HyperfocusSurfer

joined 2 months ago

Only the hunt for the red hexobear

It's not about the past vs present, it's about them solving an issue that didn't exist in the first place. Like who the hell thinks it's a good idea to let cars connect to the internet? Except car manufacturers who decided cars became too cheap for their tastes so it'd be nice to data-mine the customers as well. Enshitification 101, that's all I'm saying.

[–] HyperfocusSurfer@lemmy.dbzer0.com 2 points 10 hours ago (4 children)

Yeah, so how about they pull their heads out of their asses and fucking stop making cars computers on wheels? That might help a bit.

Or -- hear me out -- restore shit yourself via edl

Oh no... Anyways,

* Adds a filter for the pop-up*

Sucksung customers, iirc, at least have an option to unlock the bootloader and install a custom ROM that doesn't phone corporates whatsoever. Iphones, tho, will always phone crapple, so that's a questionable choice as well.

[–] HyperfocusSurfer@lemmy.dbzer0.com 2 points 5 days ago (2 children)

Except working without play services, that is, and some of us aren't fans of having those around.

Because cryptography is hard, especially when you're trying to do it in a user-friendly manner, with syncing encrypted conversations between devices and whatnot. Like, it's kinda the whole reason why the classic reply to "how do I make my own encryption algorithm" is "don't".

Also, with proprietary platforms you can't make sure stuff's encrypted the way they say it is

[–] HyperfocusSurfer@lemmy.dbzer0.com 2 points 1 week ago* (last edited 1 week ago) (2 children)

I guess it can be done relatively securely using both the password and the code to derive the encryption key while not storing it on the servers (while 2fa isn't of any help here given it's kinda random with shared seed). I, however, doubt it's done that way: 1st of all, decryption should then only be possible after one enters their account password for the second time, as well as the conversation password (since the password shouldn't be stored in plaintext after you've entered it), and, secondly, that'll basically drop the chat history as soon as one changes the password, which is neither convenient nor mentioned.

Then, if it works how I assume it does, i.e. the actual encryption key is stored on the xitter's servers and only retrieved once you enter the encryption password, then they can decrypt your messages (either by immediately using that if the password just tells 'em who they should give the key to, or by bruteforcing the password if it decrypts/derives the actual key), which defeats the whole point of e2ee.

[–] HyperfocusSurfer@lemmy.dbzer0.com 6 points 1 week ago (4 children)

Lmfao, 4 digit password? That's like 1 femtosecond to bruteforce given whoever tries to access your messages isn't rate-limited *ahem, feds*

view more: next ›