Cryptography nerd
Fediverse accounts; Natanael@slrpnk.net (main) Natanael@infosec.pub Natanael@lemmy.zip
Lemmy moderation account: @TrustedThirdParty@infosec.pub - !crypto@infosec.pub
@Natanael_L@mastodon.social
Bluesky: natanael.bsky.social
Passkeys use unique keys per site for that reason
TOTP codes can be phished, hardware security keys and passkey can't
Google Chrome on PC can let you verify from the phone to unlock passkeys
TOTP can be phished remotely, passkeys / hardware security keys can't (need to get malware into the users' computer instead)
The synchronization part is the annoying part. And when you have multiple accounts on one site you can end up with multiple passkeys for it.
They're using the same standard as FIDO2 / WebAuthn hardware security keys. The protocol is phishing resistant, unlike TOTP and similar one time code solutions.
I prefer the physical ones, because they're easy to organize. Passkey synchronization can be annoying.
The scaling attack specifically can make a photo sent to you look innocent to you and malicious to the reviewer, see the link above
Of course a group of people could use violence to oppress other people. But then you no longer have anarchy.
The irony is that the amount of coordination needed to protect anarchism would no longer be called anarchism
You will always end up recreating some form of organizations to manage resources. The best you can do is ensure those organizations are structured with accountability to make sure they're fair to everybody
There's basically ideologues versus hateful people versus indifferent sociopaths (overlap is common)
I consider political ideologues and "technocrats" and extremely pedantic rule-following bureaucrats to be different flavors of ideologues (has a specific worldview they try to enforce / uphold)
I had Guinea pigs too. I'd slap down their little front paws on the keyboard to type
We don't know if spacetime loops around or is infinite or has an expanding boundary. Best we got for reference is the cosmic background radiation, but it doesn't tell us about any center
Yeah so here's the next problem - downscaling attacks exists against those algorithms too.
Also, even if those attacks were prevented they're still going to look through basically your whole album if you trigger the alert
Apple had it report suspected matches, rather than warning locally
It got canceled because the fuzzy hashing algorithms turned out to be so insecure it's unfixable (easy to plant false positives)
https://commission.europa.eu/law/law-making-process/types-eu-law_en
Each country may still have the equivalent of a constitution, and the majority of EU laws are directives which the country may translate to fit their local law, also there's various negotiated exceptions to EU laws. But the general idea is that the treaties establishing EU are meant to require full cooperation
Not unless turned into EU law, or a lawsuit over it reaches EU court. Individual countries can't change the rules of the union on their own.
There's already EU court precedence against mandatory backdoors
Judges can deputize if necessary
Technically only for non-classified internal communication. Classified stuff is restricted to be discussed only using military approved locked down hardware. But still, issuing a strong recommendation for Signal above all other options when communicating using regular devices is a good thing. Lots of "regular" conversations can still leak more than you expect through metadata, timing, etc, so they trust Signal to protect that