, including #E2EE, #DisappearingMessages, message edit, “upgraded quality” media attachments, & #ReadReceipt disabling

#DFIR

https://www.techradar.com/computing/software/facebook-messenger-gets-its-biggest-ever-update-including-a-major-privacy-boost

kkarhan,
@kkarhan@mstdn.social avatar

@4enzikat0r don't believe the claims of #NSAbook!

It's not real #E2EE unless you have 100% #SelfCustody of all the keys!

Those ain't "disappearing" unless you have full control of all the servers and clients that could've recieved/stored/cashed/intercepted them!

Everything else is just a way to bamboozle #TechIlliterates!

jim, to meta
@jim@social.openrightsgroup.org avatar

As announce messaging on FB, an Apple engineer explains why encryption matters to cloud based services including : basically, they inherently “favor attackers”:

“when it comes to security, centralized data repositories disproportionately favor attackers. The one-time breach of a company or service lets criminals steal the personal data for many—or all—of its users at once”

https://www.lawfaremedia.org/article/personal-data-in-the-cloud-is-under-siege.-end-to-end-encryption-is-our-most-powerful-defense

echo_pbreyer, to random German
@echo_pbreyer@digitalcourage.social avatar

🇩🇪Riesenerfolg gegen freiwillige : Auch auf den Druck meiner Klage hin stoppt Meta die verdachtslose deiner Direktnachrichten über Facebook und Instagram und führt sichere Verschlüsselung ein!

Wie das auch Kindern hilft: https://www.patrick-breyer.de/sichere-verschluesselung-statt-freiwillige-chatkontrolle-auf-facebook-und-instagram-schuetzt-unschuldige-und-unterstuetzt-die-strafverfolgung/

echo_pbreyer, (edited )
@echo_pbreyer@digitalcourage.social avatar

🇬🇧Huge success against voluntary 1.0: Under pressure from my lawsuit, Meta stops indiscriminate scanning of your direct messages via Facebook and Instagram and introduces secure encryption!

Why children benefit, too: https://www.patrick-breyer.de/en/secure-encryption-and-end-of-voluntary-chat-control-on-facebook-and-instagram-protect-innocent-users-and-support-law-enforcement/

majorlinux, to meta
@majorlinux@toot.majorshouse.com avatar

What took them so long?

Facebook Messenger enables end-to-end encryption by default - Desk Chair Analysts

https://dcanalysts.net/facebook-messenger-enables-end-to-end-encryption-by-default/

itnewsbot, to medical
@itnewsbot@schleuss.online avatar

Meta defies FBI opposition to encryption, brings E2EE to Facebook, Messenger - Enlarge (credit: Getty Images | Chesnot )

Meta has started ena... - https://arstechnica.com/?p=1989426 -to-endencryptionmessenger

openrightsgroup, to meta
@openrightsgroup@social.openrightsgroup.org avatar

A welcome move by Meta to rollout end-to-end encryption as default on Facebook and Messenger, despite political pressure from governments around the world.

This will protect the privacy and security of millions of people.

https://amp.theguardian.com/technology/2023/dec/07/meta-facebook-messenger-end-to-end-encryption

blueghost, to opensource
@blueghost@mastodon.online avatar

Jitsi Meet is an open source video conferencing platform, it is an alternative to platforms such as Zoom.

The Free Software Foundation provides a Jitsi Meet instance for their associate members, this instance has been enhanced for privacy.

An associate member is needed to create a conference room on this instance and anyone can be invited to participate.

Website: https://www.fsf.org/associate/about-the-fsf-jitsi-meet-server
Mastodon: @fsf

Yes, Proton Drive for Linux is currently not being actively worked on/update: they lack developers, see post

Update: i went to reddit because there was an AMA from proton . There, they said: *The only reason why our Linux clients are lagging from a development is simply that it is extremely difficult to hire Linux Desktop developers....

dazo, to protonprivacy in Yes, Proton Drive for Linux is currently not being actively worked on/update: they lack developers, see post

@Papanca @synapse1278

I've been testing out the rclone Proton Drive integration for a bit. As it is today, the rclone approach is currently too slow, especially using the "mount" approach which lets you access Drive files on-the-fly only downloading data as needed.

Using an "sync" approach (where data is stored both locally and in Drive) might be a better approach, unless you expect rapid syncing of files.

Considering the setup efforts, I cannot recommend Proton Drive for Linux in a productivity context.

Alternatives to Proton Drive on Linux there is @filen and Tresorit, which are both fully . I've been using both for a while and both are decent.

Filen is the cheapest alternative and feature wise pretty close to Proton Drive - but they have a sync client for Linux. They do not have a possibility to access files "on-the-fly"; all data must be synced locally. And sharing data via URL need to happen via the web portal. Sharing data between Filen users was read-only access last time I checked.

Tresorit is fairly expensive, but also a lot more feature rich, especially on the sharing side. The Linux client supports both synchronising files between local storage and the cloud as well as a "drive mount" where all files in the cloud are available and only downloaded once you access it - or uploaded directly if you store something there.

Both Filen and Tresorit are fairly efficient in regards to uploading and downloading data via their sync clients. Using the web portal is slower, especially on larger files. This is naturally and not unexpected; the data is decrypted first on your device when the data has been downloaded from the cloud storage. Proton Drive is no different here.

Filen is a more properly open source based product. Tresorit is non-open source and built on top of Microsoft Azure services.

ianonymous3000, to privacy
@ianonymous3000@mastodon.social avatar

Even with Advanced Data Protection activated on ,
Apple can still access your iCloud Mail, Contacts, and Calendar. The encryption applies in transit and on their servers, but it's not end-to-end. Apple holds the keys.

https://support.apple.com/en-us/102651

retr0id, to random
@retr0id@retr0.id avatar
kkarhan,
@kkarhan@mstdn.social avatar

@retr0id And that's why I don't trust @signalapp / #Signal, #Telegram, #WhatsApp, #iMessage, etc.

Only #SelfHosting & #SelfCustody of #Keys allow for real #E2EE and thus #security...

my_actual_brain, to linux
@my_actual_brain@fosstodon.org avatar

I've been wavering on choosing a cloud provider to sync my data with. I really was hoping to use , but I really need a client. I was using dive, but I really do not like how their system works.

So, I am going to go with I am not particularly excited to use them, but just yesterday, my wife needed an ID which she did not have. If my data was in the , I could have just shown it on the phone.

@protonmail

blueghost,
@blueghost@mastodon.online avatar
Mehrad, to random
@Mehrad@fosstodon.org avatar

I'm trying to export all my emails from @Tutanota, but guess what, it keeps "crashing" and asks me to report the bug.

Tutanota is no different than any other vendor-lock-in platform. One of the side-effects (read "reasons") that user cannot use any client other than Tuta's is that the only way to export your data is via their own client. Something that conveniently crashes left and right without clear reason or without telling which email is causing the issue.

blueghost,
@blueghost@mastodon.online avatar

@Mehrad @Tutanota
TUTA FOLDER DELETION 1/5:
A folder that is deleted containing at least one message is moved to a Trash subfolder, selecting "Clear folder" to permanently delete individual messages in the Trash folder does not affect the subfolders.

When a folder is deleted and moved to a Trash subfolder, the Trash icon changes and a plus sign appears in the lower right portion of the icon.

blueghost,
@blueghost@mastodon.online avatar

@Mehrad @Tutanota
TUTA FOLDER DELETION 2/5:
Select the Trash icon with a plus sign and a list of subfolders will appear, permanently delete a folder by selecting the ellipsis icon to the right of the folder name and then select Delete.

blueghost,
@blueghost@mastodon.online avatar

@Mehrad @Tutanota
TUTA FOLDER DELETION 3/5:
This will remove the subfolder from Trash and the list of folders where a message can be moved to, this is where you were seeing folders appear that you thought were permanently deleted. The dot at the beginning of the folder name indicates it is a subfolder, in this instance it appears to be a subfolder of Trash.

blueghost,
@blueghost@mastodon.online avatar

@Mehrad @Tutanota
TUTA FOLDER DELETION 4/5:
Folders that have been deleted and moved to a Trash subfolder will appear in the list of folders where a message can be moved to with a dot in front of the folder name and appear directly below the Trash folder. Messages can be moved to these subfolders.

blueghost,
@blueghost@mastodon.online avatar

@Mehrad @Tutanota
TUTA FOLDER DELETION 5/5:
Folders and subfolders that have not been deleted will appear in the list of folders where a message can be moved to and appear directly below the Spam folder. A subfolder will have a dot(s) at the beginning of the folder name.

Permanently deleting a folder containing at least one message is a two step process.

mattcen, to apple
@mattcen@aus.social avatar

's finally agreed to support alongside (but not as a replacement for) as of later next year: https://9to5mac.com/2023/11/16/apple-rcs-coming-to-iphone/

I've not been able to find much info about how the RCS standard works and whether it's end-to-end encryption; Apple seems to think that its encryption needs to be improved to bring it up to iMessage's encryption standard.

claims they support (https://support.google.com/messages/answer/10262381), but it's unclear if that's built into RCS, or something else on top of it.

esm, to random
@esm@wetdry.world avatar

I THINK THE MATRIX CHAT PROTOCOL SUCKS

kkarhan,
@kkarhan@mstdn.social avatar

@hexaheximal @esm

Any with of all Keys should be considered security-sensitive and thus should not he used as a .

Also supports -Apps and if you don't have administrative privilegues on a machine then consider it insecure and nit trustworthy for yourself as a user!

hexaheximal,
@hexaheximal@blob.cat avatar

@hexaheximal @kkarhan @esm I also forgot about the most obvious thing...

Back in the 90s, Bill Gates infamously decided to kill Netscape. He did it because he knew that web apps would make the operating system irrelevant.

While his solution was wrong, he correctly predicted that web apps were going to take over.

Look at all of the desktop apps which are just Electron wrappers now too. It's very common. (and before you say that electron is bad and discard it, which is likely, https://github.com/nukeop/nuclear/blob/master/docs/electron.md)

> Any with of all Keys should be considered security-sensitive and thus should not he used as a .

This is irrelevant too. Browsers have really good sandboxing nowadays, and on chromium you can even create multiple profiles within the UI. The reality is that, as long as the client-side code can be trusted (reminder that you can self-host element and/or cinny if you don't trust it - I've done that before) as well as the browser itself, it's about the same in terms of security.

You are fighting against reality.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • tacticalgear
  • DreamBathrooms
  • cisconetworking
  • osvaldo12
  • ngwrru68w68
  • magazineikmin
  • thenastyranch
  • Youngstown
  • ethstaker
  • rosin
  • slotface
  • mdbf
  • kavyap
  • anitta
  • InstantRegret
  • Durango
  • tester
  • everett
  • cubers
  • GTA5RPClips
  • khanakhh
  • provamag3
  • modclub
  • Leos
  • normalnudes
  • megavids
  • lostlight
  • All magazines