In other words, it’s the same effect as when you make separate identities to share with different contacts on any messaging service. SimpleX has adopted that as the normal way to to operate.

Worth mentioning just in case you’re not aware: versioning is present not just on the protocol spec, but on individual rooms. That ought to ease any semantics changes that might be needed.

I think this could use some elaboration on what you mean by half dead.

I don’t remember the statement in the bug report verbatim, but it indicated that they intend to fix it, which is about what I had previously seen on other issues that they did subsequently fix. I expect it’s mainly a matter of prioritizing a long to-do list.

I can’t think of a reason why it wouldn’t be possible. The protocol is continually evolving, after all, and they already moved message content to an encrypted channel that didn’t originally exist. Moving other events into it seems like a perfectly sensible next step in that direction.

There are a few that do a good job of protecting our messages with end-to-end encryption, but no single one fits all use cases beyond that, so we have to prioritize our needs.

Signal is pretty okayish at meta-data protection (at the application level), but has a single point of failure/monitoring, requires linking a phone number to your account, can’t be self-hosted in any useful way, and is (practically speaking) bound to services run by privacy invaders like Google.

Matrix is decentralized, self-hostable, anonymous, and has good multi-device support, but hasn’t yet moved certain meta-data into the encrypted channel.

SimpleX makes it relatively easy to avoid revealing a single user ID to multiple contacts (queue IDs are user IDs despite the misleading marketing) and plans to implement multi-hop routing to protect meta-data better than Signal can (is this implemented yet?), but lacks multi-device support, lacks group calls, drops messages if they’re not retrieved within 3 weeks, and has an unclear future because it depends on venture capital to operate and to continue development.

I use Matrix because it has the features that I and my contacts expect, and can route around system failures, attacks, and government interference. This means it will still operate even if political and financial landscapes change, so I can count on at least some of my social network remaining intact for a long time to come, rather than having to ask everyone to adopt a new messenger again at some point. For my use case, these things are more important than hiding which accounts are talking to each other, so it’s a tradeoff that makes sense for me. (Also, Matrix has acknowledged the meta-data problem and indicated that they want to fix it eventually.)

Some people have different use cases, though. Notably, whistleblowers and journalists whose safety depends on hiding who they’re talking to should prioritize meta-data protection over things like multi-device support and long-term network resilience, and should avoid linking identifying info like a phone number to their account.

So you are basically saying that root CAs are unreliable or compromised?

Not exactly. They are pointing out that HTTPS assumes all is well if it sees a certificate from any “trusted” certificate authority. Browsers typically trust dozens of CAs (nearly 80 for Firefox) from jurisdictions all over the world. Anyone with sufficient access to any of them can forge a certificate. That access might come from a hack, a rogue employee, government pressure, a bug, improperly handled backups, or various other means. It can happen, has happened, and will happen again.

HTTPS is kind of mostly good enough for general use, since exploits are not so common as to make it useless, but if a government sees it as an obstacle, all bets are off. It is not comparable to a trustworthy VPN hosted outside of the government’s reach.

Also, HTTPS doesn’t cover all traffic like a properly configured VPN does. Even where it is used and not compromised, it’s not difficult for a well positioned snooper (like an internet provider that has to answer to government) to follow your traffic on the net and deduce what you’re doing.

If you care about keeping your domain enough that you don’t want there to be an excuse for someone to take it from you, then you use your real info, and choose a registrar that only exposes a proxy contact in your WHOIS entry.

If you don’t care about losing your domain, then you can use fake contact info.

I suppose I would avoid connecting to untrusted networks, or avoid opening print dialogs while on them, or uninstall CUPS until a fix is available.

That refers to the fact that printer advertisements can contain lies: When you see a familiar printer name appear on a network, it could always be an impostor secretly pointing to the address of a malicious device.

So my first advice stands: Avoid interaction with untrusted or potentially compromised print servers.

To be clear, when I say “interaction”, I don’t just mean printing to them. I mean any interaction at all. Even just browsing a network for printers could potentially mean your system contacts the devices at the advertised addresses, and receives data from them. This Qualys report doesn’t make clear whether this kind of interaction is safe, so I have to assume for now that it is not.

Exploitation involves sending a malicious UDP packet to port 631 on the target, directing it to an attacker-controlled IPP server.

Okay, so at least until this is patched, it would be a good idea to shut down any CUPS-related process that’s listening on port 631, and avoid interaction with untrusted or potentially compromised print servers.

Either of these commands will list such processes:

$ sudo lsof -i :631

$ sudo fuser -v 631/tcp 631/udp

I don’t want to diminish the urgency of this vulnerability, but it is worth noting that “affecting all GNU/Linux systems” does not mean that every affected system is actually running the vulnerable code. Some installations don’t run print services and don’t ever communicate with printers.

Also, I suspect that the author’s use of “GNU” in that warning is misleading, potentially giving a false sense of security. (Sadly, a certain unfortunate meme has led many people to think that all Linux systems are GNU systems, and the author appears to be among them.) I don’t see any reason to think musl builds of CUPS are immune, for example, so I don’t assume my Alpine systems are safe just because they are not GNU/Linux.

It’s worth keeping in mind that your network is not the only network in the world, and WiFi is not the only kind of link.

Neighbors exist. Open guest networks exist. Drive-by and fly-by networks exist. Mesh networks exist (and are already created by devices like Amazon Echo for use by other devices in the neighborhood). Special-purpose networks quietly created by internet providers using their CPE exist. Satellite links exist, and have been getting smaller and cheaper; maybe enough for a TV before long. Power line networking exists, and can reach across property lines. Bluetooth, LoRa, cellular, etc. etc. etc.

I’m not suggesting that all smart TVs make use of these things today, but some of them are already capable, and since the capabilities are increasingly cheap and easy to implement, they will almost certainly become more common in the years to come. Let’s also remember that behavior that is not documented or enabled at purchase time can be enabled later, and sometimes is.

If I were buying today, it wouldn’t be a smart TV. I would instead look at gaming console monitors, computer monitors, projectors, dumb TVs, and commercial displays. That way I wouldn’t be showing manufacturers that spyware appliances are okay with me, nor giving them money in support of spyware product lines.

If I already had a smart TV and wasn’t in a position to replace it with something trustworthy, I would mod it: Open it up, find any network-capable components inside, and physically disconnect them. (Or if I didn’t have those skills, I would get a qualified friend or electronics repair shop to do it for me.)

All desktop environments are fancy compared to a simple window manager.

threat actors backed by Beijing broke into a “handful” of U.S. internet service providers

Which ISPs?

Also, it would Be(e) better to link the original article (archived here), rather than this secondary reporting based on it.

The unfortunately paradoxical thing about opt-out services is that using them requires giving out your details, and hoping that they aren’t (deliberately or accidentally) leaked.

CoreLogic defended its practices as legal, saying it’s too difficult to verify consent or anonymise personal data.

And this is what needs changing. It should not be legal for them to have it, nor for anyone to give it to them, in the first place.

Gemini is not just a delivery protocol. It also specifies a content format.

“Feel,” “happy,” “comfortable”… Privacy doesn’t care about your feelings.

The motivation to do the work, spend time learning the risks and available mitigations, disrupt existing social relationships in order to adopt better tools, inconvenience friends and family, partially isolate one’s self by avoiding the popular systems… all of these things are part of improving privacy in the real world, and at least for many people, fueled by a person’s feelings. Don’t discount the human factors just because you can’t quantify them.

2. distributed server network controlled by many entities (resilience)

It only fully meets the first criterion, yes. But personally I give it a bit of credit for the second too, in that it belongs to a non-profit foundation with multiple stakeholders, somewhat like Wikimedia.

These two things are not at all equivalent, or even comparable.

Signal is not my tool of choice, so I’ll answer from a more general perspective:

Having multiple friends and social groups on an e2ee chat system for the past few years feels great. Knowing that our words aren’t being recorded and exploited by half a dozen companies, we no longer feel the need to self-censor. The depth and value of our online conversations have grown noticeably.

Yes, there is more work to do, both at the endpoints and in the protocols. No, not all of us have flipped all the switches to maximize our privacy yet. That’s okay. Migrating is a gradual process. We do it together, helping each other along the way, rather than trying to force it all at once. Every step an improvement.

I think how often this is a problem varies widely from person to person. I don’t remember the last time I gave a mobile number out to a company, but it was more than a few years ago. The last few that strictly required one were non-essential; I just took my business elsewhere.