IT security student. Programmer of digital duck tape, learning to write digital plumbing. Aspiring cryptographer. Personal research interests include zero-knowledge credentials (to counter online antisocial conduct while protecting privacy) and AV/image non-repudiation (to counter deepfakes).

Anti-exceptionalist egalitarian. Empirical pragmatist: evidence over ideology, results over rationalization. Theory is as good as the least of its falsifiability, its internal consistency, and its withstanding of attempted disproof. It is as useful as one is willing to revise or replace it when it falls.

  • 2 Posts
  • 4 Comments
Joined 2 years ago
Cake day: June 13th, 2023
  • David@infosec.exchangetoPrivacy@fedia.io#GoEuropean: mailbox(dot)org offer for switching to the European alternative
    1·
    2 months ago

    @[email protected] Dear @[email protected], @[email protected], and @[email protected],

    If you want to collectively take a lot of business from Google and Microsoft:
    0. Create, for each of your companies, one or more APIs for SMTP, IMAP, CalDAV, and CardDAV bridges, running on customers’ hardware.

    1. Create a non-profit trade association to pay developers to create turn-key open-source bridges for each platform, supporting each major desktop and mobile OS, requiring no user technical knowledge, and supporting all the APIs mentioned in step 0.
    2. Create video tutorials, and written guides with screenshots, for installing setting up the bridge software in step 1, requiring nothing more complex than setting up a Google account in Apple’s software on an iPhone.

    Do this, and not only can I access my Mailbox, Tuta, and/or Proton accounts in the same GUI app as my work email, contacts, and calendars; as my university email, contacts, and calendars; and as my Gmail I use as a bin for promotional content (as from “download our free whitepaper” or “use our guest WiFi”).

    More importantly, do this, and I can set up every non-technical client with an equally convenient and familiar way to use one or more of your European privacy-centric services without any disadvantage relative to their current Google and Microsoft accounts.

    #privacy

  • David@infosec.exchangetoPrivacy@fedia.ioApple ordered to open encrypted user accounts globally to U.K. spying.
    4·
    4 months ago

    @[email protected] @theverge This is a #nationalSecurity disaster in the making, and a personal #cybersecurity disaster for hundreds of millions. The moment a server to person with access to keys gets compromised, the data exposure will make the #SaltTyphoon breach seem like one of those times a cop or journalist leaks the gender of a source through a pronoun. The data currently protected by #E2EE is much of the most sensitive data there is.

    The assurances provided by iCloud #AdvancedDataProtection have undoubtedly led to its being trusted with data which would harm the UK by falling into MSS/PLA and SVR/GRU hands: and that can’t be prevented if the UK’s imperial global surveillance law is complied with.

    #Apple would be better off blocking iCloud access in the UK, and explaining on Apple devicesin the UK why that is necessary, till that Investigative Powers Act amendments are rescinded.