> EFF has criticized WhatsApp for being closed source, but not for this particular aspect of the key exchange functionality. The articles I've seen appeared carefully worded so as to achieve some balance, but did…
> By making the discredited argument that WhatsApp's key-change behavior is a fatal flaw, you're disagreeing with... and about 50 more experts equally respected in the field if less known to the typical HN reader. No,…
> Signal does not have this vulnerability, but WhatsApp has it. That might need a footnote or something. TheGuardian is reporting: Moxie Marlinspike of OWS said Signal planned to make blocking notifications an option…
How do you "dedupe within a single user's account" without violating "zero knowledge"?
> Browser vendors really need to change their attitude towards extensions, as they basically allow users to install malware/spyware in their browsers without performing any real certification / auditing. Browser vendors…
If "You can be very sure that the anonymous person you communicated with last week is the same anonymous person you are communicating with and potentially transacting with today." that person DOESN'T have strong…
https://adblockplus.org/forum/viewtopic.php?f=12&t=45876 ||acceptableserver.com^ and might as well ||combotag.com^
> These discussions always avoid talking about the merits of data-driven design and always assume malicious intent. Perhaps because most of the time the implementations do some harm, the doing of that harm is by design,…
I think they'd have to monitor and restrict thoughts or at least be able to extract memories. The frightening thing is: if there ever comes a time when such technology is available, they will try to use it.
> your AI should ultimately know your favorite restaurant, your girlfriend’s name, but also your health record and everything else you might not always feel comfortable sharing with the world at large. No. It should…
And if someone else controls what you can and cannot do on the platform, the platform really isn't secure from your point of view. This is especially true when that someone not only has that control but also has access…
Various businesses have a "take pictures of customers" policy. Medical offices are one example, due to insurance fraud they say. They typically don't ask. They simply tell the customer that they are about to take a…
For one thing, such a scenario would typically involve the uploading of said picture or facial data or faceprint data to a third party. You have no idea how that third-party will use and/or share the information. Some…
Ever seen an analysis of the traffic and breakdown of the metadata you speak of? If an account or device or advertising or other unique ID is sent to Google, it could help Google to track the user's IP Address changes…
> We've completely accepted auto updates for browsers (chrme & firefox) - years ago. Enabling automatic updates from outside organizations SHOULD get you fired in any and every business where security is important. I've…
If enough people file complaints with the FTC and/or state Attorney Generals, they might get involved as well. I wonder how privacy settings are being handled, and whether harm is being done to those who are…
For that one chain at least. You don't want to be the end that causes all of your chains to be insecure. Related: if you use your own server you can setup as many aliases as you need. You can use a unique one for each…
> But, at some point there must be trust. We may want to reach a point where we trust things we use, but if we're using a security-grade definition of trust and we're honest with ourselves, I think every one of us would…
> The Federal government isn't asking Apple to create a backdoor. Their asking apple to use the backdoor that already exists. Basically. Unfortunately, most of the reporting is focused on the payload Apple is being…
Security requires freedom, and cannot be achieved without it. If you don't have the freedom to determine the behavior of your personal computing device, select the ways it is and isn't locked down, control updates to…
In addition to the "en-US locale only" restriction, I wonder if unbranded builds will be made available for non-desktop platforms. I would like to run my own extension, or that of the company I work for, on multiple…
Are they announcing the launch of the not quite finalized W3C Tracking Protection Group recommendations (see the last call working drafts, bottom left, http://www.w3.org/2011/tracking-protection/)? The 1.0 of their…
You really can't create a matrix of how different companies handle the information, because there is no practical way for you to determine that. You could, however, create a matrix of what different companies claim they…
Not creating and using a Microsoft Account would eliminate some of the privacy concerns, but not all of them. If you think it important to protect information, in general or about yourself, then you need to carefully…
The software would not be preventing non-approved transmitter behavior if the software supported the loading of custom firmware that can implement non-approved transmitter behavior. Here is the full paragraph from which…
> EFF has criticized WhatsApp for being closed source, but not for this particular aspect of the key exchange functionality. The articles I've seen appeared carefully worded so as to achieve some balance, but did…
> By making the discredited argument that WhatsApp's key-change behavior is a fatal flaw, you're disagreeing with... and about 50 more experts equally respected in the field if less known to the typical HN reader. No,…
> Signal does not have this vulnerability, but WhatsApp has it. That might need a footnote or something. TheGuardian is reporting: Moxie Marlinspike of OWS said Signal planned to make blocking notifications an option…
How do you "dedupe within a single user's account" without violating "zero knowledge"?
> Browser vendors really need to change their attitude towards extensions, as they basically allow users to install malware/spyware in their browsers without performing any real certification / auditing. Browser vendors…
If "You can be very sure that the anonymous person you communicated with last week is the same anonymous person you are communicating with and potentially transacting with today." that person DOESN'T have strong…
https://adblockplus.org/forum/viewtopic.php?f=12&t=45876 ||acceptableserver.com^ and might as well ||combotag.com^
> These discussions always avoid talking about the merits of data-driven design and always assume malicious intent. Perhaps because most of the time the implementations do some harm, the doing of that harm is by design,…
I think they'd have to monitor and restrict thoughts or at least be able to extract memories. The frightening thing is: if there ever comes a time when such technology is available, they will try to use it.
> your AI should ultimately know your favorite restaurant, your girlfriend’s name, but also your health record and everything else you might not always feel comfortable sharing with the world at large. No. It should…
And if someone else controls what you can and cannot do on the platform, the platform really isn't secure from your point of view. This is especially true when that someone not only has that control but also has access…
Various businesses have a "take pictures of customers" policy. Medical offices are one example, due to insurance fraud they say. They typically don't ask. They simply tell the customer that they are about to take a…
For one thing, such a scenario would typically involve the uploading of said picture or facial data or faceprint data to a third party. You have no idea how that third-party will use and/or share the information. Some…
Ever seen an analysis of the traffic and breakdown of the metadata you speak of? If an account or device or advertising or other unique ID is sent to Google, it could help Google to track the user's IP Address changes…
> We've completely accepted auto updates for browsers (chrme & firefox) - years ago. Enabling automatic updates from outside organizations SHOULD get you fired in any and every business where security is important. I've…
If enough people file complaints with the FTC and/or state Attorney Generals, they might get involved as well. I wonder how privacy settings are being handled, and whether harm is being done to those who are…
For that one chain at least. You don't want to be the end that causes all of your chains to be insecure. Related: if you use your own server you can setup as many aliases as you need. You can use a unique one for each…
> But, at some point there must be trust. We may want to reach a point where we trust things we use, but if we're using a security-grade definition of trust and we're honest with ourselves, I think every one of us would…
> The Federal government isn't asking Apple to create a backdoor. Their asking apple to use the backdoor that already exists. Basically. Unfortunately, most of the reporting is focused on the payload Apple is being…
Security requires freedom, and cannot be achieved without it. If you don't have the freedom to determine the behavior of your personal computing device, select the ways it is and isn't locked down, control updates to…
In addition to the "en-US locale only" restriction, I wonder if unbranded builds will be made available for non-desktop platforms. I would like to run my own extension, or that of the company I work for, on multiple…
Are they announcing the launch of the not quite finalized W3C Tracking Protection Group recommendations (see the last call working drafts, bottom left, http://www.w3.org/2011/tracking-protection/)? The 1.0 of their…
You really can't create a matrix of how different companies handle the information, because there is no practical way for you to determine that. You could, however, create a matrix of what different companies claim they…
Not creating and using a Microsoft Account would eliminate some of the privacy concerns, but not all of them. If you think it important to protect information, in general or about yourself, then you need to carefully…
The software would not be preventing non-approved transmitter behavior if the software supported the loading of custom firmware that can implement non-approved transmitter behavior. Here is the full paragraph from which…