2·
2 months agoSo I upgraded and tested not adding a trusted proxy (using Traefik in front of Jellyfin) and nothing broke. Was it supposed to break or is it just that its insecure? Am I less secure by not adding it as a trusted proxy?
- 0 Posts
- 38 Comments
Joined 2 years ago
Cake day: June 18th, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
everyone does their own thing, but semantic versioning is specifically:
- Major: Incompatible changes (breaks existing code).
- Minor: New, compatible features.
- Patch: Bug fixes, small improvements.
2·2 months agoMLS only deals with encryption and key management, which is great but that’s been a “solved” problem since TextSecure (now Signal) introduced the TextSecure Protocol (now the Signal Protocol) in 2013.
What I’m aware is missing with RCS / MLS compared to Signal (someone with more recent knowledge please correct me):
- Sealed sender so only the recipient knows who sent the message.
- Not storing metadata or logs.
- No built in crash reports.
- Private contact discovery.
- Published government requests providing evidence that they don’t have any data.
- Open source client.
- Looking at the Google Play store, Google’s Messenger shares precise location data with third parties, Signal doesn’t.
- Also on the Google Play store, Google’s Messenger app list a lot of data collected. Signal only lists phone number.
RCS still leaks metadata like a sieve. Encryption, considering the platforms that exist today (Signal and SimpleX), should not be the minimum requirement. Plain-text messaging should not even be possible in modern secure messaging platforms. The platform should be open source and be engineered to mitigate the collection of metadata - like Signal and SimpleX.
7·3 months agoasked this somewhere else, but does anyone know how it compares to Cryptpad which is also developed in France, open source, self hostable, collaborative, and end-to-end encrypted?
5·3 months agoanyone know how this compares to Cryptpad? I think it’s developed out of France, also open source, self-host-able, collaborative and end-to-end encrypted!
The “ArcaneChat/DeltaChat servers” are just normal email servers with some default configurations and tweaks for privacy/security and speed
I know what the servers do. My question is direct, because it would answer an important detail that has been left unanswered. Can the chat clients work with any email provider or only Delta/Arcane configured email servers? Because if they work with any email provider, people are going to shoot themselves in the foot by allowing insecure servers. If its the latter, then at least the clients enforce some safeguards.
this needs to be done 👍
And until its done, its leaking metadata.
This is a pretty theoretical situation […]
A lot of security is based on theoretical attack vectors. This is why security is hard, you have to invest time and effort to secure areas that could be exploited at some point in the future, not just what we know today. It’s why Signal and Apple have developed and enabled quantum-resistant encryption in their messaging platforms (Source).
first the attacker needs to get control of your chatmail provider/server and start collecting your messages,
Considering people get hacked left and right all the time and the constant barrage of breaches, not the highest bar set.
XMPP is more comparable to Signal, yes.
XMPP allows unencrypted messages and leaks metadata - Signal does neither.
Signal does need (yes, need) a phone number, and most people only have one so that is identifiable info.
Signal is basically a privacy enhanced text/SMS/phone replacement. I can give my phone to someone in person and they can immediately start “texting” me on Signal - this is a feature (as well as a con to some people).
This puts it at mostly the same level as some competitors, including WhatsApp which is often advised against.
People advise against Whatsapp because while it uses Signal to encrypt message contents, they take no effort to minimize the collection of metadata - Signal’s been compelled by court to present all data it has on its users various times and the only info they have is the day/time you signed up for their services and the last day (not time) one of your clients pinged their servers - Source: https://signal.org/bigbrother/
I have yet to find any other free service that collects this little information and works just as well as a normal non-encrypted messenger. Even Signals sticker packs are end-to-end encrypted - Source: https://signal.org/blog/make-privacy-stick/
Maybe I’m confused, do the DeltaChat and ArcaneChat clients only work with DeltaChat/ArcaneChat servers?
Edit: forgot to mention I can see the sender & recipient addresses (Signal uses sealed sender to minimize this metadata leak). I can also see what time the message was sent, this is the kind of metadata Meta collects through Whatsapp even though they also encrypt message content. It doesn’t seem - although maybe it now does - that DeltaChat nor ArcaneChat support key ratcheting, so if someone’s intercepting messages they can decrypt all future + past messages. Lastly it doesn’t seem either support any kind of protection against attacks from quantum computers. Currently Signal, SimpleX and iMessage are the only clients that do protect you from these kind of attacks.
Also “Minimal metadata” says “no” while there is no personal data at all required to use ArcaneChat, accounts are fully anonymous hence what metadata and from whom?
Unfortunately email wasn never built for privacy. As DeltaChat and ArcaneChat both run on top of email, they suffer from many of the same privacy issues that have existed since the inception of email, over 50 years ago.
While Signal’s home base is the US, they are a non profit org that doesn’t operate in the same way as for-profit corporations. Also, Signal collects basically zero data so there’s no incentive to sell out, and who would want to buy them anyway when they have no data and the server and client are open source.
Matrix is great, but I wouldn’t compare it to Signal. I use both for very different purposes.
but I thought apple were the good guys /s
15·4 months agohttps://cryptpad.fr as an alternative to Googles online office suite.
end-to-end encrypted and open-source collaboration suite.
still really early in development but if you primarily work from the browser on a desktop/laptop, it works well enough. I’ve struggled with getting sheets working on a mobile browser but I really like that you could completely self host if you want or just pay them to do it for you.
4·4 months agoReddit/Twitter have had years of development and tons of funding. you’re comparing Applesnto oranges. give the little guys (Lemmy/Mastodon) some time to catch up? that they already work as well as they do compared to massive corporations is pretty impressive. And just to counter your experience, I’ve had zero issues with Mastodon. Lemmy has a few minor UX bugs that will eventually get ironed out.
alien invader
loops is still very early in development. people need to tamper their expectations.
keep spreading FUD, my guy 😎
42·4 months agonearly daily Apex player moving to Linux full time again now that many more games work with it (knowing Apex no longer works). It will suck, but fuck microsoft and good riddance EA.
49·5 months agohate to break it to you…
I’ve been running my server on an old laptop and a 20TB external hard drive connected via USB. it’s not fast, there’s a multi-second delay when the drive goes to “sleep” if nobody has used jellyfin in a while, which makes it appear to not work, but once it spins up it works like normal. this has let me keep things simple and cheap. I back up to another 20TB hard drive, which I recently bought as I could finally afford it. beefy hardware is great but not necessary, if you’re okay with some limits.