Thanks, that’s me!

F*ck Britannia, Britannia don’t rule our lives. We never shall be slaves. God save encryption.

Idk if they've approached Sweden about buying their weapons. I found that the top 10 is The top 10 destinations for Swedish arms exports are the United States, Brazil, Pakistan, the United Kingdom, Germany, India, Norway, France and the Czech Republic.

Yeah, I think they have some sort of input for the ID. Number if they want that's visible on the photo

The damage is already done. The only solution would be mass deportations of legal immigrants.

The government is very split on many questions. Privacy being a weird one because it's the (somewhat) left-leaning Social Democratic that usually come up with these crazy ideas without understanding the implications of privacy. See Chat Control 2022-2024 https://www.techradar.com/computing/cyber-security/chat-control-all-you-need-to-know-about-the-eu-plan-to-scan-all-your-whatsapp-chats

it always bugs me how governments who demand backdoors continuously fail to realize that even if they backdoor the encryption of Signal: PGP, or more similarly to Signal, Pidgin+OTR and/or OMEMO all still exist, are well maintained and are designed to work on top of insecure channels. This isn't gonna be the way to catch actual bad actors, they'll all just get SimpleX or Pidgin or any other number of things and continue communicating and "going dark". ...not to mention that Signal's source code is open, so even if they compromise the Signal client, you can just switch to Molly or build an older version - or if the server is compromised, you can run your own with the backdoor disabled or stripped out. This is a zero-sum-game all the way down.

[image: 08108fd7-04a5-42cc-9200-7490e7271902.jpeg]

Https only encrypts the packet content. What can happen: TL;DR: Evesdropping, spoofing, device vulnerabilities (e.g. using exposed ports). Attackers can listen and log to which servers you're talking to. This can be combined with the attack explained in the following. The can do spoofing attacks by replying to your DNS request with their own IP. For example: you open domain.com and the attacker will not forward domain.com to the trusted DNS server but will instead send you their own IP and website that looks exactly like the website you intent to visit. Since they control this spoofed website they can also intercept all the credentials you enter. If you don't enter credentials or upload or download stuff, nothing can happen. However you'll be safe from spoofing attacks in most cases as popular websites use HSTS which hardcodes the IP addresses corresponding to domains result into your browser, bypassing DNS. An attacker could exploit device vulnerabilities that are unrelated to https web traffic. So make sure your OS and software are up to date and you don't have applications running with exposed ports!

Wasn’t this the blog who also got a response from session asking for a PoC and then they replied with (paraphrasing) “well it’s not my job to provide one”? So everything in that blog post is theoretical at best?

I'm not running a Synapse server myself so I can only speak on behalf of people I know who are. From what they told me they love the matrix protocol but it's not the same for the synapse implementation. A non-federated server can have somewhat great performance but a federated one was not worth it for them so they decided to switch to another alternative. They are not running for thousands of users more something like 40 I would say and while I don't know their server specs, I assume it's not a potato though.

Good point. I checked all the Brave settings but there was no such option

Yeah, I just meant people are used to decades of using meaningful usernames. Having to use a cryptographic key has traditionally made it very difficult to get enough people to adopt to make it worth adopting yourself as a technologically savvy person. I never would have used Facebook in a million years if it wasn't for the fact that it was the only place I could get in touch with many people. Having to build your networks in-person is tedious for many people and sharing the codes securely through other means is cumbersome if you don't have an existing method for sharing. Just like HTTPS needs several layers to make it work and still relies on an untrustworthy and corruptible thing like DNS to verify the destination and it's keys are the thing you're expecting to connect to. There's no secure way to share the route to your device electronically in a user-accountless system with no secure, trusted middleman translating names to addresses unless you do it in-person.