Come into my Parler

Other discussions not related to the Permanent Portfolio

Moderator: Global Moderator

User avatar
Xan
Administrator
Administrator
Posts: 4392
Joined: Tue Mar 13, 2012 1:51 pm

Re: Come into my Parler

Post by Xan » Thu Jan 14, 2021 5:40 pm

tomfoolery wrote:
Mon Jan 11, 2021 12:32 pm
Xan wrote:
Mon Jan 11, 2021 12:13 pm
The app has all the same vulnerabilities that you mention, but worse. You have no way to know whether the app is validating the server's certificate at all, for example.
I assume the app isn’t using a DNS server to find the Wire “mothership”. Please correct me if I’m wrong. I could try packet sniffing and DNS hijacking on my own network as a test, maybe in a few weeks if I have more time. Seems like a fun experiment O0
Doesn't look like they use hardcoded IPs at all.

https://support.wire.com/hc/en-us/artic ... onnect-to-
User avatar
Mark Leavy
Executive Member
Executive Member
Posts: 1950
Joined: Thu Mar 01, 2012 10:20 pm
Location: US Citizen, Permanent Traveler

Re: Come into my Parler

Post by Mark Leavy » Thu Jan 14, 2021 5:44 pm

vnatale wrote:
Thu Jan 14, 2021 5:34 pm

Tomfoolery above more comprehensive than this?

What is Signal? The basics of the most secure messaging app.

https://mashable.com/article/what-is-si ... ce=twitter
Tomfoolery is a better reference.

One of the benefits of this forum is access to better sources than the media has.

Anything Tom or Xan say about security vulnerabilities is 10x more credible than anything else you will read.

Edit: Full disclosure: I am not as careful as they are. But they are right.
Last edited by Mark Leavy on Thu Jan 14, 2021 6:01 pm, edited 3 times in total.
User avatar
I Shrugged
Executive Member
Executive Member
Posts: 2062
Joined: Tue Dec 18, 2012 6:35 pm

Re: Come into my Parler

Post by I Shrugged » Thu Jan 14, 2021 5:57 pm

I just found Rob Braxton on youtube. Super interesting on digital privacy topics.
I want a de-googled phone.
User avatar
vnatale
Executive Member
Executive Member
Posts: 9422
Joined: Fri Apr 12, 2019 8:56 pm
Location: Massachusetts
Contact:

Re: Come into my Parler

Post by vnatale » Fri Jan 15, 2021 9:49 am

Mark Leavy wrote:
Thu Jan 14, 2021 5:44 pm

vnatale wrote:
Thu Jan 14, 2021 5:34 pm


Tomfoolery above more comprehensive than this?

What is Signal? The basics of the most secure messaging app.

https://mashable.com/article/what-is-si ... ce=twitter


Tomfoolery is a better reference.

One of the benefits of this forum is access to better sources than the media has.

Anything Tom or Xan say about security vulnerabilities is 10x more credible than anything else you will read.

Edit: Full disclosure: I am not as careful as they are. But they are right.


Something I can believe.

Above provided by: Vinny, who always says: "I only regret that I have but one lap to give to my cats." AND "I'm a more-is-more person."
User avatar
Xan
Administrator
Administrator
Posts: 4392
Joined: Tue Mar 13, 2012 1:51 pm

Re: Come into my Parler

Post by Xan » Fri Jan 15, 2021 10:11 am

tomfoolery wrote:
Fri Jan 15, 2021 12:10 am
Any idea what this means:

"Wire uses load balancers that return dynamic IP addresses for these domain names,"

How are these load balancers identified? Are they part of a DNS server's lookup? Potential to be DNS hijacked?
Sounds like they're using DNS-based load balancers. When you ask their DNS server for the address of wire.com, the DNS server has some way of knowing which wire.com servers are busy and which are not, and gives you the address of a less-busy one.

I don't think this scheme is any more likely to be hijacked than a non-load-balancing DNS setup. My bigger point is that when you use the Wire app, you have no way of knowing whether the system the app is connecting to on the backend is actually Wire. The browser, on the other hand, will give you a big hairy warning if you end up connecting to a system that isn't Wire (based on the server's certificate).

It looks like Wire is not using DNSSEC to prevent DNS hijacking, which I'm a little perplexed by, but they do use HSTS and HSTS preloading. That should mitigate any potential DNS hijacking, but only if the client checks the server's certificate. Again, the browser always will. The Wire app probably does as well, but again, you can't tell.

In general, many apps connect to backend services, and sadly the default for a lot of software code libraries is to not check the server's certificate. And I'm sure many of them don't. Always best to use the browser instead.
User avatar
Xan
Administrator
Administrator
Posts: 4392
Joined: Tue Mar 13, 2012 1:51 pm

Re: Come into my Parler

Post by Xan » Fri Jan 15, 2021 1:23 pm

It doesn't sound like you're avoiding detection particularly effectively if, when Wire gives you a warning that your connection isn't secure, you truck on anyway.
User avatar
vnatale
Executive Member
Executive Member
Posts: 9422
Joined: Fri Apr 12, 2019 8:56 pm
Location: Massachusetts
Contact:

Re: Come into my Parler

Post by vnatale » Fri Jan 15, 2021 1:39 pm

Xan wrote:
Fri Jan 15, 2021 1:23 pm

It doesn't sound like you're avoiding detection particularly effectively if, when Wire gives you a warning that your connection isn't secure, you truck on anyway.


I definitely also noticed THAT inconsistency!

Seemed remarkably similar to what the vast majority of us who are not that concerned with security also do!

Above provided by: Vinny, who always says: "I only regret that I have but one lap to give to my cats." AND "I'm a more-is-more person."
User avatar
vnatale
Executive Member
Executive Member
Posts: 9422
Joined: Fri Apr 12, 2019 8:56 pm
Location: Massachusetts
Contact:

Re: Come into my Parler

Post by vnatale » Mon Jan 18, 2021 4:22 pm

Capture.JPG
Capture.JPG (83.41 KiB) Viewed 1301 times
Above provided by: Vinny, who always says: "I only regret that I have but one lap to give to my cats." AND "I'm a more-is-more person."
pp4me
Executive Member
Executive Member
Posts: 1190
Joined: Wed Apr 29, 2020 4:12 pm

Re: Come into my Parler

Post by pp4me » Mon Jan 18, 2021 4:30 pm

vnatale wrote:
Mon Jan 18, 2021 4:22 pm
Capture.JPG
https://en.wikipedia.org/wiki/Russia_an ... Revolution
Although the Russian Empire did not directly send troops or supplies to the colonies or British Empire during the war, it responded to the Declaration of Independence, played a role in international diplomacy, and contributed to the lasting legacy of the American Revolution abroad.
We may need all the help we can get if we are going to keep the Republic.
User avatar
vnatale
Executive Member
Executive Member
Posts: 9422
Joined: Fri Apr 12, 2019 8:56 pm
Location: Massachusetts
Contact:

Re: Come into my Parler

Post by vnatale » Mon Jan 18, 2021 5:00 pm

Simonjester wrote:
how bad is it when you have to go to the Russians to get around censorship in the USA...

my how far we have fallen..


1) Isn't censorship generally associated with government action?

"the suppression or prohibition of any parts of books, films, news, etc. that are considered obscene, politically unacceptable, or a threat to security."

2) https://www.nytimes.com/2021/01/16/tech ... orsey.html

If you read the above...you will see that it was no easy or snap decision on the part of Twitter. It was criminal that employees / owners of IBM were not so civic minded. If they had been a lot more Jewish people would not have perished during the Nazi regime.
Simonjester wrote:
vnatale wrote:
Mon Jan 18, 2021 5:00 pm


1) Isn't censorship generally associated with government action?




you are under the assumption that they are not working with/or in alignment with government or you are are parroting the position taken by the media... who are also working with/or in alignment with government... its not a position likely to carry much weight with anyone observant about what is going on..

and dorsy has said "this is just the beginning".. i trust what he says candidly, more than i trust the mild walk-back he feeds the media till the uproar blows past..
Above provided by: Vinny, who always says: "I only regret that I have but one lap to give to my cats." AND "I'm a more-is-more person."
pp4me
Executive Member
Executive Member
Posts: 1190
Joined: Wed Apr 29, 2020 4:12 pm

Re: Come into my Parler

Post by pp4me » Mon Jan 18, 2021 5:10 pm

vnatale wrote:
Mon Jan 18, 2021 5:00 pm
Simonjester wrote: how bad is it when you have to go to the Russians to get around censorship in the USA...

my how far we have fallen..
1) Isn't censorship generally associated with government action?

"the suppression or prohibition of any parts of books, films, news, etc. that are considered obscene, politically unacceptable, or a threat to security."

2) https://www.nytimes.com/2021/01/16/tech ... orsey.html

If you read the above...you will see that it was no easy or snap decision on the part of Twitter. It was criminal that employees / owners of IBM were not so civic minded. If they had been a lot more Jewish people would not have perished during the Nazi regime.
Thanks for warning about the holocaust analogy in the article so I didn't have to read it.
Post Reply