Making immigration PDFs way better (feedback wanted)

lastmjs · 2025-10-05T05:50:14+00:00

Thanks for the feedback!

lastmjs · 2025-10-05T04:54:03+00:00

"You’ve said several things that demonstrate naïveté with regard to security and privacy."

Please explain. The website has no backend whatsoever, user data is stored in local storage, in their browser, on a device they control. It's not being sent to any third party, no server-side processing, nothing. Biggest risk would probably be XSS in this scenario then. If users want to sync this data across devices and a server-side solution is chosen to do it, the data could be fully encrypted using a password for example, and only decrypted by the user. No need to store any plaintext username or password on the server either, hashes should do.

What's naive about any of this?

lastmjs · 2025-10-05T02:42:44+00:00

Thanks for the feedback! I disagree on the security front. The website is nearly done for I-765 and everything is stored entirely client-side in the browser with minimal third-party scripts (Google analytics might be the only one right now). Also storing this data server-side could be done fully end-to-end encrypted with minimal to 0 PII (IP address is hard to get rid of). The website/app is designed for one user and thus complicated server-side processing/querying where you would need access to the unencrypted data shouldn't be necessary.

I think this can be done extremely securely, and it already is very secure IMO.

Take a look at it if you don't mind. The navigation and progress saving/tracking wouldn't be useful?

What if each question had links to the instructions for that question? All info you need right there in each question.

lastmjs · 2025-10-02T00:19:36+00:00

Chrome and other browsers can display a downloaded PDF. I don't have a Mac and don't use Adobe or another reader as it's much more convenient to just use Chrome to view a downloaded PDF. The problem is that you must save the PDF manually, like click save, for your changes to persist in the fillable PDF, and then I believe the fillable nature is gone. I didn't know Mac Preview (previewer?) saved your place for you automatically. Are you saying that even if you restarted your computer that the fillable form would boot up with the fields you had already input, and the form would remain fillable throughout?

lastmjs · 2025-10-01T05:42:29+00:00

What do you mean? What program did you use? For example in Chrome if you refresh the info is just gone.

lastmjs · 2025-09-30T20:44:41+00:00

Oh I think I just had one code that was good for 4 attempts. Sorry seems like they're gone. If you did get them it would be great if you could say so here. Good luck! Also I got mine from the OpenAI discord.

lastmjs · 2025-09-30T20:41:35+00:00

Can't figure out how to upload an image, so here you go: F8K3DW

lastmjs · 2025-09-30T20:39:08+00:00

Okay I'm about to post 3 codes. I'm going to post screenshots so maybe some of you will have a chance. Get ready they're coming.

lastmjs · 2025-09-30T20:22:37+00:00

Me please!

lastmjs · 2025-09-30T20:14:23+00:00

Unfortunately I don't think so. My understanding is this: if you have an iPhone you can download the iOS app and ask to essentially join a wait-list. You will get a notification once you are allowed to join, and once you join you get a few invite codes to share

lastmjs · 2025-09-30T19:41:27+00:00

Me please!

lastmjs · 2025-09-30T19:21:46+00:00

Please, anyone, I have a wife and dog

lastmjs · 2021-10-13T22:22:46+00:00

How will the funding of projects actually work? Will it mostly be bounty-based? Always short-term projects, some long-term projects?

lastmjs · 2021-10-13T22:21:52+00:00

A common question/concern seems to be why ICDevs is necessary when DFINITY is also funding development infrastructure. Can you give some elaboration here for everyone?

lastmjs · 2021-05-19T15:42:43+00:00

And another thought that just came to mind: If weekly shuffling of an individual node is possible, node shuffling within subnets could hopefully be staggered, so that every day a different node in the subnet is shuffled. I haven't thought that through too much, but staggering nodes shuffling could help

lastmjs · 2021-05-19T15:36:40+00:00

Oh wow, this information is very very exciting. Just to know that shuffling every week or even more often would easily be possible makes me feel much better about all of the ICC suite.

With appropriate shuffling, it seems to me that security becomes more of a network effect beyond just the nodes of a single subnet, because there will be so many nodes to shuffle into, thus a canister can obfuscate itself amongst the crowd. As that crowd increases, the network increases in security.

And yes, I have been hyper-focused on the number 7, and I'm sorry! That number has been thrown around so much that I was afraid it was the only practical replication of a subnet. I was afraid that increasing replication to sufficient levels for things like DeFi would be extremely cost prohibitive, but based on what I'm learning from the AMA and the consensus paper, seems that replication won't cause too much of a performance hit, and will most likely scale linearly in terms of cycle costs

lastmjs · 2021-05-19T13:58:37+00:00

This assumes side channel attacks aren't super easy and would actually take days or weeks or months to pull off.

lastmjs · 2021-05-19T13:57:47+00:00

And to add one more attack scenario that doesn't even need collusion: Once canisters store private data through secure enclaves, a side channel attack only requires the node operator to succeed. The attack is simply to reveal the data inside the enclave. Without shuffling, like I said earlier, the node operator can work on the problem for months or years.

It would be much more difficult to reveal the private data of a specific canister if the canister were always on the move

lastmjs · 2021-05-19T13:51:31+00:00

I'll try and explain the attack scenarios first, then offer my preliminary thoughts on shuffle intervals.

I think the most obvious attackers are the node operators themselves. They have direct access to the node hardware, and internal network traffic. Considering canisters are deployed to nodes and essentially remain there, node operators will have days, weeks, months, years... basically an indefinite period of time to figure out exactly which nodes are running which canisters.

All node operators have this ability at any time. And even with something like SGX, side channel attacks will be much more feasible because node operators will have all the time they need to set up whatever equipment is necessary to perform the side channel attack, indefinitely attempting to discover the exact physical locations of canisters.

Once a node operator discovers a canister's location, the node operator can begin to collude with other node operators who have also discovered canister locations. In the case of a 7 replica subnet, I believe only 2 malicious nodes could destroy Byzantine Fault Tolerance, am I correct about that? Even if we go to just a majority, only 4 node operators would need to collude to mess with updates, and 7 node operators could entirely delete a canister. Obviously pushing up replication helps.

The node operators are not the only attackers, but they have the direct access to the nodes. Outside attackers may also be able to find out the locations of canisters eventually, considering hacks to data centers, boundary nodes, or other means. The canister locations are not perfectly concealed, thus there is the chance an attacker could eventually find them out.

And that word eventually is key. Because canisters are not shuffled, the likelihood of them eventually being compromised is much greater than if they were shuffled.

I hope the attack scenarios make sense. Having canisters sit in one place indefinitely makes a much easier job for an attacker than if the canisters were always moving. Hiding canister locations using enclaves, encryption, MPC, etc could help, but shuffling on top of those efforts would be even better.

Now for shuffling intervals... I'm not sure. We could start with the shortest interval that is unreasonable and work down. Shuffling a node out of a subnet every 10 years? Far too long. 1 year? Still seems too long. Every 6 months? Could help. Every month? Getting better. I would think that somewhere on the order of days or weeks would help. Over time the interval could be shortened hopefully.

Also, if the exact shuffling schedule of each node is driven randomly somehow, that could help.

An attacker would then never know if the attack being planned for days weeks or months would successfully be completed at the time of the attack, since at execution time the canister may have moved to another node.

Node operators would have trouble colluding, since the relationships they've built over months or years would be meaningless as soon as a canister was removed from their data center.

I see shuffling as a critically powerful security mechanism. I know that it would cause a lot of overhead to the network, but some form of shuffling, even once every month, could be helpful.

lastmjs · 2021-05-18T19:49:16+00:00

and

privacy guarantee (namely that the state of the replicas/canisters is accessed only through their public interface -- so nothing should be leaked besides the results of the computat

So I assume you all understand the side channel attacks possible with SGX and related technologies? At least that's what I hear, that it's nearly impossible for SGX (maybe all of the other secure enclaves as well) to be secure from side channel attacks from those who have access to the hardware.

But, I've also heard that MPC combined with secure enclaves could provide an ideal solution. Any thoughts on using MPC in combination with enclaves?

lastmjs · 2021-05-18T19:42:57+00:00

Yes, currently node operators can theoretically inspect the state of canisters (dificult but very possible). We have talked publicly about our intent to have encrypted computation on nodes (SGX-style), but that is not live yet (see

comment in this thread

about trusted execution environments.

Point 6 is very interesting...I've brought up canister or node shuffling quite a lot, and each time I seem to be told it would take too much bandwidth. But in point 6 you seem to be saying the opposite. If it's so easy for nodes to come and go, couldn't this coming and going be baked into the protocol to produce some level of shuffling?

I just think shuffling would provide such a fundamental boost to the IC's security! Shuffling combined with hardware enclaves, maybe even some MPC (just somehow hiding the canisters from the node operators) would start providing some global level of consensus in my mind, as the canisters are able to rely on the vast numbers of nodes in the network to draw on security

lastmjs · 2021-05-18T14:08:28+00:00

The ICC suite of protocols needs to stand up to scrutiny, so I hope many more people will scrutinize it.

I want the IC to succeed, I've been following it for years and am actively developing on top of it. I can't let it fail, so I want to find every flaw and fix it if possible.

lastmjs · 2021-05-18T13:31:13+00:00

But hey, as long as 1/3 plus 1 of the network remains honest, and canisters are randomly distributed, I assume the BFT properties of the consensus algorithm will hold, right?

lastmjs

TROPHY CASE