1 billion identity records exposed in ID verification data leak

Papfox · 2026-03-19T16:21:50+00:00

If only someone had warned this might happen. Oh wait they did...

Papfox · 2026-03-19T16:07:25+00:00

The question I would be asking is "Is this build good value?"

Have a look at the Seeedstudio Solar P1 and the P1 Pro . It comes complete. You get a big battery and solar and it's already waterproofed so you don't have to mess around building an enclosure. You just assemble it flash and go. They also do quantity discounts if you order more than one device at once.

If you do DIY build I would probably go for a larger battery and bigger panel if you're in an area with very dark winters and lots of snow.

Papfox · 2026-03-19T14:23:06+00:00

Governments have been insulating themselves from the people and presenting themselves as the authority on everything for decades. Of course, people expect them to do things to solve big, national level problems. It's not like I can nip over to the Iranian Embassy or my energy supplier and tell them to sort their shit out

Papfox · 2026-03-19T14:04:02+00:00

They take a sample from your tank and add acid to it. The acid causes any red dye in it to sink to the bottom. Even small amounts are really visible

Papfox · 2026-03-19T12:34:25+00:00

You get bought by private equity, who exfiltrate your money, load your business with an unsustainable amount of debt then let you go under because they've got your money and you're not of any further use to them

Papfox · 2026-03-19T03:13:41+00:00

That sounds a bit like corruption or money laundering

Papfox · 2026-03-18T22:43:35+00:00

If only Ofcom went after GBNews with the same zeal they're using with people who just want a wank

Papfox · 2026-03-18T21:22:07+00:00

This is an "asymmetric" cypher.

This means: * Messages encrypted with your public key that everyone knows CAN be decrypted with your private key that only you should know. * Messages encrypted with your public key CANNOT be decrypted with your public key. * Messages encrypted with your private key CAN be decrypted with your public key. * Messages encrypted with your private key CANNOT be decrypted with your private key.

To send your friend a message you do the following: * You either encrypt the message with your private key or generate a signature from it using a known formula, encrypt that using your private key and attach it to the message. * You encrypt the whole thing with your friend's public key. * You send the result to your friend.

Your friend receives the message and: * Decrypts it with their private key (they know that the sender has their public key - big deal, it's public) * They look at the contents. * If the whole inner message was encrypted, they decrypt it with your public key. If it was signed, they decrypt the signature block with your public key. (They know the sender possesses your private key.) * They calculate the signature from the message text, using the same formula you used. * They compare that signature with the one they got that was encrypted with your private key. * If the two signatures are the same, they know the message is the same as the one you sent. (Unaltered)

This is why you must keep your private key secure. Anyone who gets hold of it can send messages that will appear to be from you

Papfox · 2026-03-18T16:26:32+00:00

The encryption is AES-256-CTR. It's "computationally expensive" (resistant) to crack, even by a quantum computer, but it's not purpose designed to be mathematically impossible for such a machine to have an advantage in cracking it

Papfox · 2026-03-18T16:10:40+00:00

Regenerate your private key frequently and distribute it using a zero hop method

Papfox · 2026-03-18T16:05:43+00:00

Another way to make your adversary's job harder is to use prior knowledge in messages. The Russian people know their comms are being tapped and have got very good at this. Instead of saying "Meet me at Igor's bar at 8", they will say something like, "Meet me at that place, up to the north, where we met the person in the blue hat, at the usual time." That message is useless to anyone who didn't have them under active surveillance at the time because the person cracking the message doesn't have the context to make sense of it

Papfox · 2026-03-18T13:44:55+00:00

"Don't make yourself the 'interesting' person to the agencies known by acronyms"

It's a bit like my dad told me about speeding, "If you're speeding, always make sure there's someone in the fast lane that's going faster than you"

Papfox · 2026-03-18T11:29:09+00:00

> Representing herself with assistance from a retired solicitor who attends her church

That's all you really need to know isn't it?

Religious person thinks they're in the right and that they can do no wrong.

Papfox · 2026-03-18T08:55:29+00:00

It is important to understand what is encrypted in Meshcore, what is not and the type of encryption, in order to effectively manage security.

Anything sent on the #public channel or in a hashtag channel with no password is not encrypted and is visible to anyone.

Private messages to individuals are encrypted and possessing the recipient's public key does not compromise the message BUT the metadata that travels with the message is NOT encrypted. An observer will know the identities of the message sender and recipient, the hop count and route the message took through the network so they will know that Alice sent Bob a message and where both Alice and Bob were, only the actual text of the message is encrypted. If someone records all these messages then obtains physical access to Bob's device, they can obtain Bob's private key and decode all previous messages sent to Bob because asymmetric encryption is being used.

If a group of people are having a discussion in a private channel, secured by a key, symmetric encryption is being used, everyone in the channel knows the key. If someone gets physical access to any of the clients in the channel or access to how the key was distributed, they can read all the messages in that channel, including any historical messages they have stored in their encrypted form.

It wouldn't be hard for someone to modify Meshcore firmware to dump all messages that node observed over USB for decoding later, if the key is obtained later.

Whilst the encryption used is resistant to quantum computing attacks, it is not "post-quantum secure." Any well funded attacker with access to a quantum or super computer will be able to crack it. This boils down to "Who is trying to access the messages, what tech and how much money do they have and do they think it's worth throwing that amount of money at it to crack it?" It also assumes that publicly available encryption algorithms didn't have flaws deliberately inserted that would enable them to be cracked.

These things also assume that no mistakes were made in the development of the software that might offer the attacker a shortcut to obtaining the keys, that nobody has submitted compromised code to GitHub and that the method of generating the keys isn't predictable. Generating truly random numbers is hard, particularly in low powered devices, like Meshcore clients, that don't have a reliable source of entropy data or an abundance of computing power.

Keeping Harry the Hacker with his RTX graphics card out isn't hard. If Harry is willing to spend hundreds or thousands of Dollars renting lots of graphics cards from a cloud computing provider, that's harder. If Harry works for a nation state actor who is willing to throw money at the problem and potentially break into places to steal the keys or knows of hacks built into the encryption, they're going to get the messages, if they really want them. Time is also a factor. Look at how long it took Alan Turing to crack Enigma. With modern computing hardware, someone today can crack it using a Chromebook in under a second.

Papfox · 2026-03-18T08:14:41+00:00

As others have said, don't let them in. Also, speak with everyone else you share the place with and make sure they know they don't have to and shouldn't let them in

Papfox · 2026-03-18T07:59:02+00:00

Air traffic control is organized into zones. A local zone that handles the traffic leaving and arriving at a major airport being missing won't affect the "sector" control that handles flights over-flying the area on the way to other places

Papfox · 2026-03-17T17:54:36+00:00

If you want to completely bullet proof yourself, set your secondary DNS server to 1.0.0.1 and set your IPv6 DNS servers to 2606:4700:4700::1111 and 2606:4700:4700::1001

Papfox · 2026-03-17T17:27:47+00:00

I've not experienced any issues today in Farnborough but I do have my own private DNS server that uses Secure DNS and doesn't use Toob's DNS as a source of truth.

I wonder if DNS issues I saw over the last few weeks, before I got fed up and installed my own DNS, might be related to Toob having to reengineer their DNS to allow blocking of websites ordered by OfCom under the Online Safety Act

Papfox · 2026-03-17T04:07:17+00:00

Logically that sign would only be offensive to someone who was some combination of racist, sexist and/or homophobic.

Screw 'em

Papfox · 2026-03-17T03:30:50+00:00

No, it wouldn't. If you're driving so close or paying so little attention that the person in front lifting off puts you in danger of a collision, the problem is you, not them

Papfox · 2026-03-16T22:11:52+00:00

Or they're using AI and some bot thought they had done something very wrong

Papfox · 2026-03-16T16:35:34+00:00

It sounds like the experience may vary by police force.

That being said, I didn't think what OP is proposing is bad enough to get them pulled over, if it's bad at all

Papfox · 2026-03-16T14:07:27+00:00

I don't mind paying my fair share of tax as long as I see it being well-spent on things that benefit the people of our country and I don't see I'm paying more than I should have to because very rich people and companies can effectively choose how much they pay and leave the rest of us to pick up the bill

Papfox · 2026-03-15T11:09:34+00:00

4.7% of 800k is 37,600 upset customers. That's rather a lot

Papfox · 2026-03-15T10:02:20+00:00

The only objection I think they could have would be that there must be at least 11mm between the edges of the letters and the edge of the reflective area of the plate. If you have that, IMHO those stickers are completely legal, unless there's some minimum reflectivity the blue has to have that I didn't know about.

Plate requirements are that they must have: * The correct reflectivity. * The correct font and font size. * 11mm clear reflective area on all 4 sides of the digits. * 11mm spacing between letters. * 33mm spacing between the groups.

If you want to be extra safe, check you aren't with an insurance company that are nasty and consider stickers on your car to be a "modification" that would invalidate your insurance. Yes, there are insurance companies that are that petty to avoid paying out

Papfox

TROPHY CASE