1. 2

    Note: This is supposed to be tagged with show but I cannot tag it as such because I am new user. :(

    1. 3

      I’ve suggested the show tag!

      1. 3

        Oh thank you! <3

    1. 7

      @soatok, I’m curious how you justify the assertion in the questions that the Signal servers have no way of identifying who can contact who? I know Signal blinds the sender of messages, but surely they still see the source IP address? Even if they somehow don’t, because they go through Google first or something, the timing is more than enough. In chats people frequently have a quick series of back and forth messages and over a little bit of time I’m fairly confident you could deduce the social graph from this.

      1. 5

        That’s a good question. I don’t know.

        It may be the case that, if Signal turned malicious and evil tomorrow, they would be able to identify who is talking to who via network timing, like you said. If that’s true, I wouldn’t know any reliable techniques from stopping that attack capability.

      1. 48

        To whomever downvoted this as off-topic:

        • It’s about cryptography, security, and privacy
        • The source code examples are written in JavaScript

        …so which topic is it off-?

        1. 34

          It’s probably an expression of political distaste for overt references to furrydom rather than an authentic opinion that this article’s content is off-topic. I think this is absolutely topical content myself, but I’ve seen plenty of articles posted that I also thought were entirely topical (some of which I posted myself), that had off-topic or other flags because they were triggering to the political sensiblities of other users.

          1. 48

            Just posting in support of this.

            Folks, this is a nice high-effort post about implementing security, with code and references and the whole shebang. It isn’t shilling a service, it isn’t navel-gazing on politics, it isn’t even some borderline case of spamming a blog to get more views without care for the community.

            Anybody who flagged this as off-topic either didn’t read the article or is a tremendous asshole.

            Anyone who flagged this as spam either didn’t read the article or is a tremendous asshole.

            If the reference to furries in the title rustled your jimmies, despite the site policy here being to use the original title as close as possible, and you were unable to evaluate the quality of the article on its own merits, you’re a tremendous asshole.

            1. 23

              I get off topic downvotes for my posts with Mara too. Some of the graybeards here really dislike furries for some reason I can’t comprehend. I hope they can find something better to do that downvote furry adjacent content. Anyways, keep up the good work!

              1. 44

                I’m that kind of a person, though I don’t have a gray beard. To me it’s just cringe (for lack of a better word), just like an unironic “euphoric” atheist, a gun-obssessed anarcho capitalist, a “My Little Pony” Fanboy or a western-anime otaku. I honestly don’t see what the difference is.

                Any blog that tries to mix that kind of usually fringe subculture is fine by itself, people are strange, but I have my doubts how relevant it is to a general-public site like Lobsters.

                That being said, I didn’t flag it, I’ll just be hiding it.

                1. 15

                  Setting aside how cringe or not it is, we should evaluate the article on its technical merits.

                  1. 13

                    In principle, yes, but we often have discissions on the form of sites (don’t post twitter threads, avoid medium, not loading without JS, too low contrast, automatically playing videos), and interspersing a page with furry imagary is just something that some people are used to (apparently this is an american thing), and others are not.

                    1. 5

                      It’s not an American thing.

                      I don’t know why you think it is.

                      Eurofurence, Nordic Fuzz Con, and FurDU are just a few of the international furry conventions that attract thousands of attendees every year (COVID notwithstanding).

                      1. 13

                        Honestly that comes of as saying that McDonalds isn’t an american thing, because they have joints all over the world. Have you ever wondered why we are writing in English? I think everyone knows that american culture has a kind of dominance that no other culture has, because of hollywood, TV series and media in general. It’s always the de facto standard, and almost anything that is a thing in the US has following somewhere else. That has only intensified with the internet. But if anywhere in this thread, this is the point where we would be crossing over into off-topic territory, so I’d sugest we agree to disagree.

                        And regarding

                        I don’t know why you think it is.

                        First of all, Wikipedia says

                        The furry fandom has its roots in the underground comix movement of the 1970s, a genre of comic books that depicts explicit content.[5] In 1976, a pair of cartoonists created the amateur press association Vootie, which was dedicated to animal-focused art. Many of its featured works contained adult themes, such as “Omaha” the Cat Dancer, which contained explicit sex.[6] Vootie grew a small following over the next several years, and its contributors began meeting at science fiction and comics conventions.

                        So it literally comes from the US. But setting that aside, even if I didn’t know that, it’s something so inherintly american, that I would have been really suprised that something that at the same time desexualizes bestiality (by removing the inherent link) and sexualizes animals (by giving them human cues of attractivness and anatonomy) could come from anywhere else.

                        Edit: Also I was curious and looked it up, “Nordic Fuzz Con” has 1499 atendees in 2020, but considering how many contries these people came from, it’s approximatly 0.000008% of the population. It’s common that when people are too online, they overestimate how large their bubble really is. “Eurofurence” with almost twice as many atendees isn’t much better of.

                        1. 0

                          That’s super off topic for the discussion, but I’ve recently changed my mind about “american culture”. I now feel that a significant part of it is just universal, liberal culture, and not specifically American (hamburgers, pizzas and sushi being fun gastronomical examples). This post changed the way I think about this.

                        2. 2

                          I don’t know why you think it is [an American thing].

                          Probably due to mako’s comment, which said they “always considered it an American subculture”. I hadn’t heard of it being American before… thanks to your comment I’ll unlearn that.

                    2. 11

                      Lobsters is general public? :-)

                      I think you could tack on just about any group and the content would be pretty much the same. “…for punks,” “…for people with a pulse,” or whatever. I’ve no strong opinion on furries. As long as their hobbies are not hurting anybody, I’ll just file it in the “not my thing, but not hurting me” bucket and see if the rest of what they have to say is interesting or not.

                      1. 9

                        Technology doesn’t exist in a vacuum. Practitioners, users, researchers, and creators are people whose experiences of technology will be informed by their lifestyle preferences, race, gender, queerness (or not), positionality in society, past experiences, mental health, hobbies, friends and so on.

                        It’s ridiculous and downright depressing to me that anyone would consider a blog off topic because the writer chose to make their technical narrative their own. It strikes me as the kind of narrow thinking that leads the tech industry to not be a very accessible or diverse place in general.

                        Divorcing technology from the real world leads to isolation and atrophy (to borrow the words of Courant). It reduces diversity, leads to moral atrophy, and systems built without empathy for users.

                        And it leads to gatekeeping. Don’t do that.

                        1. 7

                          The cringe is a reaction of your own, not the content itself. I would avoid downvoting a post just because of my relationship to it, so I’m glad you made the same call.

                          1. 9

                            Lobste.rs caters to a very specific subculture that exists in the IT sector that is in itself part of a broader subculture of technology creators and maintainers. It’s just that you think your subculture is important enough to be let in and others are not.

                            1. 10

                              You’re right that “technology” is a subculture, but my claim is that we are perpendicular/stochastically independent to “furry culture”.

                              It’s just that you think your subculture is important enough to be let in and others are not.

                              I would very kindly ask you not not be this elitist about this, this is explicitly a techonology site, with no further designations. The community has it’s tendencies, this way or another, but that doesn’t change the fact that the average to something as obscure as a “furry” will be recieved with some hesitation. This isn’t anything personal, I can imagine that if I went to some “normal” site like Facebook and started talking about the need Free Software that most people would consider me crazy.

                              1. 5

                                It’s the exact opposite of being elitist, it’s about being inclusive. You call “technological community” a thing that is aligned to your culture and values and it’s just a very small fraction of the people that produce digital technology. You universalize it because you cannot conceive that there might be different ways than yours of producing technology together. You believe your way is THE way and you reject other ways.

                          2. 10

                            I don’t think it’s greybeards, rather non-Americans. I’m in the UK, London, and if there’s a furry subculture here it is so microscopic that I’m not aware of it. I’ve always considered it an American subculture, and possibly mostly silicon valley, but certainly for non-Americans I think it’s very obscure. I didn’t vote either way, and have no idea what the furry thing is about, just glimpse it once in a while.

                            1. 11

                              For what it’s worth, in America you don’t just see people walking around expressing as furries while they shop for groceries. Most of us have never run across the culture in person. I think it’s not that this is an American phenomenon but that online spaces are safer, so that’s where you (and we) see them.

                              1. 3

                                just how microscopic would it have to be for you to not be aware of it? do you keep tabs on all… culture… in London?

                                1. 1

                                  It’s honestly not very hard.

                              2. 9

                                I really enjoy most of the aesthetic of your pages, and the technical content! I just don’t like the random stuff being jammed in between it. I don’t need a bunch of reading space occupied by a full color, artistic, glorified selfie 6 times. Or in the case of Mara’s first appearance, 16 times.

                              3. 19

                                I’m not going to flag it, but the „for furrys“ bit certainly is off topic

                                1. 38

                                  Furry is my blog’s aesthetic and theme, and a significant chunk of the content, but the focus is 99% encryption. The parts that are furry-relevant are:

                                  1. A lot of tech workers are furries (or furry-adjacent).
                                  2. I’ve found that furries are generally more comfortable with the abstraction of “identity” from “self” than non-furries. I generally attribute this to the prevalence of roleplay in our culture. (I remarked on this detail in the post.)
                                  3. Implied but never stated in this particular article: Since roughly 80% of furries are LGBTQIA+, and queer folks are likely to be discriminated against in many locales, improving furry technology will likely have a net positive impact on queer privacy in oppressive societies.

                                  This page isn’t so much for furries than it is from a furry, published on a furry blog, and with a bad furry pun in the title.

                                  1. 25

                                    You don’t actually need to entertain anti-furry sentiment. And do not worry either, there’s also people who appreciate this. I’d rather see furries than most common traits of the modern web.

                                    1. 19

                                      A lot of tech workers are furries

                                      For certain values of “a lot”. I’d guess that this kind of stuff is more popular in the US than in India.

                                      1. 27

                                        The main problem with this kind of title phrasing is the forced communication of a political/sexual/whatever message, which is off-topic for the site, and most people don’t care, and don’t want to care for it.

                                        Anybody visiting the link would see that the page has a furry aesthetic. Then they would have the chance to read the article, or close the page. This way a message is promoted on the main page. I think identity politics are already too emphasized and destructive in discussions, and have a bad effect on communities and society. Consider seeing things like a Heterosexual christian father’s guide to unit testing on the front page. Without judging anybody’s identity, this is not the place and form for that topic and that kind of statements.

                                        1. 13

                                          I wonder why the simple reminder of a group’s existence bothers you so.

                                          1. 15

                                            For some reason you failed to understand my point, and are accusing me with something instead of arguing my points. Most likely this is because of my inability of phrasing my point efficiently.

                                            But in the same spirit: I wonder why do I even need to know anybody’s affiliation at all in context of a technical discussion?

                                            1. 10

                                              One could make the same argument to flag “Beej’s Guide to Network Programming” or any post about how company X solves their problems.

                                              1. 8

                                                And usually they do so, considering it as spam, a form of advertisement… Only not of the political, but of the business kind.

                                                1. 4

                                                  I don’t think you are familiar with at least the first example.

                                                  1. 5

                                                    But at least I can be familiar with the second example…

                                                    Your style is not that of a Friendly engineer.

                                                    1. 3

                                                      There was a time he went by a different name…:p (angrysock)

                                              2. 5

                                                I wonder why do I even need to know anybody’s affiliation at all in context of a technical discussion?

                                                Because the author decided, that their “affiliation” is relevant to their content, that’s it. You don’t need to follow that thinking, you can opt-out of reading their article, even hide it on sites like lobste.rs.

                                                Any articel tells you something about the authors identity and cultural affiliations. And most of us just fill the blanks with defaults, where details are missing. i.e. an authors gender on technical content is often assumed to be male, if not stated otherwise. Most of us who grew up in societies with Christian majorities just assume that most guides to unit testing are a variation of the “Heterosexual christian father’s guide to unit testing”. That’s bad because it taints our perspective, even on the already factual diversity of tech and the net. So IMHO it’s a good thing, if more of us keep their affiliations explicit and maybe even reflect on how those influence their perspectives.

                                                1. 3

                                                  Your points aren’t worth arguing. You assert several things (“most people don’t care,” “have a bad effect on communities”) without any supporting evidence. To the first about whether people care and “don’t want to care” – I don’t find that persuasive even if you can provide evidence that a majority of people don’t want to be confronted with the identities of people who’re considered outside the mainstream. But I also suspect you’re making an assertion you want to be right but have no evidence to back up.

                                                  Likewise, what even is a “bad effect on communities and society”?

                                                  You also express an opinion (“I think identity politics are already too emphasized”) which I heartily disagree with, but that’s your opinion and I don’t see any point arguing about that. OK, you think that. I think too many craft beers are over-hopped IPAs and not enough are Hefeweizens. The market seems to disagree with me, but you’re not going to convince me otherwise. :-)

                                                  1. 6

                                                    Your points aren’t worth arguing.

                                                    Start with a thought-terminating cliché. Then you start arguing my points. :) No problem.

                                                    To the first about whether people care and “don’t want to care” – I don’t find that persuasive even if you can provide evidence that a majority of people don’t want to be confronted with the identities of people who’re considered outside the mainstream.

                                                    I understand your points, but you didn’t really grasp what I wanted to phrase. IMHO “mainstream” and other identities should not confront each other here unless being technically relevant ones, about which technical discussion can be carried on. There are other mediums for those kind of discussions.

                                                    Lucky someone has managed to phrase my ideas better than I could above:

                                                    https://lobste.rs/s/mn1am1/going_bark_furry_s_guide_end_end#c_xndsrl

                                                2. 13

                                                  As I understand @kodfodrasz, they were bothered not inherently by the reminder of the group’s existence, but by the broadcasting of that reminder to the Lobsters front page. When an article title on the front page asserts the author’s voluntary membership of a group, that is not only a reminder that the group exists—it’s also implicitly an advocation that the group is a valid, normal, defensible group to join. One can agree with the content of such advocacy while also disliking the side effects of such advocacy.

                                                  What side effects would those be? @kodfodrasz said that “identity politics are already too emphasized and destructive in discussions, and have a bad effect on communities and society”. I think they are referring to way advocacy for an identity can encourage an “us vs. them” mindset. Personally, I see the spread of that mindset as a legitimate downside which, when deciding whether to post such advocacy, must be balanced against the legitimate upside that advocacy for a good cause can have.

                                                  1. 9

                                                    ^ this

                                                    My assertion is that currently I see a trend where legitimate topics are not discussed because some participants in the discussion have specific opinions on other topics than the one discussed. Dismissing some on-topic opinions for off-topic opinions is an everyday trend, and if bringing our off-topic identities to the site would gradually become more accepted, then that trend would also creep in from other parts of the society, where it has had done its harm already.

                                                    I hold this opinion as a guide for every off-topic identity. I think of it with regards to this forum a bit similarly to the separation of church and state has happened in most of the western world.

                                                    1. 5

                                                      by the broadcasting of that reminder to the Lobsters front page

                                                      The submitter (author in this case) has one “vote” in promoting their content on this site. Usually one net upvote keeps stuff in /new and outside the front page. What’s promoted this content to the front page is the site’s users, who have upvoted it enough to appear on it.

                                                      At time of my writing this comment, the current standing is

                                                      50, -7 off-topic, -4 spam
                                                      

                                                      Also note that comments themselves contribute to visibility, so everyone commenting complaining about this being off-topic and “in your face” aren’t helping their cause…

                                                      1. 4

                                                        When an article title on the front page asserts the author’s voluntary membership of a group, that is not only a reminder that the group exists—it’s also implicitly an advocation that the group is a valid, normal, defensible group to join.

                                                        Are you (or @kodfodrasz) implying that identifying as a furry is in some way so dangerous as to be suppressed by society at large?

                                                        1. 2

                                                          One can agree with the content of such advocacy while also disliking the side effects of such advocacy.

                                                      2. 4

                                                        Would you be fine with a BDSM-themed blog post on a tech topic?

                                                        1. 8

                                                          It depends how the theme is explored.

                                                          If it uses BDSM culture to explore the nuances of consent in order to explain a complicated technical point, I’m all for it.

                                                          1. 3

                                                            What if it’s just interlaced with drawings of BSDM activities, like that old GIMP splash screen? I wouldn’t be caught dead scrolling that (nor opening GIMP) at work.

                                                            1. 7

                                                              If you work at a place that cares more about some bullshit policing of imagery than technical merit, that’s a yikes from me.

                                                              1. 5

                                                                There’s an inherent sexual quality to BDSM that isn’t inherent to furry culture.

                                                                You do realize that, correct?

                                                                1. 6

                                                                  Strictly speaking that isn’t necessarily true about BDSM.

                                                                  1. 2

                                                                    Oh? This is news to me.

                                                                    1. 16

                                                                      Yep. There are people, for example, for whom submission is not a sexual thing but instead about being safe and there are people for whom having a little (in the subcategory of dd/lg) is about having somebody to support and take care of and encourage in self-improvement.

                                                                      That’s not everyone, the same way that there are in fact furries who are all about getting knotted.

                                                                      My point is just that if you want to go Not All Furries, you should be similarly rigorous about other subcultures.

                                                                      1. 6

                                                                        o/ I’m asexual but still very into BDSM (and also a furry!). I know what something being sexualised feels like — took a while to get here — and while a lot of people do link the two intimately (as many do for furry things), they aren’t dependently linked.

                                                              2. 5

                                                                Actually, I know a real example. There is a Python-related French blog named Sam et Max. The technical articles are generally considered high-quality by the French-speaking Python programmers. But there are also BDSM- and sex-related articles alongside the Python articles. Even within a Python-related article, the author sometimes makes some references about his own fantasies or real past experience.

                                                                1. 3

                                                                  Already mentioned elsewhere but it’s my understanding that being a furry isn’t inherently sexual / about sex, though there can be that aspect. I certainly wouldn’t mind a post that was something like “a lesbian’s guide to…” or “a gay person’s guide to..” because those identities encompass more than sexual practices. (Someone elsewhere says that BDSM isn’t strictly speaking sexual, which … is news to me, but I admit my ignorance here. If there’s a non-sexual aspect to BDSM identity then sure, I’m OK with a BDSM-themed post on tech.)

                                                                  1. 3

                                                                    As long as there’s no overt pornography, sure. I’d read a good article on crypto that had “by someone currently tied up” on it. What’s the point of writing if you get shamed for putting your personality in it.

                                                                2. 4

                                                                  Consider seeing things like a Heterosexual christian father’s guide to unit testing on the front page.

                                                                  That goes without saying, because that’s the default viewpoint.

                                                                  The way the author clarifies and establishes their viewpoint does not make their technical content anymore off topic than someone submitting something titled “A Hacker’s Guide to MFA” or “A SRE’s Guide to Notifications”. The lens that they are using to evaluate a technical topic is an important piece of information that we often-times forget in tech with disastrous outcomes.

                                                                  1. 12

                                                                    No, it is not necessarily the default. But even if it would be, articulating that off-topic identity on the front-page would be unnecessarily divisive, and I’m pretty convinced, that people of other identities would flock the comment section claiming that the post is racist (sic!), and is not inclusive, hurts their feeling, and I think they’d be right (on this site).

                                                                    Hacker or SRE are on-topic tech identities themselves, while sexuality, political stand, religion are not really.

                                                                    1. 6

                                                                      Hacker is a political identity. For instance, it’s one that I find really degrading when associated to the whole profession. The nerd identity or the general infatilizing of programmers is degrading as well. These are tolerated because they are the majority’s identity in this specific niche and presented as “neutral” even though they are not.

                                                                      1. 3

                                                                        Well I see some positive vibe about the hacker word in the IT sector, if you remember there was some hacker glider logo thingie around the millennia. I’m not one of them, and agree with you, I also find hacker somewhat negative, and not because of the “evil hacker”, but of the unprofessional meanings of the phrase (eg. quick hack). Still lots of fellow professionals don’t agree on this one with us.

                                                                        Regarding Nerd: I also find the phrase degrading, and I don’t understand those who refer to themselves as nerds in a positive context.

                                                                        1. 7

                                                                          I don’t understand those who refer to themselves as nerds in a positive context.

                                                                          The best way of removing the degrading conotation of a word is to rewrite its meaning. The best way to do that is to unironically use it in a neutral-to-positive context.

                                                                          1. 1

                                                                            yeah but the problem is what you want to appropriate. The word “slut” has been reappropriated to defend the right for men and women to have sex freely without judgement. The word “nigger” has been reappropriated because black people are proud of being black. But the word “nerd”? “nerd” means being obsessed with stuff and have very poor social skill and connections. Reappropriating the word flirts very closely with glorifying social disfunctions, exclusion and individualism.

                                                                            1. 4

                                                                              Reappropriating is done because there are negative connotations that we want to take out of focus; that’s the whole point.

                                                                              1. 1

                                                                                but Nerd is imho all negative. The positive connotations, like being dedicated and consistent on a practice is not exclusive to being a nerd. Being nerd is not even stigmatized anymore: now it’s cool to be nerd and still it’s degrading, like being a circus freak. You reappropriate a word to remove a stigma towards a category, but the stigma is already gone and what is left is a very distorted portrayal of knowledge workers.

                                                                                1. 4

                                                                                  That the stigma is gone is precisely because people took the term and ran with it.

                                                                                  Besides, I have no problem with assholes (whose opinion of me is no concern of mine) considering me a circus freak: it makes them keep themselves at a distance which means less work for me to get the same desirable result.

                                                                                  (Also: I disagree with the term “nerd” glorifying “social dysfunction” - normalizing, maybe, but that’s a very inclusive stance, especially when these “dysfunctions” are called by their proper name: neurodiversity. And what precisely is the problem with individualism again? And another tangent: knowledge workers aren’t necessarily nerds and nerds aren’t necessarily knowledge workers)

                                                                                  1. 1

                                                                                    I agree with all your values but it doesn’t seem like this is what’s happening in the real world. Inclusion of neurodiversity is happening only in small bubble in USA/NE: if anything, neurodiverse people are just more aware of being different. Good for coping, not that good for social inclusion. Really neurodiverse people are still rejected by the society at large and at best they get tokenized and made into heroes but not really included. Also this appropriation of the word detached the concept of nerd from neurodiversity that if it was ever a thing, it’s not a thing now. Today being nerd is wearing glasses and a checkered shirt. Then if you flirt flawlessly with girls, entertain complex social networks and work as a hair dresser, it’s enough to say your hobby is building radios and boom, you’re a nerd. I don’t see how this process would help neurodiverse people and I don’t see how it is good to have to live up to this stereotype to be included in the IT industry (because in most places, if you are not some flavor of nerd/geek, you’re looked at with suspicion)

                                                                3. 15

                                                                  A lot of tech workers are furries (or furry-adjacent).

                                                                  I don’t doubt that a lot of furries (or furry-adjacent) might be tech workers, but I’m not sure your statement is accurate, given just how many tech workers there are.

                                                                  1. 7

                                                                    For most people, “Furries” is “that weird sex thing”. I can see a lot of people wanting to make it clear that sexual references are out of place in order to make tech a more comfortable and welcoming place for everyone. I suspect that famous Rails ‘pr0n star’ talk has (rightly) made people feel uncomfortable with sexual imagery in tech.

                                                                    I’ve upvoted because the content is good, but I’m also not really one for keeping things milquetoast. I’d like to see more content like this. The technical parts are worth reading, even though I have no interest whatsoever in furries, and mildly dislike the aesthetic.

                                                                    And yes – I’ve discovered today via google that it’s only a sex thing for 30% to 50% of the people in the subculture, but as an outsider, the sexual aspect is the only aspect I had ever heard people mention.

                                                                    Going forward, I’d just suggest ignoring the downvotes and moving on – they’ll always be there on anything that’s not boring corporate talk, and the threads like these just suck the air out of interesting conversation.

                                                                    1. 3

                                                                      [edit: content moved to different post, this was accidentally off-by-one click]

                                                                    2. 12

                                                                      Yiff it bothers you, why not just read it without the images? Firefox reader view works great fur me.

                                                                      1. 8

                                                                        It doesn’t claim to be for furries, it claims to be by one.

                                                                        1. 5

                                                                          Is it, though? If it was written as “a teacher’s guide to end-to-end encryption” would anybody be flagging it or carping about the title just because the intended / primary audience was teachers but the content could be abstracted to anybody who cared about end-to-end encryption?

                                                                          1. 10

                                                                            That’s a good type of question to ask, but your example title “A Teacher’s Guide …” is not equivalent. The author being a teacher could be highly relevant to the content of the article; for example, the article might especially focus on the easy-to-teach parts of encryption. The author being a furry, however, is likely to affect only the theme.

                                                                            Analogous titles would change “furry” to another subculture that is not innately connected to tech and that people choose rather than being born with. Two examples:

                                                                            • “Hide my Waifu: An Otaku’s Guide to End-to-End Encryption”
                                                                            • “Communication is Key: A Polyamorous Person’s Guide to End-to-End Encryption”

                                                                            Would people complain about those titles? I predict that yes, some people would, though fewer than those who are complaining about the furry-related title.

                                                                        2. 5

                                                                          Obviously it’s great that someone wants to give us this information. In return we should give them respect and thanks.

                                                                          Showcasing their identity not only gives personal color to the post, it also donates some of the credit to the community they identify with, rather than to some default security engineer type we might imagine.

                                                                          Thanks to this personal touch, some readers can no longer say furries are unintelligent, or never did anything for them.

                                                                          1. 3

                                                                            Belatedly, but I’m following up on these flags. I missed this story and am reading through it now.

                                                                          1. 6

                                                                            Very interesting, I think it deserves more attention. The title might not be the catchiest though. Very very interesting. Well written too.

                                                                            1. 3

                                                                              Maybe a title like “Publishing expired DKIM private keys would increase user security”

                                                                              1. 2

                                                                                I’d considered that, but I don’t want to steal the limelight from Ryan who already wrote a post that makes that point.

                                                                            1. 20

                                                                              IMHO, the only reason why zoom is interested in end-to-end encryption is to be hipaa compliant so that hospitals can use the platform for remote visits. I don’t see a reason why zoom would be worried whether someone at their company or from other agencies would listen in my calls. I actually believe that they have incentives not to encrypt my calls in case they are served a warrant and need to provide a recording for the calls.

                                                                              Incidentally, my university has adopted zoom as their platform of choice for the medical school and hospital at the end of September, which would coincide more or less with their release of the end-to-end encryption.

                                                                              In short, I see the white paper as a evidence of compliance with some government regulation rather than a real effort to secure user communication.

                                                                              1. 6

                                                                                Yep. If US companies offer encryption, I wouldn’t expecting any kind of security guarantee out of it – they are either already NSLed or will be.

                                                                                1. 6

                                                                                  I don’t think an NSL is relevant here.

                                                                                  Most of the time, the companies are not compelled to undermine our civil liberties; they’re complicit. But even then, an NSL only allows surreptitious requests for subscriber data. The scope is fairly limited. If the FBI/CIA/NSA trifecta want more than that out of company that has principles, they need to explore other options (subpoena, etc.) because the NSL doesn’t encompass those requests.

                                                                                  But really, most companies are run by would-be crony capitalists that don’t give a damn about your privacy, and therefore cannot be trusted.

                                                                              1. 5

                                                                                Am I alone in being a huge fan of Filippo’s newsletter? This is another great (issue? edition?).

                                                                                What’s even funnier is that my go-to blog post about “reconstruct instead of validating” was a post about Bleichenbacher’06 from… drumroll Filippo Valsorda. From 2016.

                                                                                https://blog.filippo.io/bleichenbacher-06-signature-forgery-in-python-rsa

                                                                                He makes a great point in both places.