Come into my Parler

Other discussions not related to the Permanent Portfolio

Moderator: Global Moderator

User avatar
tomfoolery
Executive Member
Executive Member
Posts: 649
Joined: Fri Mar 06, 2020 9:47 pm

Re: Come into my Parler

Post by tomfoolery » Mon Jan 11, 2021 12:12 pm

Xan wrote:
Mon Jan 11, 2021 11:40 am
In general, anything that can be done via browser (particularly on the phone) as opposed to with an app should be. Running an app puts you more-or-less completely at the mercy of the app developer. The browser has a LOT of safeguards to protect your privacy.
I generally agree but this assumes you’re running a fully updated browser, with zero or limited plugins and you’re on a trusted VPN. And maddy is using a $25 computer that’s probably running an old unpatched version of XP.

With internet browsers you run the risk of DNS hijacking where you go to Wire dot com, but an attacker has sent you to a different website that looks like Wire dot com. And perhaps you ignore the SSL certificate warning or perhaps the threat actor is a nation state, is sophisticated and has compromised a certificate authority. As has happened.

Maybe an attacker on your network does ARP poisoning and man in the middles your browser traffic.

Maybe you installed a deals/coupon plugin to your browser that’s intercepting your clipboard or other data and sending it to a third party.

I generally agree a browser is usually safer, but for Wire I prefer the app. If we are talking about using Facebook, then I’d say use a browser because the app will give Facebook more ways to steal your data whereas the browser will sandbox it more. Although I’d use Firefox containers to keep Facebook from seeing your other browser tabs and looking at cookies from other sites. And I’d run that in a virtual machine that you only use for Facebook.

But really, I’d say no one should be using Facebook for any reason whatsoever because I despise them so that’s the least stupid way of doing the bad thing.
User avatar
Xan
Administrator
Administrator
Posts: 3187
Joined: Tue Mar 13, 2012 1:51 pm

Re: Come into my Parler

Post by Xan » Mon Jan 11, 2021 12:13 pm

The app has all the same vulnerabilities that you mention, but worse. You have no way to know whether the app is validating the server's certificate at all, for example.
User avatar
tomfoolery
Executive Member
Executive Member
Posts: 649
Joined: Fri Mar 06, 2020 9:47 pm

Re: Come into my Parler

Post by tomfoolery » Mon Jan 11, 2021 12:32 pm

Xan wrote:
Mon Jan 11, 2021 12:13 pm
The app has all the same vulnerabilities that you mention, but worse. You have no way to know whether the app is validating the server's certificate at all, for example.
I assume the app isn’t using a DNS server to find the Wire “mothership”. Please correct me if I’m wrong. I could try packet sniffing and DNS hijacking on my own network as a test, maybe in a few weeks if I have more time. Seems like a fun experiment O0
User avatar
pugchief
Executive Member
Executive Member
Posts: 4245
Joined: Tue Jun 26, 2012 2:41 pm
Location: suburbs of Chicago, IL

Re: Come into my Parler

Post by pugchief » Wed Jan 13, 2021 6:42 am

Idaho ISP blocks Facebook and Twitter… Bravo!
“Our company does not believe a website or social networking site has the authority to censor what you see and post and hide information from you, stop you from seeing what your friends and family are posting. This is why with the amount of concerns, we have made this decision to block these two websites from being accessed from our network.”
Bravo, indeed. It's about time somebody had the balls to stand up to them.
User avatar
pugchief
Executive Member
Executive Member
Posts: 4245
Joined: Tue Jun 26, 2012 2:41 pm
Location: suburbs of Chicago, IL

Re: Come into my Parler

Post by pugchief » Wed Jan 13, 2021 6:45 am

User avatar
Xan
Administrator
Administrator
Posts: 3187
Joined: Tue Mar 13, 2012 1:51 pm

Re: Come into my Parler

Post by Xan » Wed Jan 13, 2021 9:16 am

pugchief wrote:
Wed Jan 13, 2021 6:42 am
Idaho ISP blocks Facebook and Twitter… Bravo!
“Our company does not believe a website or social networking site has the authority to censor what you see and post and hide information from you, stop you from seeing what your friends and family are posting. This is why with the amount of concerns, we have made this decision to block these two websites from being accessed from our network.”
Bravo, indeed. It's about time somebody had the balls to stand up to them.
It's actually a public service in another way: Facebook in particular is really bad about tracking innocent people wherever they go on the Internet. Pretty much wherever you see that "Like" button on any website, that's Facebook able to track you on that page. I have my hosts file set to disable name resolution for facebook.com for this reason.
User avatar
Maddy
Executive Member
Executive Member
Posts: 1216
Joined: Sun Jun 21, 2015 8:43 am

Re: Come into my Parler

Post by Maddy » Wed Jan 13, 2021 9:37 am

[edit by Xan: this post was in reply to one of Corto's which he later requested be deleted]

So you leave Politics only to bring it here?
User avatar
Cortopassi
Executive Member
Executive Member
Posts: 2652
Joined: Mon Feb 24, 2014 2:28 pm
Location: Illinois

Re: Come into my Parler

Post by Cortopassi » Wed Jan 13, 2021 10:07 am

Hey, what can I say? This was/is in "Other" discussions and it showed up.
User avatar
Cortopassi
Executive Member
Executive Member
Posts: 2652
Joined: Mon Feb 24, 2014 2:28 pm
Location: Illinois

Re: Come into my Parler

Post by Cortopassi » Wed Jan 13, 2021 10:37 am

Also, let me say, I read through the thread, and except for a couple small political comments here and there, this thread basically is about messaging apps, so forgive me, I did get more political here than the topic deserved. I will delete my post if I can.

Doesn't look like I can -- Xan if you want to delete it please do.
User avatar
I Shrugged
Executive Member
Executive Member
Posts: 1053
Joined: Tue Dec 18, 2012 6:35 pm

Re: Come into my Parler

Post by I Shrugged » Wed Jan 13, 2021 12:55 pm

Might not be a bad decision anyway. Have we reached Peak FAANG yet? Nah, that'll never happen.
User avatar
vnatale
Executive Member
Executive Member
Posts: 5337
Joined: Fri Apr 12, 2019 8:56 pm
Location: Massachusetts
Contact:

Re: Come into my Parler

Post by vnatale » Thu Jan 14, 2021 5:34 pm

Smith1776 wrote:
Sun Jan 10, 2021 11:46 pm

tomfoolery wrote:
Sun Jan 10, 2021 11:16 pm

Smith1776 wrote:
Sun Jan 10, 2021 10:59 am


Has anyone recently joined the mass exodus from Twitter/Facebook/What's App to alternative platforms?

I have Signal and quite like it.


Wire is a superior encrypted messaging app to Signal because Signal requires you use "a" phone number as your user name, and to have the app be functional, you have to give it access to your Google or iOS contacts.

Which means you have to be *using* Google and iOS Contacts. Which means Google or Apple, depending on which phone you use, has a list of everyone you are friends with.

Which means when 10% of your contact list gets arrested in the Capitol for sedition, your social credit score takes a ding because maybe you were there too, and just didn't get caught. Or you have a bad taste in friends. Either way, you're not getting this job because your social credit score is too low.

I say with Signal you must use "a" number because you're not obligated to use your actual phone number, you can use a VOIP line that is different than your cell phone SIM number, but then the contacts permissions still gets screwy.

And if you do use your SIM number, anyone can SIM swapping attack you and assume control of your Signal account. They won't be able to see old messages prior to the SIM hijacking, but they'll be able to see any future messages that arrive, until you're able to regain control of the account.

Signal, in my opinion, is a piece of shit application from a privacy perspective.

Wire lets you create a custom username. Make an account called Smith1776 and add someone from the forums as a friend, and now you don't have to give them your phone number, which is probably linked to your real name*, you don't have to add this internet stranger to your contacts list, which means apple/google don't know they are your friend.

And you can make a second account called Ronald Rowan, which is maybe your real name, and you can add both accounts to the same Wire app. So your family/coworkers are on the Ronald Rowan account and your Gyro friends are under Smith1776. All in the same app.

You can also sync Wire across multiple devices with a username and password. Signal requires a QR code scan to sync, which is a horrible security risk because you now have to have your cell phone next to your computer. Which most people do anyway, but it's a bad security risk. And you can only have Signal on one phone or tablet at a time. Wire can be installed on your cell phone, tablet, desktop, etc, and all sync.

Speaking from significant personal experience in this realm over the last decade, Wire is superior to Signal.

*Bonus content: Your phone is probably linked to your real name because even if you have a prepaid phone paid in cash, if you give your phone SIM number out to friends/family, and if even a single person has saved that number and associated it with your name in their Apple/Google contact list, then there's a high likelyhood it's now linked to you permanently. The most common method is because people install "True Caller" type apps on their phones, which is a large database of caller ID info. So they can see who the "True Caller" is to their phone when there is an unrecognized phone number calling them.

In order for the True Caller app to work, you must share your contact list with the company as a contingency of using the app. And that sharing is how they generate the caller ID data for everyone else who uses the app. Because you agree to upload the 100+ contacts in your contact list to their database, with the associated name info for each phone number, and then if anyone from your contact list calls anyone else using the True Caller app, now True Caller tells that person who the phone number belongs to, because you shared your friends data with the True Caller database.

So, if you care about privacy, don't use Signal. Use Wire, which also has free, ad-free, versions.


Wow. Thank you.


Tomfoolery above more comprehensive than this?

Vinny



What is Signal? The basics of the most secure messaging app.



https://mashable.com/article/what-is-si ... ce=twitter
Last edited by vnatale on Thu Jan 14, 2021 6:02 pm, edited 1 time in total.
"I only regret that I have but one lap to give to my cats."
User avatar
Xan
Administrator
Administrator
Posts: 3187
Joined: Tue Mar 13, 2012 1:51 pm

Re: Come into my Parler

Post by Xan » Thu Jan 14, 2021 5:40 pm

tomfoolery wrote:
Mon Jan 11, 2021 12:32 pm
Xan wrote:
Mon Jan 11, 2021 12:13 pm
The app has all the same vulnerabilities that you mention, but worse. You have no way to know whether the app is validating the server's certificate at all, for example.
I assume the app isn’t using a DNS server to find the Wire “mothership”. Please correct me if I’m wrong. I could try packet sniffing and DNS hijacking on my own network as a test, maybe in a few weeks if I have more time. Seems like a fun experiment O0
Doesn't look like they use hardcoded IPs at all.

https://support.wire.com/hc/en-us/artic ... onnect-to-
Post Reply