Anyways so I want to also say since I am here and was talking about metadata not being encrypted:
Uncategorized
2
Posts
1
Posters
0
Views
-
Anyways so I want to also say since I am here and was talking about metadata not being encrypted:
Any "E2EE" system that does *not* encrypt metadata is WORTHLESS.
If anyone who has access to the central system can see you are in "government dissident chat" for example, *your system has failed at privacy.*
It is somewhat okay if you know they're in "group id 694201337" as long as you can glean *no other details* as a server operator... because there's not easy ways around this problem, to be blunt. But the server operator should *not* know you are in, say, "government dissident chat."
Server operators should also have *no real clue* who is on your contact list. Ideally, they shouldn't know who you're messaging at all... but that one is also a difficult problem.
Just because the contents of the messages are encrypted, *does not mean that the group is private.*
Metadata *must* be encrypted.
The only thing the server should know about you:
* How to map something user-friendly to your user ID
* Other people's user IDs
* Maybe group IDs for the purposes of rendezvousAnd the only thing a server should ideally do:
* Be a dumb relay
* Handle mailboxing of encrypted payloads (if your payload is too sensitive to survive being stored, your encryption is broken, try again)The only thing that remotely comes close to doing any of this, is Signal. They actually have tried very hard to make a fully anonymous chat protocol and have done a damn good job.
If ANY other chat protocol is to exist, it must provide the guarantees Signal does, at the bare minimum. That is the *floor.* Anything that does not exceed the floor should be summarily discarded.
-
Anyways so I want to also say since I am here and was talking about metadata not being encrypted:
Any "E2EE" system that does *not* encrypt metadata is WORTHLESS.
If anyone who has access to the central system can see you are in "government dissident chat" for example, *your system has failed at privacy.*
It is somewhat okay if you know they're in "group id 694201337" as long as you can glean *no other details* as a server operator... because there's not easy ways around this problem, to be blunt. But the server operator should *not* know you are in, say, "government dissident chat."
Server operators should also have *no real clue* who is on your contact list. Ideally, they shouldn't know who you're messaging at all... but that one is also a difficult problem.
Just because the contents of the messages are encrypted, *does not mean that the group is private.*
Metadata *must* be encrypted.
The only thing the server should know about you:
* How to map something user-friendly to your user ID
* Other people's user IDs
* Maybe group IDs for the purposes of rendezvousAnd the only thing a server should ideally do:
* Be a dumb relay
* Handle mailboxing of encrypted payloads (if your payload is too sensitive to survive being stored, your encryption is broken, try again)The only thing that remotely comes close to doing any of this, is Signal. They actually have tried very hard to make a fully anonymous chat protocol and have done a damn good job.
If ANY other chat protocol is to exist, it must provide the guarantees Signal does, at the bare minimum. That is the *floor.* Anything that does not exceed the floor should be summarily discarded.
I have personally tried to solve this problem and have come to the conclusion Signal did it best, Signal did it right, and the main cardinal sin of Signal besides being centralised is that it requires a phone number. Pretty mid.
I still say Signal is the go to protocol to use if you want absolute anonymity. Get a throwaway number. Just fucking do it. For the love of God, do not use XMPP. Do not use Matrix if you can help it. Those do not exceed the floor, in XMPP's case, not even close.
-
undefined oblomov@sociale.network shared this topic on
Feed RSS
Gli ultimi otto messaggi ricevuti dalla Federazione
-
@dret @spettacoli mah io i santi li vedo un po come il fumo negli occhi e poi tifo Remolo!😁🤣🤣🤣🤣
-
Alzo le braccia per una sfera genkidama di bestemmie
-
#calcio etico. La #Cremonese in campo contro l'azzardo. La prima volta di un club di #SerieA - Vita.it https://www.vita.it/la-cremonese-in-campo-contro-lazzardo-la-prima-volta-di-un-club-di-serie-a/
-
Grazie a Roberta e Rocco! ❤
-
@oblomov@sociale.network @lelevup@livellosegreto.it
Esatto, su linux è perfino più facile che su win!
Oppure, ti fai prendere la mano come me e finisci con una tastiera con layout iso, ma keycap, switch e firmware custom con cui programmi esattamente cosa vuoi che venga emesso quando premi uno o più tasti 😆
-
eh, da noi quelle che in italiano sono diventate e chiuse, sono diventate i nell'idioma locale, quindi nisba 8-D
-
IO STO CON GLI ALTRI POLIZIOTTI
@news
“Ntenze” e “Nette” sono alcuni dei neologismi che mi sono frullati in mente nei giorni in cui c’era chi, con tono accorato, strillava di esser dalla parte dei poliziotti “senza se e senza ma”.
L'articolo IO STO CON GLI ALTRI POLIZIOTTI proviene da GIANO NEWS.
