So, every identity verification of your email address will be forever in the public domain? That’s counter to privacy. Your email address will be married to a block and chain? There is no thorny issue. That’s a solution to a problem that hardly anyone has. Ridiculous nonsense.
If you are one of those people that thought CERN was looking out for your privacy, here is the rude awakening.
As someone who is a data hoarder/curator and dives into the deep ends of web abyss, I use Searx, Startpage and Yandex. I do not mind Startpage only because I no longer use search engines that much anymore. If something truly needs to be searched, Yandex is the absolute, untouchable king for web, image and reverse image searching, and is better than Google for privacy (very low bar but > Google/Bing).
Searx usually does deliver for the common use cases, and Startpage gives Google results minus SEO and sponsored trash.
If I were to rank them for results based on years of experience, Yandex is easily a 10 (ignoring its unbeatable image search), Searx with “default/all” language results a 7, Startpage a 5 (censors Russian/Chinese sources since it is based on Google), Qwant probably 3.5-4 (unavailable in many regions), Google 3, DDG and Bing 2. I am not sure how Metager, Mojeek and Kagi fare, but they probably perform somewhere between Searx with “default/all” language results and DDG.
Why Yandex is so above Searx metasearch is because its indexing is a lot faster than once a day, besides giving the experience of what Google was around 2009/10 and with no SEO crap. You will find the most obscure personal blog and website there, and DMCA bullshit does not work in Russia, which would work on any of these other search engines or metasearch instance owners.
I can’t imagine that any app that currently exists gives a shit about exploiting your data. Lemmy is too young for that to really be a problem.
The real problem is that nothing on lemmy is private because of it’s federated design. There have been some discussions the last few weeks talking about this, but just about every interaction you do is broadcasted out to every instance, and its social media so of course anyone can see what you post. Things like viewed posts and saved content should stay on your instances server, but assume every other action is public.
direct messages arent really private on any platform but on the fediverse they especially arent
not only can your admin read your messages if they really want to (like non federated sites) but also you have to consider the other instances admins too
i think thats why lemmy has a profile field for a matrix username by default because thats at least a more private way to do dms
Agreed. Although The Fediverse also can’t easily be searched via your standard search engines, so finding that public information is harder than on other social media apps (for now…).
This isn’t to say there isn’t a privacy concern using any Fediverse Social media platform. It’s just that there are some inherent design implementations that make it hard for the average person to invade the privacy of a user of the platform.
This is, of course, afaik. Please let me know if I’m mistaken.
Search currently kinda sucks actually inside the fediverse. I tried to find one of those posts before making the comment but gave up because it was worthless.
I’d imagine it’s only a matter of time until someone makes something better, and 3rd parties start mining it. Or we’ll get that nefarious third party with a server just ingesting all our data to sell off.
pretty much spot on, search is still pretty bad on fedi (on the twittery side and the reddity side)
although it is still not hard to invade someones privacy the old fashioned way by, for instance, making alt accounts to evade blocks but thats nothing unique thats all platforms
Why would knowing every single email be seen as something positive? Nice way to have spam-heaven. The keys also don’t need to be public. If you need something THAT secretive, there are safe ways to do a permanent key exchange.
The public part of it would be the RSA pubkey, likely linked with an identifier such as the SHA-256 hash of the email. You could quite easily have that ledger public and it would take millennia to crack any of the emails, much easier to use fuzzing with common words and names than trying wasting computing power for a single email. The whole point of blockchain is that it’s an immutable public ledger which would actually suit this idea quite well.
I understand how public-private keys work, and I understand why you’d want one. I just think this implementation of a register is bad. Not from a security risk, from a use case point of view; it’s for all intent and purposes an email which if ever compromised is forever compromised and non reusable. It’s an email that’s unrecoverable so not usable in many companies.
I’m sure there are other reasons to not like the idea, but that’s what I can think off the top of my head.
It’s an email that’s unrecoverable so not usable in many companies.
It doesn’t sound like you understand why someone would want to do email with public key cryptography, it sounds like rather you do not like the idea of doing email with public key cryptography. Being unrecoverable is just the tradeoff there. Again, what do you think the problem described even is? For reference,
The issue, Yen said, is ensuring that the public key actually belongs to the intended recipient. “Maybe it’s the NSA that has created a fake public key linked to you, and I’m somehow tricked into encrypting data with that public key,” he told Fortune. In the security space, the tactic is known as a “man-in-the-middle attack,” like a postal worker opening your bank statement to get your social security number and then resealing the envelope.
I think if you actually acknowledge the problem of trust for propagating public keys as a real one that is worth being solved, it would be hard to argue that blockchain is a bad fit for that problem, because it is not. Trustless, verifiable propagation of data is one of the things it actually offers unique benefits for.
I’m sure there are other reasons to not like the idea, but that’s what I can think off the top of my head.
It might be useful to start by considering the idea itself and what it is saying, instead of looking for arguments to make against it.
You’re not adding anything that wasn’t argued towards before. Soon or later, you have to trust something. There are ways to transfer keys by other means which you can use to corroborate.
The tradeoffs of this idea are just not worth it for 99% of the people.
What are the tradeoffs, assuming an email encryption scheme based on self custodied private keys and publicly published public keys? I don’t see any major disadvantages to using blockchain for this, and significant advantages. It’s a big deal if no one can selectively remove/conceal previously published info. If associating a key with an email, and someone is trying to impersonate you, you’ll know it, it’s not going to be hidden from you and specifically shown to someone else. It just makes sense to do it that way. Yes, you have to trust something at some point, but this is a way to minimize how much trust you have to give.
I think the main pro of this system would be that it requires no trust. The immutability would be actually a con for privacy: if you’re burned or doxxed later, there would be hard evidence of your identity in the blockchain.
Except the trust of the source of the blockchain, or some certificate authority somewhere at some point, but ya, that’s kinda assumed as there is no way of making a “first handshake” that’s secure.
For me, it all looks like someone is trying to make a product rather than solve an actual issue.
This is solving a problem we DO have, albeit in a different way. Email is ancient, the protocol allows you to self identify as whoever you want. Let’s say I send an email from the underworld (server ip address) claiming I’m Napoleon@france (user@domain), the only reason my email is rejected is because the recipient knows Napoleon resides on the server France, not underworld. This validation is mostly done via tricky DNS hacks and a huge part of it is built on top of Google’s infrastructure. If for some reason Google decides I’m not trustworthy, then it doesn’t matter if I’m actually sending Napoleon’s mail from France, it’s gonna be recognized as spam on most servers regardless.
A decentralized chain of trust could potentially replace Google + all these DNS hacks we have in place. No central authority gets to control who is legitimate or not. Of all the bs use cases of block chain I think this one doesn’t seem that bad. It’s building a decentralized chain of trust for an existing decentralized system (email), which is exactly what “block chain” was originally designed for.
I’m glad there are authorities out there (like Google) that act as gatekeepers and track the worthiness of senders. Without that, there would just be no way to close the floodgates. Is Google the best company for that? It’s definitely one of the good ones for that.
No, you can’t forge emails easily as you say. Maybe DMARC isn’t perfect, but it works just fine. Attacks that bypass that are done on misconfigured systems, so human error, which can happen with any tech, the one from this post included.
Yes email is an old tech, but let’s not pretend like it hasn’t evolved. It’s not perfect, but it generally works. I don’t think you need to go fully decentralized, but some steps to have more than a single authority could be positive.
It puts Google Play/Services inside a sandbox so it doesn’t get any priorities and can have permissions revoked like any other app (internet access/storage scopes/etc)
There’s no way to sync contacts and calendars between an iPhone (and other mail clients) and protonmail. The app does one way sync from the phone to protonmail, but not the other way round.
8 years ago a feature request was made to add support for CardDAV and CalDAV, but even with the release of bridge it’s not there.
So iOS users have to resort to using other calendar services, or 3rd party bridges to enable it.
If you can remove the app from the TV, that may work. It’s probably polling for updates or trying to cache a picture or something for the login screen.
Just like every other app on your TV, Netflix probably has a running service that is collecting all of your viewing habits and piping it to Nexflix whether or not you have an account. (Smart TVs come with extensive terms and conditions that you probably agreed to.)
Smart TVs are cheaper these days mostly because the hardware costs are subsidized by having pre-installed apps like Netflix, Amazon, Hulu, etc. And yeah, they all want your data and they all want to participate in the advertising racket.
True. Would really help to get any form of storage medium of that into a real OS. But its probably built in, so removing might not work. This is the case for windows even
With the Fairphone you get more than just a replaceable battery. You get replaceable nearly everything. Also they do their best to ethically source the materials. In terms of ROMs there is also Iodé, also based on LOS, and if you go with a FP4 instead Ubuntu Touch.
Fairphone is known to have several hardware related problems, but they usually ignore or do not acknowledge them. Recently they tried to argue a hardware problem (ghost inputs) can be solved via firmware update, but of course it couldn’t. Additionally you lose support for device when using custom roms (even /e/os). They only support google Android. You could buy from Murena but they can not help with hardware or firmware issues. Fairphone is very to patch their devices in terms of security.
But google is google. I would never give them money.
I’ve always bought used phones anyway. With eBay/kijiji/others you can request the seller to enable OEM unlocking so you know it can be done and you don’t even need to boot it into android before installing GrapeneOS.
My experience, not many people are willing to do that for you. YMMV.
privacy
Active
This magazine is from a federated server and may be incomplete. Browse more on the original instance.