=== ANCHOR POEM === ══════════════════════════════════════════════════════════════════════───────────── @user-138 you can use a username now. They added that functionality recently. it's supposedly more encrypted or something. But, it's still a centralized point of failure. If you want to say something privately, pretend like you're ordering drugs on the dark web and use PGP encryption or SSH keys or whatever it says in the "how to order drugs on the dark web" guides. ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═══════════════════════════════════════════════════════════════────────────┘ === SIMILARITY RANKED === --- #1 fediverse/3469 --- ════════════════════════════════════════════════════════─────────────────────────── you know how SSH password login is deprecated because the password needs to be transmitted in cleartext or whatever? what if we just... required two passwords? the first initiates the conversation, and sets up an encrypted line. It doesn't matter if anyone sees the first password because they'll get a new set of encrypted keys, meaning each session automatically is encrypted in a different, randomized way. the second password is the one that actually authenticates you. ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═════════════════════════════════════════════════──────────────────────────┘ --- #2 fediverse/1862 --- ╔════════════════════════════════════════════════════──────────────────────────────┐ ║ some people look for signals or signs before doing something. Try and have │ ║ someone in your life who can give you signals or signs so that you know when │ ║ to do things. And ideally, if they're more hardcore than you, you'll know what │ ║ to do, not just when to do it. │ ║ │ ║ did you know that anything on the internet can be read by at least one other │ ║ person besides your intended recipient? There's no way they'd let us talk │ ║ amongst ourselves otherwise. │ ║ │ ║ I think encryption is pretty neat, all you have to do is run a shell script on │ ║ some text, then send that text over the internet. If you want to decrypt it, │ ║ all you have to do is run a shell script on it to decrypt it. │ ║ │ ║ downside is, it has to be translated into plain text somewhere along the │ ║ line... Maybe if we rendered the words not as text that can be read from │ ║ memory, but as like, brush-strokes that can have a randomized order, but still │ ║ present to the user as visual text? anyway that's what's on my mind as I try │ ║ and improvise a baking recipe with yeast, flour, and butter │ ╟─────────┐ ┌───────────┤ ║ similar │ chronological │ different │ ╚═════════╧═════════════════════════════════════════───────────────────┴──────────┘ --- #3 fediverse/2252 --- ══════════════════════════════════════════════════════───────────────────────────── ┌──────────────────────┐ │ CW: tech-encryption │ └──────────────────────┘ users don't want to have to think about encryption keys. they should be available for them if they need them, in like... a folder or something somewhere, but they don't need to really know that they exist. more friction like that keeps people away from being secure. ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═══════════════════════════════════════════════────────────────────────────┘ --- #4 messages/635 --- ════════════════════════════════════════════════════════════─────────────────────── Yeah, sure, signal is encrypted, but they could just put a virus on your miniature pocket tv that streams your screen into a text recognition bot which streams that text into an LLM trained to report on suspicious seditious activity. ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═════════════════════════════════════════════════════──────────────────────┘ --- #5 fediverse/1693 --- ════════════════════════════════════════════════════─────────────────────────────── "if I work on the TTY then they can't forward my X session without my consent" - ramblings of the utterly deranged as if they couldn't just look at your unencrypted source-code as you save it to your hard drive smh ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═════════════════════════════════════════════──────────────────────────────┘ --- #6 fediverse/3470 --- ════════════════════════════════════════════════════════─────────────────────────── alternatively, when you initiate an SSH session it sends you a randomized public key whose private key is the password that you need to login. By decrypting the string of text it sent you and sending it back (plus the password at the end or whatever) you can ensure secure authentication without bothering with the passwordless keys which are wayyyyyy more trouble than they're worth and lack the "something you know" authentication method. ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═════════════════════════════════════════════════──────────────────────────┘ --- #7 fediverse/624 --- ═════════════════════════════════════════════────────────────────────────────────── You know, there's no guarantee that Youtube or Gmail has to show you the EXACT SAME video or message that your friend shared with you. Or did they even share it at all? So hard to tell when they know all the communication you've ever had, because you only know each other online on their platforms, [read: US government observed platforms] [like, HTTPS] surely there's no room for someone to sneak in and edit your conversations. Surely the only way to securely communicate is to send pure PGP encrypted bytes to another target, wrapped in a TCP/IP header, with unknown intent or expression. Worst they could do then is just, y'know, block it entirely. ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧══════════════════════════════════════─────────────────────────────────────┘ --- #8 fediverse/4946 --- ════════════════════════════════════════════════════════════════─────────────────── I would trust the CIA if they gave me continual access to all surveillance of myself -- stack overflow -- what if you made a program which cycled credentials? like... "give me a random credential for Zoom" because we share all of our digital resources did you get banned for account sharing? no you didn't because you routed through the correct VPN automagically [has never had a software job] ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═════════════════════════════════════════════════════════──────────────────┘ --- #9 fediverse/884 --- ══════════════════════════════════════════════───────────────────────────────────── ┌──────────────────────────────────────────────────────┐ │ CW: completely-unfounded-no-evidence-mis-information │ └──────────────────────────────────────────────────────┘ If we make a law that says you can't sell user data, they'll just build an intentional vulnerability into their system and point it out to specific people who paid under the table. Then, when they get "hacked", they'll surely be ashamed and sorry to their users, but hey the data's out there now not like they can take it back. Oh don't worry we already patched the hole in our security, that way nobody can get in through the same door that was intentionally left open for very particular people who've paid, and not for the people who haven't paid yet, who are still waiting patiently for a door to be built for them. ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═══════════════════════════════════════────────────────────────────────────┘ --- #10 fediverse_boost/3948 --- ◀─╔═══════════════════════[BOOST]════════════════════════────────────────────────╗ ║ ┌────────────────────────────────────────────────────────────────────────────┐ ║ ║ │ There is no such thing as a backdoor for good guys. Once you place a backdoor, you compromise the safety and privacy of all your users. A third party or bad guys will get access to it and abuse it further. The concept of a "backdoor for good guys" is fundamentally flawed and dangerous. It sets a dangerous precedent. Security and privacy should be absolute. There's no safe way to create a backdoor that can't be exploited by malicious actors. #privacy #security #infosec │ ║ ║ └────────────────────────────────────────────────────────────────────────────┘ ║ ╠─────────┐ ┌───────────╣ ║ similar │ chronological │ different ║ ╚═════════╧════════════════════════════════════════════────────────────┴───────╝─▶ --- #11 fediverse/2200 --- ═════════════════════════════════════════════════════────────────────────────────── I love D&D books with lots and lots of randomized tables because you can, in a pinch, use them as code-books for encrypting text using a method that nobody will ever guess. Well, as long as you have two of them, one to give to your friend and one to keep yourself. This is a form of "symmetric encryption", where you each have a copy of the input/output tables. More secure is the private/public key style encryption, but good luck explaining that to a 14 year old. Plus you can't do it over a radio, you need a computer. ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧══════════════════════════════════════════════─────────────────────────────┘ --- #12 fediverse/482 --- ═════════════════════════════════════════════────────────────────────────────────── @user-246 You're absolutely right. It's easy to think of the internet as this encapsulated entity "the world", but really it's "the people whose computers are physically connected to your computer using a limited and tangible piece of infrastructure comprised of copper wires that are laid between the router/switch that connects to your computer... and the internet service provider which directs your traffic. Then it probably goes through some cables under the ocean or whatever, and eventually after traversing many indeterminate passthrough locations eventually arrives at the computing infrastructure that comprises the access point that another person (presumably in another country) uses to express their thoughts toward you (the person who sent the original message) in the hopes that you might one day correspond. I mean... That's a lot of points of failure. I sure hope that we can sustain such connection, in the face of [redacted, whichever circumstances may come in the near future] ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧══════════════════════════════════════─────────────────────────────────────┘ --- #13 fediverse/3407 --- ════════════════════════════════════════════════════════─────────────────────────── @user-1218 there's only a password so that if the zip archive is displaced from it's context it's harder to read. ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═════════════════════════════════════════════════──────────────────────────┘ --- #14 messages/1245 --- ═════════════════════════════════════════════════════════════════════════════════── BRB, if you want to talk to yourselfs, I recommend opening a port in your router and exchanging HTTP packets that create messages on each other's computers. Can be done in a couple hundred lines of C code that can be 90% premade or auto-generated. Then, once it's made, you don't have to think about it again because it's so simple. It's not trying to scale, it's just... designed for a small, focused, human oriented mindset.\ ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧══════════════════════════════════════════════════════════════════════════─┘ --- #15 messages/329 --- ═══════════════════════════════════════════════════──────────────────────────────── LLM training data that's been encrypted in such a way that it preserves symantic meaning, while also allowing for secrecy and unique customization ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧════════════════════════════════════════════───────────────────────────────┘ --- #16 messages/181 --- ══════════════════════════════════════════════───────────────────────────────────── I know you don't want to hear this, but there is a chance that there will come a time where your life depends on your ability to debug a computer without the internet. To set up an SSH server. To install Linux. To program in C. To do something else that I'm not prepared for... If StackOverflow didn't exist because network connectivity has been lost, could you remember syntax? Maybe it's a good idea to set up a local LLM that can answer basic questions about technology. Maybe it's a good idea to set up on your parents computer, just in case you have to hide out there for a couple months. Maybe it's a good idea to download wikipedia, just in case. If I need to use a mac, I'm screwed ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧═══════════════════════════════════════────────────────────────────────────┘ --- #17 fediverse/1113 --- ═══════════════════════════════════════════════──────────────────────────────────── we should be able to configure our web browsers so that they don't remember to autofill certain pieces of information. Such as the IP address of our router, or our bank credentials, or any other forms of passwords that we are using to authenticate ourselves. That way our infrastructure that we've designed is less susceptible to cybersecurity threats that involve physical access to the computer. Or remote control of some kind that is channeled through the UI (like RDP or SSH) (a terminal is a text based UI in this context) Unless of course they knew what they were doing. Which most of them don't. Hence why it'd be a good idea to isolate the capabilities of defeating certain vulnerabilities to ourselves. Like, a reverse backdoor, only more like a DMZ - a sector of computing space (sandboxed of course) that is only utilized for understanding the intent of the message sender. Doing so would require an analysis of the capabilities of the system, the kind of analysis that [script kiddies'dve] generated by googl ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧════════════════════════════════════════───────────────────────────────────┘ --- #18 fediverse/4356 --- ═══════════════════════════════════════════════════════════──────────────────────── ┌──────────────────────────────────────────────────────────────────────────────┐ │ CW: don't-even-get-me-started-on-people-who-don't-lock-their-phone-with-at-least-a-pin │ └──────────────────────────────────────────────────────────────────────────────┘ if they can't get into your phone, they can at least record all of the received notifications. meaning they already know who it is that you know... without having to find people that are distant or unrelated ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧════════════════════════════════════════════════════───────────────────────┘ --- #19 fediverse/4194 --- ═══════════════════════════════════════════════════════════──────────────────────── I guess I'm used to messaging applications where it's expected that you'll send what you're typing after every complete thought giving people space to return their own completed trains of... "thought" but without saying "thought" again because I just said it at the end of the previous... sentence? paragraph? idk anymore it feels weird to post like this ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧════════════════════════════════════════════════════───────────────────────┘ --- #20 fediverse/6119 --- ═══════════════════════════════════════════════════════════════════════════──────── what's the point of using a password manager if they're just going to 2FA your ass anyway? oh right, so google knows whenever someone signs into obscure-porn-site.com or radical-chemistry-and-explosives.net or cheap-hot-anime-gunpla-fast-xoxo.itch.io or whatever the kids are buying these days ┌─────────┐ ┌───────────┐ │ similar │ chronological │ different │ ╘═════════╧╧════════════════════════════════════════════════════════════════════───────┘ |