XRD, ENISA, Privacy, VPN, Outlook, Matrix
XRD: Scalable Messaging System with Cryptographic Privacy (@ usenix.org, PDF) - This one happens to be a great paper, because it also provides links to so many other older papers. It was also really refreshing, because I just realized that I've read many of those papers in the past. As example: Riposte, Vuvuzela, DC-Nets, Loopix, Alpenhorn). Also some references seem to be newer which I wasn't aware about because I haven't been that actively reading the publications were: Stadium, Karaoke, Atom, Pung. Based on the references mentioned in the XRD so I decided to also read the paper: Stadium: A Distributed Metadata-Private Messaging System (@ cs.stanford.edu, PDF). I also did read all the Session related documentation earlier and have been using session with a few contacts. But I really dislike the concept where they don't provide unlimited virtual identities in the same client. While thinking about all this, I also tweeted: "The only reasons why I would expect anyone marketing truly private communication platform is that, the users pay for it, or that they'll need more cover traffic to mix their traffic with."
Summer reading: ENISA - ENCRYPTED TRAFFIC ANALYSIS (@ enisa.europa.eu) - Use Cases & Security Challenges. Covering Traffic Analysis, Feature Extraction, Protocol Classification, Application Type Classification, Application Identification, Encrypted Traffic Analysis using Fingerprinting. File fingerprinting, website fingerprinting, device identification, location estimation. DNS tunneling. Improper practices and their impact.
Briar - It would be so nice, if Briar would support uni-directional session initiation. But it's true, that in technical terms and on some level that weakens privacy by allowing someone to initiate session without your approval. Is it meaningful or not, remains to be questionable. Of course it also highly depends on thread model, as always. If Briar would allow unlimited identities, it could be possible to select per identity if it allows anonymous / pseudonymous / non-mutually unverified sessions to be started or not.
I can fully agree with most of people. Generally most of software is absolutely nightmarish from privacy perspective. Privacy and security aren't in the development objectives of most of companies and their products.
Configure Mac OS X to use external exFAT drive with Time Machine. Who said it's easy? Ok, it's relatively easy terminal task to configure the volumes and so on, for Linux user. But I'm pretty sure that most of Windows and especially Mac users would fail with the task. Many don't know how to operate in terminal at all, nor know how to work with operating systems in general.
ExpressVPN Lightway (@ expressvpn.com) - Read a few articles about it. Which all seemed like snake oil. Wondering if there are any good articles out there. Cipher being used for encryption and network IP address changes / network packet-loss has nothing to do with each other.
Just concluded (once again) the fact that people don't really care about privacy or security at all (except very small group). Most couldn't care less, they just want things to be simple and working. It's all just about priorities.
Data integrity is something which is at times clearly over appreciated. If data integrity is bad, which is easier. Finding and fixing the bad data source, or just removing / relaxing integrity checks? - I'll leave it to the reader to guess which option is more popular and widely used.
Microsoft Outlook, so much bleeping stuff. Email alias management broken, email from headers broken, mobile app email preferences broken. What kind of bleep creates this kind of bleeping services. - Of course the next question is, who's so totally bleeped that uses such a bleeping bleep service. - Perfect example of cloud services which are so bleeped. At least with some other services the contact on the other end would say like oh bleep, and around five minutes later the reply would be, it's probably fixed, can you confirm. - Great example of situation where using a simple and easy to use service, causes more trouble than self hosting and running your completely own infrastructure and systems, with own configs. Meh. - Secondary question - Why complaining about data integrity issues are always takes months or years and then the complaining starts. Why it didn't start in hour or day after the problem actually started? - This delay often leads to situation where there's nothing to do, or there's extra fixup code being applied retroactively which is horrible solution. When program contains more temporary hot fixes than real production code, that's a joy. At some point the fix code starts to cause problems, which might require extra fixes. Smile.
Matrix.org - Buggy. Element.io - Buggy. Sometimes I just feel like it doesn't matter if your code is really bad, because so is everyone else's as well.