Trump cuts funding to FOSS projects.

Guest

Well color me stupid color me gone.

Guest

Why would making government more proprietary help?

buddascrayon@lemmy.world

Let me spell it out for you. Trump has removed our cyber defenses and now he's defunding FOSS projects like Tor and Let's Encrypt!…

Now Trump wouldn't know a FOSS project from a hole in the ground but do you know who does? What world leader who has an entire cyber attack force on his payroll and wants to remove any barriers in finding dissidents who are probably using Tor to coordinate and hide from them?

Do the math. If the government funding of these projects is allowed to be removed it's gonna be a whole new ballgame on the internet and the only ones to reap the benefits are the dictators.

pinball_wizard@lemmy.zip

HTTP works pretty well, if you don't mind various governments spying on the traffic.

sirquack@feddit.nl

.gov is using let's encrypt? That's pathetic.

johnnyb@discuss.tchncs.de

they have more sponsors and won't go broke because of this

schnurrito@discuss.tchncs.de

the enemy is both weak and strong

shortwavesurfer@lemmy.zip

http://longv3onionaddress.onion/

shortwavesurfer@lemmy.zip

As far as Let's Encrypt goes, the easy way to solve that is self-signed SSL certificates and Tofu. Just make it stupid obvious if an SSL certificate changes on a site that you go to. Like, turn your browser into a giant red screen that says that the security of the website has changed and may be broken obvious. Maybe you could have search engines also index SSL certificates so you could see if Google and Bing and DuckDuckGo and whoever else all say that this website has the same SSL certificate that it has had for X amount of time and if the search engines start showing different results you get suspicious

sizing2673@lemmy.world

... Except not using it would be less secure, so I'm not sure I'm following..

reakduck@lemmy.ml

Well, tbh. If its my last time being president, I would also burn everything to show how the country sucks an is irrepairable.

zerush@lemmy.ml

More exactly by Defense and secret services

engineergaming@feddit.nl

http://longeepsiteaddress.i2p. Bonus points for having an option for a human-readable domain as well.

zerush@lemmy.ml

Don't confuse TOR with security, you can get exposed to use the Onion without an additional encrytion layer or VPN. TOR cannot encrypt the traffic between an exit relay and the destination server.

vfreire85@lemmy.ml

the guy is literally a political front for techbros, it's not like he would do something else.

shortwavesurfer@lemmy.zip

But i2p doesnt have PoW DDOS protection. Trust me, that shit helps a fuckton for limiting ddos. I witnessed firsthand nine onion services that upgraded from not having DDOS protection to having DDOS protection while under attack and the attack completely stopped.

sizing2673@lemmy.world

Sure, like any security it operates in layers

Totally disagree that Tor does not address security. The loophole you mention is indeed well known, but again it's an exploit like anything

And like any security thing, you stack a few layers to get the real world security

rexios@lemm.ee

Wait you guys were getting paid to work on open source?

driving_crooner@lemmy.eco.br

Those mf build their empires on the back of open source.

zerush@lemmy.ml

The TOR network is certainly pretty secure, but it's always advisible to use it in the Onion not without an additional layer, at least with a good VPN. Anyway I think that the future is in a descentralized web (I2P, Hyphanet, Snowflake, Shadowsocks and similar), the normal Internet is to heavy controlled by big companies and govs.