Notices by Oriol Demaria (oriol@bigbox.red), page 11

No, PGP is not broken

Recently, news broke about potential vulnerabilities in PGP, dubbed Efail. However, despite reports to the contrary, PGP is not actually broken, as we will explain in this post:

https://protonmail.com/blog/pgp-vulnerability-efail/

@tagomago hemos tenido una charla interesante sobre eso. Yo mismo he posteado sobre Signal, que también ha tenido y tiene lo suyo, por ejemplo con el problema de su cliente sobre eletrum.

Creo que hay mucho FUD sobre PGP.

@pesco @gcupc @rysiek @lattera come on, I haven't yelled.

I use Signal as my main messenger on the phone. If you consider that yelling is a bit of thin skin. Objectively, this trade-offs are sometimes too much, overbraking if you want to say it like that. Sometimes as in this case, they take into account and fix the issue, like the call logs disappearing:

https://whispersystems.discoursehosting.net/t/catalan-referendum-coordinated-with-signal/1609

@um @oriol I agree, but someone proposed it as alternative to gpg. That's why I posted this.

Signal is great tool, use it everyday, I even managed to get my mum on it... but:

* Is centralized
* You have to give your number to others to communicate.
* Non proper and portable desktop client.
* Users overwhelmed will stop using it if in advanced properties would have a proxy setting (for example) [irony].
* Other stuff.

Is not always the best tool.

I'm reading about reactions to #efail I understand that is a serious vulnerability... but I wonder if they understand the vulnerability... a bit excessive reaction on some.

Taking into account that 99.99% of the email is already unencrypted... for SURE if an attacker grabs your emails will be able to read them. 😉

Also like 85%? of people use Gmail, Outlook, Yahoo, definitely your emails are being processed.

Clear reminder HTML emails are a bad idea.

#Efail

I used to use mutt... now I use mu for emacs. Not bad client:

https://www.djcbsoftware.nl/code/mu/mu4e.html

@drwho @rysiek @lattera
So riot.im is a good option too, but after moving so many people to Signal... complicated. Briar looks excellent, the process of adding contacts could be cumbersome though.

@drwho @rysiek @lattera they did, but still work, if you use a BSD you have no other choice for Signal on desktop.

Recently on the forum I proposed to get a setting for the proxy, and they were reluctant, too much complication for the average user. But I think a lot of the people that use Signal will run TOR too. Makes sense to me. But is the way it is.

@rysiek @lattera also non BSD compatible. Signal is great but some decisions puzzle me. Before they choose a chrome app. Also very "portable". Actually I have my chromium mostly because of it.

Foreign interference on May 25th referendum 🇮🇪

#repealthe8th

http://www.thejournal.ie/facebook-referendum-4007469-May2018/

Foreign interference:

http://www.thejournal.ie/facebook-referendum-4007469-May2018/

Foreign interference:

Les comento que estamos trabajando en el proyecto @PrivacidadGlobal y dentro del mismo hemos creado un foro anónimo para hacer preguntas sobre privacidad y anonimato.
¡Juntos aprendamos a protegernos mejor!
http://kbofqp5albsmiqqw.onion

Para acceder necesitas tener instalado el navegdor Tor:
https://www.torproject.org/download/download-easy.html.es

O desde Android con Orbot + Orfox ;)

¡Usen un seudónimo y un correo alternativo o falso! No es necesario el correo para el registro

Skynet -1

https://hooktube.com/watch?v=bd1mEm2Fy08

Photocopy machines store all documents ever scanned on harddrives (at least the high end). CBS bought 4 random to see what they could find:

https://twitter.com/thememoryhole2/status/994641217957826562?s=19

Photocopy machines store in hardrive all documents ever scanned. CBS bought 4 random to see what they could find:

On the contrary to the expected, the cambridge analytica affair has only attracted more attention on the power of social networks where users are profiled, it has been massive. This is the next level of lobbying.

#privacy

https://www.thejournal.ie/google-bans-eighth-referendum-ads-abroad-4001776-May2018/