You can always encrypt the payload twice if you want. But really what are you arguing? That every time you encrypt something, you should encrypt it serially with all known encryption algorithms “just in case?” Hell why not do it again just to make sure?
A key component of encryption is efficiency. Most cryptographic processes are going to be occurring billions of times across billions of transactions and involving billions of systems. It’s worthwhile for robust encryption algorithms to be efficient and avoid unnecessary calculations unless those calculations demonstrate some advantage. For example PBKDF2, where the multiple rounds of identical encryption convey a demonstrable increase in time to decrypt via brute-force mechanisms. If the standard is 4096 which it was in 2005, you coming along and saying, but why isn’t it 4097? The CIA is using >4096, therefore that means that 4096 is insecure! Isn’t really understanding why 4096 was chosen to begin with. Additionally no one is stopping you from using one million iterations with key1 and then doing another million rounds with key2.
It comes down to the hostile actor you are trying to defend against. If you are Jason Bourne and you have been burned by your agency so multiple nation-states are looking for you, then you have to go fully off-grid and live a quiet life without ever communicating with anyone in your prior life again. It doesn’t matter if you are using Signal, or SMS, or even a dial-up BBS. If you are communicating with people that are also under heavy surveillance, you cannot hide.
If you want to reduce your “digital footprint,” then not using google/facebook/other social media is the most worthwhile thing you can possibly do. Your phone doesn’t matter. Use iOS, never install any of the social apps, use Safari in incognito mode, and you’ll never be tracekd across websites again.
I’m using “open source” colloquially. The point is that your specific nitpick about imessage not having some specific text file and license associated with it, isn’t important in a world where there doesn’t exist an alternative that is nearly as robust and supported. Ultimately you are upset that imessage is run by a corporation (a valid complaint) but there is no indication that the corporation is lying to you about the privacy of their messaging service.
While in the ideal world a non-opensource app would be a deal breaker, in the current world, there is no indication that imessage has any privacy concerns associated with it. It’s not just taking Apple at their word, there have been a lot practical analysis of how the protocol works. Plus the underlying cryptography is sound.
https://security.apple.com/assets/files/Security_analysis_of_the_iMessage_PQ3_protocol_Stebila.pdf <- hosted by Apple.
https://www.douglas.stebila.ca/blog/archives/2024/02/21/imessage-pq3/ <-original author
https://www.usenix.org/system/files/conference/usenixsecurity25/sec25cycle1-prepub-595-linker.pdf <- Independent analysis of the protocol and implementation.
Sure you could claim that actually Apple is lying about how they are securing imessage, but that is a lot of effort when they could just take the Facebook approach and straight up admit that they have the ability to read your texts, much easier, and safer legally.
Chasing the hot new app that was created by some one-person dev team for “privacy” reasons is a little like chasing amy. You are looking for an ideal app that doesn’t exist, so you can’t really suggest a better alternative. Instead you are just nagging people for using discord or imessage even though those apps are perfectly fine for 99% of people. Even privacy focused people. imessaage specifically is great for privacy and unless you have strong evidence of an apple installed backdoor for the p2p imessage encryption I’d question why your are against it.
Wireshark is the wrong tool for the job unless you are only interested in the destination IPs, but those are useless to most people because malware and PUPs are hosted on public cloud services or rarely hijacked insecure endpoints, so what value is a source IP going to get you? For example most ‘suspicious’ traffic is from your cell phone and some app is phoning home over TLS, with ‘home’ being an elastic IP in AWS.
Like most things on the internet it’s a game of one-upsmanship. User X uses Firefox with Incognito. User Y say’s that isn’t good enough for his own inconsistent definition of “good enough.”
So User-Y suggests Firefox with 14 different add-ons and only browse through an immutable VM.
But then user-z comes along and says that if you are using windows at all, you don’t really care about privacy, so you should be using Icefox on some obscure fork of ubuntu through an immutable VM, with a pi-hole.
Then user-w says well if you aren’t using a VPN none of this matters, so Obviously you need to rent an Alibaba cloud server hosted in China, that you only connect to through a privacy respecting VPN, and then you only browse through TOR.
And so on. By the time a user is asking about how to stop google ads, the only “serious” answer by the community involves using Packet over Ham-radio -> and spending thousands of dollars a month on 4 different cloud providers, rented through several shell companies set up in Switzerland, the Cayman Islands and China, while only typing in Esperanto using an ASCII-only font.
This is a useful feature. If you are in an abusive household, then yes you should have as much financial separation as possible. For those that are in a happy and functional family with kids that you want to allow freedom for, this provides a measure of safety if you need it for potential emergency’s or if they aren’t answering the phone or whatever.
The EU can and should ban government and business’s from using twitter as part of their official communications. But if private citizens wants to tweet, then sure go for it, even the EU with it’s less then stellar speech record, particularly with the labeling antisemitism, still allows freedom of association.
A square is a regular polygon* with 4 sides.
*Regular Polygon A polygon which is both equiangular and equilateral (i.e. having all sides the same length and all interior angles the same).
Note that this doesn’t preclude the existence of a square with curved sides if projected upon a sphere. But when discussing common geometry the assumption is that we are working within a single plane. If you wish to work in non-planar geometry, that must be explicitly called out in the diagram.
Turn off broadcast of the SSID
Don’t do this. It provides zero security, and just reduces usability. Now you should call your SSID something non-identifiable. So instead of “$YourName Wifi” call it “pleasure chest” or something. Additionally do not set a ridiculous 64 character + special characters password, because again you are providing next to zero additional security, while hugely reducing usability.
Use a simple password scheme of 3-5 unrelated common words like from here: https://www.correcthorsebatterystaple.net/index.html for your wifi password.
I guess having a thick provisioned VM image on your laptop means that you are hiding something. Again if the evil government you are trying to hide something from doesn’t need reasonableness as a reason to detain you, then who cares? No matter what you do you are rolling the dice every time you interact with them.
Which is of course similar to the US today, so if I needed to hide something from them I’d make sure that once i’m legally compelled to give my password they at the very least wouldn’t have what they are looking for, since there is no way I could prove I didn’t have it anyway.
Did you know that potential attackers can pinpoint your location if they are in the same public place as you?
This really seems like complaining that a location enabled app that explicitly shares your location with other users is sharing your location with other users. That is 100% the purpose of the app to begin with!
I dont’ understand the issue here. Is that picture part of some specific VPS’s logo or is it part of the title/theme of the article? I think it’s very poignant, though obviously edgy, if it’s the latter. If your VPS provider isn’t censoring content, then obviously that means Nazism will be able to exist along with militant socialism advocating violence against capitalism. That is kind of the point of the article right? To determine which VPS is actually not going to censor.
Each country is free to create whatever rules they want for their country, but for people that don’t live in those countries then there is nothing more to say. There can be voluntary international cooperation (like there is with copyrighted works) but if I live somewhere that isn’t part of that international cooperation then like it or not, I am free to violate your laws all day.
Full tunnel using routing wouldn’t work but many full tunnel implementations use a shim where once the Tunnel is connected, the system route table isn’t referenced anymore, so you can put as many static routes etc as you want, but all traffic will hit the VPN interface before routing is done. For example Cisco any connect removes route look-up from the TCP/IP stack of the local system.
Well I haven’t see the arguement for why Quantum resistent encryption would somehow be weaker to traditional cryptographic techniques. I understand that early “quantum encryption” alogrithms were flawed, and it’ll probably be a long time before we get the DES of Quantum Encryption. But all that means is that we don’t have vetted “strong” quantum encryption techniques yet, and should stick with traditional encryption since quantum encryption isn’t worth it yet. If Quantum encryption becomes worthwhile, we shouldn’t have “traditional encryption”, because it will be obsolete.
If the first cylinder lock was easily bypassed compared to my old reliable wafer lock, then why should I use the cylinder lock at all? Now that cylinder locks are better then wafer locks why should I use a tumbler lock at all? There is no added security by using a wafer lock.