Signal and encrypted email only.
Brain damaged people trust x again.
I don’t trust anything coming out of Elon’s fascisthole. Deleted the app when he bought it and never looked back.
Why are people evening using this site anymore? It’s been severely compromised.
What some call “normies” besides most celebrities.
Cause it has an audience unlike mastodon or bluesky. All the other alternatives are dead.
Your hero just joined bluesky so not that dead
LOL nope. I’d use anything else.
It was eyerolling back when that dickhead decided to sell blue checkmarks instead of issuing them only to verified celebrities.
YET?
It’s like a regular encrypted chat but with peepholes and racism.
How about: “You probably should trust or use X at all… ever.”
offering me end-to-end encrypted chat
No one - not even X - can access or read your messages
This key is then stored on X’s servers
So…they’re just blatantly lying?
It’s encrypted with a 4 digit pin so they’ll have to spend at least 316.8809e-10 years on brute-forcing it.
That’s why my PIN is 5 digits: 12345
One. Two. Three. Four. Five?
That’s amazing. I’ve got the same combination on my luggage.
Suck. Suck. Suck. Suck!
Right, they have the key, and the lock, but the key isn’t in the lock, so it’s utterly impossible for them to access it.
Typical corpo doublespeak
No - did you even read the article? An x employee confirmed that they’re using the “special” servers to store the keys that mean that they cannot see them. The author then says that the employee confirming it doesn’t mean they do, because the author doesn’t want it to be true.
There are hardware for that called hardware security modules, but yeah I definitely wouldn’t trust Twitter’s implementation - especially because they probably just need the auth team to tell the HSM that the user logged in when they didn’t to get that key
A proper implementation would use multiple security measures and require a reset (delete) of certain private account data before the account access can be reset, otherwise the user’s password would be needed (for key derivation) or some other secret held by the user’s devices (in the TPM chip or equivalent)
The Muskrat lying? No, never!
deleted by creator
TL;dr of the article :
- They keep your private key on their servers.
- Their implementation allows for AITM attacks.
- It’s closed source.
- There’s no perfect forward secrecy.
This secret stays between you, me, and Elon.
I hope politicians use the hell out of it, so we can see what they really think when it gets (inevitably) hacked in a few weeks.
If you chat on Xitter you‘re chatting with mecha Hitler.
They keep your private key on their servers.
Then it’s literally not even E2EE, lol
What is the “A” in “AITM”?
This is the first time I heard of AITM, thought it was a new name for MITM:
It’s just MITM but with extra steps
Ah yes, Malcolm in the Middle is behind this all along.
Anal
Adversary
Aliens
Elon.
Anyone
Apple
Administrator
They are stupid, but not that stupid.
Never attribute to malice what can be attributed to incompetence.
I used to give the benefit of the doubt but when there are bad incentives in play and shit keeps happening… then perhaps that is naïve sometimes, unfortunately.
Do you mean bad incentives?
And sure, I don’t disagree, but these people are also not actually that smart. I would worry more about this getting hacked in a week way before Elon gets a chance to use it against anyone.
Thanks, I do.
I wouldnt trust X with a picture of my shoes
It’s proprietary, how could you possibly trust it?
Do you think this is the face of a liar
The face of this liar makes my face go on fire
…yet? How bout just not trusting it at all?
Hah, beat me by 17 seconds!
That “yet” is the narrative hook to trick us into feeling like it will soon be trustworthy, and that our assumed suspicions refer to a temporary state of untrustworthiness. Clever girls!
Feels like Bluesky’s federation promise.
I think you can install your own bluseky instance and federated with others.
I don’t consider the PDS stuff to be fully federated. That’s just keeping your data on a different server, as far as I understand it. To be federated it needs to be a full interoperable server like mastodon, or lemmy.
You should also be able to host a non federated instance, or one with limited federation.
If they have moved past that, and I can open a server and have people sign up for accounts, then I stand corrected.
Bluesky federates across different layers, it’s modular, it doesn’t have a comparable same-layer federation. It is fully interoperable, just not by the method you’re used to.
You can host your own partial appview now (caching and indexing your and your friends’ comment), and multiple people have managed to run their own relays for cheap (caching most of the posts in the network), and you can pull the rest of data you need to browse from the other relays and use the service as usual. You can run your own moderation labeler, use your own app, just your own account, etc…
Just look at the interoperable blacksky project by a bunch of black devs making their own infrastructure for accounts and moderation, etc.
To be non federated, all you have to do is not announce your server and not accept arbitrary connections
Due to content addressing, limited federation isn’t really a thing by the usual definition. You can filter content from any PDS you don’t like, but can’t really control who can see already public posts
Correct, foolish human! Now sign up.
