Researchers Discover Flaw in Signal's Disappearing Messages Related to Mac Notification Center

[chucker23n1]

As for evaluating whether you can trust the entity running the VPN endpoint, do you honestly think the general public is equipped to do that?

They aren't, but that's a whole different discussion.

 

[C DM]

Yes, for a tiny fraction of the population with specific needs and deep knowledge of the tradeoffs, a VPN service can be legitimately useful.

And again, for the overwhelming majority (on the order of 99%) of the people who think they need a VPN, it actually reduces security and privacy.

Is there something that supports that generalized theory?

 

[Bob Zimmerman]

They aren't, but that's a whole different discussion.

No, it isn't. The point twistedpixel8 made, and with which I agree, is that this feature is misleading and should be removed. Things should not be marketed towards the general public if the general public is not capable of usefully evaluating whether they will do what is claimed. That is the entire reason "snake oil" is in the common lexicon.

 

[chucker23n1]

No, it isn't. The point twistedpixel8 made, and with which I agree, is that this feature is misleading and should be removed. Things should not be marketed towards the general public if the general public is not capable of usefully evaluating whether they will do what is claimed. That is the entire reason "snake oil" is in the common lexicon.

What? This feature has nothing to do with VPNs.

And no, that's not even what snake oil is. Snake oil (as used in common parlance) does nothing. VPNs do plenty.

 

[Bob Zimmerman]

What? This feature has nothing to do with VPNs.

And no, that's not even what snake oil is. Snake oil (as used in common parlance) does nothing. VPNs do plenty.

Correct, it has nothing to do with VPNs directly. I brought VPNs up because they are in a similar situation: a neat, makes-you-feel-like-a-hacker feature which doesn't actually perform the advertised function.

VPNs help a tiny number of people. Again, for the overwhelming majority, they are actively harmful.

I'm done with this. Read what any person significant in either the cryptography or broader infosec communities has said about VPN marketing to the general public.

 

[chucker23n1]

Correct, it has nothing to do with VPNs directly. I brought VPNs up because they are in a similar situation: a neat, makes-you-feel-like-a-hacker feature which doesn't actually perform the advertised function.

That's nonsense.

And it isn't even clear what feature you are saying this about: are you saying end-to-end message encryption "doesn't actually perform the advertised function"? Or deleting messages?

 

[justperry]

Simple fix, System Preferences>Notifications>Signal>No banners

 

[C DM]

Correct, it has nothing to do with VPNs directly. I brought VPNs up because they are in a similar situation: a neat, makes-you-feel-like-a-hacker feature which doesn't actually perform the advertised function.

VPNs help a tiny number of people. Again, for the overwhelming majority, they are actively harmful.

I'm done with this. Read what any person significant in either the cryptography or broader infosec communities has said about VPN marketing to the general public.

And now VPNs in general are "actively harmful" to the "overwhelming majority".

 

[Vjosullivan]

And now VPNs in general are "actively harmful" to the "overwhelming majority".

The first law of encryption is to assume that everything you write/type/record/encode on any device is public knowledge and also know that who you communicate with is as revealing as what you say.

 

[C DM]

The first law of encryption is to assume that everything you write/type/record/encode on any device is public knowledge and also know that who you communicate with is as revealing as what you say.

So what's the point of any of then?

 

[Vjosullivan]

So what's the point of any of then?

99.999% of the time, no point whatsoever.

Either the content is not worth encoding or it is being monitored by people more sophisticated in breaking the cypher than you are at encoding it. The "one time pad" is still the only unbreakable encryption method but, since it relies upon distributing multiple copies of the pad (to the sender and recipient(s)), it isn't secure either.

 

[C DM]

99.999% of the time, no point whatsoever.

Either the content is not worth encoding or it is being monitored by people more sophisticated in breaking the cypher than you are at encoding it. The "one time pad" is still the only unbreakable encryption method but, since it relies upon distributing multiple copies of the pad (to the sender and recipient(s)), it isn't secure either.

Well, sounds like there isn't a point to locks either since someone somewhere can certainly pick whatever one you might use.

 

[Vjosullivan]

Well, sounds like there isn't a point to locks either since someone somewhere can certainly pick whatever one you might use.

You can defend yourself against thieves who come to you and attack your locks, even if the locks fail. When you broadcast an encoded text across the world, you don't know who is listening for it, decoding it, tracking it (forwards or backwards), copying it, storing it, altering it, etc. You'll never know if you've been broken into