Hey everyone!
-
Hey everyone! A couple good things to remember:
Signal is your friend! https://signal.org/
Be careful about what you post on corporate and federated social media. You don't need to self censor but you should take extra spicy discussions to something like Signal!
(people: please feel free to add hot tips for helping people keep things private!)
EDIT: It's definitely worth pointing out what I mean about "spicy". Expressing frustration in a way that could easily be misinterpreted by law enforcement? That's spicy! Planning a safe, legal protest? I'd argue that's spicy! That's the sort of thing I mean by this. No encryption or software is perfect; consider the level of risk when utilizing the tools.
But broadcasting stuff on social media can carry a lot of risk, so just... you know.
#security #secureCommunications -
@aud your whole group of friends should setup accounts on proton.me. You get secured email, drive, vpn and collaborative document writing.
Be aware that this company will comply with Swiss law. They can't give anything more than metadata to authorities though. They don't have access to your actual data.
-
Asta [AMP]replied to Asta [AMP] last edited by [email protected]
It's true that a lot of servers in the fediverse are probably run by cool people, but remember that everything you say is copied many, many times over to many, many different databases. For example, my single user instance here federates with like, 11,000 fucking instances, I am not joking. That means this little post could be copied into 11,000 databases, give or take, depending on the nature of the instances I'm federated with.
So in theory, let's say I posted something, like, I dunno, "fuck dtolnay". Any one of those servers could take offense with that and be shitty to me about it. And I don't control their retention policies.
So! While we don't have to worry about Mark "My Cold Dead Eyes Are The Mark of the Beast" or Elon "I fucked my own cybertruck and liked it" being shitty about our stuff here, it's not a bad idea to consider the nature of the fediverse when writing spicy things that could be prone to misinterpretation.
#activityPub #fediverse -
@aud
lol.
If your phone does fancy auto-correct, what you type into signal is sent to google, apple or microsoft server.
Chinese activists have been asking for a builtin input method to close that loophole in vain.I mean sure, it's better than nothing but it's no silver bullet
-
There are no secure DMs in the fediverse; this is basically the equivalent of walking onto a street and chatting with a friend. Whether anyone hears you is just about whether or not they're listening.
So! The safest data is the data that never existed. So don't rely too much on DMs; switch to something else!
#activityPub #fediverse -
@[email protected] I would say this is more about "privacy" than "security", unfortunately/fortunately. Even without knowing the specifics of when and how data might be sent to external servers, there's already no silver bullet. There's always 0 days for both Signal and the various OS it's running on to begin with. I mean, if you're running the app on a computer, screenshot tools can also void the security idea.
Still, social media as it stands today is an especially poor 'private' medium for communication. Admins can read your shit, etc. And also the nature of federation means that message is going a lot of places. -
If you want things private, you should... probably be careful about using the Signal app on, say, a machine with auto-screenshot capabilities built right in, too.
#windows11 #windowsRecall -
@aud tell that to the journalist who said to their chinese source "yes yes signal is secure, no one will know" and a couple weeks later the source is gone.
The only spicy thing one should speak about on signal with a phone default virtual keyboard is their grandma chili recipe. -
Asta [AMP]replied to gkrnours last edited by [email protected]
@[email protected] I don't mean to suggest you're not being helpful or that you're wrong but could you please try and provide a constructive suggestion? My nerves are absolutely fucking frayed at the moment and I don't want people broadcasting shit they don't need broadcasted and I'm definitely not at fucking fault for the state control of resources in China. Do I think the US telecom industry ISN'T compromised? No, we know it is. Does that mean you can't say something "fuck trump" on signal? No, no it does not. So please keep the perspective here.
"Don't say anything too spicy through ANY messenger" is a good constructive one, for instance. There are levels of "spiciness" and there are bad ideas, better ideas, and worse ideas.
I am not happy. I am trying to be proactive to help people AVOID talking themselves into trouble. My patience for your tone is short. I had nothing to do with that. Anyway, if I'm wrong, great, please provide another way or discuss some of the things people need to keep in mind or ANYTHING. The situation w/ regard to people being disappeared by the feds here in the US isn't at that level currently, so this suggestion should be taken with that in mind. But don't fucking snark at me at the moment. -
@aud oh, I assumed by spicy you meant stuffnlike taking inspiration from critically acclaimed video game final fantasy VII. Nevermind.
f-droid have a collection of open source virtual keyboard
-
@[email protected] ah, no. Well, I am being somewhat vague on purpose because I don't want people to be like, "look, she's advocating for ||redacted||!", so, I can definitely see how it comes across that way.
I guess maybe the best blunt advice would be, "say spicy shit on Signal, and don't say incriminating stuff at all" but. I think it's safe to say that people shouldn't be taking advice from me about blatantly illegal suggestions. cough.
Sorry for the going all spicy mode on you, for that matter. I'm tired and wasn't sure why you were hitting that point so strongly. I see why now, though. -
@[email protected] I'm worried, a lot, about someone saying something dramatic that will be taken the wrong way (definitely the time people might do it and definitely not the time be broadcasting it), or even planning legal protests or civil disobedience measures in public because law enforcement gives 0 shit that it's legal and will happily monitor open channels and twist it to fit their whatever. Plus I doubt I trust all 11,000 admins enough to be think that keeping copies of that kind of stuff in their database is a good thing.
So... that's more of where I'm coming from. -
@aud
I honestly think signal + an open source virtual keyboard is safe.
I'm worried because I fear signal + a keyboard shipped by manufacturer is a recipe for self incrimination. -
Cassandra Granade 🏳️⚧️replied to Asta [AMP] last edited by
@aud Also spicy: planning on or helping with getting an abortion.
Also spicy: DIY HRT.
Also spicy: who the fuck knows what's about to become spicy, so it's awesome to have defenses set up well in advance.
-
Asta [AMP]replied to Cassandra Granade 🏳️⚧️ last edited by
@[email protected] When it comes to data that is stored indefinitely, you're always fighting against not just the technology and laws of today, but the technology and laws of the future.
-
@aud The only moderately secure DMs on the Fediverse would be either separately end-to-end encrypted, or sent strictly between single-user instances. (And even in the latter case, anyone with access to the hosting technically *could* look.)
Any privacy on the Fediverse is based on a gentleman's agreement not to peek.
If you treat it as such, then you won't be disappointed.
-
@[email protected] Agreed! Plenty of absolutely fine things to say via DM, so long as you don't mind the admin peeking in. They're not particularly private by nature, and they are definitely not secure, but that's all you need for a lot of stuff.
-
propapanda :verified:replied to Asta [AMP] last edited by
@aud yup
-
@aud Most people hopefully already know this, but: Signal has self-destructing messages. Use them, but beware people can still screenshot.
-
Asta [AMP]replied to propapanda :verified: last edited by
@[email protected] ... wait, I'm federating with half the fucking fediverse on my single user instance?
alright, well, one, props to the API for being surprisingly low bandwidth, all things considered, despite the degree of federation, and two that's a lot of copies of my shitposts in a lot of databases.