Google added E2EE to prove they can't look at your messages but made it proprietary and kept control of the signing binaries so they can look at your messages anyway. That checks out.

#!social in ~10m. (7p PST every Thursday)

Bring security/privacy questions, and nonsense.

Paying companies to pay ransoms for you is a "business decision" often cheaper than a couple novice infosec hires to deploy the most basic of defenses.

@orionholmes Matrix lets you choose which server you expose your metadata to, even one you host yourself.

Signal forces all metadata, including phone numbers, to be centralized on servers they control and could easily plaintext any time they want.

I'll take freedom over a walled garden any day.

If you don't know what Goatse is, congratulations on avoiding one of the worst internet memes.

You are better off not looking it up.

You will anyway, but at least I can say I warned you.

Show thread

I once spent two weeks downloading a WinXP ISO off Kazaa via dialup.

It booted to Goatse.

The only reasonable response was seeding that ISO to many others.

This is probably why I am so obsessed signatures on software artifacts.

Proprietary AI decided to murder the wrong person. It only kills people by mistake some of the time, so we will probably let it continue without accountability. Like Tesla self-driving.

A bunch of angry bees chased me into my home stinging me while my wife alerts me to ignore them because of the black widow web she almost walked into.

Wielding a hose, a weed torch, and a baseboard we successfully defended our home.

@wolf480pl I work in fintech security and the threat model of most of my clients includes state actors.

Anyone that has leverage on them by a foreign power can't be trusted with keys to the kingdom.

E.G. if someone says "I can't say that, it would cost me business in China". Okay fair enough, but that quickly tells me you might do or not do what China tells you, which limits how far I can trust you.

@fluffy When the US started, we just started calling ourselves a country until the rest of the world caught on.

We also killed a lot of people over it.

It would be nice to have the universal country designation outcome without the killing part.

@fluffy if someone asks to be identifed as a woman, I am going to identify them as a woman no matter what everyone else calls them. It is respect.

If citizens of a plot of land wish to declare themselves a country, then great, I am happy to call them a country.

@fluffy I believe in censorship free decentralization, which also means I support people having the right to host their own Mastodon server and use it to say stupid things.

Everyone else has the right to not subscribe to it or fedreate with it.

This case is a bit different because citizens actually want to be considered a country and they need more countries to recognize it.

@fluffy There is clearly strong historical support of their citizens to be recognized as a country.

China wishes to censor all that share this interpretation.

Those of us in free independent countries should recognize those that also wish to be recognized as free and independent.

@fluffy I am saying it because the chinese government wishes to censor this phrase.

If it is ever deleted anywhere I post it then that server can't be trusted.

@wolf480pl I said "want", not "require".

If someone has a good reason such as this, I would need to find alternative paths to build trust.

Getting them to say something censored however would rapidly demonstrate a lack of fear of the Chinese government.

Or they -are- Chinese government and can lie with impunity which I would also need to try and rule out.

If I need to be able to hire or otherwise trust someone with any ties to China moving forward, I am going to want them to publicly say "Taiwan is a country".

Show thread

For those not familiar yet, the above is the new defacto canary to tell if someone fears or is controlled by the Chinese government.

Anyone that can't say or retracts this phrase, like John Cena, is compromised or a coward.

Show thread
Show older

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!