Sorry, homie. I’m not gonna keep arguing with you if you obviously can’t argue without moving the goal posts, if your life depends on it.
My point still stands: Encrypting metadata can be sensible/necessary for your threat model and does not count as security through obscurity. You have failed to explain how it would be and then started to attack me, personally.
Have fun misrepresenting this comment as well, bye.
Firstly, if the police confiscate your PC, they already know (and have proven to a judge) that you conduct illegal activity and likely already have enough to convict you of a crime. lol
Not if it’s for securing evidence. That is only collected before the verdict/conviction. Otherwise, there wouldn’t be any need for a trial.
Also, your metadata can put others in jeopardy. If you’re busted for being an antifascist activist, who the police deems a “terrorist” and you’re also member of another activist group which up to then wasn’t in the sights of law enforcement, then you’re putting that other activist group’s members in danger.
Secondly, you can have an account at a private torrent tracker […]
That wasn’t my argument, though. You can criticise the circumstances that started my example premise, but the point still stands: having metadata that’s clearly visible can be dangerous, because it can give an attacker more information on you (depending on your threat model).
These are exceptionally poor arguments.
You’ve actually only attacked my examples, not my argument. My original point still stands: The type of accounts you have can be something you legitimately want/need to encrypt. Not only the credentials.
Because if the data is secure, it makes no difference if a bad actor knows you have an account with a service or not
Bullshit. It’s not about the obvious services, but rather the ones that give more info about my profile.
If the police confiscates my PC because of e.g. piracy, they could nail me down if they also knew that I had an account at a darkweb marketplace, or that I am a member of an organization that’s deemed to be “terrorist”.
The only way to hide that info with pass is to give it a cryptic name which make it less obvious, what the account is actually for. That is both inconvenient and I would argue: also quite security of obscurity.
This is an example of security through obscurity.
It is not. Security through obscurity relies on having a visible secret hidden somewhere where “no one would think to check”. That’s different than encrypting the whole meta-structure of your digital life.
OP is talking about hhe meta-structure being visible.
If my filesystem gets compromised (stolen, confiscated, etc.) and I use pass, the infiltrators will know that I have a password that I labeled “slrpnk.net”. They won’t have access to the password itself, but they’ll be able to determine all the services I have accounts at.
Bitcoin’s annualized footprint in electricity consumption reached an all-time high in early 2022, then believed to be higher than the power consumption of Finland.
Some reporter(s?) in Germany found that all the forums for CSA actually host their material in the clearnet, i.e. on Google Drive, Dropbox, etc. (since TOR speeds are shit and those people don’t watch SD videos anymore).
The police could have demanded data from the uploading accounts and that the material was taken offline. They refused to do so, in order to “catch more criminals” or something like that.
So, their “think of the children” is exactly as in the spirit of Helen Lovejoy as it seems.
Sauce: https://www.tagesschau.de/investigativ/panorama/kinderpornografie-loeschung-101.html
Well, my niece and nephew do need a minecraft machine… 🤔