If people want to keep things safe and secure maybe they should just not do things which they wouldn't want other people to see so they don't have to worry
teaching people to secure their shit so they can do what the fuck they want
Privacy/security Show more
Since apparently this needs iterating, this is absolutely a security issue and not just a privacy one. Cloud backup, private sharing via SM, direct messaging, media texts, phone back ups... They're commonplace and often easily accessed via web/apps. You should have privacy by default. Telling people not to do things because others may be malicious is unfair and pointless, they'll still do it. Making sure they know how to do it as securely as possible so it remains private is key.
@sophia Two Foot Authentication 😎
@sophia two finger arousement
@sophia If I 2FA on your masto server, wouldn't that mean you'd have access to my phone number. Which would be a huge security risk in that I could get rick-rolled AT ANY TIME.
@diffractie No, because we use authenticators not texts
@sophia I feel like TOR would be much more effective than a single point of data exit.
@sophia i read "pet a vpn". That was weird
@sophia I think about this a lot but am never clear as to what country to outsource my traffic to.
@sophia I have a plan for distributing mass amounts of encrypted dick pics that will grind government listening operations to a hault.
@Shitlord As long as I don't have to see them that sounds great, have at it
@sophia no one sees them, see. It's a file sharing protocol, I'll call it d2u. The sharing works for the encryption. Gathering random data from p2p network handoffs and encrypting already encrypted files over and over again and sharing them on the massive scale. The rub is the government will need to make sure there's nothing secret being shared and will dedicate all their resources to cracking these files and get nothing but dick pics.
@sophia thanks for reminding me to turn mine on
@sophia I wonder how much would the tor browsing performance go up if we could download the site files in parallel through many circuits.
@tethre @sophia The traffic metrics of the project seem to disagree with this statement. https://metrics.torproject.org/bandwidth-flags.html
Exit nodes are the ones that have more bandwidth and the number goes up even more if you take into account guard+exit.
@tethre @sophia The green stripe is for guard and exit. In a shortage of exit the green ones would act as exists. Also the total bandwidth of exit+guards is almost 100 Gbits/s while only a bit less than 50Gbits/s are consumed on average. For guard only relays the ratio is even smaller.
From that we can conclude that the slowness of the tor network is mostly due to the length of the circuits.
@KatGoesWoof they still look thinner than the rest of the bands, and so maybe it really is about the cryptographic computations that are necessary, and as establishing a circuit takes cryptographic computations it's better to chill a bit in this regard?
@tethre Yeah, they are thiner but neither is close to their limits. The computations are not very expensive it's pretty much the same as HTTPS. I really thing the cause would be the length of the circuits. Like I said before, all nodes can have an 1MB/s connection but if it takes 4 seconds for a packet to arrive at the destination you in effect only have 250KB/s.
@KatGoesWoof idk. somewhere in here you are mixing up response times and bandwith for sure!
like, if bandwith is not the problem, then downloading 1 GB of data over Tor should be about as fast as without: you have the initial three hops for the request, and three hops for the answer. but the rest should go in one stream just as fast as it can go, no?
@tethre Both are related, to calculate the actual transfer ratio of a connection you send/receive a file of size M and times how long the process takes in seconds, S, then do M/S. Even if each hop in the circuit has a connection of 1MB/s with it's neighbors the time it takes for you to send and receive from the destination is increased and therefore the connection speed is reduced.
@tethre It gets even worse if you consider that you have to send a request and then receive the answer and that for hidden services everything is times 2 because the server has it's own circuit.
@tethre Also, I'm chill. This is not an autistic e-rage. I'm talking a lot about this subject because I have given some thought to it and considered implementing a solution for a while but got other more important things(hentai hoarding) on my schedule.
@tethre @sophia Plus bandwidth limitation of the nodes is not the only factor determining the end user's transfer ratios. If all the three nodes in your circuit have a 1MB/s connection and you want to send or receive 1MB it will actually take 4 seconds (Src [1s]-> A [1s]-> B [1s]-> C [1s]-> Dest). It will appear as 250KB/s.
With two parallel circuits and sending 512KB on each one you would have:
Circuit 1: (Src [0,5s]-> A [0,5s]-> B [0,5s]-> C [0,5s]-> Dest) = 2 seconds
Circuit 2: (Src [0,5s]-> A [0,5s]-> B [0,5s]-> C [0,5s]-> Dest) = 2 seconds
But with those two circuits in parallel the transaction would only take 2 seconds.
@sophia if someone says privacy is unimportant because they have nothing to hide, they might as well say free speech is unimportant because they have nothing to say.
@kev It's eternally frustrating that people make basic rights to privacy, and that being maliciously infringed upon, some kind of personal moral failing somehow. "Just don't do it" is aimed very much in the wrong direction.
Wait these things are supposed to be ironic
If abstinence-only sex education leads to more unplanned pregnancies, what can we deduce about abstinence-only security education...?
"Just don't own a smartphone or facebook or anything with a microphone really" is sound advice that absolutely no one is going to follow .
All the best security advice I've ever heard has been "ok if you're going to use that, here's some things that will make you less of an open book.
Harm reduction is the shit.
@sophia the Last Week Tonight interview with Edward Snowden is worth watching, if only because they go through every US government surveillance program and ask "can they see my penis?"
Harming companies business who make it all by gathering data is way more efficient. We should learn numeric hygiena, but that is not enough, we should not have to learn to be a sysadmin to have our rights respected
'Commander Vimes didn't like the phrase 'The innocent have nothing to fear', believing the innocent had everything to fear, mostly from the guilty but in the longer term even more from those who say things like 'The innocent have nothing to fear'.'
@sophia my brother-in-law once told me he didnt need to have a complex password on his banking-related accounts because the bank was FDIC insured 🤯
sparkle sparkle, bitches