Come into my Parler

Other discussions not related to the Permanent Portfolio

Moderator: Global Moderator

User avatar
dualstow
Executive Member
Executive Member
Posts: 14227
Joined: Wed Oct 27, 2010 10:18 am
Location: synagogue of Satan
Contact:

Re: Come into my Parler

Post by dualstow » Mon Jan 11, 2021 8:47 am

Note these changes to whatsapp’s privacy policy!
https://www.schneier.com/blog/archives/ ... olicy.html
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
🚸 Obviously, I’m a layman, too. Feel free to correct me, guys, where I got it wrong. 🚸
Maddy wrote:
Mon Jan 11, 2021 8:32 am
Others have described the need to "download an app." I'm afraid I don't even know what an "app" is. I have a $25 hand-me-down computer from the public library sale. Is an "app" a software program?

Maddy, Wire is is messaging platform, not a forum.
Think of it is closer to texting than posting on a forum.
* You can create a group to share messages. It’s not just one-on-one. For that reason, it can start to feel like a forum.
* Someone cannot just surf on in from Alabama or Brazil and see what you and your friends are talking about the way they can with gyroscopicinvesting dot com. You would have to add them to the group.
With Wire, the messages live on your phone (I think) and your friends’ phones rather than on some server somewhere. Thus, you have more control.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Yes, an app is a program. Games are apps. Word processors are apps. And messaging programs are apps.
You know how you used to have to load programs into a pc with a series of floppy disks and later with CDs and thumb drives?
Now, it’s usually just a matter of downloading the app, which is short for “application.”
On a phone or tablet, you go to the app store, find what you want, and click to install. Some cost money, some are free.
Apple has an app store for iPhones and a Mac app store for its computers. (Usually, when apps are mentioned, people are talking about mobile devices). There’s a Play Store for Android phones. And, there are 3rd party apps for desktops, laptops and, i guess some non-apple phones(?)

What is often accomplished in a browser on your laptop is done with an app on a phone. You might go to Twitter dot com on a firefox browser on a laptop, but open the Twitter app on an ipad. Same with youtube. Phones and tablets can still do this via browsers, but it can get clunky. Google docs, for example. Sometimes an app is completely unneccesary, but sometimes it’s better. Sometimes it’s the only choice on a mobile device.

If you havee a Samsung phone, it might have its own Samsung-specific apps.
RIP Marcello Gandini
User avatar
vnatale
Executive Member
Executive Member
Posts: 9423
Joined: Fri Apr 12, 2019 8:56 pm
Location: Massachusetts
Contact:

Re: Come into my Parler

Post by vnatale » Mon Jan 11, 2021 9:10 am

I tried to sign up for Gab.com last night but they were having issues.

Tried again this morning...and the thing in the browser just kept spinning.

I was beginning to wonder if there were any conservative websites that was "ready for prime time".

Then wonders of wonders...I got in!

I liked that they had all these ready made interest groups. I checked off about 20 of them. Almost all of them NOT politically related.

However, now I'm stuck on receiving my confirmation message from them.

I have so far requested it to be resent about four times but still nothing received.

I'm now trying to see if I can do anything without having received that confirmation message. I clicked on "My Groups". All I am seeing is a rotating circle thing. I'll try something else. I was able to successfully get to the Cats group but it appears that I'm blocked from actually seeing anything until I receive that confirmation message.

Anyone else here use Gab?

Vinny


Capture.JPG
Capture.JPG (51.91 KiB) Viewed 3046 times
Above provided by: Vinny, who always says: "I only regret that I have but one lap to give to my cats." AND "I'm a more-is-more person."
User avatar
Xan
Administrator
Administrator
Posts: 4392
Joined: Tue Mar 13, 2012 1:51 pm

Re: Come into my Parler

Post by Xan » Mon Jan 11, 2021 11:40 am

In general, anything that can be done via browser (particularly on the phone) as opposed to with an app should be. Running an app puts you more-or-less completely at the mercy of the app developer. The browser has a LOT of safeguards to protect your privacy.
User avatar
dualstow
Executive Member
Executive Member
Posts: 14227
Joined: Wed Oct 27, 2010 10:18 am
Location: synagogue of Satan
Contact:

Re: Come into my Parler

Post by dualstow » Mon Jan 11, 2021 12:07 pm

MangoMan wrote:
Mon Jan 11, 2021 11:39 am

EDIT: I see Tom already said most of this while I was typing.
I answered her this morning, too. Maybe I should have put it in a separate post.
RIP Marcello Gandini
User avatar
Xan
Administrator
Administrator
Posts: 4392
Joined: Tue Mar 13, 2012 1:51 pm

Re: Come into my Parler

Post by Xan » Mon Jan 11, 2021 12:13 pm

The app has all the same vulnerabilities that you mention, but worse. You have no way to know whether the app is validating the server's certificate at all, for example.
User avatar
Xan
Administrator
Administrator
Posts: 4392
Joined: Tue Mar 13, 2012 1:51 pm

Re: Come into my Parler

Post by Xan » Wed Jan 13, 2021 9:16 am

MangoMan wrote:
Wed Jan 13, 2021 6:42 am
Idaho ISP blocks Facebook and Twitter… Bravo!
“Our company does not believe a website or social networking site has the authority to censor what you see and post and hide information from you, stop you from seeing what your friends and family are posting. This is why with the amount of concerns, we have made this decision to block these two websites from being accessed from our network.”
Bravo, indeed. It's about time somebody had the balls to stand up to them.
It's actually a public service in another way: Facebook in particular is really bad about tracking innocent people wherever they go on the Internet. Pretty much wherever you see that "Like" button on any website, that's Facebook able to track you on that page. I have my hosts file set to disable name resolution for facebook.com for this reason.
User avatar
Maddy
Executive Member
Executive Member
Posts: 1694
Joined: Sun Jun 21, 2015 8:43 am

Re: Come into my Parler

Post by Maddy » Wed Jan 13, 2021 9:37 am

[edit by Xan: this post was in reply to one of Corto's which he later requested be deleted]

So you leave Politics only to bring it here?
User avatar
Cortopassi
Executive Member
Executive Member
Posts: 3338
Joined: Mon Feb 24, 2014 2:28 pm
Location: https://www.jwst.nasa.gov/content/webbL ... sWebb.html

Re: Come into my Parler

Post by Cortopassi » Wed Jan 13, 2021 10:07 am

Hey, what can I say? This was/is in "Other" discussions and it showed up.
User avatar
Cortopassi
Executive Member
Executive Member
Posts: 3338
Joined: Mon Feb 24, 2014 2:28 pm
Location: https://www.jwst.nasa.gov/content/webbL ... sWebb.html

Re: Come into my Parler

Post by Cortopassi » Wed Jan 13, 2021 10:37 am

Also, let me say, I read through the thread, and except for a couple small political comments here and there, this thread basically is about messaging apps, so forgive me, I did get more political here than the topic deserved. I will delete my post if I can.

Doesn't look like I can -- Xan if you want to delete it please do.
User avatar
I Shrugged
Executive Member
Executive Member
Posts: 2062
Joined: Tue Dec 18, 2012 6:35 pm

Re: Come into my Parler

Post by I Shrugged » Wed Jan 13, 2021 12:55 pm

Might not be a bad decision anyway. Have we reached Peak FAANG yet? Nah, that'll never happen.
User avatar
vnatale
Executive Member
Executive Member
Posts: 9423
Joined: Fri Apr 12, 2019 8:56 pm
Location: Massachusetts
Contact:

Re: Come into my Parler

Post by vnatale » Thu Jan 14, 2021 5:34 pm

Smith1776 wrote:
Sun Jan 10, 2021 11:46 pm

tomfoolery wrote:
Sun Jan 10, 2021 11:16 pm

Smith1776 wrote:
Sun Jan 10, 2021 10:59 am


Has anyone recently joined the mass exodus from Twitter/Facebook/What's App to alternative platforms?

I have Signal and quite like it.


Wire is a superior encrypted messaging app to Signal because Signal requires you use "a" phone number as your user name, and to have the app be functional, you have to give it access to your Google or iOS contacts.

Which means you have to be *using* Google and iOS Contacts. Which means Google or Apple, depending on which phone you use, has a list of everyone you are friends with.

Which means when 10% of your contact list gets arrested in the Capitol for sedition, your social credit score takes a ding because maybe you were there too, and just didn't get caught. Or you have a bad taste in friends. Either way, you're not getting this job because your social credit score is too low.

I say with Signal you must use "a" number because you're not obligated to use your actual phone number, you can use a VOIP line that is different than your cell phone SIM number, but then the contacts permissions still gets screwy.

And if you do use your SIM number, anyone can SIM swapping attack you and assume control of your Signal account. They won't be able to see old messages prior to the SIM hijacking, but they'll be able to see any future messages that arrive, until you're able to regain control of the account.

Signal, in my opinion, is a piece of shit application from a privacy perspective.

Wire lets you create a custom username. Make an account called Smith1776 and add someone from the forums as a friend, and now you don't have to give them your phone number, which is probably linked to your real name*, you don't have to add this internet stranger to your contacts list, which means apple/google don't know they are your friend.

And you can make a second account called Ronald Rowan, which is maybe your real name, and you can add both accounts to the same Wire app. So your family/coworkers are on the Ronald Rowan account and your Gyro friends are under Smith1776. All in the same app.

You can also sync Wire across multiple devices with a username and password. Signal requires a QR code scan to sync, which is a horrible security risk because you now have to have your cell phone next to your computer. Which most people do anyway, but it's a bad security risk. And you can only have Signal on one phone or tablet at a time. Wire can be installed on your cell phone, tablet, desktop, etc, and all sync.

Speaking from significant personal experience in this realm over the last decade, Wire is superior to Signal.

*Bonus content: Your phone is probably linked to your real name because even if you have a prepaid phone paid in cash, if you give your phone SIM number out to friends/family, and if even a single person has saved that number and associated it with your name in their Apple/Google contact list, then there's a high likelyhood it's now linked to you permanently. The most common method is because people install "True Caller" type apps on their phones, which is a large database of caller ID info. So they can see who the "True Caller" is to their phone when there is an unrecognized phone number calling them.

In order for the True Caller app to work, you must share your contact list with the company as a contingency of using the app. And that sharing is how they generate the caller ID data for everyone else who uses the app. Because you agree to upload the 100+ contacts in your contact list to their database, with the associated name info for each phone number, and then if anyone from your contact list calls anyone else using the True Caller app, now True Caller tells that person who the phone number belongs to, because you shared your friends data with the True Caller database.

So, if you care about privacy, don't use Signal. Use Wire, which also has free, ad-free, versions.


Wow. Thank you.


Tomfoolery above more comprehensive than this?

Vinny



What is Signal? The basics of the most secure messaging app.



https://mashable.com/article/what-is-si ... ce=twitter
Last edited by vnatale on Thu Jan 14, 2021 6:02 pm, edited 1 time in total.
Above provided by: Vinny, who always says: "I only regret that I have but one lap to give to my cats." AND "I'm a more-is-more person."
User avatar
Xan
Administrator
Administrator
Posts: 4392
Joined: Tue Mar 13, 2012 1:51 pm

Re: Come into my Parler

Post by Xan » Thu Jan 14, 2021 5:40 pm

tomfoolery wrote:
Mon Jan 11, 2021 12:32 pm
Xan wrote:
Mon Jan 11, 2021 12:13 pm
The app has all the same vulnerabilities that you mention, but worse. You have no way to know whether the app is validating the server's certificate at all, for example.
I assume the app isn’t using a DNS server to find the Wire “mothership”. Please correct me if I’m wrong. I could try packet sniffing and DNS hijacking on my own network as a test, maybe in a few weeks if I have more time. Seems like a fun experiment O0
Doesn't look like they use hardcoded IPs at all.

https://support.wire.com/hc/en-us/artic ... onnect-to-
User avatar
Mark Leavy
Executive Member
Executive Member
Posts: 1950
Joined: Thu Mar 01, 2012 10:20 pm
Location: US Citizen, Permanent Traveler

Re: Come into my Parler

Post by Mark Leavy » Thu Jan 14, 2021 5:44 pm

vnatale wrote:
Thu Jan 14, 2021 5:34 pm

Tomfoolery above more comprehensive than this?

What is Signal? The basics of the most secure messaging app.

https://mashable.com/article/what-is-si ... ce=twitter
Tomfoolery is a better reference.

One of the benefits of this forum is access to better sources than the media has.

Anything Tom or Xan say about security vulnerabilities is 10x more credible than anything else you will read.

Edit: Full disclosure: I am not as careful as they are. But they are right.
Last edited by Mark Leavy on Thu Jan 14, 2021 6:01 pm, edited 3 times in total.
User avatar
I Shrugged
Executive Member
Executive Member
Posts: 2062
Joined: Tue Dec 18, 2012 6:35 pm

Re: Come into my Parler

Post by I Shrugged » Thu Jan 14, 2021 5:57 pm

I just found Rob Braxton on youtube. Super interesting on digital privacy topics.
I want a de-googled phone.
User avatar
vnatale
Executive Member
Executive Member
Posts: 9423
Joined: Fri Apr 12, 2019 8:56 pm
Location: Massachusetts
Contact:

Re: Come into my Parler

Post by vnatale » Fri Jan 15, 2021 9:49 am

Mark Leavy wrote:
Thu Jan 14, 2021 5:44 pm

vnatale wrote:
Thu Jan 14, 2021 5:34 pm


Tomfoolery above more comprehensive than this?

What is Signal? The basics of the most secure messaging app.

https://mashable.com/article/what-is-si ... ce=twitter


Tomfoolery is a better reference.

One of the benefits of this forum is access to better sources than the media has.

Anything Tom or Xan say about security vulnerabilities is 10x more credible than anything else you will read.

Edit: Full disclosure: I am not as careful as they are. But they are right.


Something I can believe.

Above provided by: Vinny, who always says: "I only regret that I have but one lap to give to my cats." AND "I'm a more-is-more person."
User avatar
Xan
Administrator
Administrator
Posts: 4392
Joined: Tue Mar 13, 2012 1:51 pm

Re: Come into my Parler

Post by Xan » Fri Jan 15, 2021 10:11 am

tomfoolery wrote:
Fri Jan 15, 2021 12:10 am
Any idea what this means:

"Wire uses load balancers that return dynamic IP addresses for these domain names,"

How are these load balancers identified? Are they part of a DNS server's lookup? Potential to be DNS hijacked?
Sounds like they're using DNS-based load balancers. When you ask their DNS server for the address of wire.com, the DNS server has some way of knowing which wire.com servers are busy and which are not, and gives you the address of a less-busy one.

I don't think this scheme is any more likely to be hijacked than a non-load-balancing DNS setup. My bigger point is that when you use the Wire app, you have no way of knowing whether the system the app is connecting to on the backend is actually Wire. The browser, on the other hand, will give you a big hairy warning if you end up connecting to a system that isn't Wire (based on the server's certificate).

It looks like Wire is not using DNSSEC to prevent DNS hijacking, which I'm a little perplexed by, but they do use HSTS and HSTS preloading. That should mitigate any potential DNS hijacking, but only if the client checks the server's certificate. Again, the browser always will. The Wire app probably does as well, but again, you can't tell.

In general, many apps connect to backend services, and sadly the default for a lot of software code libraries is to not check the server's certificate. And I'm sure many of them don't. Always best to use the browser instead.
User avatar
Xan
Administrator
Administrator
Posts: 4392
Joined: Tue Mar 13, 2012 1:51 pm

Re: Come into my Parler

Post by Xan » Fri Jan 15, 2021 1:23 pm

It doesn't sound like you're avoiding detection particularly effectively if, when Wire gives you a warning that your connection isn't secure, you truck on anyway.
User avatar
vnatale
Executive Member
Executive Member
Posts: 9423
Joined: Fri Apr 12, 2019 8:56 pm
Location: Massachusetts
Contact:

Re: Come into my Parler

Post by vnatale » Fri Jan 15, 2021 1:39 pm

Xan wrote:
Fri Jan 15, 2021 1:23 pm

It doesn't sound like you're avoiding detection particularly effectively if, when Wire gives you a warning that your connection isn't secure, you truck on anyway.


I definitely also noticed THAT inconsistency!

Seemed remarkably similar to what the vast majority of us who are not that concerned with security also do!

Above provided by: Vinny, who always says: "I only regret that I have but one lap to give to my cats." AND "I'm a more-is-more person."
User avatar
vnatale
Executive Member
Executive Member
Posts: 9423
Joined: Fri Apr 12, 2019 8:56 pm
Location: Massachusetts
Contact:

Re: Come into my Parler

Post by vnatale » Mon Jan 18, 2021 4:22 pm

Capture.JPG
Capture.JPG (83.41 KiB) Viewed 1302 times
Above provided by: Vinny, who always says: "I only regret that I have but one lap to give to my cats." AND "I'm a more-is-more person."
pp4me
Executive Member
Executive Member
Posts: 1190
Joined: Wed Apr 29, 2020 4:12 pm

Re: Come into my Parler

Post by pp4me » Mon Jan 18, 2021 4:30 pm

vnatale wrote:
Mon Jan 18, 2021 4:22 pm
Capture.JPG
https://en.wikipedia.org/wiki/Russia_an ... Revolution
Although the Russian Empire did not directly send troops or supplies to the colonies or British Empire during the war, it responded to the Declaration of Independence, played a role in international diplomacy, and contributed to the lasting legacy of the American Revolution abroad.
We may need all the help we can get if we are going to keep the Republic.
User avatar
vnatale
Executive Member
Executive Member
Posts: 9423
Joined: Fri Apr 12, 2019 8:56 pm
Location: Massachusetts
Contact:

Re: Come into my Parler

Post by vnatale » Mon Jan 18, 2021 5:00 pm

Simonjester wrote:
how bad is it when you have to go to the Russians to get around censorship in the USA...

my how far we have fallen..


1) Isn't censorship generally associated with government action?

"the suppression or prohibition of any parts of books, films, news, etc. that are considered obscene, politically unacceptable, or a threat to security."

2) https://www.nytimes.com/2021/01/16/tech ... orsey.html

If you read the above...you will see that it was no easy or snap decision on the part of Twitter. It was criminal that employees / owners of IBM were not so civic minded. If they had been a lot more Jewish people would not have perished during the Nazi regime.
Simonjester wrote:
vnatale wrote:
Mon Jan 18, 2021 5:00 pm


1) Isn't censorship generally associated with government action?




you are under the assumption that they are not working with/or in alignment with government or you are are parroting the position taken by the media... who are also working with/or in alignment with government... its not a position likely to carry much weight with anyone observant about what is going on..

and dorsy has said "this is just the beginning".. i trust what he says candidly, more than i trust the mild walk-back he feeds the media till the uproar blows past..
Above provided by: Vinny, who always says: "I only regret that I have but one lap to give to my cats." AND "I'm a more-is-more person."
pp4me
Executive Member
Executive Member
Posts: 1190
Joined: Wed Apr 29, 2020 4:12 pm

Re: Come into my Parler

Post by pp4me » Mon Jan 18, 2021 5:10 pm

vnatale wrote:
Mon Jan 18, 2021 5:00 pm
Simonjester wrote: how bad is it when you have to go to the Russians to get around censorship in the USA...

my how far we have fallen..
1) Isn't censorship generally associated with government action?

"the suppression or prohibition of any parts of books, films, news, etc. that are considered obscene, politically unacceptable, or a threat to security."

2) https://www.nytimes.com/2021/01/16/tech ... orsey.html

If you read the above...you will see that it was no easy or snap decision on the part of Twitter. It was criminal that employees / owners of IBM were not so civic minded. If they had been a lot more Jewish people would not have perished during the Nazi regime.
Thanks for warning about the holocaust analogy in the article so I didn't have to read it.
Post Reply