In-reply-to » my first thought is that encrypting messages with Elliptic keys is not as easy as with RSA, although I tried doing something similar a few months ago with ECIES https://github.com/eapl-gemugami/owl/blob/main/src/app/controller/ecies_demo.php

a year ago I had a struggle to find documentation about it and now it seems there are more examples, cool!

⤋ Read More
In-reply-to » interesting idea. I'm not personally interested on having DM conversations on twtxt (for now), although I see the community could be interested in.

I agree 🙂, although it’s easy to lose comments over time and are not so grouped by topic, it’s not so easy to vote or make a survey about it…

I prefer a forum for that 😊

⤋ Read More
In-reply-to » It's ok for most encrypted protocols (In salty you can fetch other messages but can't decrypt). Btw i think recipient can be removed so if someone seen message they tried to decypt, if can't - its not message to you

here are a few ideas you might take into consideration when designing a secure IM https://developer.virgilsecurity.com/docs/e3kit/fundamentals/secure-instant-messaging/

Obviously if you’ve worked on something similar, you already know it, he

⤋ Read More
In-reply-to » It's ok for most encrypted protocols (In salty you can fetch other messages but can't decrypt). Btw i think recipient can be removed so if someone seen message they tried to decypt, if can't - its not message to you

I made a draft of an “encrypted public messenger”, which was basically a Feed for an address derivate from the public ket, let’s say ‘abcd..eaea’

Anyone could check, “are there any messages for my address?” and you get a whole list of timestamps and encrypted stuff.

Inside the encrypted message is a signature from the sender. That way you ‘could’ block spam.

Only the owner of the private key could see who sent what, and so…

And even with that my concussion was that users expectations for a private IM might be far away from my experiment.

⤋ Read More
In-reply-to » It's ok for most encrypted protocols (In salty you can fetch other messages but can't decrypt). Btw i think recipient can be removed so if someone seen message they tried to decypt, if can't - its not message to you

It is not possible to remove it, otherwise you do not know that the message is for you. With that information you can’t decrypt.

⤋ Read More
In-reply-to » I want to share a little idea for a new extension with the goal of adding direct messages in #twtxt https://github.com/tanrax/twtxt-direct-message-extension

@prologic@twtxt.net @lyse@lyse.isobeef.org First, please leave me your comments on the repository! Even if it’s just to give your opinion on what shouldn’t be included. The more variety, the better.

Second, I’m going to try to do tests with Elliptic keys and base64. Thanks for the advice @eapl@eapl.me

Finally, I’d like to give my opinion. Secure direct messages are a feature that ActivityPub and Mastodon don’t have, to give an example. By including it as an extension, we’re already taking a significant leap forward from the competition. Does it make sense to include it in a public feed? In fact, we’re already doing that. When we reply to a user, mentioning them at the beginning of the message, it’s already a direct message. The message is within a thread, perhaps breaking the conversation. Direct messages would help isolate conversations between 2 users, as well as keeping a thread cleaner and maintaining privacy. I insist, it’s optional, it doesn’t break compatibility with any client and implementing it isn’t complex. If you don’t like it, you’re free to not use it. If you don’t have a public key, no one can send you direct messages.

⤋ Read More
In-reply-to » I haven't read the entire specification, but I think there is a fundamental design problem. Why would someone put an encrypted message on a public feed that is completely useless to everybody other than the one recipient? This doesn't make sense to me. It of course depends on the threat model, but wouldn't one also want to minimize the publicly visible metadata (who is communicating with whom and when) when privately messaging? I feel there are better ways to accomplish this. Sorry, if I miss the obvious use case, please let me know. :-)

@lyse@lyse.isobeef.org This is a good point.

⤋ Read More
In-reply-to » It's ok for most encrypted protocols (In salty you can fetch other messages but can't decrypt). Btw i think recipient can be removed so if someone seen message they tried to decypt, if can't - its not message to you

@doesnm@doesnm.p.psf.lt That’s actually not true, because you’d have to know the target you’re interested in, in the first place. Inboxes in Salty.IM are deliberately shahed for this reason. So whilst you may know your own inbox address, etc, I (as an arbitrary bad actor) wouldn’t easily be able to guess (let alone brute force) my way to another inbox address of an interested party.

⤋ Read More
In-reply-to » I haven't read the entire specification, but I think there is a fundamental design problem. Why would someone put an encrypted message on a public feed that is completely useless to everybody other than the one recipient? This doesn't make sense to me. It of course depends on the threat model, but wouldn't one also want to minimize the publicly visible metadata (who is communicating with whom and when) when privately messaging? I feel there are better ways to accomplish this. Sorry, if I miss the obvious use case, please let me know. :-)

It’s ok for most encrypted protocols (In salty you can fetch other messages but can’t decrypt). Btw i think recipient can be removed so if someone seen message they tried to decypt, if can’t - its not message to you

⤋ Read More
In-reply-to » Friendly, regular reminder to always check if a TV show has already been cancelled before you start watching it.

I remember starting that one.. it was a bit gratuitous for me to get past the first few episodes.

⤋ Read More
In-reply-to » which show?

my goto’s are the Expanse, the Magicians, XFiles, House, Umbrella Academy, Orphan Black, 12 Monkeys, the star treks (DS9 especially)

i have probably watched through them a half dozen times each. some more :D

⤋ Read More
In-reply-to » @movq Woah, that sun from satellite SDO is fucking sick! https://social.bund.de/system/media_attachments/files/113/859/065/836/106/300/original/95b43f7a0086476d.jpeg

Just threw this RSS feed into Newsboat. The titles suck, but I hope the content makes up for it. :-)

⤋ Read More
In-reply-to » Clouds are hiding the planets right now, but the sky was slightly on fire before: https://lyse.isobeef.org/abendhimmel-2025-01-20/

@movq@www.uninformativ.de Speaking of fog, a workmate showed me his view out of the window today and you couldn’t even see a hundred meters. Looked really nice! :-) We actually had a little bit of sun over here.

⤋ Read More
In-reply-to » I want to share a little idea for a new extension with the goal of adding direct messages in #twtxt https://github.com/tanrax/twtxt-direct-message-extension

I haven’t read the entire specification, but I think there is a fundamental design problem. Why would someone put an encrypted message on a public feed that is completely useless to everybody other than the one recipient? This doesn’t make sense to me. It of course depends on the threat model, but wouldn’t one also want to minimize the publicly visible metadata (who is communicating with whom and when) when privately messaging? I feel there are better ways to accomplish this. Sorry, if I miss the obvious use case, please let me know. :-)

⤋ Read More
In-reply-to » I want to share a little idea for a new extension with the goal of adding direct messages in #twtxt https://github.com/tanrax/twtxt-direct-message-extension

another one would be to allow changing public keys over time (as it may be a good practice [0]). A syntax like the following could help to know what public key you used to encrypt the message, and which private key the client should use to decrypt it:

!<nick url> <encrypted_message> <public_key_hash_7_chars>

Also I’d remove support for storing the message as hex, only allowing base64 (more compact, aiming for a minimalistic spec, etc.)

[0] https://www.brandonchecketts.com/archives/its-2023-you-should-be-using-an-ed25519-ssh-key-and-other-current-best-practices

⤋ Read More
In-reply-to » I want to share a little idea for a new extension with the goal of adding direct messages in #twtxt https://github.com/tanrax/twtxt-direct-message-extension

interesting idea. I’m not personally interested on having DM conversations on twtxt (for now), although I see the community could be interested in.

I’d suggest to enable the Discussion section in your Github repo to receive comments, as we did for timeline https://github.com/sorenpeter/timeline/discussions

⤋ Read More

Tolle Wurst: vTuner hat den Support für das Küchenradio (Sagem - My Dual Radio 700) eingestellt. Die Subdomain sagem.vtuner.com ist nicht mehr.
Mal gucken, wie ich mit einer DNS-Umleitung und YCast wieder Klang in die Kiste kriege. Es wäre schade um das Gerät, welches einwandfrei funktioniert.

⤋ Read More
In-reply-to » Google Begins Requiring JavaScript For Google Search Google says it has begun requiring users to turn on JavaScript, the widely-used programming language to make web pages interactive, in order to use Google Search. From a report: In an email to TechCrunch, a company spokesperson claimed that the change is intended to "better protect" Google Search against malicious activity, such as bots and spam, and to improve the over ... ⌘ Read more

@slashdot@feeds.twtxt.net Who the F+++ still uses goo’s search engine anyway xD Shout out to all my homies hosting a Searx instance 😂🤘

⤋ Read More

#selfhosting is a privilege.

Sure, I agree: it is the best option in many cases, and in some cases it feels like the only option - if you care for things like safety and privacy.

But us - the same community that usually promotes self-hosting - should also be aware that it is a means to an end, we should understand the reasons why it is a good idea… and also design “the fallback” for those who cannot, for some reason, self-host.

And we know how to do that: just look at the healthy community of fediverse servers that are out there, not in competition but in cooperation with a number self-hosted single-user instances. But we don’t do it/have the same ecosystem in many other fields.

And self-hosting is a privilege: it demands more financial investment, more time investment, and has some potentially expensive dependencies (stable 24/7/365 internet connection and electricity, for eg.).

Just like the “path to #freesoftware” is a ladder and not a binary switch, service autonomy/independence/sovereignty is too (an often they are even related - how many “need” to use some proprietary app in order to access to a certain service they are dependent of?).

⤋ Read More
In-reply-to » Cleaning up some of the 500 open tabs on my phone. I realized that if I don’t have some place to stash the good ones, I won’t go through any. http://a.9srv.net/b/2025-01-16

I tried using Firefox Focus as my default browser for a while but it was to extreme. It’s still the only one on my home screen. 50-60 is sort of my intent, but then it keeps being “just one more…”.

⤋ Read More

EdgeGuard Update:

I am now in a position where I’m no longer having any ports open on my firewall at the Mills DC. 🥳 All services (Gopher, SMTP, IRC, SSH, HTTP) are being proxied through my edge network 💪

⤋ Read More
In-reply-to » Google Begins Requiring JavaScript For Google Search Google says it has begun requiring users to turn on JavaScript, the widely-used programming language to make web pages interactive, in order to use Google Search. From a report: In an email to TechCrunch, a company spokesperson claimed that the change is intended to "better protect" Google Search against malicious activity, such as bots and spam, and to improve the over ... ⌘ Read more

Of course they do

⤋ Read More