retr0.id/media/bd23a2fb-c7a6-4…
alt text:
Goose chase meme. In the first frame, the goose asks “all the data is encrypted?” In the second, the goose chases a person, asking “encrypted how and with whose keys, motherfucker?”
- pohart ( @pohart@programming.dev ) 66•10 months ago
I once had to work with a government agency that insisted they generate and provide my private key.
- 8ace40 ( @8ace40@programming.dev ) 19•10 months ago
I’m migrating millons of encrypted credit cards from one platform to another (it’s all in the same company, but different teams, different infra, etc).
I’m the one responsible for decrypting each card, preparing the data in a CSV, and encrypting that CSV for transit. Other guy is responsible for decrypting it, and loading it into the importer tool. The guy’s technical lead wanted me to generate the pair of keys and send him the private key, since that way I didn’t have to wait for the guy and “besides, it’s all in the same company, we’re like a family here”.
Of course I didn’t generate the key pair and told them that I didn’t want to ever have access to the private key, but wow. That made me lose a lot of respect for that tech lead.
- IDontHavePantsOn ( @IDontHavePantsOn@lemm.ee ) 11•10 months ago
So you wanna be key buddies? Respectfully.
- unalivejoy ( @joyjoy@lemm.ee ) English47•10 months ago
pictured: Nothing Chats
- verdare [he/him] ( @verdare@beehaw.org ) 32•10 months ago
The fact that you have to enter your iCloud credentials directly into the app was a red flag.
Security PSA: Don’t enter passwords or other secrets for important accounts directly into a third party UI. This is why we have tokens and federated login. Third parties should never see your Google/Apple/whatever credentials.
- ALostInquirer ( @ALostInquirer@lemm.ee ) 6•10 months ago
Security PSA: Don’t enter passwords or other secrets for important accounts directly into a third party UI.
By chance, would you (or some other passerby) happen to know how this is handled with the Lemmy apps/interfaces? I’ve been mixed on using them since I’m unclear how they’re handling this info.
- verdare [he/him] ( @verdare@beehaw.org ) 8•10 months ago
Hmmm, that’s a good point. I did type my Lemmy credentials directly into at least two different apps. I guess it would be better if it redirected to a login page provided by my instance (Beehaw). But I also don’t consider my Lemmy account to be very critical. It’s not a huge deal if it gets compromised, as long as it’s not associated with my real identity.
EDIT: Also, I use a password manager, so a leak of my randomly generated Lemmy password shouldn’t affect anything else.
- setVeryLoud(true); ( @isVeryLoud@lemmy.ca ) 7•10 months ago
That’s not even Nothing Chats’ biggest problem: it’s that it gets completely MITM’d by going onto some mac mini in some server farm somewhere.
- /home/pineapplelover ( @pineapplelover@lemm.ee ) 6•10 months ago
Probably also whatsapp chat, imessage, and other proprietary encrypted messaging apps out there.
- unalivejoy ( @joyjoy@lemm.ee ) English9•10 months ago
Many chat apps actually use the Signal protocol for end to end encryption. This includes WhatsApp, Google Messages (RCS), Facebook Messenger, and Skype. iMessage doesn’t seem to use it.
- LWD ( @LWD@lemm.ee ) 6•9 months ago
deleted
- AVincentInSpace ( @AVincentInSpace@pawb.social ) English1•10 months ago
Why is end to end encryption a red flag???
- LWD ( @LWD@lemm.ee ) 4•9 months ago
deleted
- AVincentInSpace ( @AVincentInSpace@pawb.social ) English2•10 months ago
oh, red flag for facebook, that makes sense.
but then if you care about privacy why touch anything Facebook has made at all?
- LWD ( @LWD@lemm.ee ) 3•9 months ago
deleted
- Lemongrab ( @Lemongrab@lemmy.one ) 3•10 months ago
But we also can’t check their process since they are closed source. Also, if they can decrypt in the browser or proprietary app, then they can still read your messages. Browser is vulnerable to other attacks.
- the_seven_sins ( @the_seven_sins@feddit.de ) 30•10 months ago
I suggest we rename base64 to ’Military encryption’.
- lseif ( @lseif@sopuli.xyz ) 14•10 months ago
ITS NOT ENCRYPTION ITS ENCODING D’:
- Lexi Sneptaur ( @Sneptaur@pawb.social ) English26•10 months ago
Looking directly at you, Telegram!!
- Speiser0 ( @Speiser0@feddit.de ) 16•10 months ago
Our website is using ssl, to keep you protected.™
- CJOtheReal ( @CJOtheReal@ani.social ) 15•10 months ago
Encrypted by Lava_Lämp®
- stebo02 ( @stebo02@sopuli.xyz ) 9•10 months ago
just a vigenere cipher because budget cuts
- katy ✨ ( @cupcakezealot@lemmy.blahaj.zone ) 9•10 months ago
it’s ok i’m always losing my keys anyway
but my couch cushions are pretty secure