hessen.social

0 Beiträge0 Beteiligte0 Beiträge heute

Flipboard Tech DeskU.S. immigration is asking the public for feedback on a new proposal to collect social media handles from people applying for green cards and citizenship. Free speech advocates are concerned over how expanded social media surveillance could impact asylum seekers, green card and citizenship applicants already living in the U.S. legally. <a href="https://flipboard.com/@AssociatedPress" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@AssociatedPress</a> explains what the proposal means and how it might change online surveillance. <a href="https://flip.it/lezXKM" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://flip.it/lezXKM</a><a href="https://flipboard.social/tags/SocialMedia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SocialMedia</a> <a href="https://flipboard.social/tags/OnlineSurveillance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OnlineSurveillance</a> <a href="https://flipboard.social/tags/OnlinePrivacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OnlinePrivacy</a> <a href="https://flipboard.social/tags/FreeSpeech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FreeSpeech</a> <a href="https://flipboard.social/tags/USImmigration" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#USImmigration</a>

Kalvin Carefour Johnny<a href="https://mastodon.online/@emmalbriant" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@emmalbriant</a> This is an achievement toward freeing humanity from exploitation. Now, I will ensure that Malaysians and the whole world also have the option to opt out of targeted advertisements, tracking, and surveillance by default. 😎 <a href="https://disabled.social/tags/PrivacyMatters" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PrivacyMatters</a> <a href="https://disabled.social/tags/NoTracking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NoTracking</a> <a href="https://disabled.social/tags/SurveillanceFree" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SurveillanceFree</a> <a href="https://disabled.social/tags/OptOutByDefault" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OptOutByDefault</a> <a href="https://disabled.social/tags/DigitalFreedom" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DigitalFreedom</a> <a href="https://disabled.social/tags/OnlinePrivacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OnlinePrivacy</a> <a href="https://disabled.social/tags/NoTargetedAds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NoTargetedAds</a> <a href="https://disabled.social/tags/PrivacyRights" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PrivacyRights</a> <a href="https://disabled.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CyberSecurity</a> <a href="https://disabled.social/tags/TechForGood" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TechForGood</a>

Definitely Doc DBest alternative to Google Maps? I'm working to get Google out of my life and data, and that map app is the next step, once I finally shake gmail loose. <a href="https://urbanists.social/tags/googlemaps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#googlemaps</a> <a href="https://urbanists.social/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Google</a> <a href="https://urbanists.social/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#privacy</a> <a href="https://urbanists.social/tags/onlineprivacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#onlineprivacy</a> <a href="https://urbanists.social/tags/datasecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#datasecurity</a> <a href="https://urbanists.social/tags/bigtech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bigtech</a> <a href="https://urbanists.social/tags/broligarchy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#broligarchy</a>

Gardiner BryantI was afforded the opportunity to give my talk "But I Have Nothing to Hide: Common Sense Steps to Securing Your Online Privacy" at the <a href="https://pixelfed.social/discover/tags/Orono?src=hash" class="u-url hashtag" rel="nofollow noopener noreferrer" target="_blank">#Orono</a> Public Library this afternoon. For a rainy day we had a good and engaged turnout! I'm so proud to be able to help my fellow <a href="https://pixelfed.social/discover/tags/mainers?src=hash" class="u-url hashtag" rel="nofollow noopener noreferrer" target="_blank">#mainers</a> securing their <a href="https://pixelfed.social/discover/tags/OnlinePrivacy?src=hash" class="u-url hashtag" rel="nofollow noopener noreferrer" target="_blank">#OnlinePrivacy</a> and <a href="https://pixelfed.social/discover/tags/DigitalAutonomy?src=hash" class="u-url hashtag" rel="nofollow noopener noreferrer" target="_blank">#DigitalAutonomy</a>! <a href="https://pixelfed.social/discover/tags/Privacy?src=hash" class="u-url hashtag" rel="nofollow noopener noreferrer" target="_blank">#Privacy</a> <a href="https://pixelfed.social/discover/tags/PrivacyAdvocate?src=hash" class="u-url hashtag" rel="nofollow noopener noreferrer" target="_blank">#PrivacyAdvocate</a> <a href="https://pixelfed.social/discover/tags/FreeSpeech?src=hash" class="u-url hashtag" rel="nofollow noopener noreferrer" target="_blank">#FreeSpeech</a> <a href="https://pixelfed.social/discover/tags/OpenSouce?src=hash" class="u-url hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenSouce</a> <a href="https://pixelfed.social/discover/tags/Signal?src=hash" class="u-url hashtag" rel="nofollow noopener noreferrer" target="_blank">#Signal</a> <a href="https://pixelfed.social/discover/tags/ProtonMail?src=hash" class="u-url hashtag" rel="nofollow noopener noreferrer" target="_blank">#ProtonMail</a> <a href="https://pixelfed.social/discover/tags/Maine?src=hash" class="u-url hashtag" rel="nofollow noopener noreferrer" target="_blank">#Maine</a> <a href="https://blog.gardinerbryant.com/2025/but-i-have-nothing-to-hide/" rel="nofollow noopener noreferrer" target="_blank">https://blog.gardinerbryant.com/2025/but-i-have-nothing-to-hide/</a>

Flipboard Tech DeskThe U.K. data watchdog, The Information Commissioner's Office, is launching an investigation into TikTok's use of children's personal information to recommend content to them. <a href="https://flipboard.com/@BBCNews" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@BBCNews</a> reports: <a href="https://flip.it/7h3jjq" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://flip.it/7h3jjq</a><a href="https://flipboard.social/tags/TikTok" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TikTok</a> <a href="https://flipboard.social/tags/SocialMedia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SocialMedia</a> <a href="https://flipboard.social/tags/OnlinePrivacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OnlinePrivacy</a> <a href="https://flipboard.social/tags/Tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Tech</a>

b-rain<a href="https://troet.cafe/tags/zuckerberg" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#zuckerberg</a> <a href="https://troet.cafe/tags/humor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#humor</a> <a href="https://troet.cafe/tags/meme" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#meme</a> <a href="https://troet.cafe/tags/onlinePrivacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#onlinePrivacy</a>

Flipboard Tech DeskDespite some 60 countries signing a statement on AI safety, security and ethics at the Paris AI summit last week, experts are still calling it a "missed opportunity." <a href="https://flipboard.com/@euronews" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@euronews</a> explains why.<a href="https://flip.it/kuzuqQ" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://flip.it/kuzuqQ</a><a href="https://flipboard.social/tags/AI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AI</a> <a href="https://flipboard.social/tags/AISafety" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AISafety</a> <a href="https://flipboard.social/tags/OnlineSafety" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OnlineSafety</a> <a href="https://flipboard.social/tags/OnlinePrivacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OnlinePrivacy</a> <a href="https://flipboard.social/tags/BigTech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BigTech</a>

mindsConnected<a href="https://mastodon.social/tags/Google" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Google</a> implements new <a href="https://mastodon.social/tags/fingerprinting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#fingerprinting</a> rules, when it was originally against the idea back in 2019. The mass exodus to <a href="https://mastodon.social/tags/DuckDuckGo" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DuckDuckGo</a> and even <a href="https://mastodon.social/tags/Firefox" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Firefox</a> shall begin following that announcement... <a href="https://mindsconnect.jcink.net/index.php?showtopic=1004&view=getnewpost" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://mindsconnect.jcink.net/index.php?showtopic=1004&view=getnewpost</a> <a href="https://mastodon.social/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#privacy</a> <a href="https://mastodon.social/tags/internet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#internet</a> <a href="https://mastodon.social/tags/data" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#data</a> <a href="https://mastodon.social/tags/advertising" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#advertising</a> <a href="https://mastodon.social/tags/marketing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#marketing</a> <a href="https://mastodon.social/tags/onlineprivacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#onlineprivacy</a>

Blaidd Drwg<a href="https://mastodon.art/tags/USpol" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#USpol</a> <a href="https://mastodon.art/tags/maps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#maps</a> <a href="https://mastodon.art/tags/GulfOfMexico" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GulfOfMexico</a> Just one more reason for me to continue using Here WeGo maps instead of G**gle <a href="https://wego.here.com" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://wego.here.com</a>I know there are others and I'm trying them out as well, but I've been using Here WeGo for a few years and it works on our phones as well as on my desktop, so it does what I need it to do.<a href="https://mastodon.art/tags/InternetPrivacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InternetPrivacy</a> <a href="https://mastodon.art/tags/BeCarefulOutThere" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BeCarefulOutThere</a> <a href="https://mastodon.art/tags/Antifa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Antifa</a> <a href="https://mastodon.art/tags/OnlinePrivacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OnlinePrivacy</a>

The Conversation U.S.State laws are working to protect teens on <a href="https://newsie.social/tags/socialmedia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#socialmedia</a> with measures like parental consent and ad restrictions. Federal action is still uncertain, with the Trump administration's stance unclear. <a href="https://theconversation.com/teens-on-social-media-red-blue-and-purple-states-are-all-passing-laws-to-restrict-and-protect-adolescents-245916" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://theconversation.com/teens-on-social-media-red-blue-and-purple-states-are-all-passing-laws-to-restrict-and-protect-adolescents-245916</a> <a href="https://newsie.social/tags/onlineprivacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#onlineprivacy</a> <a href="https://newsie.social/tags/mentalhealth" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#mentalhealth</a>

Sikorski Arkadiusz<a href="https://mastodon.internet-czas-dzialac.pl/@arek" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@arek</a> Facebook takeout. Instagram <a href="https://mastodon.pirateparty.be/tags/takeout" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#takeout</a>. WhatsApp takeout. All Meta data takeout i można spokojnie jeść popcorn patrząc...<a href="https://mastodon.pirateparty.be/tags/fullswing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#fullswing</a> <a href="https://mastodon.pirateparty.be/tags/wargame" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#wargame</a> <a href="https://mastodon.pirateparty.be/tags/DataPrivacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DataPrivacy</a> <a href="https://mastodon.pirateparty.be/tags/TakeoutData" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TakeoutData</a> <a href="https://mastodon.pirateparty.be/tags/ProtectYourData" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ProtectYourData</a> <a href="https://mastodon.pirateparty.be/tags/PrivacyMatters" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PrivacyMatters</a> <a href="https://mastodon.pirateparty.be/tags/DataSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DataSecurity</a> <a href="https://mastodon.pirateparty.be/tags/OnlinePrivacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OnlinePrivacy</a> <a href="https://mastodon.pirateparty.be/tags/DataProtection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DataProtection</a>

rijoICYMI: UK data watchdog allows 'consent or pay' model for online publishers <a href="https://ppc.land/uk-data-watchdog-allows-consent-or-pay-model-for-online-publishers/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://ppc.land/uk-data-watchdog-allows-consent-or-pay-model-for-online-publishers/</a> <a href="https://frankfurt.social/tags/DataProtection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DataProtection</a> <a href="https://frankfurt.social/tags/OnlinePrivacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OnlinePrivacy</a> <a href="https://frankfurt.social/tags/DigitalAdvertising" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DigitalAdvertising</a> <a href="https://frankfurt.social/tags/PersonalizedAds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PersonalizedAds</a> <a href="https://frankfurt.social/tags/Consent" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Consent</a>

rijoUK data watchdog allows 'consent or pay' model for online publishers <a href="https://ppc.land/uk-data-watchdog-allows-consent-or-pay-model-for-online-publishers/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://ppc.land/uk-data-watchdog-allows-consent-or-pay-model-for-online-publishers/</a> <a href="https://frankfurt.social/tags/DataProtection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DataProtection</a> <a href="https://frankfurt.social/tags/OnlinePrivacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OnlinePrivacy</a> <a href="https://frankfurt.social/tags/PersonalizedAds" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PersonalizedAds</a> <a href="https://frankfurt.social/tags/DigitalMarketing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DigitalMarketing</a> <a href="https://frankfurt.social/tags/ConsentModel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ConsentModel</a>

SoatokDon’t Use Session (Signal Fork)Last year, I outlined the specific requirements that an app needs to have in order for me to <a href="https://soatok.blog/2024/07/31/what-does-it-mean-to-be-a-signal-competitor/" rel="nofollow noopener noreferrer" target="_blank">consider it a Signal competitor</a>.Afterwards, I had several people ask me what I think of a Signal fork called Session. My answer then is the same thing I’ll say today: Don’t use Session.The main reason I said to avoid Session, all those months ago, was simply due to <a href="https://web.archive.org/web/20241225131654/https://getsession.org/session-protocol-explained" rel="nofollow noopener noreferrer" target="_blank">their decision to remove forward secrecy</a> (which is an important security property of cryptographic protocols they inherited for free when they forked libsignal).Lack of forward secrecy puts you in the scope of <a href="https://www.cryptologie.net/article/372/key-compromise-impersonation-attacks-kci/" rel="nofollow noopener noreferrer" target="_blank">Key Compromise Impersonation (KCI) attacks</a>, which serious end-to-end encryption apps should prevent if they want to sit at the adults table. This is <a href="https://github.com/TokTok/c-toxcore/issues/426" rel="nofollow noopener noreferrer" target="_blank">why I don’t recommend Tox</a>.And that observation alone should have been enough for anyone to run, screaming, in the other direction from Session. After all, removing important security properties from a cryptographic security protocol is exactly the sort of thing a malicious government would do (especially if the cover story for such a change involves the introduction of swarms and “onion routing”–which computer criminals might think sounds attractive due to their familiarity with the Tor network).Unfortunately, some people love to dig their heels in about messaging apps. So let’s take a closer look at Session.<blockquote>I did not disclose this blog post privately to the Session developers before pressing publish.I do not feel that cryptographic issues always require coordinated disclosure with the software vendor. <a href="https://www.schneier.com/essays/archives/2007/01/schneier_full_disclo.html" rel="nofollow noopener noreferrer" target="_blank">As Bruce Schneier argues</a>, full disclosure of security vulnerabilities is a “damned good idea”.</blockquote>I have separated this blog post into two sections: Security Issues and Gripes.Security Issues<ol><li>Insufficient Entropy in Ed25519 Keys</li><li>In-Band Negotiation for Message Signatures</li><li>Using Public Keys as AES-GCM Keys</li></ol>Insufficient Entropy in Ed25519 KeysOne of the departures of Session from Signal is the use of Ed25519 rather than X25519 for everything.Ed25519 Keypairs generated from their <code>KeyPairUtilities</code> object <a href="https://github.com/session-foundation/session-android/blob/75e2b87278cc378e21b77b27fa1a2aa773d25520/app/src/main/java/org/thoughtcrime/securesms/crypto/KeyPairUtilities.kt#L15-L28" rel="nofollow noopener noreferrer" target="_blank">only have 128 bits of entropy</a>, rather than the ~253 bits (after clamping) you’d expect from an Ed25519 seed. <pre>fun generate(): KeyPairGenerationResult { val seed = sodium.randomBytesBuf(16) try { return generate(seed) } catch (exception: Exception) { return generate() }}fun generate(seed: ByteArray): KeyPairGenerationResult { val padding = ByteArray(16) { 0 } val ed25519KeyPair = sodium.cryptoSignSeedKeypair(seed + padding)</pre> As an implementation detail, they encode a recovery key as a “mnemonic” (see also: a gripe about their mnemonic decoding).Does This Matter?You might think that clearing the highest 128 bits of the Ed25519 seed is fine for one of the following reasons:<ol><li>It’s hashed with SHA512 before clamping.</li><li>Ed25519 only offers 128 bits of security.</li><li>Some secret third (and possibly unreasonable) argument.</li></ol>It’s true that Ed25519 targets the 128-bit security level, if you’re focused on the security of the Elliptic Curve Discrete Logarithm Problem (ECDLP).Achieving 128 bits of security in this model requires 256-bit secrets, since the best attack against the ECDLP finds a discrete logarithm in guesses.Additionally, having 256-bit secrets makes the multi-user security of the scheme easy to reason about, whereas 128-bit secrets makes it a lot harder. (This mostly comes up in criticism of AES, which has a 128-bit block size.)When your secret only has possible values, your multi-user security is no longer as secure as Ed25519 expects.Additionally, you can shove the SHA512 + clamping in your attack script (thus negating the first objection) and find the corresponding secret key in queries if you know the top 128 bits were initialized to 0, using a modified version of Pollard’s rho for discrete logarithms.This means that Session’s <code>KeyPairUtilities</code> class only provides 64 bits of ECDLP security. <a href="https://cmykat.carrd.co/" rel="nofollow noopener noreferrer" target="_blank">CMYKat</a> What does 64 bits of ECDLP Security actually mean?I provided a technical definition already, but that’s probably not meaningful to most people outside computer security.What this means is that a distributed computing effort can find the secret key for a given Ed25519 public key generated from this algorithm in only queries.For flavor, queries is approximately the attack cost to find a SHA1 collision, <a href="https://shattered.io/" rel="nofollow noopener noreferrer" target="_blank">which we know is possible and economical</a>.<blockquote>Based on this attack, the authors projected that a collision attack on SHA-1 may cost between US$75K and US$120K by renting GPU computing time on Amazon EC2 using spot-instances, which is significantly lower than Schneier’s 2012 estimates.— from the <a href="https://shattered.io/static/shattered.pdf" rel="nofollow noopener noreferrer" target="_blank">Shattered paper</a>, page 2.</blockquote>I don’t know if this was mere stupidity or an intentional NOBUS backdoor that only well-resourced adversaries can crack. (I also don’t have hundreds of thousands of dollars lying around to test this myself.)How would you exploit this in practice?If you’re not familiar with Pollard’s rho, then this section might be a bit abstract and difficult to follow.Instead of directly passing a full 256-bit value to your oracle with each iteration (like you do with a standard Pollard’s rho implementation), you would need mutate the output the same way Session does (n.b., replace 128 bits of the seed with zeroes), hash & clamp that, and then perform the scalar multiplication.It should be a bit more expensive than a raw ECDLP attack against a 128-bit curve (due to the hashing), but the strategy should succeed in the expected number of queries (average case).Although this makes the attack totally feasible for a nation state, I do not have the resources to build and test a proof of concept against a candidate keypair. If anyone does, get in touch, it would make for a fun research project. <a href="https://cmykat.carrd.co/" rel="nofollow noopener noreferrer" target="_blank">CMYKat</a> Alternatively, <a href="https://en.wikipedia.org/wiki/Pollard%27s_kangaroo_algorithm" rel="nofollow noopener noreferrer" target="_blank">Pollard’s kangaroo</a> might be a better cryptanalysis technique for Session’s setup.<blockquote>Note: If there is any classified government algorithm especially suited for cracking Ed25519 keys constructed exactly like Session does, it’s not one I’ve ever heard of. I don’t have any security clearances, nor do I want one.However, ECDLP security of elliptic curve-based protocols is extremely well-understood in the cryptography literature.</blockquote>In-Band Negotiation for Message SignaturesIf you thought the previous issue was mitigated by the use of Ed25519 signatures on each message, don’t worry, <a href="https://github.com/session-foundation/session-android/blob/75e2b87278cc378e21b77b27fa1a2aa773d25520/libsession/src/main/java/org/session/libsession/messaging/sending_receiving/MessageDecrypter.kt#L44-L56" rel="nofollow noopener noreferrer" target="_blank">the Session developers screwed this up too</a>! <pre>// 2. ) Get the message partsval signature = plaintextWithMetadata.sliceArray(plaintextWithMetadata.size - signatureSize until plaintextWithMetadata.size)val senderED25519PublicKey = plaintextWithMetadata.sliceArray(plaintextWithMetadata.size - (signatureSize + ed25519PublicKeySize) until plaintextWithMetadata.size - signatureSize)val plaintext = plaintextWithMetadata.sliceArray(0 until plaintextWithMetadata.size - (signatureSize + ed25519PublicKeySize))// 3. ) Verify the signatureval verificationData = (plaintext + senderED25519PublicKey + recipientX25519PublicKey)try { val isValid = sodium.cryptoSignVerifyDetached(signature, verificationData, verificationData.size, senderED25519PublicKey) if (!isValid) { throw Error.InvalidSignature }} catch (exception: Exception) { Log.d("Loki", "Couldn't verify message signature due to error: $exception.") throw Error.InvalidSignature}</pre> What this code is doing (after decryption):<ol><li>Grab the public key from the payload.</li><li>Grab the signature from the payload.</li><li>Verify that the signature on the rest of the payload is valid… for the public key that was included in the payload.</li></ol>Congratulations, Session, you successfully reduced the utility of Ed25519 to that of a CRC32! Art: <a href="https://bsky.app/profile/ajlovesdinos.bsky.social" rel="nofollow noopener noreferrer" target="_blank">AJ</a> Using Public Keys As AES-GCM KeysI wasn’t entirely sure whether this belongs in the “gripes” section or not, because it’s so blatantly stupid that there’s basically no way <a href="https://web.archive.org/web/20250115034416/https://blog.quarkslab.com/resources/2021-05-04_audit-of-session-secure-messaging-application/20-08-Oxen-REP-v1.4.pdf" rel="nofollow noopener noreferrer" target="_blank">Quarkslab would miss it if it mattered</a>.When encrypting payloads <a href="https://github.com/session-foundation/session-android/blob/75e2b87278cc378e21b77b27fa1a2aa773d25520/libsession/src/main/java/org/session/libsession/snode/OnionRequestEncryption.kt#L56-L57" rel="nofollow noopener noreferrer" target="_blank">for onion routing</a>, it uses the X25519 public key… as a symmetric key, for AES-GCM. See, <code>encryptPayloadForDestination()</code>. <pre>val result = AESGCM.encrypt(plaintext, x25519PublicKey)deferred.resolve(result)</pre> Session<a href="https://github.com/session-foundation/session-android/blob/75e2b87278cc378e21b77b27fa1a2aa773d25520/libsession/src/main/java/org/session/libsession/snode/OnionRequestEncryption.kt#L95-L96" rel="nofollow noopener noreferrer" target="_blank"> also does</a> this inside of <code>encryptHop()</code>. <pre>val plaintext = encode(previousEncryptionResult.ciphertext, payload)val result = AESGCM.encrypt(plaintext, x25519PublicKey)</pre> In case you thought, maybe, that this is just a poorly named HPKE wrapper… <a href="https://github.com/session-foundation/session-android/blob/75e2b87278cc378e21b77b27fa1a2aa773d25520/libsession/src/main/java/org/session/libsession/utilities/AESGCM.kt#L48-L58" rel="nofollow noopener noreferrer" target="_blank">nope</a>! <pre> /** * Sync. Don't call from the main thread. */internal fun encrypt(plaintext: ByteArray, symmetricKey: ByteArray): ByteArray { val iv = Util.getSecretBytes(ivSize) synchronized(CIPHER_LOCK) { val cipher = Cipher.getInstance("AES/GCM/NoPadding") cipher.init(Cipher.ENCRYPT_MODE, SecretKeySpec(symmetricKey, "AES"), GCMParameterSpec(gcmTagSize, iv)) return ByteUtil.combine(iv, cipher.doFinal(plaintext)) }}</pre> This obviously doesn’t encrypt it such that only the recipient (that owns the secret key corresponding to the public key) can decrypt the message. It makes it to where anyone that knows the public key can decrypt it.I wonder if this impacts their onion routing assumptions?<blockquote>Why should I trust session?(…)When using Session, your messages are sent to their destinations through a decentralised onion routing network similar to Tor (with a few key differences) (…)<a href="https://web.archive.org/web/20250102225433/https://getsession.org/faq#trust-session" rel="nofollow noopener noreferrer" target="_blank">Session FAQs</a></blockquote>GripesSome of these aren’t really security issues, but are things I found annoying as a security engineer that specializes in applied cryptography.<ol><li>Mnemonic Decoding Isn’t Constant-Time</li><li>Unsafe Use of SecureRandom on Android</li></ol>Mnemonic Decoding Isn’t Constant-Time<a href="https://github.com/session-foundation/session-android/blob/75e2b87278cc378e21b77b27fa1a2aa773d25520/libsignal/src/main/java/org/session/libsignal/crypto/MnemonicCodec.kt#L107-L112" rel="nofollow noopener noreferrer" target="_blank">The way mnemonics are decoded involves the modulo operator</a>, which implicitly uses integer division (which neither Java nor Kotlin nor Swift implement in constant-time). <pre>return wordIndexes.windowed(3, 3) { (w1, w2, w3) -> val x = w1 + n * ((n - w1 + w2) % n) + n * n * ((n - w2 + w3) % n) if (x % n != w1.toLong()) throw DecodingError.Generic val string = "0000000" + x.toString(16) swap(string.substring(string.length - 8 until string.length))}.joinToString(separator = "") { it }</pre> This isn’t a real security problem, but I did find it <a href="https://soatok.blog/2020/08/27/soatoks-guide-to-side-channel-attacks/#integer-division" rel="nofollow noopener noreferrer" target="_blank">annoying to see</a> in an app <a href="https://old.reddit.com/r/privacy/comments/jy3hjo/signal_vs_session_private_messenger/hgzef3y/" rel="nofollow noopener noreferrer" target="_blank">evangelized as “better than Signal”</a> on privacy forums.Unsafe Use of SecureRandom on Android<a href="https://stackoverflow.com/questions/27622625/securerandom-with-nativeprng-vs-sha1prng/27638413#27638413" rel="nofollow noopener noreferrer" target="_blank">The recommended way to get secure random numbers on Android</a> (or any Java or Kotlin software, really) is simply <code>new SecureRandom()</code>. If you’re running a service in a high-demand environment, you can take extra care to make a <a href="https://stackoverflow.com/a/34340717" rel="nofollow noopener noreferrer" target="_blank">thread-local instance of SecureRandom</a>. But a local RNG for a single user isn’t that.What does Session do? <a href="https://github.com/session-foundation/session-android/blob/75e2b87278cc378e21b77b27fa1a2aa773d25520/libsignal/src/main/java/org/session/libsignal/utilities/Util.java#L71-L79" rel="nofollow noopener noreferrer" target="_blank">They use SHA1PRNG</a>, of course. <pre>public static byte[] getSecretBytes(int size) { try { byte[] secret = new byte[size]; SecureRandom.getInstance("SHA1PRNG").nextBytes(secret); return secret; } catch (NoSuchAlgorithmException e) { throw new AssertionError(e); }}</pre> And again <a href="https://github.com/session-foundation/session-android/blob/75e2b87278cc378e21b77b27fa1a2aa773d25520/libsignal/src/main/java/org/session/libsignal/utilities/KeyHelper.java#L32" rel="nofollow noopener noreferrer" target="_blank">here</a>. <pre>SecureRandom secureRandom = SecureRandom.getInstance("SHA1PRNG");</pre> Why would anyone care about this?On modern Android devices, this isn’t a major concern, but the use of SHA1PRNG <a href="https://web.archive.org/web/20240601000000*/https://blog.k3170makan.com/2013/08/more-details-on-android-jca-prng-flaw.html" rel="nofollow noopener noreferrer" target="_blank">used to be a source of vulnerabilities in Android apps</a>. (See also:<a href="https://web.archive.org/web/20240301002810/https://www-fourier.ujf-grenoble.fr/JC2/exposes/ruhault.pdf" rel="nofollow noopener noreferrer" target="_blank"> this slide deck</a>.)Closing ThoughtsThere are a lot of Session’s design decisions that are poorly specified in their Whitepaper and I didn’t look at. For example, how group messaging keys are managed.When I did try to skim that part of the code, I did find a component where you can coerce Android clients into running a moderately expensive Argon2 KDF <a href="https://github.com/session-foundation/session-android/blob/75e2b87278cc378e21b77b27fa1a2aa773d25520/libsession/src/main/java/org/session/libsession/snode/SnodeAPI.kt#L237-L264" rel="nofollow noopener noreferrer" target="_blank">by simply deleting the <code>nonce</code> from the message</a>. <pre>val isArgon2Based = (intermediate["nonce"] == null)if (isArgon2Based) { // Handle old Argon2-based encryption used before HF16</pre> That’s hilarious.Cryptography nerds should NOT be finding the software that activists trust with their privacy hilarious. <a href="https://cmykat.carrd.co/" rel="nofollow noopener noreferrer" target="_blank">CMYKat</a> So if you were wondering what my opinion on Session is, now you know: Don’t use Session. Don’t let your friends use Session.<a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://soatok.blog/tag/aes-gcm/" target="_blank">#AESGCM</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://soatok.blog/tag/android/" target="_blank">#Android</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://soatok.blog/tag/asymmetric-cryptography/" target="_blank">#asymmetricCryptography</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://soatok.blog/tag/cryptography/" target="_blank">#cryptography</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://soatok.blog/tag/e2ee/" target="_blank">#E2EE</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://soatok.blog/tag/ed25519/" target="_blank">#Ed25519</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://soatok.blog/tag/java/" target="_blank">#Java</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://soatok.blog/tag/kotlin/" target="_blank">#Kotlin</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://soatok.blog/tag/messaging-apps/" target="_blank">#messagingApps</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://soatok.blog/tag/online-privacy/" target="_blank">#OnlinePrivacy</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://soatok.blog/tag/private-messaging/" target="_blank">#privateMessaging</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://soatok.blog/tag/session/" target="_blank">#Session</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://soatok.blog/tag/signal/" target="_blank">#Signal</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://soatok.blog/tag/signal-alternatives/" target="_blank">#SignalAlternatives</a> <a rel="nofollow noopener noreferrer" class="hashtag u-tag u-category" href="https://soatok.blog/tag/vulnerability/" target="_blank">#vuln</a>

Blaidd DrwgIf you will be <a href="https://mastodon.art/tags/moving" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#moving</a> and use <a href="https://mastodon.art/tags/UHaul" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#UHaul</a> for truck or trailer rentals, you may want to reconsider.This is not saying that any of the other <a href="https://mastodon.art/tags/truckrental" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#truckrental</a> sites are better, but in this case, take extra care. <a href="https://www.404media.co/violent-hackers-are-using-u-haul-to-dox-targets/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.404media.co/violent-hackers-are-using-u-haul-to-dox-targets/</a><a href="https://mastodon.art/tags/OnlinePrivacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OnlinePrivacy</a> <a href="https://mastodon.art/tags/OnlineSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OnlineSecurity</a> <a href="https://mastodon.art/tags/PersonalSafety" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PersonalSafety</a> <a href="https://mastodon.art/tags/BeCarefulOutThere" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BeCarefulOutThere</a> <a href="https://mastodon.art/tags/Doxxing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Doxxing</a> <a href="https://mastodon.art/tags/Doxing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Doxing</a>

Blaidd DrwgNow that billionaire(s) have come right out and said that the US needs a vast AI fueled surveillance system to keep people in line, there really aren't any more dog whistles.They've told us everything with their "outside voice" and there's nothing else for them to tip-toe around. No grey areas. No "They were just joking". No "They didn't say that". No "They didn't mean that."Everything is out there now.<a href="https://mastodon.art/tags/BeCarefulOutThere" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BeCarefulOutThere</a> <a href="https://mastodon.art/tags/OnlinePrivacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OnlinePrivacy</a> <a href="https://mastodon.art/tags/OnlineSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OnlineSecurity</a> <a href="https://mastodon.art/tags/Privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Privacy</a>

Runbox🚨 Trackers blocked by Privacy Badger in a single browsing session. A free tool from the Electronic Frontier Foundation (EFF) blocks invisible trackers that follow you around the web collecting your data without your consent. 🔒 Which tracking and ad block extension do you use? uBlock? Adblock? Ghostery? <a href="https://privacybadger.org" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://privacybadger.org</a> <a href="https://mastodon.social/tags/PrivacyMatters" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PrivacyMatters</a> <a href="https://mastodon.social/tags/DigitalSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DigitalSecurity</a> <a href="https://mastodon.social/tags/PrivacyBadger" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PrivacyBadger</a> <a href="https://mastodon.social/tags/EFF" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EFF</a> <a href="https://mastodon.social/tags/DataProtection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DataProtection</a> <a href="https://mastodon.social/tags/AdBlocker" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AdBlocker</a> <a href="https://mastodon.social/tags/OnlinePrivacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OnlinePrivacy</a>

Monique BarrowEnd-to-end encryption (E2EE) is one of the best tools you can use to protect your online privacy. Make sure you use it as much as possible in your digital life. <a href="https://theprivacycloud.substack.com/p/why-end-to-end-encryption-is-the" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://theprivacycloud.substack.com/p/why-end-to-end-encryption-is-the</a><a href="https://mastodon.social/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#privacy</a> <a href="https://mastodon.social/tags/onlineprivacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#onlineprivacy</a> <a href="https://mastodon.social/tags/dataprivacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dataprivacy</a>

moongoldNot just kids: Everyone to be age verified for social media | Information Age | ACS<a href="https://ia.acs.org.au/article/2024/not-just-kids--everyone-to-be-age-verified-for-social-.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://ia.acs.org.au/article/2024/not-just-kids--everyone-to-be-age-verified-for-social-.html</a>Proposed under-16s ban has wider implications for Australians....“So, this isn't just about privacy or collecting data about kids,”... “This is literally everybody accessing social media, that's how it has to work, isn't it?” “Yes,” replied Andrew Irwin, assistant secretary of online safety at DITRDCA.<a href="https://mastodon.social/tags/australia" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#australia</a> <a href="https://mastodon.social/tags/internet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#internet</a> <a href="https://mastodon.social/tags/surveillance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#surveillance</a> <a href="https://mastodon.social/tags/www" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#www</a> <a href="https://mastodon.social/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#privacy</a> <a href="https://mastodon.social/tags/OnlinePrivacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OnlinePrivacy</a> <a href="https://mastodon.social/tags/government" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#government</a> <a href="https://mastodon.social/tags/acs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#acs</a>

Stefan Bohacek<a href="https://legiscope.com/blog/hidden-productivity-drain-cookie-banners.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://legiscope.com/blog/hidden-productivity-drain-cookie-banners.html</a>via <a href="https://lain.com/notice/Ao29iJ6NQ3vzCxok3k" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://lain.com/notice/Ao29iJ6NQ3vzCxok3k</a><a href="https://stefanbohacek.online/tags/internet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#internet</a> <a href="https://stefanbohacek.online/tags/TheWeb" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TheWeb</a> <a href="https://stefanbohacek.online/tags/CookieBanners" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CookieBanners</a> <a href="https://stefanbohacek.online/tags/EU" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EU</a> <a href="https://stefanbohacek.online/tags/OnlinePrivacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OnlinePrivacy</a>

Frühere Suchanfragen

Suchoptionen

Verwaltet von:

Serverstatistik:

#onlineprivacy