My biggest issue wouldn’t even be the kernel level access, but the fact that the stuff is written and tested by no one in particular. The possible bugs are the issue for me.
If that thing would be bullet-proof, hackers trying for years to break it without success, yeah. Ok. I could be convinced. If it is cracked after two days already… Then nope.
@zaknenou@privacy it usually uses Diffie-Hellman key exchange which generates a shared key without revealing it to anyone. There are other ways to do it too.
You are describing symmetric encryption where both parties have the same key. There is something called asymmetric encryption that solves this. Basically you have a public key and a private key. You can give your public key to youtube, they can use that key to encrypt the symmetric key that will be used for the actual communication. The only way to decrypt the symmetric key is by using your private key, which is only known to you. So youtube can safely send it to you so you can decrypt it. Now you both have the same key and nothing was sent unencrypted.
Well your public key was sent unencrypted but that’s fine because of how asymmetric encryption works.
Okey, it’s like this: You and youtube both generate two keys, public and private. Public keys are public, anyone can see them. Doesn’t matter. When you send a message to youtube, you encrypt it with their public key. Now, the trick is, the encryption is asymmetric, which means that the message can only be decoded if you also know the private key, which you never send anyone but keep hidden. Right? This way, as long as your private key is secure, you can not realistically decode the encryption from outside just knowing the public key. Thus setting up a secure connection is just an exchange of public keys.
But when Youtube shares the key with me/my client the first time, is that also encrypted?
Here’s an explanation of what happens during the initial TLS handshake.
…if ISP automated the process of gathering keys and decrypting web traffic for a certain site with them for all users, would that work for them?
Not sure this is exactly what you’re asking, but there’s the concept of forward secrecy for defending recorded encrypted traffic from future key compromises.
One thing to think about is the encryption quality of a zip file, which I ignore.
One danger that I see is that you have the risk of having the passwords on the clear all over the place many times. Not an expert so don’t quote me on this, but password managers are careful avoiding passwords on the clear as much as possible.
I don’t trust any online service for that, I am using keepass/syncthing for myself, with android as the only client decrypting (as I always have my phone with me). one example of advanced security measures is that while using the app I can’t take screenshots, and I hope/expect that it uses images backed by secure memory to show them to me and is careful with things like RAM and temporary files (didn’t check personally though, although being open source I could)
Having to be sure that your zip app handles that seems like a hustle honestly. On top of having random passwords without the biases I would add for each separate site.
I suppose there’s nothing wrong with it when the file is at rest, it looks like zip uses AES 128 or 256 which are adequate if you have a very strong password for the encryption. Ideally the encryption would feature a computationally intensive algorithm to slow guessing attempts when attempting to decrypt so you probably don’t want to use a weak password.
Usability won’t be great, you’ll be copy pasting constantly and that presents an opportunity for malware to spy on the paste buffer and steal your passwords but it’s a low to medium severity issue.
If you want to keep everything local I’d recommend KeePass, it’s free, open source, and very strong. It’s kinda the same thing but with the ability to insert passwords directly in some cases and can do more to keep everything organized.
If you want to use this in environments where you can’t install anything on the systems but don’t want anything online, this is probably acceptable though.
Lemmy is, like a lot of Fediverse platforms, about as private as it can be. There’s no trackers, you’re not forced to use real names or any other identifying information, no adverts follow you from site to site, no browser fingerprinting and no instance owners are trying to sell your data.
Beyond that, what you choose to say on Lemmy is your responsibility and yours alone.
I personally enjoy that this sort of information is public, it keeps people honest and gives a tool to use against bad faith actors. People lie. Besides, it’s not like anyone’s forcing you to post personal information online. Some level of responsibility needs to be put on the user.
Meh just another crappy rootkit game that doesn’t even fully prevent cheating at the cost of undermining system security. But for worse or worse, the entire playerbase doesn’t care about their data being bought and sold for immense profits they get 0% of.
Nope, reading people’s history is the number one reason i liked Reddit and now lemmy. It’s just anonymous enough that you can keep your private life separate, and having a comment history stands in as an online barometer of who the other people your talking to are generally like
South Carolina is offering free genetic profiling that does a full sequence and gives you health information and ancestry. My wife shared it to me and waited for me to go off about handing that information over to the government.
I didn’t even blink before saying let’s do it. Privacy is an illusion. Anyone that wants my DNA can get it by grabbing a discarded cigarette butt. The police do need warrants because they can just buy whatever information they want on you.
In the open source software movement “information wants to be free”. That applies to personal private information too.
When I went to the doctor about getting vasectomy they asked “Are you sure you don’t want to have any children?” “I decided at 13 that I should never have children. I knew that a 18 no doctor would touch me. I’m now 40 and you can’t argue with me.”
My wife made the same choice when she was 24. There will be no children. We have covered that on both ends.
And that’s where you and I disagree. Just like there’s a difference between public and private property, there’s a difference between public and private information.
privacy
Active
This magazine is from a federated server and may be incomplete. Browse more on the original instance.