Back

@silvermoon82 @soatok I like when they redact lines in a document but don't realize it's just a black bar on the page and the text is still in the binary .doc

@CubeRootOfTrue@mathstodon.xyz @silvermoon82@wandering.shop @soatok@furry.engineer
tbh imo thats the softwares fault for being unintuitive

@m @soatok @silvermoon82 Very true, this has always been the biggest problem with crypto software. If you use it wrong, it breaks in ways you can't identify.

Bruce Schneier said, "The difference between attack and defense is you can tell when an attack fails"

@drwho
Heh, sure.

@silvermoon82 Thank you kindly.

@segfox @silvermoon82 @soatok Jokes aside, there is a secure communication product which name I won't mention because of my deep respect for its founder. It offers secure voice and text communication, including group voice and group text.

At some point I realised that the company can totally take over someone's account (they could change their password) and register an additional device in their name. The additional device would be automatically added to all of their E2EE chats and groups (i.e. all crypto secrets would be shared with the additional device).

The user won't know about it until their password won't work next time they try to add a device. There was no notification (at that time) that a new device was added to the account, and no notification in any of the chats or groups that a new device has been added.

The company dismissed my concerns at the time. I threatened to go public with this information, at which point they promised to add the proper notifications (and they did).

@pq1r
Oh wow, that *is* a good one!
Always unsettling when you find something like that and they just don't care.

@silvermoon82 I think that the first line of people I contacted didn't really get my concerns. When I started dropping the founder's name they started taking me more seriously.