infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

"some risks for users facing a strong adversary, such as a government focusing all its resources on a very specific target"

Translation: The police has to write a carefully worded mail to Switzerland.
this post | permalink
@troed @Viss I only suggested Gmail as an extreme example for this particular case. I have no problem with e.g. Fastmail, as they don't oversell what they do.
this post | permalink
@obivan @CravateRouge @floriann @Viss @bhhaskin Yes, the donation page of Anna's Archive is quite educational.

My point is exactly that these businesses couldn't exist if they actually lived up their users expectations (that are mostly set by the same providers via marketing).
this post | permalink
@troed @Viss It's not hard to tell you are personally invested in this service, that's OK. As I stated, this is not a Proton problem, but unfortunately the market they are operating in shouldn't exist in the first place, because the whole thing is built on illusions. As we say around here, they don't necessarily _lie_, they just don't elaborate on all aspects of truth...

There may be some users who fully understand the tradeoffs, but they would certainly not be a viable business if they were the majority customers.

Thanks for the Threat Model link, I read that a couple years ago, but I'll do a refresher sometime.
this post | permalink
@obivan @floriann @Viss @bhhaskin Cool, so offering credit card as payment option is basically a footgun they provide.
this post | permalink
@troed @Viss "hand out the contents of emails which Proton cannot" - OK let's not dive into if G should have obeyed a subponea... In both cases the accounts came under scrutiny because authorities _already knew_ email contents. Gmail would even have the benefit of not having payment info (also, cheaper).

(Btw. Proton can absolutely leak all your e-mails e.g. from the frontend they serve to you.)

"it's not victim blaming to point out bad OPSEC" - by this logic we shouldn't criticize charlatan doctors, because their patients should know medicine better?
this post | permalink
@troed @Viss " Gmail just handing out everything because someone asked" This was a headline exactly because this was likely illegal. Let's assume that providers abide the law.

"unless the account owner made the choice to communicate with less secure providers" - which is exactly why the claimed e-mail privacy claimed by Proton et. al. is an oxymoron.
this post | permalink
@troed @Viss Let's put it this way: the acc owner is in the same situation as if they used Gmail for free (if they were smart authorities would even have a harder time connecting the person to IPs and other metadata). This is speculation, but I'd bet that the relevant comms is already collected from the users or the recipients devices/e-mail accounts too.

So what is exactly the value Proton provided here that the user paid for?
this post | permalink
@troed @Viss I disagree. Proton convinced US people that their comms will be safe at a foreign provider (them). Were users naive to believe this? Yes, but this is victim blaming.

I agree that Proton is not the only bad provider in the market. Actually, the whole market exists because all the providers communicate dishonestly.
this post | permalink
@troed @Viss The ToS will obviously point out these caveats so they won't have troubles in court. What matters is the companies communication (marketing, PR aka. "oUr sERvErz aRe In SwiTZeRlAnd") because that is what people actually see and base their decisions on.
this post | permalink
Next Page