infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

@algernon Akkor még ezt tudom ajánlani, félelmetesen jól összerakott anyag: https://www.youtube.com/watch?v=CblRz5C4fVg
this post | permalink
@algernon https://www.youtube.com/watch?v=FHKI6fHkyFM \m/
this post | permalink
Neptune's Spatuala is a great scene about care and quality (see how I carefully avoid the A word?):

https://www.youtube.com/watch?v=eYeNKdJhk98

IT people should watch more Sponge Bob!
this post | permalink
"some risks for users facing a strong adversary, such as a government focusing all its resources on a very specific target"

Translation: The police has to write a carefully worded mail to Switzerland.
this post | permalink
@troed @Viss I only suggested Gmail as an extreme example for this particular case. I have no problem with e.g. Fastmail, as they don't oversell what they do.
this post | permalink
@obivan @CravateRouge @floriann @Viss @bhhaskin Yes, the donation page of Anna's Archive is quite educational.

My point is exactly that these businesses couldn't exist if they actually lived up their users expectations (that are mostly set by the same providers via marketing).
this post | permalink
@troed @Viss It's not hard to tell you are personally invested in this service, that's OK. As I stated, this is not a Proton problem, but unfortunately the market they are operating in shouldn't exist in the first place, because the whole thing is built on illusions. As we say around here, they don't necessarily _lie_, they just don't elaborate on all aspects of truth...

There may be some users who fully understand the tradeoffs, but they would certainly not be a viable business if they were the majority customers.

Thanks for the Threat Model link, I read that a couple years ago, but I'll do a refresher sometime.
this post | permalink
@obivan @floriann @Viss @bhhaskin Cool, so offering credit card as payment option is basically a footgun they provide.
this post | permalink
@troed @Viss "hand out the contents of emails which Proton cannot" - OK let's not dive into if G should have obeyed a subponea... In both cases the accounts came under scrutiny because authorities _already knew_ email contents. Gmail would even have the benefit of not having payment info (also, cheaper).

(Btw. Proton can absolutely leak all your e-mails e.g. from the frontend they serve to you.)

"it's not victim blaming to point out bad OPSEC" - by this logic we shouldn't criticize charlatan doctors, because their patients should know medicine better?
this post | permalink
@troed @Viss " Gmail just handing out everything because someone asked" This was a headline exactly because this was likely illegal. Let's assume that providers abide the law.

"unless the account owner made the choice to communicate with less secure providers" - which is exactly why the claimed e-mail privacy claimed by Proton et. al. is an oxymoron.
this post | permalink
Next Page