You know, I generally don't like the whole "throw the book at the hacker" mentality the legal system has sometimes, in this case, the prison time is due to the financial fraud component of this. He hacked those accounts... To trick people into giving him bitcoin. I'm ok with the years for that. His life isn't ruined.

Well, it has been previously blocked in Iran as well, so I think we can expect additional TLS proxies set up to avoid censorship. Or maybe you will be able to use existing TLS proxies, I don't know.

By the way, why did no one learn that centralized instant messaging apps can easily be blocked in this world of censorship? I really don't understand.

I recommend XMPP than Signal, especially for Chinese people. I think XMPP's main features are anyone can select from many servers and it have easy to use End-to-End Encryption implementation.

"Is Jabber accessible from China?" - reddit
libreddit. (webproxy frontend for reddit) URLs: clearnet, Tor

I'm in China and can access many XMPP servers, e.g. xmpp.jp, swissjabber.ch, chinwag.im, yax.im, disroot.org, member.fsf.org.

From what I understand about China's GFW, and I am American so no direct experience, it'll work at the beginning if you use TLS. Maybe not STARTTLS?

However, I do know that all VPNs will eventually stop working, forcing you to switch IP or protocol - the GFW has some basic machine learning. If all you do is connect to a specific IP, it'll start throttling connections to said address. It may do the same if it can't scrutinize the encrypted Jabber connection.

The bigger issue is that Jabber is still more complex to set up securely. That's probably why it doesn't have as much mindshare. Given that reputation, and the state of clients across platforms not all implementing the same features (not even equally well), it's harder to convince someone to deal with all of the headaches involved.

I actually had a plane get delayed in Shanghai, and I had no phone plan so the internet was my only option for communication back to the US. Couldn't use Facebook or Instagram. Forget Gmail, because even the Google homepage couldn't be accessed there. Hotmail said it delivered, but I found out the message didn't get received until about 3 weeks AFTER I arrived back in the US. Jabber was the only thing that DID actually work.

By comment on "Signal's open sourced server code hasn't been updated for over a year. Should we be concerned?"

Well, while open source does not mean it's secure, this is still a weird thing to do.

I would simply recommend to stop using Signal and start using XMPP with OMEMO encryption, since this is the gold standard of instant messengers, at least for me. You should especially stop using Signal because it requires your phone number, which immediately disqualifies it for a private messenger.

I'd like to point out that the "A Hacker Got All My Texts for $16" is clickbait. wow, as if that never existed

But yes, stop using insecure SMS. Start using XMPP with OMEMO encryption.

This site uses Clownflare (clear net only), visit it in archive.org (clear net only) instead.

TL;DR: the "safest apps" are the most dangerous apps, including Etsy.

---

Now, I don't care about most of the article - we all know big corpos collect as much of our data as possible. I care about the so called "safest apps", while in reality, they're dangerous.

They're also saying that:

Even with video calling service Zoom’s conferencing flaw from last year, it managed to crack the top 10.

Well, what are you doing, Komando? Defending Zoom? This piece of rubbish? And what about the "safest apps"?

• Signal and Telegram - they require your phone number. You really claim to be private with this?
• Clubhouse - this app is kind of obscure to me, and I can't even visit their Clownflared website because Wayback Machine doesn't like its JavaScript (so no reading their privacy policy there - although, I obviously know that Clownflare will collect your data from the shadows), but what if I check their App Store listing (clear net only), what do I see there? Contact info, identifiers, contacts, usage data, user content, diagnostics? And you call it private, Komando?
• Netflix - this attempts to enslave you with Digital Restrictions Management. Obviously, those are only attempts, and I refuse its usage. I hope you are doing this too.
• Teams and Skype - they're owned by Microsoft, and Skype works with the PRISM and also used to redirect Chinese people to an even more censoring version of Skype. Next!
• Classroom and Shazam - owned by big corpos. Google and Apple, respectively.
• Boohoo - Uses Clownflare. Good luck trying to make me think you're private with a MITM attacking me, boo hoo.

So it doesn't look great at all. But wait, I skipped Etsy. Why? Well, here goes a long section about it.

Let's see what the situation with Etsy is, in terms of privacy:

• Tor support - no onion domain, but it looks like you can log in without getting your account terminated. Not sure about registration or shopping, though.
• Monero acceptance - no cryptocurrency to select in the bottom left corner, or anywhere else.
• No personal data required for registration - obviously requires your e-mail address and password, but also your first name, but it's not that tragic.
• Compatibility with established standards - Etsy doesn't have OpenSearch, but you can use the Mycroft Project search engine plug-in (clear net only) if you use a web browser derived from Firefox, like LibreWolf. You can't receive e-mail notifications encrypted with PGP, though.
• No Cloudflare - obviously, if it had Clownflare, BCMA would automatically redirect to an archived version of the website, and I would say to bail immediately.
• As little downtime as possible - not a privacy issue, but it's still important. It doesn't look like Etsy has much downtimes, really.

So, by looking at those points alone, Etsy seems to be okay. But what about the privacy policy? Let's see another six points:

• IP addresses - paragraph two, point three, says that it will receive them from your web browser, mobile app, and Internet of Things (a thing you can give up). There is no duration on how long they are stored.
• Content data - paragraph two, point six, says it stores your location to "improve" search results. So probably not storing search results itself, but there is still no duration on how long the location is stored.
• System info - paragraph two, point three, says Etsy will store your device-specific information such as the operating system, with no duration attached.
• Metadata - there doesn't seem to be a mention of it. However, looking at all of the other points, it's likely it is collected.
• Interaction data - paragraph two, point four, says the information collected from their vendors and suppliers includes customer service interactions. You should know what duration is attached by now.
• Third party sharing - paragraph two, point eight, says that your information will be shared to third parties like Twitter. Only if you actually connect your accounts, I guess, but still.

So, no, it doesn't look great at all. Bail.

Use Session?

surprised twitter doesn't collect tons of data, especially if you configure your settings properly.

This news site uses Clownflare (clear net only), view it with archive.org (clear net only) or archive.is (.fo clear net mirror, .li clear net mirror, .md clear net mirror, .ph clear net mirror, Tor v2 mirror, Tor v3 mirror) instead.

Also, I have a feeling that even if Goolag phases out third-party cookies (which are mentioned in this article), they're still going to track their users, even across sites. I mean, do you really think third-party cookies is the only thing tracking you? Yes, they are responsible for most tracking, along with third-party scripts (that's why I should learn uMatrix...), but first-party scripts and cookies can also collect your data. Do I really need to also mention the fact Goolag Hrom is the most used browser in the world, and it's also filled with spyware?

Installing Synapse with docker and a TLS reverse proxy is a relative breeze. Like almost all server software, it requires some setup and general LInux knowledge. I haven't personally noted a lot of performance issues, but I concur that choosing Python (they even started with version 2) was a bad design choice. Good for prototyping but definitely not suitable for large-scale production usage. Hopefully Dendrite will reach feature parity soon. Moreover, they're doing some serious work on the p2p end and a working client exists already (https://p2p.riot.im).

I don't think Element has a bad UI, but there's definitely some room for improvement. Am not a fan of their use of HTML/CSS/JavaScript, I would have preferred a Rust GTK/Qt client but I understand that at this point in the project stage it's important to support the widest variety of platforms to serve the largest possible userbase. Performance and optimisation can always come later.

Matrix itself is decent, but the official software is utter shit.

Element is a bloated electron mess that's somehow bigger than pisscord and it's buggy as all hell (from small UI bugs to losing connection/not receving messages). Don't get me started on the mobile version. Oh and fun fact, even though olm is implemented in C so it can run natively on pretty much anything, desktop Element still goes through wasm for EVERY MESSAGE, because the devs are retarded enough to not be able to link a binary to a release exec.

The server is even worse, even installing this piece of shit can be a challenge (especially out of the Linux comfort zone) and it hogs EVERYTHING. Say goodbye to like 3 GBs of RAM for a few rooms and users. Say goodbye to your disk space & cpu because python.

The only thing they haven't fucked up yet is Dendrite, the second-gen server which actually looks promising, but it's still in beta it's probably too early to call.

Not according to me getting into my workplace. Glasses, hat, mask . Sometimes have to pull my mask down just a tad to reveal the very top of my nose , the bridge, near the eyes.

Its scary .

So long as masks are de rigueur, facial recognition is pretty much a nonissue. Add some sunglasses with a hat, and the tech is dead in the water.

Any time you have to download an app to use something, you should be concerned. Apps and anonymity tend not to coexist.

Its a common Trope since 1982 scifi movies and stories.

"ZOOM... ENHANCE!"

such as a scene in Blade Runner

https://knowyourmeme.com/memes/zoom-and-enhance

What's the threat scenario of some random company acquiring your face? I think of privacy as a safety feature, so if I can't think of a threat, I have a harder time caring.

That and my passion is archiving, so innately deleting data is somewhat uncomfortable for me.

Element.io is fantastic

My concern is more private use. I get my face scanned to enter my workplace, and the (biometrics) company state that they retain that for up to 3 years beyond end of employment.

To me, that's up to 3 years too long.

And I don't "mind" it, so long as that information was stored locally and could be purged by HR when an employee ls no longer employed, as part of an after-employment checklist. For example, if you have a company with 700 active employees, then on your LAN you have the biometric hardware/software operating and it contains no more than 700 faces, and doesn't face anything public, as it's only used to allow/deny entry to the building. Doesn't need a web facing control panel, no need to store that data 'in the cloud', etc.

But, that's not how things are done. The biometric company could be bought up by another. It could be hacked. It could be secretly funded by any alphabet agency or sharing data with them.

If it was private use, open source, localized installs across companies and company owned worksites... no problem.

As far as public stuff goes? I'm kind of with you. I have cameras. I use them. Moreso when I lived in the city. Shortly after installation I thought all the hoodlums were casing cars on the street because they were walking in the street instead of on my sidewalk. Turns out they noticed the cameras and thought they were out of view of them if they just walk in the middle of the road. Nope, I still see ya buddy.

As much of a privacy nightmare as it is, I kinda dream of a city with high-resolution security cams featuring facial recognition covering every public space, even the sewers. But they would be accessible to everyone, so you can watch it yourself. It could be cooler than reality TV.

Also, I never was too concerned with privacy in public. The problem is how the system can be abused in the future, but then everyone is more or less keeping a tracking device on their body and publishing their opinions on the Internet, so I'm not sure if facial recognition could be abused to do something that isn't already possible anyway.

Maybe people would finally stop littering, if there are cams identifying and fining them automagically.

Have you seen the show Higashi no Eden? Friends of the protagonist created an app that would let them identify everything, people included. Everyone had the ability to identify new things and add to the database. It was a pretty neat tool, but utterly futuristic back in 2009 when the show aired. That was about when smartphones became common.

And it looked a lot like that screenshot from the site.

The concept was kinda dwarfed by the real point of the show, which was a mobile phone with a billion or so and an operator doing tasks for you by using that money. Like shooting rockets or shipping all shut-ins off to Africa or something like that. Good fun.

Well, while open source does not mean it's secure, this is still a weird thing to do.

I would simply recommend to stop using Signal and start using XMPP with OMEMO encryption, since this is the gold standard of instant messengers, at least for me. You should especially stop using Signal because it requires your phone number, which immediately disqualifies it for a private messenger.

Have you tried element.io and Matrix? Been using it for years now and I'm very happy with it. Clients for all kinds of platforms and bridges to all kinds of networks exist.

Yes lol, the client is making calls to endpoints on the server which don't even exist in the publicly released code. Saying all messages are encrypted avoids the question of metadata and how the server actually deals with that metadata.

It's the same story, but figured it was worth posting even though it's old.

Yeah, I remember seeing a picture taken from one of those extremely high def security cameras a few years ago. It was amazing how far you could zoom in. Maybe this was it? I don't know. I can't see it since I'm using tor.

https://www.businessinsider.com/high-resolution-photo-lets-you-zoom-in-on-peoples-faces-2018-12?op=1&r=US&IR=T

Again or is that the story from a couple years back?
Anyway, all these TV shows were ahead of their time, with their infinite zoom that is now at least somewhat feasible.

Just think about how good security cameras can be these days, zooming in on what a driver across the street is reading. Same with satellites.

Innovating the System

To overcome the exponential growth in data and subsequent stovepiping, the IC doesn’t need to hire armies of 20-somethings to do around-the-clock analysis in warehouses all over northern Virginia. It needs to modernize its security approach to connect these datasets, and apply a vast suite of machine learning models and other analytics to help targeters start innovating. Now. Technological innovations are also likely to lead to more engaged, productive, and energized targeters who spend their time applying their creativity and problem-solving skills, and spend less time doing robot work. We can’t afford to lose any more trained and experienced targeters to this rapidly fatiguing system.

The current system as discussed, is one of unvalidated data collection and mass storage, manual loading, mostly manual review, and robotic swivel chair processes for analysis.

The system of the future breaks down data stovepipes and eliminates the manual and swivel chair robot processes of the past. The system of the future automates data triage, so users can readily identify datasets of interest for deep manual research. It automates data processing, cleaning, correlations and target profiling – clustering information around a potential identity. It helps targeters identify patterns and suggests areas for future research.

How do current and emerging analytic and ML techniques bring us to the system of the future and better enable our targeter? Here are four ideas to start with:

Automated Data Triage: As data is fed into the system, a variety of analytics and ML pipelines are applied. A typical exploratory data analysis (EDA) report is produced (data size, file types, temporal analysis, etc.). Additionally, analytics ingest, clean and standardize the data. ML and other approaches identify languages, set aside likely irrelevant information, summarize topics and themes, and identify named entities, phone numbers, email addresses, etc. This first step aids in validating data need, enables an improved search capability, and sets a new foundation for additional analytics and ML approaches. There are seemingly countless examples across the U.S. national security space. Automated Correlation: Output from numerous data streams is brought into an abstraction layer and prepped for next generation analytics. Automated correlation is applied across a variety of variables: potential name matches, facial recognition and biometric clustering, phone number and email matches, temporal associations, and locations. Target Profiling: Network, Spatial, and Temporal Analytics: As the information is clustered, our targeter now sees associations pulled together by the computer. The robot, leveraging its computational speed along with machine learning for rapid comparison and correlation, has replaced the swivel chair process. Our targeter is now investigating associations, validating the profile, refining the target’s pattern-of-life. She is coming to conclusions about the target faster and more effectively and is bringing more value to the mission. She’s also providing feedback to the system, helping to refine its results. AI Driven Trend and Pattern Analysis: Unsupervised ML approaches can help identify new patterns and trends that may not fit into the current framing of the problem. These insights can challenge groupthink, identify new threats early, and find insights that our targeters may not even know to look for. Learning User Behavior: Our new system shouldn’t just enable our targeter, it should learn from her. Applying ML behind the scenes that monitors our targeter can help drive incremental improvements of the system. What does she click on? Did she validate or refute a machine correlation? Why didn’t she explore a dataset that may have had value to her investigation and analysis? The system should learn and adapt to her behavior to better support her. Her tools should highlight where data may be that could have value to her work. It should also help train new hires. Let’s be clear, we’re far from the Laplace’s demon of HBO’s “Westworld” or FX’s “Devs”: there is no super machine that will replace the talented and dedicated folks that make up the targeting cadre. Targeters will remain critical to evaluating and validating these results, doing deep research, and applying their human creativity and problem solving. The national security space hires brilliant and highly educated personnel to tackle these problems, let’s challenge and inspire them, not relegate them to the swivel chair processes of the past.

We need a new system to handle the data avalanche and support the next generation. Advanced computing, analytics, and applied machine learning will be critical to efficient data collection, successful data exploitation, and automated triage, correlation, and pattern identification. It’s time for a new chapter in how we ingest, process, and evaluate intelligence information. Let’s move forward.