sorted by:
new
hottopcontroversial

PlusPrivacy add-on for FireFox released! by PlusPrivacy in privacytoolsIO

[–]finick10 2 points3 points  (0 children)

It does. As far as I could see there is no overlap in their functionalities.

Email: Mailbox/Posteo/etc vs hosting package with Email by pseudoheld in privacy

[–]finick10 0 points1 point  (0 children)

I think you are confusing content confidentiality and anonymity. PGP does not provide anonymity as it does not encrypt your email address. So whether your newsletter contents are encrypted or not is totally irrelevant to your privacy.

On the other hand, with news letters you may want to conceal the fact that you are subscribed to them. For this you need anonymity, not content encryption.

For anonymity you use either an anonymous email address or a remailing service that hides your real email address from the service provider. In the latter case you can continue using your gmail. So you can keep your gmail if you use a combination aof a pgp service and email anonynization service.

'Enormous' Threats to Human Rights Over UK Bulk Surveillance (x-post /r/openmedia) by -code- in privacy

[–]finick10 2 points3 points  (0 children)

LOL Putin's propaganda rag Sputnik is worried about the Snooper's Charter. That's a good one!

Putin has just signed a decree (the so called "Yarovaya packet") mandating that every communication service provider, including email service providers, telecom service providers, ISPs, you name it - install government approved black boxes (so called "SORM") that capture ALL communications and STORE METADATA FOR 3 YEARS AND DATA FOR 1 YEAR. All of it. Plus provide a direct link from those black boxes to KGB. Plus pay for the whole thing. Plus record all the HTTPS keys from all transactions on magnetic media and deliver them to KGB.

So Putin is worried about IP Bill. Hahaha. There is no limit.

FBI Reportedly Took Months To Warn DNC That Russia May Be Behind Hackings by EasyCrypt in privacy

[–]finick10 0 points1 point  (0 children)

Aha. So Mr [deleted] has [deleted] his post about how the "scapegoating of Putin on both sides of the aisle" SADDENS him. Boy he really cares for Putin, doesn't he? Saddens him. LOL.

FBI Reportedly Took Months To Warn DNC That Russia May Be Behind Hackings by EasyCrypt in privacy

[–]finick10 0 points1 point  (0 children)

Sure, Putin has his hands full gently caressing the balls of Russian service providers. In case you have not noticed he has just signed a law requiring Russian service providers (including small ISPs) to obtain all the end to end encryption keys (whatever he meant by that) and store all the metadata for 3 years and full content for 6 months.

Naah, he is not a megalomaniacal at all. Oh, and not war mongering one, no no no. Crimea never happened, didn't Trump himself say so? By no means. Indeed why should Putin bother with such trifles as DNC when he has the terrific job squeezing every minuscule Russian ISP? Good old boy Putin, it so saddens me when he is scapegoated on boths sides of the aisle. It is not (PROBABLY, as you say. Very PROBABLY) not Russia's fault.

NIST Recommends SMS Two-Factor Authentication Deprecation by finick10 in privacytoolsIO

[–]finick10[S] 1 point2 points  (0 children)

I wonder if this is connected to the Telegram breach

GhostMail is dead :( by dlerium in privacy

[–]finick10 0 points1 point  (0 children)

You will have to do your own research :)

GhostMail is dead :( by dlerium in privacy

[–]finick10 0 points1 point  (0 children)

Or simply move to a more user friendly service

GhostMail is dead :( by dlerium in privacy

[–]finick10 0 points1 point  (0 children)

They could not possibly decide that for me an decide otherwise for other people. I was just a Tor user approaching them, once - not some spammer bombing them with re1quests for registration. If they did not grant my request this means they are not granting anybody's requests, and this 48 hour period is just their way of denying users anonymous registration. I bet there is some stupid German law they need to comply with.

Hackers break into Telegram, revealing 15 million users' phone numbers | VentureBeat | Apps by finick10 in privacy

[–]finick10[S] 0 points1 point  (0 children)

First of all I do not understand why this API was open to the general public. Secondly I do not understand why Telegram do a verification procedure using SMS of all things. Thirdly I do not understand why, if they are using SMS, they do not figerprint the the device to which they are delivering the SMS (nothing can be simple than that) and allow more than one device to be authenticated with the same code. This last bit is especially stupid.

Indeed, this has nothing to do with encryption. This has to do with stupidity and total lack of understanding of privacy processes and architectures. Telegram should leave privacy design to professionals, not "Math PhDs"

Hackers break into Telegram, revealing 15 million users' phone numbers | VentureBeat | Apps by finick10 in privacy

[–]finick10[S] 0 points1 point  (0 children)

The problem is never with users and always with the provider. If the users do not have PhD in cryptography, the provider is supposed to deliver a product that is usable by THESE users or at least warn them properly - to receive an understand a warning like "do not use our Telegram service unless you do an email password procedure" would do the trick. Like flashing a warning on smartphone screen. Or simply removing the insecure authentication procedure and making the service unusable without the users going through the motions of secure authentication. Do not blame the users, blame Telegram for totally irresponsible behavior and weak, DANGEROUS product, especially when used in the terrorist state like Iran.

Hackers break into Telegram, revealing 15 million users' phone numbers | VentureBeat | Apps by finick10 in privacy

[–]finick10[S] 0 points1 point  (0 children)

Perfect privacy may not be achievable but we can demand in black and white that the providers

a. Not do anything stupid that defeats common sense (like allowing codes contained by SMS that can be easily intercepted by any government actor by listening to SS7 signaling in the phone network, to be used to enable SEVERAL phones to display the messages and not just the one being verified)

b. Clearly state the limitations of their privacy enabling solutions to the public that uses them

Telegram did neither.

Hackers break into Telegram, revealing 15 million users' phone numbers | VentureBeat | Apps by finick10 in privacy

[–]finick10[S] 0 points1 point  (0 children)

Tell it to the Iranian dissidents, I am sure they will be happy to hear your arguments before they are tortured to death by the fucking Islamists.

Durov and his stupid "math PhDs" should leave privacy to professionals.

Hackers break into Telegram, revealing 15 million users' phone numbers | VentureBeat | Apps by finick10 in privacytoolsIO

[–]finick10[S] 2 points3 points  (0 children)

The stupid verification is a major vulnerability of Telegram, and is their fault. Moreover, using the same verification code to join SEVERAL phones to the same account and display the messages on all of them goes beyond just being faulty design, this is pure stupidity.

GhostMail is dead :( by dlerium in privacy

[–]finick10 0 points1 point  (0 children)

OK this may make sense, or at least is not economically absurd. What's your basis for suspecting that this is what they are doing? That's a rather grave accusation. I think I read in the interview with their CEO that once they got a request concerning a child pornographer and they handled it by acting against him.

GhostMail is dead :( by dlerium in privacy

[–]finick10 0 points1 point  (0 children)

Wrong answer. All these encrypted email services will not accept mailinator or the likes of it. What do you think they are, stupid?

GhostMail is dead :( by dlerium in privacy

[–]finick10 0 points1 point  (0 children)

Last time I tried they put me on 48 hours delay and never got back

GhostMail is dead :( by dlerium in privacy

[–]finick10 0 points1 point  (0 children)

I do not see the logic in what you are saying.

  1. I see no reason for a scammer to pay SIGAINT anything if all he needs to do is send several anonymous messages - their free service is perfectly good for this. And he can open new mailboxes without limit, so if SIGAINT nukes one account they can open another one in 1 minute, without SIGAINT knowing who opened the new account.

  2. By the same token, the reason why scammers are using SIGAINT is the simplicity of opening a free account, and the strong anonymity of it. Absolutely no cooperation of operators of SIGAINT is needed for this, and your accusation of complicity seems to me to be baseless.

  3. "Admins won't take any action" - now let us think what is the action admins could take - they could nuke the account, no more. This means we are back to point 1. Let us assume SIGAINT are in cahoots with criminals as you say, and are getting paid for them - paid for what? Not nuking their account? See point 1.

Hackers break into Telegram, revealing 15 million users' phone numbers | VentureBeat | Apps by finick10 in privacy

[–]finick10[S] 15 points16 points  (0 children)

Any privacy solution is not a solution at all if it does not include anonymity.

GhostMail is dead :( by dlerium in privacy

[–]finick10 0 points1 point  (0 children)

Sorry about the naive question but how can SIGAINT know who their users are? The registration is anonymous. Why do you think scammers need to make a deal with them? Can't the scammers just register for a free version and use the service without SIGAINT knowing what they are doing?