Daniel Gray @dngray@social.privacytools.io
Mod
Member of the privacytools.io team.
Fellow HFA AS with passion for infosec (and anything related). Completed B.Sc. CS 2016.
Joined Nov 2019
Daniel Gray
boosted
Freenode has put redirects in place on >325 channels bridged to Matrix. The bridge doesn't follow redirects so you'll have to manually rejoin the new address if needed. Tell us in #irc:http://matrix.org if your channel is stuck. We're setting up the @liberachat@twitter.com bridge asap.
Daniel Gray
boosted
andrew lee just seized over 700 channels on freenode because they mentioned libera.chat in their topic.
This includes projects like openbsd, wikimedia, FOSDEM, etc.
https://archive.is/uHw1g shows 720 channels that match what is being checked.
here's an example log: https://gist.github.com/pushcx/ab2a1d5b1d18e964c581ef18ccb3a79f
boost this if you care about foss in any way.
Daniel Gray
boosted
Pinecone is here!! Our new experimental overlay network for P2P Matrix. Check out the source, the latest P2P demos and read all about it at https://matrix.org/blog/2021/05/06/introducing-the-pinecone-overlay-network \o/ 🐍🐍🐍
@basvanhaastregt @albert_magellan @threemaapp
Peer-to-peer protocols may be more metadata resistant, but they usually come at a certain cost, (least at the moment), eg. offline messaging, large rooms etc, present challenging problems. status.im, cwtch.im, getsession.org are providing interesting research, though still early days.
Matrix is even having a go at P2P as well: https://matrix.org/blog/2020/06/02/introducing-p-2-p-matrix
@albert_magellan @basvanhaastregt @threemaapp
Matrix is an excellent alternative, we should be trying to decentralize networks rather than put trust in a single entity who produce application/run server.
As for Wire being "swiss" i wouldn't be so sure about that. https://blog.privacytools.io/delisting-wire/.
They're pretty stable. Archlinux does actually have a testing repositories too https://wiki.archlinux.org/index.php/official_repositories#Testing_repositories
The issue is that a lot of software is just bug fix releases on bug fix releases, therefore is stable anyway.
The most annoying thing about "frozen" distributions is that they do have bugs too, often frozen until the next release.
I don't think you are at all.
Its really quite simple, TOPS has sold their domain, and site to a company with a superficial affiliate link blog. There are literally thousands of these sites on the internet. Marketing companies simply go about looking at your Alexa rating, and then want to buy your domain.
PrivacyTools gets requests like this all the time, but we tell them no.
I've put in a PR to remove the site from PrivacyTools.io
@andreas @xj9@merveilles.town
There are some distinct efficiency improvements re error correction algorithms with QUIC when compared to TCP.
Moving the congestion control out of kernel space also means we can look forward to improvements in the future.
Daniel Gray
boosted
Heads up that since 12:30 UTC, the http://matrix.org synapse has been running 2 sharded event persister workers: the 1st time we've ever split the job of DB writing across multiple workers! CPU is reassuringly halved & solves one of the big remaining bottlenecks in Synapse.
@blackrat@fosstodon.org @aral
The short of it is that it won't. Even if some governments bleat about it, strong cryptography will still come out of other states who don't ban it. People will continue to use what already exists.
I would also imagine that cryptographers wouldn't have trouble seeking citizenship in states with a friendlier relationship with cryptography in general.
These laws are about controlling US tech giants more than anything. Long live decentralized, federated networks like Matrix!
Daniel Gray
boosted
@blacklight447 Is Taking Over PrivacyTools Service Administration
Daniel Gray
boosted
I'm an official team member of PrivacyTools now. :)
Recommendations are usually discussed in an issue first. From there it moves to a pull request.
Additions to the site require 2+ team member sign offs. If a team member wrote the PR, then that is 2 other people.
afaik @jonah is the only one with access to money. He has not weighed in on any of those pages other than minor corrections.
I'm pretty sure it was me that added that statement, or at least re-worded it to sound better.
> @dngray @freddy encryption at rest is no subsitute for end to end encryption and you had damn well better explain that to users
You're right and it was never advertised as such hence why it is under the "Data Security" heading and not the "Email Encryption" one.
The "Data Security" section specifically talks about *at rest*. ie. after the email has been received.
It's been there since March 1st 2020: https://github.com/privacytools/privacytools.io/pull/1672/files#diff-338290deae83c3bc8c6392188f6d96b5
It also says, which I am sure you will disagree with:
> Rather than use email for prolonged conversations, consider using a medium that does support Forward secrecy.
And guess what? That's not email.
We don't get paid anything. All the money stuff is dealt with by other people and mostly covers server costs etc.
It's also pretty clear what sponsors get https://www.privacytools.io/sponsors/ (surprise ProtonMail is not a sponsor).
Funds can be tracked through OpenCollective https://opencollective.com/privacytoolsio
I also don't have access to any of those wallets https://www.privacytools.io/donate/
There is also a warning at the top of that page too:
> When using end-to-end encryption (E2EE) technology like OpenPGP, email will still have some metadata that is not encrypted in the header of the email. Read more about email metadata.
> OpenPGP also does not support Forward secrecy, which means if either your or the recipient's private key is ever stolen, all previous messages encrypted with it will be exposed. How do I protect my private keys?
Mod
Member of the privacytools.io team.
Fellow HFA AS with passion for infosec (and anything related). Completed B.Sc. CS 2016.
Joined Nov 2019
