Twitter’s Birdwatch is Fundamentally Flawed

Earlier this week, Twitter announced an initiative to combat misinformation on their platform that they call Birdwatch.

How Birdwatch works: Volunteers sign up (assuming they meet all the requirements) and can add notes to fill in context on misleading tweets. Other users can rate these contextual tweets as helpful or not helpful. All of these “notes” and ratings of notes are completely transparent.

Credit: the Birdwatch website
Credit: the Birdwatch website

At its face, Birdwatch is an attempt to scale up the existing fact-checking capability used during the 2020 U.S. Elections while also crowdsourcing this decision-making.

I will give Twitter credit for two things, and only two things, before I get into the problems with their design.

1. They’re distributing the power to fact-check bad tweets to their users rather than hoarding it for themselves.
2. They correctly emphasized transparency as a goal for this tool.

But it’s not all sunshine and rainbows.

The Fatal Flaw of Birdwatch’s Design

There’s an old essay titled The Six Dumbest Ideas in Computer Security, that immediately identifies two problems with Birdwatch’s design. They also happen to be the first two items on the essay’s list!

1. Default Permit
2. Enumerating Badness

This is best illustrated by way of example.

Let’s assume there are two pathological liars hellbent on spreading misinformation on Twitter. They each tweet unsubstantiated claims about some facet of government or civil service. Birdwatch users catch only one of them, and correctly fact-check their tweet.

What happens to the other liar?

What happens if Birdwatch users can only identify one out of ten liars? One out of a hundred? One out of a thousand?! Et cetera.

(Art by Khia.)

To be clear: The biggest flaw in their product design is simply that their “notes” and “fact-checks” are negative indicators on known-bad tweets.

This will create a dark pattern: If a tweet slips past the Birdwatch users’ radars, it won’t be fact-checked. In turn, users won’t realize it’s misinformation. A popular term for the resulting conduct is coordinated inauthentic behavior.

This already happens to YouTube.

https://youtu.be/1PGm8LslEb4

Hell, this is already happening to Twitter:

https://www.youtube.com/watch?v=V-1RhQ1uuQ4

How To Fix Birdwatch

I wrote an entire essay on Defeating Coordinated Inauthentic Behavior at Scale in 2019. I highly recommend anyone at Twitter interested in actually solving the misinformation problem to give that a careful consideration.

(Art by Swizz.)

But in a nutshell, the most important fix is to change the state machine underlying Birdwatch from:

• No notes -> trustworthy
• Notes -> misinformation

…to something subtly different:

• No notes -> unvetted / be cautious
• Notes ->
  
  • Negative notes -> misinformation
  • Positive notes -> verified by experts

  
  

This effectively creates a traffic light signal for users: Tweets start as yellow (exercise caution, which is the default) and may become green (affirmed by notes) or red (experts disagree).

What Would This Change Accomplish?

Malicious actors that accomplish Birdwatch evasion will only manage to encompass their message in caution tape. (Metaphorically speaking, anyway.)

If their goal is to spread misinformation while convincing the recipients of their message that they’re speaking the truth, they’ll have to get a green light–which is ideally more expensive to accomplish.

Bonus Round

I would also recommend some kind of “this smells fishy” button to signal Birdwatch contributors that this tweet needs fact-checking. Users might self-select into filter bubbles that Birdwatch users are totally absent from, and in turn come across things that are completely unvetted and possibly ambiguous.

While I have your attention, here’s a quality of life suggestion, on the house:

Being able to link claims together (e.g. reposted images with a false claim, n.b. like how the minions memes on Facebook) to deduplicate their claims about reality would save a lot of unnecessary headache.

(Anyone who has used Stack Overflow will appreciate the utility of being able to say “this is a duplicate of $otherThing”.)

What If These Fundamental Flaws Remain Unfixed?

Although Birdwatch will probably meet the immediate goal of scaling up the fact-checking efforts beyond what Twitter can provide (and satisfy the public relations requirements of tangibly doing something to combat this problem), propagandists and conspiracy theorists will simply become incentivized to evade Birdwatch contributors’ detection while spreading their lies.

As I said above, coordinated inauthentic behavior is already happening. This isn’t some abstract threat that only academics care about.

To the aid of the malicious, most users will confuse tweets that evaded detection with tweets that didn’t warrant correction. This might even lead to users trusting misinformation more than they would before Birdwatch. This would be a total self-own for the entire Birdwatch project.

#bullshit #computerSecurity #enumeratingBadness #misinformation #SocialMedia #Technology #Twitter

As everyone knows, Elon Musk is now running Twitter directly into the ground. Who knows? Maybe he needed some inspiration for the Boring Company.

Art: Chai Lynx

This has, as many predicated, been a complete clusterfuck.

https://twitter.com/kennwhite/status/1589396945830813700

We should assume that Twitter is on its way out the door. Elon Musk is not a good CEO, as evidenced by the immediate mass lay-offs of Twitter employees.

Or his immediate pause of content moderation (which let some really dumb homophobes run wild).

https://twitter.com/lucashoal/status/1587443643735908353

You get the point.

Art: Chai Lynx

Rather than continue to ruminate on the current mess, I’d like to instead take a moment of everyone’s present to look into the future, because we’re actually in a unique position to make a lot of good changes to the world; or, at least, to make something hilarious out of a bad situation.

This matters for everyone, but especially for furries, sex workers, and porn artists.

Art: Chai Lynx

I’m going to break this post into three parts:

1. How to Make a Larger Impact Than Deleting Your Account
2. An Opinionated Summary of Alternate Platforms
3. How to Architect the Porn-Friendly Social Media of Tomorrow

It should go without saying, but my standard disclaimer applies:

The contents of this blog post are the sole opinions of a 30-something gay furry who presents as an anthropomorphic dhole on the Internet. Do not confuse the opinion or satire contained within for either a) fact, b) professional advice, or c) the opinions of any company or entity; especially the author’s current or past employers.

How to Make a Larger Impact Than Deleting Your Account

Art: Chai Lynx

If you’re considering deleting your Twitter account and moving to an alternative platform, I encourage you to move but not delete your account. There’s something much cooler you can do with your existing account than delete it.

Twitter’s operations costs are currently fairly predictable. Well, predictable enough to lay off a lot of the workers necessary to keep the lights on, anyway.

Wouldn’t it be great if, instead of deleting their accounts in protest, we decided to make our accounts cost more in storage and compute costs?

I posed a similar question to Twitter the other day.

https://twitter.com/SoatokDhole/status/1587807410944630790

Here are some of the more fun and interesting ideas that were shared with me:

Block and Search with Wild Abandon

(I can’t find a record of who suggested this idea. Maybe I imagine someone suggesting it, and it was actually my own idea, but I’m misremembering. Who even knows anymore?)

Filtering blocked/muted accounts from your timeline requires a small amount of server-side CPU.

Searching for trending topics and common words in your native language will likely hit many thousands of accounts.

If you ask Twitter’s search engine for all tweets that contain certain common words or phrases, and then the application has to filter out hundreds of thousands of blocked and/or muted accounts, this is going to become computationally expensive.

Especially if you systematically mute or block every single account that promotes a tweet.

Especially if you’re already using an adblocker, such as uBlock Origin (which you can install in Firefox for Android, by the way).

To be clear: The goal of this idea is NOT to degrade the platform or perform a Denial of Service attack. It’s simply to make Musk pay more for useless processing that won’t increase Twitter’s ad revenue.

Art: Chai Lynx

Use Twitter Like TikTok

Instead of typing a reply, record a short video instead. The queerer and less marketable the contents of your video, the better.

https://twitter.com/XydexxUnicorn/status/1587810839620378628

If you don’t have a fursuit (most furries actually don’t), consider using rigged 3D models (or Live2D avatars; e.g. FaceRig) instead.

Just make sure you include a transcript or alt text for people with disabilities.

Everyone else can participate simply by diligently playing every single one of these videos (even if on mute).

Let’s run up Elon’s storage and bandwidth bills. There’s lots of fun that we can have with this idea.

Upload Lots of Compression-Unfriendly Images

For example:

https://twitter.com/yourcompanionAI/status/1587815968700600321

Bonus points if you somehow manage to work this into the video reply idea, and it actually inflates their storage costs significantly.

Bad Suggestion: Reply to Brands with Yiff

There were a few people who suggested posting adult furry art in reply to brand tweets. The idea being that this will make Twitter less marketable for advertisers.

This is a terrible idea for two reasons:

1. Optics. Regardless of your goals, you’re going to expose a lot of unsuspecting users to unsolicited pornographic art. This is not how you make friends. This will make a lot of undecided people form a negative opinion of the furry fandom.
2. Underage users. The minimum age to sign up for Twitter is 13. Parents who might be comfortable with their young teenager following a household name Twitter account will not want their child being exposed to hardcore pornography.

Too often, I see some furries reach for this tactic. You should consider it the nuclear option, because the small tactical gain is largely outsized by collateral damage.

The only thing you’ll accomplish is giving ammo to right-wingers who loudly proclaim all LGBT people are groomers (meanwhile they vote down laws that would stop child marriage; how so very curious of them).

Art: Chai Lynx

Wrap-Up

https://twitter.com/charlotteirene8/status/1585700642626191360

With any luck, we can make Twitter the most expensive $44 Billion that Elon Musk will ever spend.

An Opinionated Summary of Alternate Platforms

Where should we go when Twitter dies? There are a lot of opinions to be had.

Rumors of Tumblr’s Sex Positivity Are Wildly Exaggerated

Shortly after Elon Musk purchased Twitter, Tumblr had announced updated Community Guidelines that, allegedly, permit the naked human form to appear in Tumblr content.

This apparently doesn’t include cartoon nudity. To wit:

https://twitter.com/LeafDubois/status/1589026084640940032

We can do better than Tumblr.

Cohost

Cohost is a somewhat new platform for posting. I have an account there (@soatok).

You can think of Cohost as the best parts of Twitter’s user experience, with the best parts of Tumblr, without any ads, tracking, or recommendation system (The Algorithm).

The premise of Cohost is to build around users, not profit.

Cohost is brought to you by a group calling themselves the Anti Software Software Club–a software company that hates the software industry:

we are a group of three developers and designers—and maybe more soon!—with very strong opinions about how to operate a software company. we’ve all left jobs at conventional tech companies to build cohost and we’re thrilled we finally get to share it with the world. you can read more about us, including our manifesto, on our main website. ASSC is not-for-profit and 100% worker owned.

According to the Cohost website

It’s worth emphasizing that “not-for-profit” is most likely an aspiration and a tenet, not a legal designation. Cohost is an LLC. It would be an error to mistake it for a non-profit organization. The legal term “non-profit” almost always refers to 501(c)(3) organizations.

Personally, I don’t care at all about these distinctions. Some people do. I’m not a lawyer, and I actually find legal topics exhausting to the point of being physically painful. That’s not at an exaggeration.

It’s a neat project. If you want a centralized replacement for Twitter, Cohost is probably your best bet.

Mastodon

Mastodon is federated software, which feels in some ways more like Email or RSS than Twitter does. Moderation is local to your instance, rather than top-down like a centralized platform. Discovery is based on which instances peer with which instances.

There’s a lot to like about Mastodon. However, if you’re an artist that’s looking for a centralized watering hole where all your customers already are, Mastodon… is not that.

That being said, a lot of people are moving to Mastodon already. Now’s probably the best time to join.

Personally, I used to have a Mastodon account, but I didn’t really use it much, and then the instance that hosted my account shut down and I lost all my data. That experience killed my interest in Mastodon.

Telegram Channels

Pro: Furries already use Telegram, extensively.

Con: They’re now selling “collectible usernames” as NFTs

Art: Chai Lynx

Wrap-Up

There are probably other platforms that are worth considering, but there are only so many hours in a day, and I have a day job.

If you find yourself deeply dissatisfied with the options presented, please feel free to explore others. Alternatively, you may wish to build a new platform in line with your own vision.

If you lack the skills to build your vision, grab a few friends and read through Furward Momentum together.

How to Architect the Porn-Friendly Social Media of Tomorrow

What do sex workers, porn artists, and fantasy sex toy companies have in common?

Mastercard doesn’t want to provide them services. Neither do PayPal nor Venmo.

Sex workers and artists are two of the groups most likely to be negatively impacted by Elon Musk’s ownership of Twitter.

https://twitter.com/woot_master/status/1518689141763936259

What would it take to build a social media platform that actually supports sex workers and NSFW artists? Well, a lot. But I’d like to at least provide a sketch for how such a platform might be architected.

Art: Chai Lynx

Require Hardware Security Keys For All Users

Your platform should use WebAuthn instead of password authentication.

I recognize that this makes onboarding users difficult (due to a lack of availability of FIDO2-compatible hardware keys), but the security benefits are immensely worthwhile.

The best thing about WebAuthn is, when implemented correctly, your users become extremely phishing-resistant without requiring any diligence on their part.

Use End-to-End Encryption for Private Messages

Further reading: Going Bark: A Furry’s Guide to End-to-End Encryption.

We don’t need more surveillance capitalism. The less you know about your users, the better.

Consider An Invite-Only Design

Lobste.rs requires new users be invited by an existing user.

This is a great way to reduce the blast radius of platform abusers and their subsequent attempts at ban evasion: If the same person keeps inviting bad people, take away their invite privileges.

I chose a similar approach when I designed FAQ Off.

Don’t Mix Payments With Platforms

Simply put: The platform that users interact with should be mostly independent from the component that processes payments for the users of the platform.

By “mostly independent”, I mean they should be distinct legal entities, with no overlap in ownership, that operate in different countries. The only things that should be exchanged between the two are HTTP messages (over TLS) and API keys.

The payment gateway should accept multiple options (credit cards, PayPal, etc.), but never provide a custom “memo” field. Where possible, the invoice feature should be used (with the possibility of tipping left open).

If you permit users to fill in custom memos, they will inevitably leave a remark that flags the recipient’s account as porn/sex related.

This payment gateway will not just process payments and subscriptions; it will also act as a payment escrow service and amortize the risk of chargeback fraud over multiple content creators. (To that end, it should have a name that isn’t embarrassing on a bank statement.)

The incumbent payment gateways used by the porn industry should be avoided, for multiple reasons:

1. They’re expensive
2. The transactions they process get flagged a lot as fraud
3. They’re often used by spammers, scammers, computer criminals, and deplatformed hate groups

Instead, you’d want your value proposition to be more about social media and payments between friends. The fact that you allow porn and sex work on your platform (which should be one of many platforms that use this payment gateway) needs to be a mere footnote.

Finally, consider very carefully whether or not to support cryptocurrency in your payments (or payouts) platform.

This List is Non-Exhaustive

These are just some considerations I can think of off-hand when imagining what a sex-positive social media platform would look like, if it were built in 2022.

The biggest challenges any platform faces will not be legal or technical; they will be social.

Twitter exploded in popularity after a few celebrities started using it. I don’t know how to replicate their success with a greenfield project, and I doubt anyone else does either.

In Summary

Elon Musk is probably going to kill Twitter. It would be really funny if we made this cataclysmically expensive for Elon Musk, personally.

There are a handful of alternative platforms that folks are already migrating to in anticipation of Twitter’s demise, but none is a clear winner.

Twitter’s death will put a lot of artists (especially porn artists) and sex workers in peril, so I sketched some ideas that would enable a Twitter alternative to better serve them.

Ultimately, the future remains uncertain. I don’t pretend to have answers, just ideas. If you think you know, or can do, better, I wish you the best of luck.

https://soatok.blog/2022/11/07/contemplating-the-future/

#ElonMusk #furries #furry #FurryFandom #Society #Twitter

Dhole Moments

2020-08-10 07:00:50

Some of you may be surprised to learn that my fursona is not a fox, nor a wolf; nor is it a fictitious fox-wolf hybrid popular within the furry fandom (which is usually called a “folf”).

No, my fursona is a dhole, which is a real species of endangered wild dogs from Southeast Asia.

The word “dhole” is only one syllable, with a silent H.

https://twitter.com/canemckeyton/status/1024198407429054469

The Furry Fandom needs more dhole fursonas.

Dholes Are Amazing

https://www.youtube.com/watch?v=ifcCNERGUZU

Dholes are very social creatures that live and hunt in large packs. But how they hunt is needlessly awesome: Where other canids (e.g. wolves) try to chase and then surround their prey, dholes spread out and use high-pitched whistles to coordinate their strikes over large distances.

Some other interesting notes from animal conservationalists over the years: Dholes have very low sexual dimorphism (so you generally cannot tell whether a dhole selected at random is male or female at a glance), and they’re known to do a handstand when they’re urinating.

https://twitter.com/Tikrekins/status/1176953841385951233

You can learn more about dholes and dhole conservation efforts here.

The Symbolism of Dhole Fursonas

If you’re trying to pick a species for your fursona, how do you know if a dhole is right for you?
Art by SkiaSkai
Here’s a short list of values and traits you can derive from dholes and dhole behavior in the wild:

1. Do you value and understand friendship in its purest form?
2. Do you value cooperation (n.b. without power structures and hierarchies)?
3. Do you enjoy communal living (with a chosen family of close friends and/or a polycule)?
4. Are you clued into dog whistles? (Okay, this one’s kind of a dumb joke because dholes are called “whistling dogs”, but a lot of dhole furries I know are very clueful about the alt-right’s bullshit, so it’s fitting.)
5. Do traditional notions of sex and gender not interest you in the slightest?

If you said yes to any of those questions, or if you simply can’t decide between fox or wolf and don’t feel like phoning it in with a fictitious hybrid, a dhole may be a good fursona choice for you.

Are Dhole Fursuits Beautiful?

Yes. Very yes.

https://twitter.com/SparkleKreation/status/1039539876121608193

https://twitter.com/Millitrix01/status/1175111740473991168

https://twitter.com/RustiDhole/status/1276399918240931840

https://twitter.com/DamnitKnightly/status/1290751428206587904

Coming soon (probably 2021) to this section of the blog post: My fursuit.

https://soatok.blog/2020/08/10/all-about-dholes-and-dhole-fursonas/

#CuonAlpinus #dhole #dholes #furry #FurryFandom #fursona

Earlier this year, I detailed a simple technique for deanonymizing scam sites on CloudFlare, by getting the back-end webserver to email you and reveal the server’s IP address (so you can forward your complaints to their ISP).

In a similar vein, I’d like to explain a simple technique for increasing the likelihood that your abuse reports on social media websites like Twitter get taken seriously.

Don’t Use the Easy Button

Every tweet (except your own) has a Report Tweet link attached to it. The user interface is different on web and mobile, but most people know how to find it.

The problem with this “easy button” is twofold:

1. It’s low-effort and high-bandwidth, so a lot of people use it and therefore the signal-to-noise ratio isn’t very high.
2. The “report tweet” workflow lets you select from one of a few narrowly defined categories of abuse without giving you any space to explain why it’s abusive.
   For example: A lot of anti-furry hate is a dogwhistle for ableist or queerphobic rhetoric. Without knowing that context, how do you expect the folks handling abuse reports for social media companies to make the correct choice?

Instead, File an Abuse Report

This is actually a separate thing, and the link to the harassment report form is here. (This is one of many forms you can file with Twitter’s support team.)

Not only do you get to click the radio buttons that the Quick and Easy path allows, you also get to fill in a description of the problem.

A screenshot of the harassment report form.

The difference here isn’t theoretical; a concise explanation of the problem is the difference between your report being ignored and this:

https://twitter.com/SoatokDhole/status/1319983706858246146

If you have any friends that are frequent targets of social media harassment, and their reports aren’t taken seriously, share this article with them.

Art by Khia.

(That being said, I’m really sorry this is even necessary.)

What About Automation?

One motivation to still use the “easy button” when reporting abuse is if you’re hoping to trigger some automated mechanism (i.e. “If 3 different accounts report this as abuse, suspend their account until someone can investigate”).

In that case, press that easy button to your heart’s content.

https://twitter.com/packonines/status/1068746663764860929

https://soatok.blog/2020/11/12/deplatforming-hate-and-harassment/

#abuseReporting #cyberbullying #harassment #hateSpeech #onlineAbuse #SocialMedia #Twitter

Dhole Moments

2020-05-09 22:31:37

Update (2021-01-09): There’s a newer blog post that covers different CloudFlare deanonymization techniques (with a real world case study).

---

Furry Twitter is currently abuzz about a new site selling knock-off fursuits and illegally using photos from the owners of the actual fursuits without permission.

The website in question.

Understandably, the photographers and fursuiters whose work was ripped off by this website are upset and would like to exercise their legal recourse (i.e. DMCA takedown emails) of the scam site, but there’s a wrinkle:

Their contact info isn’t in DNS and their website is hosted behind CloudFlare.

CloudFlare.
Private DNS registration.

You might think this is a show-stopper, but I’m going to show you how to get their server’s real IP address in one easy step.

Ordering the Server’s IP Address by Mail

Most knock-off site operators will choose open source eCommerce platforms like Magento, WooCommerce, and OpenCart, which usually have a mechanism for customers to register for an account and login.

Usually this mechanism sends you an email when you authenticate.

(If it doesn’t, logout and use the “reset password” feature, which will almost certainly send you an email.)

Once you have an email from the scam site, you’re going to need to view the email headers.

With Gmail, can click the three dots on the right of an email then click “Show original”.

Account registration email.
Full email headers after clicking “Show original”.

And there you have it. The IP address of the server behind CloudFlare delivered piping hot to your inbox in 30 minutes or less, or your money back.

That’s a fairer deal than any of these knock-off fursuit sites will give you.

Black magic and piss-poor opsec.

What Can We Do With The Server IP?

You can identify who hosts their website. (In this case, it’s a company called Net Minders.)

With this knowledge in mind, you can send an email to their web hosting provider, citing the Digital Millennium Copyright Act.

One or two emails might get ignored, but discarding hundreds of distinct complaint emails from different people is bad for business. This (along with similar abuse complaints to the domain registrar, which isn’t obscured by DNS Privacy) should be enough to shut down these illicit websites.
The more you know!

Epilogue

https://twitter.com/Mochiroo/status/1259289385876373504

The technique is simple, effective, and portable. Use it whenever someone tries to prop up another website to peddle knock-off goods and tries to hide behind CloudFlare.

https://soatok.blog/2020/05/09/how-to-de-anonymize-scam-knock-off-sites-hiding-behind-cloudflare/

#cloudflare #deanonymize #DNS #fursuitScamSites #informationSecurity #OnlinePrivacy #opsec

Update (2020-04-29): Twitter has fixed their oversight.

{ "errors": [{ "code": 356, "message": "preferences.gender_preferences.gender_override: Must provide a non-empty custom value 30 characters or less in length." }]}

Anyone who set their custom gender to a long volume of text, should still have it set to a long volume of text.

The original article follows after the separator.

I was recently made aware of a change to Twitter, which exposes a new Gender field. If you’ve never specified your gender before, they guessed what it was (which is a really shitty thing to do, especially towards trans folks!).

https://twitter.com/leemandelo/status/1254179716451438592

Slightly annoyed, I went to go see what Twitter thinks my gender is.

Curses! They know I’m a guy. This won’t do at all.

But what’s this? An “Add your gender” option?

That’s at least, something, I guess? Defaulting to [whatever the algorithm guesses] is sucky, but at least nonbinary folks can still self-identify however they want.

But 30 characters isn’t a lot. What if I want to drop in, say, 68 characters? Do I need to do some crazy Unicode fuckery to pull that off?

Nope, Inspect Element + set maxlength="255" and now Twitter thinks my gender is the EICAR test file. Wonderful!

Which means: If someone downloads my Twitter data without my consent onto a workstation running antivirus software, the file will delete itself and all will be right in the marketing world.

https://twitter.com/SoatokDhole/status/1254635753319079937

(Okay but seriously, a lot of downstream systemic failures would have to exist for any damage to occur from me deciding to self-identify to marketers this way.)

Lessons to Learn

Twitter enforced a maxlength of 30 in the HTML element of the “Add your gender” text input, but they didn’t enforce this requirement server-side. The takeaway here is pretty obvious.

Also, don’t try to automatically[b] guess people’s gender at scale[/b]. It’s insulting when you get it wrong, and it’s creepy when you get it right.

(This sticker is tongue-in-cheek.)

What’s the Upper Limit for the Field?

I don’t know, but this indicates it has a larger upper bound than a tweet.

https://twitter.com/txlon5/status/1254648412261228545

If anyone has success dropping an entire thesis on gender identity and culture in the Gender field, let me know.

Update: The Best Genders

Everyone is having a lot of fun with the Gender field. Here’s some of the best tweets I’ve seen since publishing this stupid bug.

https://twitter.com/TecraFox/status/1254653500887310337

https://twitter.com/everlasting1der/status/1254652388713082880

https://twitter.com/hedgehog_emoji/status/1254650551473594368

https://twitter.com/Neybulot/status/1254659048886210563

A fox in Furry Technologists suggested building genderfs, which is a lot like redditfs but hoists the entire filesystem into the Gender field.

While I have your attention, trans rights are human rights and biology disagrees with the simple notion of “two sexes”. Thank you and good night.

https://soatok.blog/2020/04/27/why-server-side-input-validation-matters/

#furry #infosec #inputValidation #LGBTQIA_ #security #softwareDevelopment #Twitter

Dhole Moments

2020-04-27 05:22:30

Update (2020-04-29): Twitter has fixed their oversight.

{ "errors": [{ "code": 356, "message": "preferences.gender_preferences.gender_override: Must provide a non-empty custom value 30 characters or less in length." }]}

Anyone who set their custom gender to a long volume of text, should still have it set to a long volume of text.

The original article follows after the separator.

---

I was recently made aware of a change to Twitter, which exposes a new Gender field. If you’ve never specified your gender before, they guessed what it was (which is a really shitty thing to do, especially towards trans folks!).

https://twitter.com/leemandelo/status/1254179716451438592

Slightly annoyed, I went to go see what Twitter thinks my gender is.

Curses! They know I’m a guy. This won’t do at all.

But what’s this? An “Add your gender” option?

That’s at least, something, I guess? Defaulting to [whatever the algorithm guesses] is sucky, but at least nonbinary folks can still self-identify however they want.

But 30 characters isn’t a lot. What if I want to drop in, say, 68 characters? Do I need to do some crazy Unicode fuckery to pull that off?

Nope, Inspect Element + set maxlength="255" and now Twitter thinks my gender is the EICAR test file. Wonderful!

Which means: If someone downloads my Twitter data without my consent onto a workstation running antivirus software, the file will delete itself and all will be right in the marketing world.

https://twitter.com/SoatokDhole/status/1254635753319079937

(Okay but seriously, a lot of downstream systemic failures would have to exist for any damage to occur from me deciding to self-identify to marketers this way.)

Lessons to Learn

Twitter enforced a maxlength of 30 in the HTML element of the “Add your gender” text input, but they didn’t enforce this requirement server-side. The takeaway here is pretty obvious.

Also, don’t try to automatically[b] guess people’s gender at scale[/b]. It’s insulting when you get it wrong, and it’s creepy when you get it right.

(This sticker is tongue-in-cheek.)

What’s the Upper Limit for the Field?

I don’t know, but this indicates it has a larger upper bound than a tweet.

https://twitter.com/txlon5/status/1254648412261228545

If anyone has success dropping an entire thesis on gender identity and culture in the Gender field, let me know.

Update: The Best Genders

Everyone is having a lot of fun with the Gender field. Here’s some of the best tweets I’ve seen since publishing this stupid bug.

https://twitter.com/TecraFox/status/1254653500887310337

https://twitter.com/everlasting1der/status/1254652388713082880

https://twitter.com/hedgehog_emoji/status/1254650551473594368

https://twitter.com/Neybulot/status/1254659048886210563

A fox in Furry Technologists suggested building genderfs, which is a lot like redditfs but hoists the entire filesystem into the Gender field.

While I have your attention, trans rights are human rights and biology disagrees with the simple notion of “two sexes”. Thank you and good night.

https://soatok.blog/2020/04/27/why-server-side-input-validation-matters/

#furry #infosec #inputValidation #LGBTQIA_ #security #softwareDevelopment #Twitter

Update (2024-06-06): There is an update on this project.

As Twitter’s new management continues to nosedive the platform directly into the ground, many people are migrating to what seem like drop-in alternatives; i.e. Cohost and Mastodon. Some are even considering new platforms that none of us have heard of before (one is called “Hive”).

Needless to say, these are somewhat chaotic times.

One topic that has come up several times in the past few days, to the astonishment of many new Mastodon users, is that Direct Messages between users aren’t end-to-end encrypted.

And while that fact makes Mastodon DMs no less safe than Twitter DMs have been this whole time, there is clearly a lot of value and demand in deploying end-to-end encryption for ActivityPub (the protocol that Mastodon and other Fediverse software uses to communicate).

However, given that Melon Husk apparently wants to hurriedly ship end-to-end encryption (E2EE) in Twitter, in some vain attempt to compete with Signal, I took it upon myself to kickstart the E2EE effort for the Fediverse.

https://twitter.com/elonmusk/status/1519469891455234048

So I’d like to share my thoughts about E2EE, how to design such a system from the ground up, and why the direction Twitter is heading looks to be security theater rather than serious cryptographic engineering.

If you’re not interested in those things, but are interested in what I’m proposing for the Fediverse, head on over to the GitHub repository hosting my work-in-progress proposal draft as I continue to develop it.

How to Quickly Build E2EE

If one were feeling particularly cavalier about your E2EE designs, they could just generate then dump public keys through a server they control, pass between users, and have them encrypt client-side. Over and done. Check that box.

Every public key would be ephemeral and implicitly trusted, and the threat model would mostly be, “I don’t want to deal with law enforcement data requests.”

Hell, I’ve previously written an incremental blog post to teach developers about E2EE that begins with this sort of design. Encrypt first, ratchet second, manage trust relationships on public keys last.

If you’re catering to a slightly tech-savvy audience, you might throw in SHA256(pk1 + pk2) -> hex2dec() and call it a fingerprint / safety number / “conversation key” and not think further about this problem.

Look, technical users can verify out-of-band that they’re not being machine-in-the-middle attacked by our service.

An absolute fool who thinks most people will ever do this

From what I’ve gathered, this appears to be the direction that Twitter is going.

https://twitter.com/wongmjane/status/1592831263182028800

Now, if you’re building E2EE into a small hobby app that you developed for fun (say: a World of Warcraft addon for erotic roleplay chat), this is probably good enough.

If you’re building a private messaging feature that is intended to “superset Signal” for hundreds of millions of people, this is woefully inadequate.

https://twitter.com/elonmusk/status/1590426255018848256

Art: LvJ

If this is, indeed, the direction Musk is pushing what’s left of Twitter’s engineering staff, here is a brief list of problems with what they’re doing.

1. Twitter Web. How do you access your E2EE DMs after opening Twitter in your web browser on a desktop computer?
   
   • If you can, how do you know twitter.com isn’t including malicious JavaScript to snarf up your secret keys on behalf of law enforcement or a nation state with a poor human rights record?
   • If you can, how are secret keys managed across devices?
   • If you use a password to derive a secret key, how do you prevent weak, guessable, or reused passwords from weakening the security of the users’ keys?
   • If you cannot, how do users decide which is their primary device? What if that device gets lost, stolen, or damaged?

   
   

2. Authenticity. How do you reason about the person you’re talking with?
3. Forward Secrecy. If your secret key is compromised today, can you recover from this situation? How will your conversation participants reason about your new Conversation Key?
4. Multi-Party E2EE. If a user wants to have a three-way E2EE DM with the other members of their long-distance polycule, does Twitter enable that?
   
   • How are media files encrypted in a group setting? If you fuck this up, you end up like Threema.
   • Is your group key agreement protocol vulnerable to insider attacks?

   
   

5. Cryptography Implementations.
   
   • What does the KEM look like? If you’re using ECC, which curve? Is a common library being used in all devices?
   • How are you deriving keys? Are you just using the result of an elliptic curve (scalar x point) multiplication directly without hashing first?

   
   

6. Independent Third-Party Review.
   
   • Who is reviewing your protocol designs?
   • Who is reviewing your cryptographic primitives?
   • Who is reviewing the code that interacts with E2EE?
   • Is there even a penetration test before the feature launches?

   
   

As more details about Twitter’s approach to E2EE DMs come out, I’m sure the above list will be expanded with even more questions and concerns.

My hunch is that they’ll reuse liblithium (which uses Curve25519 and Gimli) for Twitter DMs, since the only expert I’m aware of in Musk’s employ is the engineer that developed that library for Tesla Motors. Whether they’ll port it to JavaScript or just compile to WebAssembly is hard to say.

How To Safely Build E2EE

You first need to decompose the E2EE problem into five separate but interconnected problems.

1. Client-Side Secret Key Management.
   
   • Multi-device support
   • Protect the secret key from being pilfered (i.e. by in-browser JavaScript delivered from the server)

   
   

2. Public Key Infrastructure and Trust Models.
   
   • TOFU (the SSH model)
   • X.509 Certificate Authorities
   • Certificate/Key/etc. Transparency
   • SigStore
   • PGP’s Web Of Trust

   
   

3. Key Agreement.
   
   • While this is important for 1:1 conversations, it gets combinatorially complex when you start supporting group conversations.

   
   

4. On-the-Wire Encryption.
   
   • Direct Messages
   • Media Attachments
   • Abuse-resistance (i.e. message franking for abuse reporting)

   
   

5. The Construction of the Previous Four.
   
   • The vulnerability of most cryptographic protocols exists in the joinery between the pieces, not the pieces themselves. For example, Matrix.

   
   

This might not be obvious to someone who isn’t a cryptography engineer, but each of those five problems is still really hard.

To wit: The latest IETF RFC draft for Message Layer Security, which tackles the Key Agreement problem above, clocks in at 137 pages.

Additionally, the order I specified these problems matters; it represents my opinion of which problem is relatively harder than the others.

When Twitter’s CISO, Lea Kissner, resigned, they lost a cryptography expert who was keenly aware of the relative difficulty of the first problem.

https://twitter.com/LeaKissner/status/1592937764684980224

You may also notice the order largely mirrors my previous guide on the subject, in reverse. This is because teaching a subject, you start with the simplest and most familiar component. When you’re solving problems, you generally want the opposite: Solve the hardest problems first, then work towards the easier ones.

This is precisely what I’m doing with my E2EE proposal for the Fediverse.

The Journey of a Thousand Miles Begins With A First Step

Before you write any code, you need specifications.

Before you write any specifications, you need a threat model.

Before you write any threat models, you need both a clear mental model of the system you’re working with and how the pieces interact, and a list of security goals you want to achieve.

Less obviously, you need a specific list of non-goals for your design: Properties that you will not prioritize. A lot of security engineering involves trade-offs. For example: elliptic curve choice for digital signatures is largely a trade-off between speed, theoretical security, and real-world implementation security.

If you do not clearly specify your non-goals, they still exist implicitly. However, you may find yourself contradicting them as you change your mind over the course of development.

Being wishy-washy about your security goals is a good way to compromise the security of your overall design.

In my Mastodon E2EE proposal document, I have a section called Design Tenets, which states the priorities used to make trade-off decisions. I chose Usability as the highest priority, because of AviD’s Rule of Usability.

Security at the expense of usability comes at the expense of security.

Avi Douglen, Security StackExchange

Underneath Tenets, I wrote Anti-Tenets. These are things I explicitly and emphatically do not want to prioritize. Interoperability with any incumbent designs (OpenPGP, Matrix, etc.) is the most important anti-tenet when it comes to making decisions. If our end-state happens to interop with someone else’s design, cool. I’m not striving for it though!

Finally, this section concludes with a more formal list of Security Goals for the whole project.

Art: LvJ

Every component (from the above list of five) in my design will have an additional dedicated Security Goals section and Threat Model. For example: Client-Side Secret Key Management.

You will then need to tackle each component independently. The threat model for secret-key management is probably the trickiest. The actual encryption of plaintext messages and media attachments is comparatively simple.

Finally, once all of the pieces are laid out, you have the monumental (dare I say, mammoth) task of stitching them together into a coherent, meaningful design.

If you did your job well at the outset, and correctly understand the architecture of the distributed system you’re working with, this will mostly be straightforward.

Making Progress

At every step of the way, you do need to stop and ask yourself, “If I was an absolute chaos gremlin, how could I fuck with this piece of my design?” The more pieces your design has, the longer the list of ways to attack it will grow.

It’s also helpful to occasionally consider formal methods and security proofs. This can have surprising implications for how you use some algorithms.

You should also be familiar enough with the cryptographic primitives you’re working with before you begin such a journey; because even once you’ve solved the key management story (problems 1, 2 and 3 from the above list of 5), cryptographic expertise is still necessary.

• If you’re feeding data into a hash function, you should also be thinking about domain separation. More information.
• If you’re feeding data into a MAC or signature algorithm, you should also be thinking about canonicalization attacks. More information.
• If you’re encrypting data, you should be thinking about multi-key attacks and confused deputy attacks. Also, the cryptographic doom principle if you’re not using IND-CCA3 algorithms.
• At a higher-level, you should proactively defend against algorithm confusion attacks.

How Do You Measure Success?

It’s tempting to call the project “done” once you’ve completed your specifications and built a prototype, and maybe even published a formal proof of your design, but you should first collect data on every important metric:

1. How easy is it to use your solution?
2. How hard is it to misuse your solution?
3. How easy is it to attack your solution? Which attackers have the highest advantage?
4. How stable is your solution?
5. How performant is your solution? Are the slow pieces the deliberate result of a trade-off? How do you know the balance was struck corectly?

Where We Stand Today

I’ve only begun writing my proposal, and I don’t expect it to be truly ready for cryptographers or security experts to review until early 2023.

However, my clearly specified tenets and anti-tenets were already useful in discussing my proposal on the Fediverse.

@soatok @fasterthanlime Should probably embed the algo used for encryption in the data used for storing the encrypted blob, to support multiples and future changes.

@fabienpenso@hachyderm.io proposes in-band protocol negotiation instead of versioned protocols

The main things I wanted to share today are:

1. The direction Twitter appears to be heading with their E2EE work, and why I think it’s a flawed approach
2. Designing E2EE requires a great deal of time, care, and expertise; getting to market quicker at the expense of a clear and careful design is almost never the right call

Mastodon? ActivityPub? Fediverse? OMGWTFBBQ!

In case anyone is confused about Mastodon vs ActivityPub vs Fediverse lingo:

The end goal of my proposal is that I want to be able to send DMs to queer furries that use Mastodon such that only my recipient can read them.

Achieving this end goal almost exclusively requires building for ActivityPub broadly, not Mastodon specifically.

However, I only want to be responsible for delivering this design into the software I use, not for every single possible platform that uses ActivityPub, nor all the programming languages they’re written in.

I am going to be aggressive about preventing scope creep, since I’m doing all this work for free. (I do have a Ko-Fi, but I won’t link to it from here. Send your donations to the people managing the Mastodon instance that hosts your account instead.)

My hope is that the design documents and technical specifications become clear enough that anyone can securely implement end-to-end encryption for the Fediverse–even if special attention needs to be given to the language-specific cryptographic libraries that you end up using.

Art: LvJ

Why Should We Trust You to Design E2EE?

This sort of question comes up inevitably, so I’d like to tackle it preemptively.

My answer to every question that begins with, “Why should I trust you” is the same: You shouldn’t.

There are certainly cryptography and cybersecurity experts that you will trust more than me. Ask them for their expert opinions of what I’m designing instead of blanketly trusting someone you don’t know.

I’m not interested in revealing my legal name, or my background with cryptography and computer security. Credentials shouldn’t matter here.

If my design is good, you should be able to trust it because it’s good, not because of who wrote it.

If my design is bad, then you should trust whoever proposes a better design instead. Part of why I’m developing it in the open is so that it may be forked by smarter engineers.

Knowing who I am, or what I’ve worked on before, shouldn’t enter your trust calculus at all. I’m a gay furry that works in the technology industry and this is what I’m proposing. Take it or leave it.

Why Not Simply Rubber-Stamp Matrix Instead?

(This section was added on 2022-11-29.)

There’s a temptation, most often found in the sort of person that comments on the /r/privacy subreddit, to ask why even do all of this work in the first place when Matrix already exists?

The answer is simple: I do not trust Megolm, the protocol designed for Matrix.

Megolm has benefited from amateur review for four years. Non-cryptographers will confuse this observation with the proposition that Matrix has benefited from peer review for four years. Those are two different propositions.

In fact, the first time someone with cryptography expertise bothered to look at Matrix for more than a glance, they found critical vulnerabilities in its design. These are the kinds of vulnerabilities that are not easily mitigated, and should be kept in mind when designing a new protocol.

You don’t have to take my word for it. Listen to the Security, Cryptography, Whatever podcast episode if you want cryptographic security experts’ takes on Matrix and these attacks.

From one of the authors of the attack paper:

So they kind of, after we disclosed to them, they shared with us their timeline. It’s not fixed yet. It’s a, it’s a bigger change because they need to change the protocol. But they always said like, Okay, fair enough, they’re gonna change it. And they also kind of announced a few days after kind of the public disclosure based on the public reaction that they should prioritize fixing that. So it seems kind of in the near future, I don’t have the timeline in front of me right now. They’re going to fix that in the sense of like the— because there’s, notions of admins and so on. So like, um, so authenticating such group membership requests is not something that is kind of completely outside of, kind of like the spec. They just kind of need to implement the appropriate authentication and cryptography.

Martin Albrecht, SCW podcast

From one of the podcast hosts:

I guess we can at the very least tell anyone who’s going forward going to try that, that like, yes indeed. You should have formal models and you should have proofs. And so there’s this, one of the reactions to kind of the kind of attacks that we presented and also to prior previous work where we kind of like broken some cryptographic protocols is then to say like, “Well crypto’s hard”, and “don’t roll your own crypto.” But in a way the thing is like, you know, we need some people to roll their own crypto because that’s how we have crypto. Someone needs to roll it. But we have developed techniques, we have developed formalisms, we have developed methods for making sure it doesn’t have to be hard, it’s not, it’s not a dark art kind of that only kind of a few, a select few can master, but it’s, you know, it’s a science and you can learn it. So, but you need to then indeed employ a cryptographer in kind of like forming, modeling your protocol and whenever you make changes, then, you know, they need to look over this and say like, Yes, my proof still goes through. Um, so like that is how you do this. And then, then true engineering is still hard and it will remain hard and you know, any science is hard, but then at least you have some confidence in what you’re doing. You might still then kind of on the space and say like, you know, the attack surface is too large and I’m not gonna to have an encrypted backup. Right. That’s then the problem of a different hard science, social science. Right. But then just use the techniques that we have, the methods that we have to establish what we need.

Thomas Ptacek, SCW podcast

It’s tempting to listen to these experts and say, “OK, you should use libsignal instead.”

But libsignal isn’t designed for federation and didn’t prioritize group messaging. The UX for Signal is like an IM application between two parties. It’s a replacement for SMS.

It’s tempting to say, “Okay, but you should use MLS then; never roll your own,” but MLS doesn’t answer the group membership issue that plagued Matrix. It punts on these implementation details.

Even if I use an incumbent protocol that privacy nerds think is good, I’ll still have to stitch it together in a novel manner. There is no getting around this.

Maybe wait until I’ve finished writing the specifications for my proposal before telling me I shouldn’t propose anything.

Credit for art used in header: LvJ, Harubaki

https://soatok.blog/2022/11/22/towards-end-to-end-encryption-for-direct-messages-in-the-fediverse/

#endToEndEncryption #Twitter

Dhole Moments

2024-06-06 05:37:50

In late 2022, I blogged about the work needed to develop a specification for end-to-end encryption for the fediverse. I sketched out some of the key management components on GitHub, and then the public work abruptly stalled.

A few of you have wondered what’s the deal with that.

This post covers why this effort stalled, what I’m proposing we do next.

What’s The Hold Up?

The “easy” (relatively speaking) parts of the problem are as follows:

1. Secret key management. (This is sketched out already, and provides multiple mechanisms for managing secret key material. Yay!)
2. Bulk encryption of messages and media. (I’ve done a lot of work in this space over the years, so it’s an area I’m deeply familiar with. When we get to this part, it will be almost trivial. I’m not worried about it at all.)
3. Forward-secure ratcheting / authenticated key exchange / group key agreement. (RFC 9420 is a great starting point.)

That is to say, managing secret keys, using secret keys, and deriving shared secret keys are all in the “easy” bucket.

The hard part? Public key management.

CMYKat made this

Why is Public Key Management Hard?

In a centralized service (think: Twitter, Facebook, etc.), this is actually much easier to build: Shove your public keys into a database, and design your client-side software to trust whatever public key your server gives them. Bob’s your uncle, pack it up and go home.

Unfortunately, it’s kind of stupid to build anything that way.

If you explicitly trust the server, the server could provide the wrong public key (i.e., one for which the server knows the corresponding secret key) and you’ll be none the wiser. This makes it trivial for the server to intercept and read your messages.

If your users are trusting you regardless, they’re probably just as happy if you don’t encrypt at the endpoint at all (beyond using TLS, but transport encryption is table stakes for any online service so nevermind that).

But let’s say you wanted to encrypt between peers anyway, because you’re feeling generous (or don’t want to field a bunch of questionably legal demands for user data by law enforcement; a.k.a. the Snapchat threat model).

You could improve endpoint trust by shoving all of your users’ public keys into an append-only data structure; i.e. key transparency, like WhatsApp proposed in 2023:

https://www.youtube.com/watch?v=_N4Q05z5vPE

And, to be perfectly clear, key transparency is a damn good idea.

Key transparency keeps everyone honest and makes it difficult for criminals to secretly replace a victim’s public key, because the act of doing so is unavoidably published to an append-only log.

The primary challenge is scaling a transparency feature to serve a public, federated system.

AJ

Federated Key Transparency?

Despite appearances, I haven’t been sitting on my thumbs for the past year or so. I’ve been talking with cryptography experts about their projects and papers in the same space.

Truthfully, I had been hoping to piggyback off one of those upcoming projects (which is focused more on public key discovery for SAML- and OAuth-like protocols) to build the Federated PKI piece for E2EE for the Fediverse.

Unfortunately, that project keeps getting delayed and pushed back, and I’ve just about run out of patience for it.

Additionally, there are some engineering challenges that I would need to tackle to build atop it, so it’s not as simple as “let’s just use that protocol”, either.

So let’s do something else instead:

Art: ScruffKerfluff

Fediverse Public Key Directories

Orthogonal to the overall Fediverse E2EE specification project, let’s build a Public Key Directory for the Fediverse.

This will not only be useful for building a coherent specification for E2EE (as it provides the “Federated PKI” component we’d need to build it securely), but it would also be extremely useful for software developers the whole world over.

Imagine this:

• If you want to fetch a user’s SSH public key, you can just query for their username and get a list of non-expired, non-revoked public keys to choose from.
• If you wanted public key pinning and key rotation for OAuth2 and/or OpenID Connect identity providers without having to update configurations or re-deploy any applications, you can do that.
• If you want to encrypt a message to a complete stranger, such that only they can decrypt it, without any sort of interaction (i.e., they could be offline for a holiday and still decrypt it when they get back), you could do that.

Oh, and best of all? You can get all these wins without propping up any cryptocurrency bullshit either.

From simple abstractions, great power may bloom.

Mark Miller

How Will This Work?

We need to design a specific kind of server that speaks a limited set of the ActivityPub protocol.

I say “limited” because it will only not support editing or deleting messages provided by another instance. It will only append data.

To understand the full picture, let’s first look at the message types, public key types, and how the message types will be interpreted.

Message Types

Under the ActivityPub layer, we will need to specify a distinct set of Directory Message Types. An opening offer would look like this:

1. [b]AddKey[/b] — contains an Asymmetric Public Key, a number mapped to the user, and instance that hosts it, and some other metadata (i.e., time)
2. [b]RevokeKey[/b] — marks an existing public key as revoked
3. [b]MoveIdentity[/b] — moves all of the public keys from identity A to identity B. This can be used for username changes or instance migrations.

We may choose to allow more message types at the front-end if need be, but that’s enough for our purposes.

Public Key Types

We are not interested in backwards compatibility with every existing cryptosystem. We will only tolerate a limited set of public key types.

At the outset, only Ed25519 will be supported.

In the future, we will include post-quantum digital signature algorithms on this list, but not before the current designs have had time to mature.

RSA will never be included in the set.

ECDSA over NIST P-384 may be included at some point, if there’s sufficient interest in supporting e.g., US government users.

If ECDSA is ever allowed, RFC 6979 is mandatory.

Message Processing

When an instance sends a message to a Directory Server, it will need to contain a specific marker for our protocol. Otherwise, it will be rejected.

Each message will have its own processing rules.

After the processing rules are applied, the message will be stored in the Directory Server, and a hash of the message will be published to a SigSum transparency ledger. The Merkle root and inclusion proofs will be stored in an associated record, attached to the record for the new message.

Every message will have its hash published in SigSum. No exceptions.

We will also need a mechanism for witness co-signatures to be published and attached to the record.

Additionally, all messages defined here are generated by the users, client-side. Servers are not trusted, generally, as part of the overall E2EE threat model.

AddKey

{ "@context": "https://example.com/ns/fedi-e2ee/v1", "action": "AddKey", "message": { "time": "2024-12-31T23:59:59Z", "identity": "foo@mastodon.example.com", "public-key": "ed25519:<key goes here>" }, "signature": "SignatureOfMessage"}

The first AddKey for any given identity will need to be self-signed by the key being added (in addition to ActivityPub messages being signed by the instance).

After an identity exists in the directory, every subsequent public key MUST be signed by a non-revoked keypair.

RevokeKey

{ "@context": "https://example.com/ns/fedi-e2ee/v1", "action": "RevokeKey", "message": { "time": "2024-12-31T23:59:59Z", "identity": "foo@mastodon.example.com", "public-key": "ed25519:<key goes here>" }, "signature": "SignatureOfMessage"}

This marks the public key as untrusted, and effectively “deletes” it from the list that users will fetch.

Important: RevokeKey will fail unless there is at least one more trusted public key for this user. Otherwise, a denial of service would be possible.

Replaying an AddKey for a previously-revoked key MUST fail.

MoveIdentity

{ "@context": "https://example.com/ns/fedi-e2ee/v1", "action": "MoveIdentity", "message": { "time": "2024-12-31T23:59:59Z", "old-identity": "foo@mastodon.example.com", "new-identity": "bar@akko.example.net" }, "signature": "SignatureOfMessage"}

This exists to facilitate migrations and username changes.

Other Message Types

The above list is not exhaustive. We may need other message types depending on the exact feature set needed by the final specification.

Fetching Public Keys

A simple JSON API (and/or an ActivityStream; haven’t decided) will be exposed to query for the currently trusted public keys for a given identity.

{ "@context": "https://example.com/ns/fedi-e2ee/v1", "public-keys": [ { "data": { "time": "2024-12-31T23:59:59Z", "identity": "foo@mastodon.example.com", "public-key": "ed25519:<key goes here>" }, "signature": "SignatureOfData", "sigsum": { /* ... */ }, }, { "data": { /* ... */ }, /* ... */ }, /* ... */ ]}

Simple and easy.

CMYKat

Gossip Between Instances

Directory Servers should be configurable to mirror records from other instances.

Additionally, they should be configurable to serve as Witnesses for the SigSum protocol.

The communication layer here between Directory Servers will also be ActivityPub.

Preventing Abuse

The capability of learning a user’s public key doesn’t imply the ability to send messages or bypass their block list.

Additionally, Fediverse account usernames are (to my knowledge) generally not private, so I don’t anticipate there being any danger in publishing public keys to an append-only ledger.

That said, I am totally open to considering use cases where the actual identity is obfuscated (e.g., HMAC with a static key known only to the instance that hosts them instead of raw usernames).

What About GDPR / Right To Be Forgotten?

Others have previously suggested that usernames might be subject to the “right to be forgotten”, which would require breaking history for an append-only ledger.

After discussing a proposed workaround with a few people in the Signal group for this project, we realized complying necessarily introduced security issues by giving instance admins the capability of selectively remapping the user ID to different audiences, and detecting/mitigating this remapping is annoying.

However, we don’t need to do that in the first place.

According to this webpage about GDPR’s Right to be Forgotten:

However, an organization’s right to process someone’s data might override their right to be forgotten. Here are the reasons cited in the GDPR that trump the right to erasure:

• (…)
• The data is being used to perform a task that is being carried out in the public interest or when exercising an organization’s official authority.
• (…)
• The data represents important information that serves the public interest, scientific research, historical research, or statistical purposes and where erasure of the data would likely to impair or halt progress towards the achievement that was the goal of the processing.

Enabling private communication is in the public interest. The only information that will be stored in the ledger in relation to the username are cryptographic public keys, so it’s not like anything personal (e.g., email addresses or legal names) will be included.

However, we still need to be extremely up-front about this to ensure EU citizens are aware of the trade-off we’re making.

Account Recovery

In the event that a user loses access to all of their secret keys and wants to burn down the old account, they may want a way to start over with another fresh self-signed AddKey.

However, the existing policies I wrote above would make this challenging:

1. Since every subsequent AddKey must be signed by an incumbent key, if you don’t have access to these secret keys, you’re locked out.
2. Since RevokeKey requires one trusted keypair remains in the set, for normal operations, you can’t just burn the set down to zero even while you still had access to the secret keys.

There is an easy way out of this mess: Create a new verb; e.g. BurnDown that an instance can issue that resets all signing keys for a given identity.

The use of BurnDown should be a rare, exceptional event that makes a lot of noise:

• All existing E2EE sessions must break, loudly.
• All other participants must be alerted to the change, through the client software.
• Witnesses and watchdog nodes must take note of this change.

This comes with some trade-offs. Namely: Any account recovery mechanism is a backdoor, and giving the instance operators the capability of issuing BurnDown messages is a risk to their users.

Therefore, users who trust their own security posture and wish to opt out of this recovery feature should also be able to issue a Fireproof message at any point in the process, which permanent and irrevocably prevents any BurnDown from being accepted on their current instance.

If users opt out of recovery and then lose their signing keys, they’re locked out and need to start over with a new Fediverse identity. On the flipside, their instance operator cannot successfully issue a BurnDown for them, so they have to trust them less.

Notice

This is just a rough sketch of my initial ideas, going into this project. It is not comprehensive, nor complete.

There are probably big gaps that need to be filled in, esp. on the ActivityPub side of things. (I’m not as worried about the cryptography side of things.)

How Will This Be Used for E2EE Direct Messaging?

I anticipate that a small pool of Directory Servers will be necessary, due to only public keys and identities being stored.

Additional changes beyond just the existence of Directory Servers will need to be made to facilitate private messaging. Some of those changes include:

• Some endpoint for users to know which Directory Servers a given ActivityPub instance federates with (if any).
• Some mechanism for users to asynchronously exchange Signed Pre-Key bundles for initiating contact. (One for users to publish new bundles, another for users to retrieve a bundle.)
  
  • These will be Ed25519-signed payloads containing an ephemeral X25519 public key.

  
  

This is all outside the scope of the proposal I’m sketching out here today, but it’s worth knowing that I’m aware of the implementation complexity.

The important thing is: I (soatok@furry.engineer) should be able to query pawb.fun, find the Directory Server(s) they federate with, and then query that Directory server for Crashdoom@pawb.fun and get his currently trusted Ed25519 public keys.

From there, I can query pawb.fun for a SignedPreKey bundle, which will have been signed by one of those public keys.

And then we can return to the “easy” pile.

MarleyTanuki

Development Plan

Okay, so that was a lot of detail, and yet not enough detail, depending on who’s reading this blog post.

What I wrote here today is a very rough sketch. The devil is always in the details, especially with cryptography.

Goals and Non-Goals

We want Fediverse users to be able to publish a public key that is bound to their identity, which anyone else on the Internet can fetch and then use for various purposes.

We want to leverage the existing work into key transparency by the cryptography community.

We don’t want to focus on algorithm agility or protocol compatibility.

We don’t want to involve any government offices in the process. We don’t care about “real” identities, nor about codifying falsehoods about names.

We don’t want any X.509 or Web-of-Trust machinery involved in the process.

Tasks

The first thing we would need to do is write a formal specification for a Directory Server (whose job is only to vend Public Keys in an auditable, transparent manner).

Next, we need to actually build a reference implementation of this server, test it thoroughly, and then have security experts pound at the implementation for a while. Any security issues that can be mitigated by design will require a specification update.

We will NOT punt these down to implementors to be responsible for, unless we cannot avoid doing so.

Once these steps are done, we can start rolling the Directory Servers out. At this point, we can develop client-side libraries in various programming languages to make it easy for developers to adopt.

My continued work on the E2EE specification for the Fediverse can begin after we have an implementation of the Directory Server component ready to go.

Timeline

I have a very demanding couple of months ahead of me, professionally, so I don’t yet know when I can commit to starting the Fediverse Directory Server specification work.

Strictly speaking, it’s vaguely possible to get buy-in from work to focus on this project as part of my day-to-day responsibilities, since it has immediate and lasting value to the Internet.

However, I don’t want to propose it because that would be crossing the professional-personal streams in a way I’m not really comfortable with.

The last thing I need is angry Internet trolls harassing my coworkers to try to get under my fur, y’know?

If there is enough interest from the broader Fediverse community, I’m also happy to delegate this work to anyone interested.

Once the work can begin, I don’t anticipate it will take more than a week for me to write a specification that other crypto nerds will take seriously.

I am confident in this because most of the cryptography will be constrained to hash functions, preventing canonicalization and cross-protocol attacks, and signatures.

Y’know, the sort of thing I write about on my furry blog for fun!

Building a reference implementation will likely take a bit longer; if, for no other reason, than I believe it would be best to write it in Go (which has the strongest SigSum support, as of this writing).

This is a lot of words to say, as far as timelines go:

CMYKat

How to Get Involved

Regardless of whether my overall E2EE proposal gets adopted, the Directory Server component is something that should be universally useful to the Fediverse and to software developers around the world.

If you are interested in participating in any technical capacity, I have just created a Signal Group for discussing and coordinating efforts.

All of these efforts will also be coordinated on the fedi-e2ee GitHub organization.

The public key directory server’s specification will eventually exist in this GitHub repository.

Can I Contribute Non-Technically?

Yes, absolutely. In the immediate future, once it kicks off, the work is going to be technology-oriented.

However, we may need people with non-technical skills at some point, so feel free to dive in whenever you feel comfortable.

What About Financially?

If you really have money burning a hole in your pocket and want to toss a coin my way, I do have a Ko-Fi. Do not feel pressured at all to do so, however.

Because I only use Ko-Fi as a tip jar, rather than as a business, I’m not specifically tracking which transaction is tied to which project, so I can’t make any specific promises about how any of the money sent my way will be allocated.

What I will promise, however, is that any icons/logos/etc. created for this work will be done by an artist and they will be adequately compensated for their work. I will not use large-scale computing (a.k.a., “Generative AI”) for anything.

Closing Thoughts

What I’ve sketched here is much simpler (and more ActivityPub-centric) than the collaboration I was originally planning.

Thanks for being patient while I tried, in vain, to make that work.

As of today, I no longer think we need to wait for them. We can build this ourselves, for each other.

https://soatok.blog/2024/06/06/towards-federated-key-transparency/

#cryptography #endToEndEncryption #fediverse #KeyTransparency #Mastodon #MerkleTrees #PublicKeys

I get a lot of emails from job recruiters that, even to this day, I’m not qualified for. They often ask for ridiculous requirements, like a Master’s Degree or Ph.D in Computer Science, for what would otherwise be a standard programming job without any particular specializations (e.g. cryptography, which I happen to specialize in).

One time I humored one of these opportunities for a PHP Developer position and was immediately told over the phone that my number of years of experience with PHP was too low, because I didn’t start working with it in 1996 like the rockstar developers on their payroll, but that they’d call me back if they had any “junior” openings in the future. Given that I was born in 1989 and didn’t have access to a computer until about Christmas 1999, I won’t even begin to pretend this is a reasonable ask.

This was my actual reaction after I hung up. (Art by Khia.)

In a lot of ways, I have it easy. I have enough experience with software development and security research under my belt to basically ignore the requirements that HR puts on job listings and still get an interview with most companies. (If you want a sense of what this looks like, look no further than rawr-x3dh or my teardown of security issues in Zed Shaw’s SRP library… which are both things I did somewhat casually for this blog.)

The irony is, I’m probably deeply overqualified for the majority of the jobs that come across my inbox, and I still don’t meet the HR requirements for the roles, and the people who are actually a good fit for it don’t have the same privilege as me.

So if the rules are made up and the points don’t matter, why do companies bother with these pointlessly harrowing job requirements?

(Art by Khia.)

The answer is simple: They’re being toxic gatekeepers, and we’re all worse off for it.

https://twitter.com/IanColdwater/status/1357381321488621569

Toxic Gatekeeping

Gatekeeping is generally defined as “the activity of controlling, and usually limiting, general access to something” (source).

Gatekeeping doesn’t have to be toxic: Keeping children out of adult entertainment venues is certainly an example of gatekeeping, but it’s a damned good idea in that context.

In a similar vein, content moderation is a good thing, but necessarily involves some gatekeeping behaviors.

As with many things in life, toxicity is determined by the dose. I’ve previously posited that any group has a minimum gatekeeping threshold necessary for maintaining group identity (or in the example of keeping kids out of 18+ spaces, avoiding liability).

When the amount of gatekeeping exceeds the minimum, the excess is almost always toxic. To wit:

https://twitter.com/BlackDGamer1/status/1361352840980164609

Toxic Gatekeeping in Tech

The technology industry is filled with entry-level gatekeepers. Sometimes this behavior floats up in the org chart, but it’s most often concentrated at neophytes.

https://twitter.com/fancy_flare/status/1371568476331012101

In practice, toxic gatekeeping often employs arbitrary Purity Tests, stupid job requirements, and questionably legal hazing rituals. Conversations with toxic gatekeepers often–but not always–involve gratuitous use of No True Scotsman fallacies.

XKCD: Real Programmers

But what’s really happening here is actually sinister: Toxic gatekeepers in tech are people with internalized cognitive distortions that either affirm one’s sense of superiority or project their personal insecurities–if not both things.

This is almost always directed towards the end of excluding women, racial or religious minorities, LGBTQIA+ and neurodivergent people, and other vulnerable populations from the possibility at pursuing lucrative career prospects.

If you need a (rather poignant) example of the above, the gatekeeping behaviors against women in tech even apply to the forerunners of computer science:

https://twitter.com/gurlcode/status/1170664258197024768

If you’re still unconvinced, I have my own experiences I can tell you about; like that one time my blog’s domain was banned from the netsec subreddit because of other peoples’ toxicity.

That Time soatok.blog Was Banned from Reddit’s r/netsec Subreddit

Earlier this year, I thought I’d submit my post about encrypting directly with RSA being a bad idea to the network security subreddit–only to discover that my domain name had been banned from r/netsec.

https://twitter.com/SoatokDhole/status/1352140779586805760

Prior to this, I’d had some disagreements with other r/netsec moderators (i.e. @sanitybit, plus whoever answered my Reddit messages) about a lack of communication and transparency about their decisions, but there were no lingering issues.

A lot of the times when something I wrote ended up on their subreddit, I was not the person to submit it there. Usually this omission was intentional: If I didn’t submit it there, I didn’t feel it belonged on r/netsec (usually due to being insufficiently technical).

The comments I received were often hostile non sequitur about me being a furry. This general misconduct isn’t unique to r/netsec; I’ve received similar comments on my Lobste.rs submissions, which forced the sysop’s hand into telling people to stop being dumb and terrible.

https://twitter.com/SoatokDhole/status/1352142604406816771

The hostility was previously severe enough to get noticed by the r/SubredditDrama subreddit (and, despite what you might think of drama-oriented forums, most of the comments there were surprisingly non-shitty towards me or furries in general).

Quick aside: Being a furry isn’t the important bit of this anecdote; people face this kind of behavior for all sorts of reasons. In particular: transgender people face even shittier behavior at every level of society, and a lot of what they endure is much more subtle than the overt yet lazy bigotry lobbed my way.

So was my domain name banned by a r/netsec moderator because other people kept being shitty in the comments whenever someone submitted one of my blog posts there?

It turns out: Yes. This was later confirmed to me by a r/netsec moderator via Twitter DM.

r/netsec moderator @albinowax
I’ve cut out some irrelevant crap.

As I had said publicly on Twitter and reiterated in the DM conversation above: I had already decided I would not return to r/netsec in light of this rogue moderator’s misconduct.

Trust is a funny thing: It’s easy to lose and hard to gain. Once trust has been lost, it’s often impossible to recover it. Security professionals should understand this better than anyone else, given our tendency to deal with matters of risk and trust.

What Could They Have Done Better?

Several things! Many of which are really obvious!

1. Communicating with me. If nothing else, they could have told me they were banning my domain name from their subreddit and given a reason why.
   
   • Maybe there was some weird goal in mind?
     (E.g. to stop people from submitting posts on my behalf, since I had made it clear that I’d intentionally not share stuff there if I didn’t think it belonged.)
   • I’ll never know, because nobody told me anything.

   
   

2. Communicating with each other. I mean, this is just a matter of showing respect to your fellow moderators. It’s astonishing that this didn’t happen.
3. Taking steps to protect members of vulnerable populations from the kinds of shitheads that make Reddit a miserable experience.
   
   • For example: If someone’s previously been a target of bigotry, have auto-moderator prune all comments not from the OP or Trusted Contributors–and if any TCs violate the mods’ trust, revoke their TC status.

   
   

Since then, I’ve been informed that they implemented my suggestion to prevent themselves from having to suffer through a bunch of negative vitriol.

Truthfully, I still haven’t decided if I want to give r/netsec another chance.

On the one paw: The moderators really burned a lot of trust with me and I expect security professionals to fucking know better.

On the other: Representation matters, and removing myself from their community gives the bigots that caused the trouble in the first place a Pyrrhic victory.

Neither choice sits well with me, for totally disparate reasons.

I wish I could put a happy ending on this tale, but life doesn’t work that way most of the time.

If you’re looking for non-toxic subreddits, r/crypto is always a pleasant community. I also contribute a lot to r/furrydiscuss.

When to Be a Gatekeeper

If someone is a threat to the safety or well-being of your group, you should exclude them from your group.

In the furry community, we had a person that owned a widely-used costume making business get outed for a lot of abusive actions. Their response was to try to file a SLAPP suit against some unrelated person that merely linked to the victims’ statements on Twitter.

https://twitter.com/qutens_/status/1357496129659707392

In these corner-case situations, be a gatekeeper!

But generally, it’s not warranted. Gatekeeping compounds systemic harms and makes it harder for newcomers to join a community or industry.

Gatekeeping hurts women. Gatekeeping hurts LGBTQIA+ folks. Gatekeeping hurts non-white people. Gatekeeping hurts the neurodivergent.

But if that’s not enough of a reason to avoid it: Gatekeeping hurts straight white males too!

Newcomers who aren’t narcissists almost always experience some degree of Impostor Syndrome. If you apply the gatekeeping behaviors we’ve discussed previously, you’re going to totally exacerbate the situation.

People will quit. People will burn out.

The only people who stand to gain anything from gatekeeping are the survivors who made it through the gate. If the survivors are insecure or arrogant, the vicious cycle continues.

So why don’t we simply…not perpetuate it?

There’s an old saying that’s popular in punk and anarchist circles: “No gods, no masters.” I think the correct attitude to have regarding gatekeeping is analogous to the spirit of this saying.

#NoGatesNoKeepers

Without Gatekeeping, A Deluge?

Sometimes you’ll hear hiring manager defend the weird job requirements that HR departments shit out because every job posting gets flooded with hundreds of applicants. They insist that the incentives of this dynamic are to blame, rather than gatekeeping.

Unfortunately, we’re both right on this one. Economic forces and toxicity often synergize in the worst ways, and gatekeeping behaviors are no exception.

Hiring managers that are forced to sift through a deluge of applications to fill an opening will inevitably rely on their own subconscious biases to select “qualified” candidates (from a pool of people who are actually qualified for the job). Thus, they become gatekeepers moreso than the minimum amount their job requires. This is one reason why tech companies often only employ people that fit the same demographic.

Savvy tech companies will employ work-sample tests in the same way that musicians employ blind auditions to assess candidates, rather than relying on these subconscious biases to drive their decisions. Not all companies are savvy, and we all suffer for it.

Instead, what happens is that the candidates that endure the ritual of whiteboard hazing (which tests for anxiety rather than technical or cognitive ability) will in turn propagate the ritual for the next round of newcomers.

The same behaviors and incentives that maintain these unhealthy traditions overlap heavily with the people who will refuse to train or mentor their junior employees. This refusal isn’t just about frugality; it’s also in service of the ego. Maintaining their power within existing social hierarchies is something that toxic gatekeepers worry about a lot.

What About “Don’t Roll Your Own Crypto”?

There’s a fine line between reinforcing boundaries to maintain safety and inventing stupid rules or requirements for people to be allowed to participate in a community or industry. (Also, I’ve talked about this before.)

Rejection of gatekeeping isn’t the same as rejecting the concept of professional qualifications, and anyone who suggests otherwise isn’t being intellectually honest.

The excellent artwork used in the blog header was made by Wolfool.

https://soatok.blog/2021/03/04/no-gates-no-keepers/

#gatekeepers #gatekeeping #onlineAbuse #rNetsec #Reddit #Society #toxicity #Twitter

Dhole Moments

2021-02-11 14:12:31

Let me say up front, I’m no stranger to negative or ridiculous feedback. It’s incredibly hard to hurt my feelings, especially if you intend to. You don’t openly participate in the furry fandom since 2010 without being accustomed to malevolence and trolling. If this were simply a story of someone being an asshole to me, I would have shrugged and moved on with my life.

It’s important that you understand this, because when you call it like you see it, sometimes people dismiss your criticism with “triggered” memes. This isn’t me being offended. I promise.

---

My recent blog post about crackpot cryptography received a fair bit of attention in the software community. At one point it was on the front page of Hacker News (which is something that pretty much never happens for anything I write).

Unfortunately, that also means I crossed paths with Zed A. Shaw, the author of Learn Python the Hard Way and other books often recommended to neophyte software developers.

As someone who spends a lot of time trying to help newcomers acclimate to the technology industry, there are some behaviors I’ve recognized in technologists over the years that makes it harder for newcomers to overcome anxiety, frustration, and Impostor Syndrome. (Especially if they’re LGBTQIA+, a person of color, or a woman.)

Normally, these are easily correctable behaviors exhibited by people who have good intentions but don’t realize the harm they’re causing–often not by what they’re saying, but by how they say it.

Sadly, I can’t be so generous about… whatever this is:

https://twitter.com/lzsthw/status/1359659091782733827

Having never before encountered a living example of a poorly-written villain towards the work I do to help disadvantaged people thrive in technology careers, I sought to clarify Shaw’s intent.

https://twitter.com/lzsthw/status/1359673331960733696

https://twitter.com/lzsthw/status/1359673714607013905

This is effectively a very weird hybrid of an oddly-specific purity test and a form of hazing ritual.

Let’s step back for a second. Can you even fathom the damage attitudes like this can cause? I can tell you firsthand, because it happened to me.

Interlude: Amplified Impostor Syndrome

In the beginning of my career, I was just a humble web programmer. Due to a long story I don’t want to get into now, I was acquainted with the culture of black-hat hacking that precipitates the DEF CON community.

In particular, I was exposed the writings of a malicious group called Zero For 0wned, which made sport of hunting “skiddiez” and preached a very “shut up and stay in your lane” attitude:

Geeks don’t really come to HOPE to be lectured on the application of something simple, with very simple means, by a 15 year old. A combination of all the above could be why your room wasn’t full. Not only was it fairly empty, but it emptied at a rapid rate. I could barely take a seat through the masses pushing me to escape. Then when I thought no more people could possibly leave, they kept going. The room was almost empty when I gave in and left also. Heck, I was only there because we pwned the very resources you were talking about.

Zero For 0wned

My first security conference was B-Sides Orlando in 2013. Before the conference, I had been hanging out in the #hackucf IRC channel and had known about the event well in advance (and got along with all the organizers and most of the would-be attendees), and considered applying to their CFP.

I ultimately didn’t, solely because I was worried about a ZF0-style reception.

I had no reference frame for other folks’ understanding of cryptography (which is my chosen area of discipline in infosec), and thought things like timing side-channels were “obvious”–even to software developers outside infosec. (Such is the danger of being self-taught!)

“Geeks don’t really come to B-Sides Orlando to be lectured on the application of something simple, with very simple means,” is roughly how I imagined the vitriol would be framed.

If it can happen to me, it can happen to anyone interested in tech. It’s the responsibility of experts and mentors to spare beginners from falling into the trappings of other peoples’ grand-standing.

Pride Before Destruction

With this in mind, let’s return to Shaw. At this point, more clarifying questions came in, this time from Fredrick Brennan.

https://twitter.com/lzsthw/status/1359712275666505734

What an arrogant and bombastic thing to say!

At this point, I concluded that I can never again, in good conscience, recommend any of Shaw’s books to a fledgling programmer.

If you’ve ever published book recommendations before, I suggest auditing them to make sure you’re not inadvertently exposing beginners to his harmful attitude and problematic behavior.

But while we’re on the subject of Zed Shaw’s behavior…

https://twitter.com/lzsthw/status/1359714688972582916

If Shaw thinks of himself as a superior cryptography expert, surely he’s published cryptography code online before.

And surely, it will withstand a five-minute code review from a gay furry blogger who never went through Shaw’s prescribed hazing ritual to rediscover specifically the known problems in OpenSSL circa Heartbleed and is therefore not as much of a cryptography expert?

(Art by Khia.)

May I Offer You a Zero-Day in This Trying Time?

One of Zed A. Shaw’s Github projects is an implementation of SRP (Secure Remote Password)–an early Password-Authenticated Key Exchange algorithm often integrated with TLS (to form TLS-SRP).

Zed Shaw’s SRP implementation

Without even looking past the directory structure, we can already see that it implements an algorithm called TrueRand, which cryptographer Matt Blaze has this to say:

https://twitter.com/mattblaze/status/438464425566412800

As noted by the README, Shaw stripped out all of the “extraneous” things and doesn’t have all of the previous versions of SRP “since those are known to be vulnerable”.

So given Shaw’s previous behavior, and the removal of vulnerable versions of SRP from his fork of Tom Wu’s libsrp code, it stands to reason that Shaw believes the cryptography code he published would be secure. Otherwise, why would he behave with such arrogance?

SRP in the Grass

Head’s up! If you aren’t cryptographically or mathematically inclined, this section might be a bit dense for your tastes. (Art by Scruff.)

When I say SRP, I’m referring to SRP-6a. Earlier versions of the protocol are out of scope; as are proposed variants (e.g. ones that employ SHA-256 instead of SHA-1).

Professor Matthew D. Green of Johns Hopkins University (who incidentally used to proverbially shit on OpenSSL in the way that Shaw expects everyone to, except productively) dislikes SRP but considered the protocol “not obviously broken”.

However, a secure protocol doesn’t mean the implementations are always secure. (Anyone who’s looked at older versions of OpenSSL’s BigNum library after reading my guide to side-channel attacks knows better.)

There are a few ways to implement SRP insecurely:

1. Use an insecure random number generator (e.g. TrueRand) for salts or private keys.
2. Fail to use a secure set of parameters (q, N, g).
   To expand on this, SRP requires q be a Sophie-Germain prime and N be its corresponding Safe Prime. The standard Diffie-Hellman primes (MODP) are not sufficient for SRP.

   This security requirement exists because SRP requires an algebraic structure called a ring, rather than a cyclic group (as per Diffie-Hellman).

3. Fail to perform the critical validation steps as outlined in RFC 5054.

In one way or another, Shaw’s SRP library fails at every step of the way. The first two are trivial:

1. We’ve already seen the RNG used by srpmin. TrueRand is not a cryptographically secure pseudo random number generator.
2. Zed A. Shaw’s srpmin only supports unsafe primes for SRP (i.e. the ones from RFC 3526, which is for Diffie-Hellman).

The third is more interesting. Let’s talk about the RFC 5054 validation steps in more detail.

Parameter Validation in SRP-6a

Retraction (March 7, 2021): There are two errors in my original analysis.

First, I misunderstood the behavior of SRP_respond() to involve a network transmission that an attacker could fiddle with. It turns out that this function doesn’t do what its name implies.

Additionally, I was using an analysis of SRP3 from 1997 to evaluate code that implements SRP6a. u isn’t transmitted, so there’s no attack here.

I’ve retracted these claims (but you can find them on an earlier version of this blog post via archive.org). The other SRP security issues still stand; this erroneous analysis only affects the u validation issue.

Vulnerability Summary and Impact

That’s a lot of detail, but I hope it’s clear to everyone that all of the following are true:

1. Zed Shaw’s library’s use of TrueRand fails the requirement to use a secure random source. This weakness affects both the salt and the private keys used throughout SRP.
2. The library in question ships support for unsafe parameters (particularly for the prime, N), which according to RFC 5054 can leak the client’s password.

Salts and private keys are predictable and the hard-coded parameters allow passwords to leak.

But yes, OpenSSL is the real problem, right?
(Art by Khia.)

Low-Hanging ModExp Fruit

Shaw’s SRP implementation is pluggable and supports multiple back-end implementations: OpenSSL, libgcrypt, and even the (obviously not constant-time) GMP.

Even in the OpenSSL case, Shaw doesn’t set the BN_FLG_CONSTTIME flag on any of the inputs before calling BN_mod_exp() (or, failing that, inside BigIntegerFromInt).

As a consequence, this is additionally vulnerable to a local-only timing attack that leaks your private exponent (which is the SHA1 hash of your salt and password). Although the literature on timing attacks against SRP is sparse, this is one of those cases that’s obviously vulnerable.

Exploiting the timing attack against SRP requires the ability to run code on the same hardware as the SRP implementation. Consequently, it’s possible to exploit this SRP ModExp timing side-channel from separate VMs that have access to the same bare-metal hardware (i.e. L1 and L2 caches), unless other protections are employed by the hypervisor.

Leaking the private exponent is equivalent to leaking your password (in terms of user impersonation), and knowing the salt and identifier further allows an attacker to brute force your plaintext password (which is an additional risk for password reuse).

Houston, The Ego Has Landed

Earlier when I mentioned the black hat hacker group Zero For 0wned, and the negative impact their hostile rhetoric, I omitted an important detail: Some of the first words they included in their first ezine.

For those of you that look up to the people mentioned, read this zine, realize that everyone makes mistakes, but only the arrogant ones are called on it.

Zero For 0wned

If Zed A. Shaw were a kinder or humbler person, you wouldn’t be reading this page right now. I have a million things I’d rather be doing than exposing the hypocrisy of an arrogant jerk who managed to bullshit his way into the privileged position of educating junior developers through his writing.

If I didn’t believe Zed Shaw was toxic and harmful to his very customer base, I certainly wouldn’t have publicly dropped zero-days in the code he published while engaging in shit-slinging at others’ work and publicly shaming others for failing to meet arbitrarily specific purity tests that don’t mean anything to anyone but him.

But as Dan Guido said about Time AI:

https://twitter.com/veorq/status/1159575230970396672

It’s high time we stopped tolerating Zed’s behavior in the technology community.

If you want to mitigate impostor syndrome and help more talented people succeed with their confidence intact, boycott Zed Shaw’s books. Stop buying them, stop stocking them, stop recommending them.

Learn Decency the Hard Way

(Updated on February 12, 2021)

One sentiment and question that came up a few times since I originally posted this is, approximately, “Who cares if he’s a jerk and a hypocrite if he’s right?”

But he isn’t. At best, Shaw almost has a point about the technology industry’s over-dependence on OpenSSL.

Shaw’s weird litmus test about whether or not my blog (which is less than a year old) had said anything about OpenSSL during the “20+ years it was obviously flawed” isn’t a salient critique of this problem. Without a time machine, there is no actionable path to improvement.

You can be an inflammatory asshole and still have a salient point. Shaw had neither while demonstrating the worst kind of conduct to expose junior developers to if we want to get ahead of the rampant Impostor Syndrome that plagues us.

This is needlessly destructive to his own audience.

Generally the only people you’ll find who outright like this kind of abusive behavior in the technology industry are the self-proclaimed “neckbeards” that live on the dregs of elitist chan culture and desire for there to be a priestly technologist class within society, and furthermore want to see themselves as part of this exclusive caste–if not at the top of it. I don’t believe these people have anyone else’s best interests at heart.

So let’s talk about OpenSSL.

OpenSSL is the Manifestation of Mediocrity

OpenSSL is everywhere, whether you realize it or not. Any programming language that provides a crypto module (Erlang, Node.js, Python, Ruby, PHP) binds against OpenSSL libcrypto.

OpenSSL kind of sucks. It used to be a lot worse. A lot of people have spent the past 7 years of their careers trying to make it better.

A lot of OpenSSL’s suckage is because it’s written mostly in C, which isn’t memory-safe. (There’s also some Perl scripts to generate Assembly code, and probably some other crazy stuff under the hood I’m not aware of.)

A lot of OpenSSL’s suckage is because it has to be all things to all people that depend on it, because it’s ubiquitous in the technology industry.

But most of OpenSSL’s outstanding suckage is because, like most cryptography projects, its API was badly designed. Sure, it works well enough as a Swiss army knife for experts, but there’s too many sharp edges and unsafe defaults. Further, because so much of the world depends on these legacy APIs, it’s difficult (if not impossible) to improve the code quality without making upgrades a miserable task for most of the software industry.

What Can We Do About OpenSSL?

There are two paths forward.

First, you can contribute to the OpenSSL 3.0 project, which has a pretty reasonable design document that almost nobody outside of the OpenSSL team has probably ever read before. This is probably the path of least resistance for most of the world.

Second, you can migrate your code to not use OpenSSL. For example, all of the cryptography code I’ve written for the furry community to use in our projects is backed by libsodium rather than OpenSSL. This is a tougher sell for most programming languages–and, at minimum, requires a major version bump.

Both paths are valid. Improve or replace.

But what’s not valid is pointlessly and needlessly shit-slinging open source projects that you’re not willing to help. So I refuse to do that.

Anyone who thinks that makes me less of a cryptography expert should feel welcome to not just unfollow me on social media, but to block on their way out.

https://soatok.blog/2021/02/11/on-the-toxicity-of-zed-a-shaw/

#author #cryptography #ImpostorSyndrome #PAKE #SecureRemotePasswordProtocol #security #SRP #Technology #toxicity #vuln #ZedAShaw #ZeroDay

Tonight on InfoSec Twitter, this gem was making the rounds:

Hello cybersecurity and election security people,
I sometimes embed your tweets in the Cybersecurity 202 newsletter. Some of you have a habit of swearing right in the middle of an otherwise deeply insightful tweet that I’d like to use. Please consider not doing this.
Best,
Joe

Identity redacted.

As tempting as it is to just senselessly dunk on the guy, in the spirit of fairness, let’s list the things he did right:

1. His tweet was politely worded.

It’s something? He could’ve been another Karen, after all!

What Joe got wrong with this tweet is just the latest example of a widespread issue in and around the security community–especially on social media and content aggregator websites.

The structure of the problem goes like this:

• Someone: “Here’s some content I made and decided to share for free.”
• Person: “Your use of {profanity, cringe-inducing puns, work-safe furry art} (select one) prohibits me from using your content to further my own career goals. You should change what you’re doing.”

It’s a problem I’ve personally been on the receiving end of. A lot. I even wrote a post about this before, although that focused specifically on the anti-furry sentiment. Unfortunately, this problem is bigger than being repulsed by cute depictions of anthropomorphic animals (which, when sincerely held, are often thinly-veiled dog-whistles for homophobia).

Superficial Professionalism Can Fuck Right Off!

(Art by Khia.)

I totally sympathize with information security professionals who desire to be taken seriously by their business colleagues. That’s why sometimes you’ll see them don a three-piece suit, style their hair like every other corporate drone, and adopt meaningless corporate jargon as if any of it makes sense. You’re doing what you have to do to put food on your table and pay your bills. You’re not a problem.

The problem happens when this desire to appear professional leaks outside of the self and gets projected onto one’s peers.

“Knock it off, guys! You’re making it harder for me to blend in with these soulless wretches–I mean, the finance department!”

How about “No”?

Information Security Is More Than Just a Vocation

I’ve lost count of the hackers I’ve met over the years–white hat hackers, to be clear–who hack for the sheer fun and joy of it, rather than out of obligation to their corporate masters.

Information security–and all of its sub-disciplines, including cryptography–can simultaneously be a very serious and respectable professional discipline, and a hobby for nerds to enjoy.

The sheer entitlement of expecting people who are just having fun with their own skills and experience to change what they’re doing because you stand to benefit from them changing their behavior is similar to another egocentric demand we hear a lot: The cry for “responsible” disclosure.

Weirdness Yields Greatness

The strength of the information security community (read: not the industry, the community) is our diversity.

Pop quiz! What do a gothic enby (and the Bay Area’s only hacker), the woman who leads cryptography at a FAANG company, the man who discovered the BEAST and CRIME attacks against TLS, several of the most brilliant trans folks you’ll ever meet, an Italian immigrant, the co-inventor of the Whirlpool hash function, the Egyptian “father of SSL” mathematician, and some gay dude with a fursona who writes blog posts about software security for fun all have in common?

Sure, we all work in cryptography, but our demographics are all over the place.

This is a feature, not a bug.

https://twitter.com/BoozyBadger/status/1314383740999737344

If people who are sharing great content–be it on Twitter or on their personal blog–do something that prevents you from sharing their content with your coworkers, the problem isn’t us.

No, the real problem is your coworkers and bosses, and the unquestioned culture of anal-retentive diversity-choking bullshit that pervades business everywhere.

https://twitter.com/DrDeeGlaze/status/1308149586100322304

Remember, security industry:

Homogeneity leads to blind spots

If I find a zero-day in your product and want to share it alongside a dancing GIF of my fursona, that’s my prerogative. If you choose to ignore it because of the artistic expression, that’s entirely your choice to make, and your problem to deal with.

https://youtu.be/21IWc58VPmE

In closing, I’d like to offer a simple solution to the mess many technologists, managers, journalists, and even senior vice presidents find themselves in; wherein they can’t readily be more accepting of profanity or quirky interests that are prone to superficial, knee-jerk judgments:

Question it.

Ask yourself “Why?” Ask your team “Why?” Ask your boss “Why?” and keep asking until everyone runs out of canned responses to your questions.

Aversion stems from one of two places:

1. Fear of negative consequences
2. Severe reverence towards tradition, even at the expense of innovation

But it’s very easy to confuse these two. You might think you’re avoiding a negative consequence when in reality you’re acting in service of the altar of tradition. Knock that shit out!

Tradition is what humans do when they’re out of ideas. “We don’t know how to be better, and we’ve always done it this way, so we’ll just keep doing what works.” Fuck tradition.
Art by @loviesophiee

Honorable Mentions

If you’re worried about looking bad, here are some notable entities that have shared my work since I started this blog in April 2020:

https://twitter.com/EFF/status/1307037184780832769

A Google RFC for AES-GCM in OpenTitan cites one of my blog posts.

There are probably others, but it’s late and I need sleep.

https://soatok.blog/2020/10/08/vanity-vendors-and-vulnerabilities/

#professionalism #Technology #Twitter #vanity

Dhole Moments

2020-07-09 09:28:32

Sometimes my blog posts end up on social link-sharing websites with a technology focus, such as Lobste.rs or Hacker News.

On a good day, this presents an opportunity to share one’s writing with a larger audience and, more importantly, solicit a wider variety of feedback from one’s peers.

However, sometimes you end up with feedback like this, or this:

Apparently my fursona is ugly, and therefore I’m supposed to respect some random person’s preferences and suppress my identity online.

I’m no stranger to gatekeeping in online communities, internet trolls, or bullying in general. This isn’t my first rodeo, and it won’t be my last.

These kinds of comments exist to send a message not just to me, but to anyone else who’s furry or overtly LGBTQIA+: You’re weird and therefore not welcome here.

Of course, the moderators rarely share their views.

https://twitter.com/pushcx/status/1281207233020379137

Because of their toxic nature, there is only one appropriate response to these kinds of comments: Loud and persistent spite.

So here’s some more art I’ve commissioned or been gifted of my fursona over the years that I haven’t yet worked into a blog post:

Art by kazetheblaze
Art by leeohfox
Art by Diffuse Moose

If you hate furries so much, you will be appalled to learn that factoids about my fursona species have landed in LibreSSL’s source code (decoded).

Never underestimate furries, because we make the Internets go.

I will never let these kind of comments discourage me from being open about my hobbies, interests, or personality. And neither should anyone else.

If you don’t like my blog posts because I’m a furry but still find the technical content interesting, know now and forever more that, when you try to push me or anyone else out for being different, I will only increase the fucking thing.

---

Header art created by @loviesophiee and inspired by floccinaucinihilipilification.

https://soatok.blog/2020/07/09/a-word-on-anti-furry-sentiments-in-the-tech-community/

#antiFurryBullying #cyberculture #furry #HackerNews #LobsteRs #Reddit

While the furry fandom can be a wonderful place and a force for good in the world, the topics that tend to circulate on Furry Twitter are somewhat seasonal: They repeat every so often–usually sparked by someone saying or doing something shitty–and never actually lead to a productive result.

Let’s look at a few of these reoccurring topics and suggest actual solutions, rather than reactionary hot takes that only add fuel to an already out-of-control fire.

Safe Spaces for Underage Furries

https://twitter.com/BoozyBadger/status/1275443221624057856

Once upon a time, there was a movement called Burned Furs: A right-wing puritanical effort to rid the early furry fandom of its adult side. If you take the time to read about these clowns, you’ll hear a lot of the same arguments that alt-right trolls make today, except now they use the word “degenerate” to describe anything vaguely LGBTQ+.

As a result, most adult furries are generally wary of the creation of a “safe space” for strictly-SFW furry content, because it always gets co-opted by homophobes and the “sex is evil” variety of bigot. There’s also the concern that if you put all of the minors in one place, it will inevitably become a flytrap for creeps looking for their next victim.

There absolutely should be room for furries–of any age (asexual folks are valid too)–that only serves work-safe (i.e. non-sexualized) content. However, these spaces should be curated by people with a generally sex-positive mindset.

Why Should Sex-Positive Adults Moderate Non-Sexualized Spaces?

Let’s learn from history, please, so as to not repeat its follies.

If the horror known as conversion therapy has proven nothing else, it’s that telling LGBTQ+ kids that sex is evil is only going to lead to misery and suicide.

(No, I’m not pulling punches on this one. Religious nuts just love to drive queer people to suicide, and only 20% to 25% of furries are heterosexual.)

Nature abhors a vacuum. If you don’t step in, someone else will. If someone else is incentivized to do so, they probably won’t have the kids’ best interests in mind. Neither anti-sex puritans nor would-be sexual predators should be given access, let alone influence.

Neither should right-wing extremists, such as “alt-furry” (a movement of imbeciles who follow someone’s fursona named “Foxler”–literally “Fox Hitler”–yet try to insist they aren’t Nazis; yeah right).

What Should Be Done?

Art by circuitslime.

First, accept that a lot of furries are underage and shouldn’t be exposed to adult content–even if for no other reason than legal risk. (If anyone objects to that, you should feel very concerned about being alone with them.) Furthermore, there are some adults that don’t want to be exposed to NSFW content either.

Being sex-positive isn’t the same thing as being horny. Sex-positivity requires an understanding and respect for consent and boundaries. If someone doesn’t want to see your lewd art or photos, don’t go out of your way to make sure they see it (i.e. sending it to them directly).

Have an After Dark social media account for 18+ users? Block minors that try to follow you (and consider making your account private then screening your follow requests to filter out minors).

However, I don’t think we necessarily need a separate “label” for SFW furry content. Labels make you more susceptible to being coopted by perverse motives.

Worksafe furry groups on Signal/WhatsApp/Telegram/Discord/etc. are all valid.

If you’re underage and yearn for a SFW space for your furry fandom participation, talking to Moms of Furries is probably the best way to get started. Unlike random furries, their entire schtick is “make the fandom easier for parents to understand, and safer for their kids to play in”.

The threat model is complicated, the lines are blurred, and there’s a lot of shades of gray, but ultimately just letting people have worksafe spaces in the fandom is a good thing.

Just don’t let anyone try to convince the folks in those spaces that people who do enjoy the adult side of the fandom are bad and deserve to be shunned. That’s the anti-sex puritan bullshit I’ve talked about.

Murrsuits / Pup Hoods / etc.

Like clockwork, a pocket of furries (usually the same agitators mentioned in the previous section) will surface with some sort of hatred/shaming towards murrsuits, pup hoods, and other harmless sources of fun and self-expression.

(A murrsuit, by the way, is a fursuit that’s specifically intended for use in sexual encounters, and usually has extra zippers for the wearer’s privates.)

The exact nature of their outrage changes with the season. Some folks (like the dumb narcissistic troll who once created a database of murrsuit owners) make unsubstantiated claims about health/cleanliness with sexual fluids and murrsuits.

Others are lazy, and make general hand-wavy statements that strike a moral chord with most people, but don’t actually make sense when you think about them for very long. Their structure looks like this:

• If some people have sex in their fursuits, then fursuits are sex toys.
• You shouldn’t have sex toys around kids!

This is a lazy attempt to manipulate the listener, for two reasons:

1. If some people have sex in their fursuits, that doesn’t actually make fursuits sex toys– and even if it somehow did, it still doesn’t make it so for people who don’t have sex in their fursuits.
2. Lots of people have sex while wearing clothing. Wouldn’t the same logic applied to fursuits apply here too? And if so, are you arguing for everyone being naked around children? I sure fucking hope not.

Similar arguments are often raised about pup hoods, because of their apparent BDSM/kink connotations.

If they’re being worn in a non-lewd, tasteful manner (i.e. nobody’s genitals are being exposed, there’s no visible “bondage”, etc.), there’s nothing special about the anti-pup hood arguments. Same shit, different day.

What Should Be Done?

Simple: People really need to get over their fear of sex.

When you see someone trying to shame another adult for having a sexuality, tell them to fuck off and leave the other person alone.

People with healthy sex lives don’t owe you anything, except a baseline for hygiene that literally every murrsuiter I know already exceeds without ever having to be told. There’s no action item here.

Sexual Abusers

They aren’t welcome; get the fuck out! I don’t care how their victims are classified: You aren’t allowed to be a part of our fandom if you perpetrate or support sexual abuse.

Underage, non-human, whatever. Leave.

Begone! (Art by Khia)

Sexual abuse isn’t actually part of the Discourse we’re examining. Call those fuckers out and don’t let them back in. You’re doing good work by cleaning house.

Sometimes, you’ll come across a furry who decries the fact that their sexual abuser friends got “cancelled” by “cancel culture” and “social justice warriors”. These putzes ought to be loaded into a rocket and fired into the sun too.

Also: Kero the Wolf is guilty and people who still believe his innocence, or attempt to downplay the severity of his heinous acts, are doing a disservice to the entire fandom. (Or they’re also animal abusers, in which case, they can get yeeted too.)

Babyfurs

There is a very stark difference between babyfurs (people who mix AB/DL with furry) and pedophiles.

The former is a harmless kink that involves adults roleplaying.

The latter is a sexual disorder that leads to the victimization of children.

Whenever babyfurs come up in the Furry Twitter Discourse, what’s really happening is the anti-sex crowd is trying to hope you won’t realize these are two very different ideas, and that your well-deserved disgust for one will automatically translate into hatred for the other.

Don’t be fooled.

(Hey, it’s not my thing either, but if it’s safe and between consenting adults, who the fuck are either of us to judge?)

A Word on “Just Fantasy”

Apologists for artistic depictions of pedophilic and zoophilic acts will often try to defend themselves by insisting it’s “just fantasy” and isn’t hurting anyone because no one’s consent was violated.

While it’s true that research currently indicates that these kinds of pornography may not be correlated at all with sex crimes, and only the minority of sexual abuse is committed by a stranger, this is not an article discussing what should or should not be legal.

Take that up with the Justice system. I’m not interested in debating what the law “should” be.

The fact that this type of content is usually illegal, and taken very seriously by authorities (to the point of threatening our right to encrypt), is a premise for this discussion, not a conclusion.

And because it often is illegal (see: the Miller test), the furry fandom should not embrace it. Full stop.

I frankly don’t care what a therapist might advise someone with these attractions. That’s between them and their patients. Sexual abuse must not be tolerated, and possessing materials that depict sexual abuse (whether against animals or children) are legally perilous.

It’s also not the furry fandom’s job to be the forerunners of the debate about the social acceptability of art depicting child or animal exploitation fantasies. If that’s your cause, go find a new shield.

It’s not appropriate for anyone to expect a community that already struggles with unfair assumptions and connotations of sexuality to move before the rest of society on any issue even vaguely related to sex crimes.

Feral Art and Characters

Some artists have feral art styles (i.e. standing on four legs rather than two; no thumbs).

Feral characters with human sentience are still furry, even if you can superficially relate feral furry art to the kind of content that animal abusers might seek.

As always, there’s a reasonable litmus test available for judging this kind of content:

The Harkness test, made by BeakieHelmet.

Note: The Harkness Test wasn’t created by an academic institution and there is no peer-reviewed pedigree behind it, but it’s sufficient for our purposes. If you don’t like it, design a better one and get it peer-reviewed. Until then, we can continue to phone it in with the Harkness Test and not make perfect the enemy of good.

Neither pedophile (“cub”) nor bestiality/zoophilia art are okay, because they normalize sexual abuse. Cub art in particular is bad, because it has used by perpetrators to groom people into participating (usually as a victim, but sometimes as a co-conspirator).

Ban cub art. Ban artistic depictions of zoophilia.

But don’t extend the bans to encompass babyfur art (which is AB/DL, not underage characters) nor feral art (which is an art style, not actual animals being portrayed).

If you cannot distinguish cub from babyfur, you shouldn’t be leading any moral crusades on social media or cancelling people, because you’re going to inevitably harm a lot of innocent people if you do.

Same goes for feral/zoo.

What About Pokemon Fursonas (Pokesonas)?

Some furries argue that Pokemon-based fursonas–and any art thereof–is inherently non-furry and therefore any lewd art of their characters is gross and problematic. This warrants a closer look.

Many Pokemon are clearly at, or above, human intelligence (i.e. the psychic types). Furthermore, the fact that Meowth from the anime learned human speech and can directly translate what other Pokemon are saying implies that it is possible to communicate affirmative consent, in the framework of established lore.

Speaking of which: the canon lore for the Pokemon franchise confirms the existence of human-Pokemon marriage (source).

When you combine these observations, it’s pretty clear that Pokemon are generally capable the Harkness test, so these “Pokemon yiff is zoophilia” takes are either arguing for a special case (i.e. either a specific species of Pokemon lacks the sentience that the rest seem to, or the characters involved are violating boundaries), or they’re intentionally engaging in social manipulation to push an agenda.

Also, they’re fictitious creatures. Splitting hairs over this is really petty compared to the harm real people inflict on real animals.

The NSFW Feral Art Acceptability Matrix

If you’re in doubt about whether a piece of NSFW art passes the Harkness test, consult the following table (while being pessimistic; if you can’t tell whether a character is a feral fursona or a dumb animal, always assume the worst):

This table assumes informed, enthusiastic consent, between adults.
* It might pass the test but it’s still kinda weird for humans to be depicting it in art. Be very careful that you’re not producing material that inadvertently promotes sexual abuse and/or aids groomers.

Update (2020-06-28)

I’ve actually gotten a lot of grief from two camps over this section of the post.

One camp wants all feral art to be banned because of a “slippery slope” fallacy, and they believe my argument here doesn’t go far enough.

The other wants all feral art to be allowed because they believe “people can distinguish between fantasy and reality”, and believes my argument goes too far.

People who dig their heels in on extreme, opposite positions will never be made to agree. Neither this blog post nor a painstakingly-researched scientific study will sway their minds, and I have no desire to even try.

I am neither a puritanical moral crusader nor an apologist for sexual abuse. If you are, know now that I will not amend this post to further your agenda.

Consent is what ultimately matters, and since animals and children cannot consent, all art portraying either sexually is harmful.

But if the art doesn’t portray animals or children, it’s fair game (even if you or I personally dislike it). There are much bigger fish to fry than a (largely) harmless fantasy; what are your priorities?

Popufurs

Before I started this blog, I used to write articles on Medium. My most popular one tackled the topic of “popufurs” directly. Go read it.

https://www.youtube.com/watch?v=sEJ3usS7bb4

Furries Over the Age of 30

One of the dumbest talking points that recurs on Furry Twitter is the “gay death” discourse, cheaply repackaged for furries. So you get a lot of dumb takes like this:

https://twitter.com/JamesCerulo/status/1349071850265972737

The entire concept of Gay Death is stupid, and has roots in the kind of vain heteronormativity that produces dumb memes like this one:

https://twitter.com/SoatokDhole/status/1371862131117801480

Here’s the simple solution to this age discourse whenever it comes up:

• You can be a furry at any age and it doesn’t fucking matter
• Underage furries shouldn’t be in adult spaces (but can certainly claim their own spaces, and that’s totally fine as long as it’s not being used solely to perpetuate the kind of puritanical bullshit that often drives LGBT youth to suicide; see above)
• The greater the gap between your age and another person’s, the more conscientious you should be about leading them on or taking advantage of them in any way

Let’s be real: We’re all nerdy weirdos and anyone who tries to treat the fandom like a high school popularity contest is totally missing the point of a fandom full of nerdy weirdos. Just stop.

If you’ve read this far, consider yourself fully briefed on the recurring topics in Furry Twitter discourse.

If another topic starts rearing its head often enough, I’ll either update this page or write a sequel article to cover the new badness.

https://twitter.com/ArcticSkyWolf/status/1349372061198778368

https://soatok.blog/2020/06/24/resolving-the-reoccurring-discourse-on-furry-twitter/

#antiFurryBullying #furry #FurryFandom #recurringTopics #SocialMedia #Twitter

Dhole Moments

2020-04-24 02:43:25

My recent post about the alleged source code leaks affecting Team Fortress 2 and Counter-Strike: Global Offensive made the rounds on Twitter and made someone very mad, so I got hate DMs.
No more Angry Whoppers for you, mister!
…Look, I only said I got hate DMs, not that I got interesting or particularly effective hate DMs! Weak troll is weak, I know.

A lot of people online claim they “hate furries”, but almost none of them quite understand how prolific our community is, let alone how important we are to the Internet. As Stormi the Folf puts it…

I guarantee you the internet would collapse in a most horrific manner if all the furries in the world got Thano's snapped.

They *run* the internet in more ways than most people realize

— 🦊Stormi the Folf🐺 🔜FWA (@StormiFolf) April 23, 2020

Stormi is the Potato of Knowledge and Floof
What Stormi’s alluding to is true, and that’s a tale best told by an outsider to our community.

Telecommunications as a whole, which also encompasses The Internet, is in a constant state of failure and just in time fixes and functionally all modern communication would collapse if about 50 people, most of which are furries, decided to turn their pager off for a day. https://t.co/k1UqOv5kpd

— Ẑ͚͔͍̻̤̟ä̶̼̗̟͔́̿̾̓n̬͙̫̿͑͊̈̚d̡̰̭̞͖̟̖̟ͬ̚ê̺͖̂ͩ̀̉ͣrͪ̓ (@mmsword) November 28, 2019

Their follow-up tweet that elaborates on furry involvement is here.
So I’d like take the time to explain why nobody should ever underestimate the ingenuity or positivity of the furry community.

The Furry Fandom Has Saved Lives

https://www.youtube.com/embed/3h9sO17CV9A?feature=oembed
This is just one of many anecdotes. You can find many more here.
Although the furry fandom is widely misunderstood, it’s difficult to overstate how many lives have been saved and enriched by our community.

I wanted to share this touching moment. @Reo_Grayfox was telling me his story, and said those lines while staring straight into his fursuit's eyes. Hearing personal stories like this makes you appreciate the vastly diverse reasons why the furry fandom is essential to so many. pic.twitter.com/fD09Wmv6mf

— Joaquín Baldwin (@joabaldwin) January 22, 2018

Furries Provide Much-Needed Comfort to Others

In 2016, refugees from the civil war in Syria ended up in a hotel in Canada. This would have been an utterly remarkable fact if it wasn’t the same hotel and weekend as the local furry convention, Vancoufur.

The kids loved it.

This isn’t an isolated incident either. Our community is well-known for kindness and generosity in spades.

https://charcoalthings.tumblr.com/post/132996328881/i-will-defend-furries-to-my-grave

https://wakor.tumblr.com/post/126072529744/ok-you-know-what

What’s there to hate?

The Furry Fandom is Collectively Pretty Bad-Ass

Art by RueMaw.
No, not like that.

The fandom is bad-ass in as many ways as the fandom is incredibly diverse.
Image source and backstory of this meme: Dogpatch Press

90s furries built the Internet pic.twitter.com/Gicxme2HkT

— SwiftOnSecurity (@SwiftOnSecurity) April 30, 2019

SwiftOnSecurity knows the truth about more than just corn.

So one of my friends said furries pretty much run the US nuclear response communication networks. Just in case you're worried about Trump.

— SwiftOnSecurity (@SwiftOnSecurity) November 12, 2016

Seriously.

Some of the Most Talented People You’ll Ever Meet Are Furries

eSports Champions:

https://www.youtube.com/embed/TWhrECl6zOY?feature=oembed

Musicians:

https://open.spotify.com/embed/album/4NlXsjKmcWegIfQEI0JzHK?utm_source=oembed

Artists and costume makers: I could literally link to hundreds of artists here. Follow me on Twitter; I retweet a lot of cute stuff.

Pretty much everything you could aspire to be that isn’t also terrible, if you look hard enough, you’ll find furries in the leaderboards having a fun time with it all.

The only reason to hate furries is thinly-veiled homophobia, because only about 25% of furries are heterosexual.

Why So Curious?

If I’ve made you curious about our community, and now you want to learn more about us, I’ve got you.

https://www.youtube.com/embed/K2XeOxWW2oY?feature=oembed

Psychology Today: What’s the Deal with Furries?

Furry Fandom Documentary When?

https://www.youtube.com/embed/cF9DQQsUcs0?feature=oembed

Ash Coyote is releasing a documentary about our subculture soon, titled The Fandom. You can find out more about it on her YouTube channel.

https://soatok.blog/2020/04/23/never-underestimate-the-furry-fandom/

#furries #furry #FurryFandom #hateMail #positivity #Society

App Store wymaga od firm opublikowania informacji na temat tego, jak one wykorzystują dane pozyskane od nas i o nas. Oto porównanie tych informacji od Mastodona, Twittera i Threads.

Mastodon

Twitter

Threads

https://imagazine.pl/2023/07/06/mastodon-vs-twitter-vs-threads-ile-oddajesz-swoich-danych-czyli-prywatnosc-zobrazowana/

#Facebook #mediaSpołecznościowe #Meta #prywatność #socialMedia #Threads #Twitter

Wojtek Pietrusiewicz

2023-07-06 07:54:02

App Store wymaga od firm opublikowania informacji na temat tego, jak one wykorzystują dane pozyskane od nas i o nas. Oto porównanie tych informacji od Mastodona, Twittera i Threads.

Mastodon

Twitter

Threads

https://imagazine.pl/2023/07/06/mastodon-vs-twitter-vs-threads-ile-oddajesz-swoich-danych-czyli-prywatnosc-zobrazowana/

#Facebook #mediaSpołecznościowe #Meta #prywatność #socialMedia #Threads #Twitter

Prasówka 29.09-6.10.2023

Państwo, prawo, inwigilacja, służby i ochrona danych

#ePanstwo #eUE #inwigilacja #Niemcy #kontrolaczatu #palantir #RODO #sluzby

1. KE upomina Niemcy. Powód? Słaba infrastruktura internetowa https://netzpolitik.org/2023/glasfaserwueste-eu-kommission-ruegt-lahme-deutsche-infrastruktur/
2. Policja z Hamburga chce stosować monitoring oparty o AI https://digitalcourage.de/blog/2023/buendnis-hansaplatz
3. Europol życzy sobie nieograniczonego dostępu do danych z kontroli czatu, by za ich pomocą trenować sztuczną inteligencję https://netzpolitik.org/2023/interne-dokumente-europol-will-chatkontrolle-daten-unbegrenzt-sammeln/ https://balkaninsight.com/2023/09/29/europol-sought-unlimited-data-access-in-online-child-sexual-abuse-regulation/
4. Online Safety Bill: czy Signal opuści W. Brytanię? https://techcrunch.com/2023/09/21/meredith-whittaker-reaffirms-that-signal-would-leave-u-k-if-forced-by-privacy-bill/
5. “Zanim mnie wypuścili, strażnik w obecności jakichś dwóch mężczyzn kazał mi głośno podać imię, nazwisko i dokładny adres. Powiedział: “Dopóki tego nie zrobisz, nie wyjdziesz”” https://wiadomosci.onet.pl/wroclaw/dorota-byla-bita-w-areszcie-dla-tych-kobiet-to-byla-forma-rozrywki/459gwer
6. Jak niemieckie władze zabiegają o względy Elona Muska https://fragdenstaat.de/blog/2023/09/29/wie-deutsche-ministerien-tesla-hofieren/
7. Niemcy. Reforma dot. dowodów osobistych. Służby mają mieć stały dostęp do zdjęć obywateli. https://www.heise.de/news/Ausweise-Staendiger-Zugriff-der-Polizei-auf-Passfotos-muss-sichergestellt-werden-9321598.html
8. 60 000 skradzionych maili rządowych – efekt słynnego problemu z kluczem Microsoftu https://www.heise.de/news/60-000-geklaute-Regierungsmails-Erste-Zahlen-nach-Microsofts-Cloud-Key-Debakel-9321044.html
9. Niemcy. Netto pracuje nad aplikacją umożliwiającą odblokowanie wózka za pomocą smartfona. Co z ochroną danych? https://www.heise.de/news/Datenschuetzer-Hohe-Anforderungen-an-Einkaufswagen-mit-App-Entsperrung-9321754.html
10. Jordania, Zjednoczone Emiraty Arabskie, Tunezja, Egipt i Arabia Saudyjska mają przepisy dotyczące nadzoru i cenzury wymierzone w osoby LGTBQ+ https://www.eff.org/deeplinks/2023/09/growing-threat-cybercrime-law-abuse-lgbtq-rights-mena-and-un-cybercrime-draft
11. Jak państwo niemieckie zbiera dane o przedsiębiorcach? https://chaos.social/@Lilith/111151025942889062
12. Norwegia: kara 65 mln koron (ok. 5,8 Euro) dla aplikacji randkowej za złamanie RODO. Chodzi o reklamę behawioralną https://www.heise.de/news/Berufungsinstanz-bestaetigt-Grindr-muss-5-8-Millionen-DSGVO-Strafe-zahlen-9322438.html
13. Bundestag: ryzyko związane z cyberatakami i manipulacjami przemawia przeciwko e-głosowaniu https://www.heise.de/news/Bundestagsstudie-Es-bleibt-schwierig-mit-E-Voting-wegen-hoher-Voraussetzungen-9322588.html
14. Amerykańska Komisja Papierów Wartościowych i Giełd rozszerza swoje dochodzenie w sprawie wykorzystywania komunikatorów takich jak WhatsApp i Signal do komunikacji biznesowej. Sprawdzono też prywatne wiadomości części pracowników. https://www.heise.de/news/Gesetzeswidrige-Nutzung-von-WhatsApp-Co-US-Boersenaufsicht-verlangt-Einblick-9316338.html
15. Kontrola czatu: szefowa Signala przeciwko inwigilacji https://netzpolitik.org/2023/signal-chefin-zur-chatkontrolle-die-eu-kann-diesen-rueckschritt-bei-den-menschenrechten-stoppen/
16. Hejt wobec dziennikarek. Dlaczego w spolaryzowanym świecie dostaje im się mocniej? https://oko.press/hejt-wobec-dziennikarek
17. Nowe rewelacje Snowdena. NSA włamywała się do systemów europejskich służb https://cyberdefence24.pl/armia-i-sluzby/nowe-rewelacje-snowdena-nsa-wlamywala-sie-do-systemow-europejskich-sluzb
18. Internetowe testy preferencji wyborczych. Czym się różnią https://demagog.org.pl/analizy_i_raporty/internetowe-testy-preferencji-wyborczych-czym-sie-roznia/
19. Cyberpolicja zacieśnia współpracę z NASK https://cyberdefence24.pl/cyberbezpieczenstwo/cyberpolicja-zaciesnia-wspolprace-z-nask
20. Chiński łącznik w Brukseli. Kim jest lider Alternatywy dla Niemiec? https://cyberdefence24.pl/armia-i-sluzby/chinski-lacznik-w-brukseli-kim-jest-lider-alternatywy-dla-niemiec
21. Francja i Niemcy za Ukrainą w Unii https://defence24.pl/geopolityka/francja-i-niemcy-za-ukraina-w-unii
22. Laptopy dla nauczycieli. Rozpoczyna się realizacja bonów https://cyberdefence24.pl/polityka-i-prawo/laptopy-dla-nauczycieli-rozpoczyna-sie-realizacja-bonow
23. https://netzpolitik.org/2023/medienfreiheitsgesetz-eu-parlament-will-nur-noch-betreutes-loeschen-fuer-musk-und-zuckerberg/
24. Debata byłych ministrów na temat cyfrowej gospodarki https://twitter.com/BochynskaNikola/status/1709130633635598402
25. Nowa, dobrze finansowana grupa o szemranych konotacjach naciska na Apple, by firma osłabiła szyfrowanie (link za Fundacją Panoptykon) https://theintercept.com/2023/10/01/apple-encryption-iphone-heat-initiative/
26. Wielka Brytania: policja chce dostęp do zdjęć z paszportów, by porównywać je ze zdjęciami sklepowych złodziei https://eupolicy.social/@panoptykon/111170936687042857
27. Odtajniony raport Federalnego Urzędu Kontroli dot. kupowania wschodnioniemieckich banków przez zachodnioniemieckie https://fragdenstaat.de/blog/2023/10/03/geheimbericht-bundesrechnungshof-banken-wiedervereinigung/
28. Meta chce wymusić opłaty za przestrzeganie prywatności https://noyb.eu/en/meta-facebook-instagram-move-pay-your-rights-approach https://arstechnica.com/tech-policy/2023/10/ad-free-facebook-instagram-access-planned-for-14-per-month-in-europe
29. Brytyjski rząd chce zabronić używania telefonów komórkowych w szkołach https://www.heise.de/news/Britische-Regierung-will-Schuelern-Mobiltelefone-verbieten-9323955.html
30. Co dzieje się z naszą cyfrową tożsamością po śmierci? https://cyberdefence24.pl/prywatnosc/co-dzieje-sie-z-nasza-cyfrowa-tozsamoscia-po-smierci
31. Tomasz Borys o kontroli czatu https://www.linkedin.com/posts/activity-7114871756909101056--1BG
32. Świat się zbroi w Izraelu. Rekordowe wyniki i handel systemami szpiegowskimi https://cyberdefence24.pl/armia-i-sluzby/swiat-sie-zbroi-w-izraelu-rekordowe-wyniki-i-handel-systemami-szpiegowskimi
33. 1/3 ludzi odbierających telewizję naziemną nie wymieniło odbiornika i nie odbiera ani Polsatu ani TVN (ma nadal dvbt) https://twitter.com/piotrmiecz/status/1709324374413591031
34. Służby w USA nie chcą powiedzieć, jak szpiegują. Kongres domaga się wyjaśnień https://cyberdefence24.pl/armia-i-sluzby/sluzby-w-usa-nie-chca-powiedziec-jak-szpieguja-kongres-domaga-sie-wyjasnien
35. Śmierć Dmytra Nikiforenki. Policjanci wyłączyli kamery https://wiadomosci.onet.pl/wroclaw/ujawniamy-wstrzasajace-nagranie-z-monitoringu-tak-policjanci-zakatowali-ukrainca/wd4xhx6
36. Dania: tej jesieni ruszą procesy o zdradę stanu byłych przedstawicieli państwa – za poinformowanie prasy o współpracy z NSA https://netzpolitik.org/2023/landesverrat-daenischer-geheimdienstchef-und-ex-minister-vor-gericht/
37. Policja chce ukarać pieszego, który nagrał kierowcę łamiącego przepisy, bo mają go dość https://spidersweb.pl/autoblog/przechodzenie-przez-pasy-telefon-poznan
38. Niemcy: Powstaje platforma dla sygnalistów z policji. Mogą zgłaszać seksizm czy prawicowy ekstremizm. https://netzpolitik.org/2023/projekt-mach-meldung-whistleblowing-portal-fuer-polizei-gestartet/
39. Międzynarodowy Komitet Czerwonego Krzyża publikuje zasady dla haktywistów https://www.bbc.com/news/technology-66998064
40. Ylwa Johasson reaguje na ostatnie doniesienia dot. sojuszu lobbistów i służb na rzecz kontroli czatu. Twierdzi, że media szukają sensacji https://chaos.social/@andre_meister/111176576477171268 https://eupolicy.social/@khaleesicodes/111176582596928965 https://netzpolitik.org/2023/chatkontrolle-eu-innenkommissarin-johansson-weist-lobby-vorwuerfe-zurueck/
41. Pierwsza w USA kara za kosmiczne śmieci – 150 000 USD https://www.heise.de/news/Weltraumschrott-US-Behoerde-verhaengt-erstmals-150-000-Dollar-Geldstrafe-9324888.html
42. Kolejny nalot związany z polowaniem na Indymedia https://netzpolitik.org/2023/indymedia-linksunten-ohne-aussicht-auf-entschluesselungserfolg/
43. Czy niemieckie służby korzystają z Palantira? https://www.heise.de/news/Kein-Palantir-Polizei-soll-Big-Data-Analysen-mit-Eigenkompetenz-voranbringen-9325396.html
44. Polska. Dane zdrowotne uczniów trafią do ministra https://cyberdefence24.pl/polityka-i-prawo/dane-zdrowotne-uczniow-trafia-do-ministra
45. Prace nad AIAct – służby i BigTechy przeciwko prawom podstawowym https://eupolicy.social/@edri/111182316281676038
46. Sekretarz Generalny ONZ i Czerwony Krzyż wzywają do zakazu broni autonomicznej https://www.heise.de/news/UN-Generalsekretaer-und-Rotes-Kreuz-fordern-Verbot-autonomer-Waffen-9326002.html
47. Czy UE może eksportować technologię szpiegowską? https://fragdenstaat.de/blog/2023/10/05/wie-die-europaische-union-ihre-kontrollen-aufweichte-und-deutschland-half/
48. Unia Europejska zwiększy ochronę kluczowych technologii https://cyberdefence24.pl/cyberbezpieczenstwo/unia-europejska-zwiekszy-ochrone-kluczowych-technologii
49. Urząd Miasta w Puławach udostępnia czasem wpisy z profilu prezydenta miasta. Jeden z mieszkańców nie mógł zobaczyć ich treści, więc zawnioskował do urzędu o ich przesłanie. W odpowiedzi dostał list z wydrukami z Facebooka. https://twitter.com/SiecObywatelska/status/1708892644904989073 https://jawnylublin.pl/to-nie-zart-prezydent-pulaw-wysyla-tradycyjna-poczta-swoje-facebookowe-wpisy/ https://siecobywatelska.pl/po-co-gminom-ms/
50. Operatorzy niemieckich sieci zwrócili się do krajowego regulatora o rozpoczęcie procedur mających na celu wykluczenie RouterFreedom z sieci światłowodowych https://fsfe.org/news/2023/news-20230915-01.html
51. Kancelaria reprezentująca Google w sporach z irlandzkim organem danych osobowych ma zasiąść w komisji wskazującej kandydatów na szefostwo tego organu https://mastodon.social/@didleth/111179115882130245

Sztuczna inteligencja

#AI #SI #sztucznainteligencja

1. Reklamy w BingChat mogą infekować złośliwym oprogramowaniem https://www.osnews.com/story/137297/bing-chat-responses-infiltrated-by-ads-pushing-malware/
2. AI ma być w stanie odróżniać próbki biologiczne od pozostałych, co może pomóc w badaniach nad życiem w kosmosie https://www.heise.de/news/Heiliger-Gral-der-Astrobiologie-KI-soll-ausserirdisches-Leben-nachweisen-9316626.html
3. AI Anthropic i Amazon podejmują współpracę https://www.heise.de/news/Primaerer-Cloud-Anbieter-Amazon-investiert-Milliarden-in-KI-Firma-Anthropic-9315720.html
4. Jak zarządzać ryzykiem dla cyberbezpieczeństwa sztucznej inteligencji? https://cyberdefence24.pl/cybermagazyn/cybermagazyn-jak-zarzadzac-ryzykiem-dla-cyberbezpieczenstwa-sztucznej-inteligencji
5. AI w służbach USA. CIA mówi wprost https://cyberdefence24.pl/armia-i-sluzby/cia-sztuczna-inteligencja-to-zagrozenie-ale-i-jeden-z-najwazniejszych-zasobow
6. Polska: Rząd pyta o AI, ale tylko biznes (za PayWallem) https://biznes.gazetaprawna.pl/artykuly/9311826,rzad-pyta-o-ai-ale-tylko-biznes.html
7. AI w łodzi podwodnej? To część rywalizacji amerykańsko-chińskiej https://demagog.org.pl/analizy_i_raporty/ai-w-lodzi-podwodnej-to-czesc-rywalizacji-amerykansko-chinskiej/
8. Sam Altman planuje zastąpić ludzi sztuczną inteligencją https://twitter.com/Przegaa/status/1708108822177292674
9. Digital Festival 2023. Polki i Polacy o sztucznej inteligencji i najważniejszych wyzwaniach dla kraju https://tvn24.pl/kultura-i-styl/digital-festival-2023-polki-i-polacy-o-sztucznej-inteligencji-i-najwazniejszych-wyzwaniach-dla-kraju-7372285
10. Odbyły się duże imprezy tematyczne poświęcone AI, w tym DigitalFestival oraz IGF2023 https://www.gov.pl/web/igf-polska/igf-polska-2023
11. Rozpoznawanie emocji w call center: Gdy sztuczna inteligencja potajemnie ocenia rozmowy z klientami https://www.heise.de/news/Emotionserkennung-im-Callcenter-Wenn-die-KI-Kundengespraeche-heimlich-auswertet-9325037.html https://twitter.com/piotrmiecz/status/1709927598841897013

(Cyber)bezpieczeństwo

1. Luka krytyczna w Exim https://www.heise.de/news/Kritische-Luecke-im-Mailserver-Exim-9321943.html https://arstechnica.com/security/2023/09/critical-vulnerabilities-in-exim-threaten-over-250k-email-servers-worldwide/
2. Wojskowy Starlink z milionowym wsparciem Pentagonu https://space24.pl/bezpieczenstwo/technologie-wojskowe/wojskowy-starlink-z-milionowym-wsparciem-pentagonu
3. Chiny wydają miliardy dolarów na globalną dezinformację. To inwestycja https://cyberdefence24.pl/cyberbezpieczenstwo/chiny-wydaja-miliardy-dolarow-na-globalna-dezinformacje-to-inwestycja
4. Firmy z Tajwanu pomagają Huawei. Będzie polityczny kryzys? https://cyberdefence24.pl/biznes-i-finanse/firmy-z-tajwanu-pomagaja-huawei-bedzie-polityczny-kryzys
5. “Międzynarodowe konsorcjum dziennikarzy przeanalizowało blisko 300 zarejestrowanych w Estonii firm zajmujących się kryptowalutami i odkryło dziesiątki przestępstw” https://infosec.exchange/@avolha/111177001354810617
6. W Rosji już nie skorzystasz z VPN-a. Blokada wszystkich sieci https://cyberdefence24.pl/cyberbezpieczenstwo/w-rosji-juz-nie-skorzystasz-z-vpn-a-blokada-wszystkich-sieci
7. Weekendowa lektura Z3S https://zaufanatrzeciastrona.pl/post/weekendowa-lektura-odcinek-539-2023-09-30-bierzcie-i-czytajcie/
8. Czy mem może być narzędziem szerzenia dezinformacji? https://demagog.org.pl/analizy_i_raporty/kiedy-mem-przestaje-byc-satyra-czyli-jak-nie-ulec-dezinformacji/

BigTechy i wolny internet

#microsoft #mastodon #bluesky #amazon #instagram #twitter #facebook #bigtech

1. Microsoft: już nie można aktywować Windowsa 10/11 starym kluczem z Windowsa 7/8 https://arstechnica.com/gadgets/2023/09/microsoft-says-you-cant-activate-windows-10-11-with-old-windows-7-8-keys-anymore
2. Twitter usuwa nagłówki z linków https://www.heise.de/news/Twitter-X-zeigt-bei-Links-keine-Headlines-mehr-an-nur-noch-Bilder-9325705.html
3. Twitter chce zachęcić do kont premium włączając im bezpośrednie wiadomości do influencerów https://www.heise.de/news/Twitter-X-Premium-Nutzer-koennen-DMs-von-anderen-Premium-Kunden-zulassen-9321939.html
4. Niemcy: reklamy partii politycznych na TikToku https://netzpolitik.org/2023/schufa-shisha-spd-verbotene-politische-werbung-auf-tiktok/
5. Czy amerykańskie BigTechy powinny płacić za korzystanie z europejskiej infrastruktury? https://www.heise.de/news/Brief-nach-Bruessel-Google-Amazon-und-Co-sollen-fuer-Netznutzung-zahlen-9322950.html
6. OrganicsMaps szuka wolontariuszy https://fosstodon.org/@organicmaps/111156712949513724
7. Rekord Guinnessa w edytowaniu Wikipedii https://101010.pl/@rdrozd/111165418948816095
8. Facebook kontra fałszywe treści o szczepionkach. Kto wygrywa? https://demagog.org.pl/analizy_i_raporty/facebook-kontra-falszywe-tresci-o-szczepionkach-kto-wygrywa/
9. Facebook i Instagram bez reklam? Tak, ale jest jeden warunek https://cyberdefence24.pl/social-media/facebook-i-instagram-bez-reklam-tak-ale-jest-jeden-warunek
10. Kolejne zwolnienia w Meta. Tym razem dotyczą metawersum https://cyberdefence24.pl/social-media/kolejne-zwolnienia-w-meta-tym-razem-dotycza-metawersum
11. Amazon zarobił milion dolarów używając niejawnego algorytmu do zawyżania cen https://arstechnica.com/tech-policy/2023/10/report-amazon-made-1b-with-secret-algorithm-for-spiking-prices-internet-wide/
12. Kolejny odpływ użytkowników z Tweetera(X). Czemu niektórzy wolą BlueSky niż Mastodona? https://netzpolitik.org/2023/irgendwas-mit-internet-der-exodus-von-twitter-zu-bluesky-und-die-hoffnung/ https://annalist.noblogs.org/post/2023/10/05/warum-bluesky-statt-mastodon/
13. FTdL zbiera na sprzęt do realizacji projektu generatora polskich napisów (srt, txt), z materiałów wideo w języku polskim. Dla osób niedosłyszących i na potrzeby transkrypcji materiału https://zrzutka.pl/generator-napisow
14. Musk musi zwrócić 1,1 mln dolarów zwolnionym dyrektorom tweetera https://arstechnica.com/tech-policy/2023/10/musk-cant-dodge-payments-to-ex-twitter-execs-he-fired-judge-rules/

Podcasty i inne treści w formie audio/video

#podcast

1. Polityczne fake newsy w czasach kampanii (pl) https://demagog.org.pl/podcast/polityczne-fake-newsy-w-czasach-kampanii-i-scamy-na-mentzena-prasowka-z-dezinformacji/
2. Netzpolitik – Off The Record. 2 lata relacjonowania tematu kontroli czatu. Rozmowa z Markusem Reuterem (de) https://netzpolitik.org/2023/276-off-the-record-beruf-chatkontrolle/
3. Pegasus i inne zagadnienia z niemieckiej polityki cyfrowej. ADB Podcast (de) https://mdb.anke.domscheit-berg.de/2023/09/der-adb-podcast-21/
4. Logbuch:Netzpolitik. O kontroli czatu i nie tylko (de) https://logbuch-netzpolitik.de/lnp470-farbtoene-sind-auch-ein-teil-der-wahrheit
5. Przegląd września w niemieckiej polityce cyfrowej – eGovernment-podcast (de) https://egovernment-podcast.com/egov153-monatsschau-09-23/
6. Polityka cyfrowa obecnej niemieckiej koalicji rządzącej oczami Chaos Computer Club (de) https://chaosradio.de/cr283-was-die-ampel-hinbekommen-hat-und-was-nicht
7. Seminarium SURVEILLANCE and the EYE of GOD (en) https://www.youtube.com/watch?v=fzhT1cOFZiQ
8. Panoptykon 4.0. O wpływie algorytmów na kampanię wyborczą. Rozmowa z Agatą Kaźmierską i Wojciechem Brzezińskim (pl) https://panoptykon.org/algorytmy-wybory-podcast
9. Czarownice na stosach historii feminizmu. Dziewczynolata. O kobietach, które były pionierkami technologii https://open.spotify.com/episode/0odR3SknMx5dLuEmLE9b7J (sorry za link do spotify, jak dacie fediwersowy to wymienię :–))

Dobre wiadomości

#dobre

1. GNU ma już 40 lat https://www.heise.de/news/40-Jahre-GNU-Grundsatzfragen-zu-KI-Red-Hat-und-Co-9321783.html
2. Komisarz krajowego ds. ochrony danych i wolności informacji w Nadrenii-Palatynacie ma konto na mastodonie https://social.bund.de/@lfdi_rlp/111158703568048886
3. ONZ chce wspierać Global Digital Compact, działając na rzecz zrównoważonego rozwoju internetu, w tym cyfrowej przestrzeni publicznej i dóbr wspólnych https://netzpolitik.org/2023/oeffentliches-geld-oeffentliches-gut-digital-commons-sind-die-zukunft-des-guten-internets/
4. Przyznano nagrody Nobla w dziedzinie medycyny https://www.heise.de/news/Medizi-Nobelpreis-fuer-Forschung-an-Impfung-gegen-das-Coronavirus-9322944.html
5. Ministerstwo Spraw Wewnętrznych i Administracji uruchomiło aplikację mobilną Alarm112 do wysyłania zgłoszeń alarmowych do Centrum Powiadamiana Ratunkowego. Info za mastodonem Patryka Gronkiewicza https://www.gov.pl/web/numer-alarmowy-112/aplikacja-moblina-alarm112
6. Fundacja Orange rezygnuje z publikowania wizerunków dzieci. W ślad za nią idą inne organizacje https://fundacja.orange.pl/aktualnosci/artykul/w-poszanowaniu-prawa-do-wizerunkow-dzieci
7. WatchDog Polska ma już 20 lat https://siecobywatelska.pl/dzis-sa-nasze-20-urodziny/
8. Niemcy: Powstaje platforma dla sygnalistów z policji. Mogą zgłaszać seksizm czy prawicowy ekstremizm. https://netzpolitik.org/2023/projekt-mach-meldung-whistleblowing-portal-fuer-polizei-gestartet/
9. Fundacja IT Girls przygotowała e-booka “Bezpieczni online – twój klik ma znaczenie”, warto się zapoznać https://infosec.exchange/@avolha/111187217190326934
10. Sieć Obywatelska – WatchDog Polska pomaga ujawnić, co stało się z dokumentacją pacjentek gabinetu ginekologicznego zabraną przez CBA. Jest już pierwsza wygrana w tej sprawie https://siecobywatelska.pl/cba-i-dokumentacja-medyczna/ https://orzeczenia.nsa.gov.pl/doc/77FDCEA180

Lilith Wittmann

2023-09-29 23:27:38

Ich habe in den letzten Wochen tausende Seiten zum Thema Registermodernisierung von verschiedensten deutschen Behörden per #IFG befreit.

Es entsteht technisch gesehen eine zentrale Datenbank mit irgendwann mal allen Daten die der Staat über uns hat. Ohne ein Sicherheitskonzept.

Einige Highlights im Thread.

https://fragdenstaat.de/anfrage/themenkomplex-registermodernisierung-2/#nachricht-830626

https://fragdenstaat.de/anfrage/themenkomplex-registermodernisierung-3/#nachricht-826162

Themenkomplex Registermodernisierung

- Gutachten & Studien, - Stellungnahmen & Einschätzungen, - Positions-, Grundsatz- und weitere Papiere und - Dokumente mit ähnlichem bewertendem oder analysierndem Charakter zum Themenkomplex Registermodernisierung, die a) innerhalb Ihrer Or…

^{fragdenstaat.de}

I sure hope this finally kills #Twitter.

Elon Musk says X will charge users ‘a small monthly payment’ to use its service

X owner Elon Musk today floated the idea that the social network formerly known as Twitter may no longer be a free site. In a live-streamed conversation with Israeli Prime Minister Benjamin Netanyahu on Monday, Musk said the company was “moving to a small monthly payment” for the use of the X system. He suggested that such a change would be necessary to deal with the problem of bots on the platform.

“It’s the only way I can think of to combat vast armies of bots,” explained Musk. “Because a bot costs a fraction of a penny — call it a tenth of a penny — but even if it has to pay…a few dollars or something, the effective cost of bots is very high,” he said. Plus, every time a bot creator wanted to make another bot, they would need another new payment method.

Musk didn’t say what the new subscription payment would cost, but described it as a “small amount of money.”

I find one of the most helpful ways you can encourage people to leave hellsites like #Twitter and #Facebook to try out #mastodon / the #fediverse / etc isn't to just tell them "join mastodon" and hope they end up picking a good instance. Actually go the extra step of finding an instance that, to you, an experienced user, seems well moderated, and at least somewhat aligns with that person's interests so they'll find other people's content to keep them interested, and suggest that one directly. @eldritch.cafe remains the first Mastodon instance I ever joined, after my friend and I specifically looked for a server that allows nonsexual female nipples without being focused on actual sex work, and all in all it's been a great experience (and has completely ruined me towards any server with less than a 5,000 character limit, haha).

Especially considering how tech-inclined so many (pre-Twitter-migration) fedi users are--keep in mind that most of us (me included) are not so knowledgeable about this stuff straight out the gate 😜 We need a little extra guidance, and if you truly think that the fedi is a better alternative, you need to make the extra effort in improving #accessibility to your chosen platform. (It also helps tremendously in making sure that someone's first interaction with mastodon isn't on a huge server with little to no moderation, opening them way more up to attacks from racists, etc than if they had started on a heavily moderated server that is already #defederated from instances that allow that abhorrent behavior)