mosiacmango @ mosiacmango @lemm.ee

Posts

0

Comments

2,597

Joined

2 yr. ago

E2EE means a 3rd party cant extract anything in the messages at all, by definition.

If they are doing the above, it's not E2EE, and they are liable for massive legal damages.

Thats below market for a 40hr week in San Francisco for a software dev. From levels.fyi, which allows people to confirm their employment anonymously:

The average Software Engineer salary range in San Francisco Bay Area, CA is from $195,000 to $350,000. Last updated: 12/3/2024

Town is wildly overpriced, and hes paying about 1/4th what he should be for 84 hrs/week.

Thank you. I had trouble running down a list.

I do consider Signal to be a more trustworthy org than Google clearly, but find this quibbling about them "maybe putting a super secret backdoor in the e2ee they use to compete with iMessage" to be pretty clear FUD.

Not that I can find. Can you post Signals most recent independent audit?

Many of these orgs don't post public audits like this. Its not common, even for the open source players like Signal.

What we do have is a megacorp stating its technical implementation extremely explicitly for a well defined security protocol, for a service meant to directly compete with iMessage. If they are violating that, it opens them up to huge legal liability and reputational harm. Neither of these is worth data mining this specific service.

That's a different threat model that verges on "most astonishing corporate espinoage in human history and greatest threat to corporate personhood" possible for Google. It would require thousands if not tens of thousands of Google employees coordinating in utter secrecy to commit an unheard of crime that would be punishable by death in many circumstances.

If they have backdoored all android phones and are actively exploting them in nefarious ways not explained in their various TOS, then they are exposing themselves to ungodly amounts of legal and regulatory risks.

I expect no board of directors wants a trillion dollars of company worth to evaporate overnight, and would likely not be okay backdooring literally billions of phones from just a fiduciary standpoint.

Its a specific, technical phrase that means one thing only, and yes, googles RCS meets that standard:

https://support.google.com/messages/answer/10262381?hl=en

How end-to-end encryption works

When you use the Google Messages app to send end-to-end encrypted messages, all chats, including their text and any files or media, are encrypted as the data travels between devices. Encryption converts data into scrambled text. The unreadable text can only be decoded with a secret key.

The secret key is a number that’s:

Created on your device and the device you message. It exists only on these two devices.

Not shared with Google, anyone else, or other devices.

Generated again for each message.

Deleted from the sender's device when the encrypted message is created, and deleted from the receiver's device when the message is decrypted.

Neither Google or other third parties can read end-to-end encrypted messages because they don’t have the key.

They have more technical information here if you want to deep dive about the literal implementation.

You shouldn't trust any corporation, but needless FUD detracts from their actual issues.

The messages are signed by cryptographic keys on the users phones that never leave the device. They are not decryptable in any way by google or anyone else. Thats the very nature of E2EE.

How end-to-end encryption works

When you use the Google Messages app to send end-to-end encrypted messages, all chats, including their text and any files or media, are encrypted as the data travels between devices. Encryption converts data into scrambled text. The unreadable text can only be decoded with a secret key.

The secret key is a number that’s:

Created on your device and the device you message. It exists only on these two devices.

Not shared with Google, anyone else, or other devices.

Generated again for each message.

Deleted from the sender's device when the encrypted message is created, and deleted from the receiver's device when the message is decrypted.

Neither Google or other third parties can read end-to-end encrypted messages because they don’t have the key.

They cant fuck with it, at all, by design. That's the whole point. Even if they created "archived" messages to datamine, all they would have is the noise.

This part is likely, but not what we are talking about. Who you know and how you interact with them is separate from the fact that the content of the messages is not decryptable by anyone but the participants, by design. There is no "quasi" end to end. Its an either/or situation.

Thats a different tech. End to end is cut and dry how it works. If you do anything to data mine it, it's not end to end anymore.

Only the users involved in end to end can access the data in that chat. Everyone else sees encrypted data, i.e noise. If there are any backdoors or any methods to pull data out, you can't bill it as end to end.

End to end is end to end. Its either "the devices sign the messages with keys that never leave the the device so no 3rd party can ever compromise them" or it's not.

Signal is a more trustworthy org, but google isn't going to fuck around with this service to make money. They make their money off you by keeping you in the google ecosystem and data harvesting elsewhere.

What's the context? Just an original concept that uses the Simpsons character as a spring board? Or is it a mashup between a couple of different sources?

That scam is called "brushing."

Amazon does have a report process for it, but yeah it's most likely to go into the Ai chipper.

No real justice for those women he raped, but at least he wont hurt anyone else now.

EDIT:

Jesus, this guy was an immense piece of ACAB shit for 35 years. The above barely scratches his evil. Read the whole article to see just a list of crimes and abuse:

The inquiry into Golubski stems from the case of Lamonte McIntyre, who started writing to McCloskey’s nonprofit nearly two decades ago.

McIntyre was just 17 in 1994 when he was arrested and charged in connection with a double homicide, within hours of the crimes. He had an alibi; no physical evidence linked him to the killings; and an eyewitness believed the killer was an underling of a local drug dealer. Golubski and the dealer have since been charged in a separate federal case of running a violent sex trafficking operation.

The eyewitness only testified that McIntyre was the killer after Golubski and a now disbarred attorney threatened to take her children away, she alleged in a lawsuit.

McIntyre’s mother said in a 2014 affidavit that she wonders whether her refusal to grant regular sexual favors to Golubski prompted him to retaliate against her son.

In 2022, the local government agreed to pay $12.5 million to McIntyre and his mother to settle a lawsuit after a deposition in which Golubski invoked his Fifth Amendment right to remain silent 555 times. The state also paid McIntyre $1.5 million.

A bullet on his back porch was far too kind for this motherfucker.

"Ouch."

That's a lot of words to say "I was wrong about windows not having built in tooling" but you did include it, so good on you.

Linux being mainly enthusiasts is a detriment, not a positive. Windows appealing to everyone is something Linux needs to work more towards, and thankfully it slowly is. Bifurcating the different use cases into "no, only enthusiasts over here in linux land and you casuals over on windows" is a problem, not the solution.

Both OSs can be used for serious or casual purposes. That should be applauded, and the better elements of both should be considered honestly. Making easily rebuffed strawmen about what Windows can or cant do isn't helpful to anyone.

Im sure there are linux users that don't ever use ssh and would look at you quizzically if you asked them about bash. The fact that linux has built more of an enthusiast community doesn't change the operating system. I would be entirely wrong if I said you had to install a tightVNC viewer/server to connect to a remote linux system, or install golang to write a simple linux script.

You should criticize Windows, as it's woefully user hostile, but do so in a reasonable way. Pretending that it doesn't have excellent built in tooling doesn't help your case.

The relays are test level only. They are at the stage where people are dipping their toys in the water to see if it's actually a resilient protocol.

There are no viable alternatives right now, and there may never be.

Lots of that is the steamdeck, so it's a bit hard to say if even that lackluster improvement means actual Linux OS usage past "platform for an app that users dont leave."

These are aspirational goals and not at all actively true now. They are technically possible, but not actually viable as a social media network.

Its design was based on a drop in for twitter, and will always require a megacorp sized entity for it to operate, due to a "god's eye view of all data" model requiring huge, faste data lifts to exist at all.

Best case is some opensource org like internet archive/wikipedia willing to spend 6-7 figures/month(raw costs +engineering talent) on running the service, but so far none have.