infosex.exchange <3

You are probably looking for the infosec.exchange Mastodon instance

This host is mostly for my random stuff, and in little part acts like a well-intentioned placeholder for the typosquatted domain.

Discoverability and Archiving

Currently I'm using this host for saving the items from my own feeds to the Wayback Machine and provide in-links for search engines. I hate that I have to do this, but the non-sense ideology of Mastodon pretty much ruined the search feature for Fediverse as a whole, and this wasn't changed by the fact that they owned their mistake and implemented search eventually.

Yes, I (or anyone else) could do similar things with other peoples published feeds, regardless of the tantrum. No, you can't defederate this, because the process doesn't rely on an instance.

Gluttony Section for Search Engines

@wdormann fulldisclosure () seclists org
this post | permalink
@cR0w Mishandling the data is surely a concern, but I don't think this particular case is an indicator of such misuse:
HIBP API is anonymized in the first place. They must already have an "even more" anonymized yes/no signal from their detection service (whether it's using the anon API or a full HIBP copy), and at CF's scale I don't think anyone wants to receive all the non-anonymized request fragments for perf/bandwidth reasons alone.

Sure there may be an evil team at CF who secretly look at creds, but this stat is not an evidence of that.
this post | permalink
@cR0w I mean users seem to have explicitly asked CF to look at the credentials passing through them. I don't get how workstations come to the picture, please clarify!
this post | permalink
This is an important bit in the #Cloudflare post (emphasis mine):

"Our data analysis focuses on traffic from Internet properties on Cloudflare’s free plan, which *includes leaked credentials detection as a built-in feature.*"
this post | permalink
@nemo Original article with comments from Signal: https://therecord.media/signal-no-longer-cooperating-with-ukraine
this post | permalink
The State of Personal Online Security and Confidentiality

https://www.youtube.com/watch?v=AyH7zoP-JOg

Full interview with Signal's Meredith Whittaker.
this post | permalink
Mark Rober maps Disney Lands Space Mountain dark roller coaster with a LIDAR *and* drives a Tesla to a Roadrunner-style "fake road" wall in a single video 🍿

https://www.youtube.com/watch?v=IQJL3htsDyQ
this post | permalink
@algernon @cR0w hey, it seems browsers have a text2speech api built-in these days:

https://codepen.io/matt-west/pen/DpmMgE

this actually seems easier than I thought!
this post | permalink
@cR0w I'm actually thinking about firing up a website if there is a client-side synthesis app so the costs would be distributed
this post | permalink
@cR0w markov generator + voice synth to make the input more colorful
this post | permalink
Next Page