• 133 Posts
  • 575 Comments
Joined 4 years ago
cake
Cake day: July 26th, 2020

help-circle

  • Ogólnie rzecz biorąc masz rację.

    w kwestii emaila chyba tylko przez TORa to może być bezpieczne (ale też nie w 100%).

    To “nie w 100%” wynika np. z tego, że z Tora skorzystasz między swoim klientem/przeglądarką, a infrastrukturą usługodawcy (np. ProtonMaila). Ale już mail z Protona wysłany na jakiś inny serwer idzie zwykłym SMTP (z STARTTLS jak dobrze wiatr powieje). Nie słyszałem, żeby serwery mailowe implementowały Tora do komunikacji serwer-serwer.

    Bo z tego, co rozumiem, to z pgp też metadane da się wygrzebać

    Tak, OpenPGP jest dość “głośnym” protokołem. Najlepiej przenieść się na coś innego, jak Signal, albo Simplex. Szyfrowane maile są pewnym kompromisem w sytuacjach, w których mail musi być wspierany. A generalnie nie ma dobrego, szyfrowanego, prywatnego zastępnika maili, niestety.








  • I am not saying they are mutually exclusive.

    I am saying that the focus of this article seems to be on blaming the victims instead of demanding accountability from providers of the tools making these scams possible. The article treats these tools as some inevitable background, part of the environment – but in fact creating them and making them publicly available is a choice and a business decision of for-profit corporations, making bank on scammers using them to scam people.

    So while these approaches are not mutually exclusive, the focus is dreadfully misplaced. It’s like saying “You Need To Wear An Air Filter At All Times” instead of calling out the companies making the air unbreathable.

    And that’s something I object to on a very basic level.










  • I still think that fedi will help, and in fact I am pretty sure it is helping already, simply because it is quite decentralized. Blocking 20k+ instances is not trivial. And each of these instances is an entrypoint, so to speak, into the broader fedi. Missing even one is thus a big deal. If my instance is blocked, I can set up an account on a different one, follow the same people, and I am back in business.

    At the same time all these instances are run independently. One can’t simply threaten the whole fedi to force it to do a thing (say, take down an account), this just does not make sense.

    Compare and contrast with centralized services like Facebook, gatekeepers like Cloudflare, and so on. Threatening one big entity with problems might be enough to “convince it” to take a thing down.

    The reason governments and other powerful entities are able to control the information flow is because there are these hugely important single points of failure. Fedi is not perfect (mastodon.social is way too big for its own good…), but it is a step in the right direction.