Show newer

After finishing my daily Wordle, I did a side-by-side comparison between my Twitter and Mastodon feeds over coffee.

Yeah ... Mastodon is way healthier.

Food fun :-) 

Loaded twice-baked potatoes. Green onion, mushrooms, bacon, garlic, sour cream, and joy.

Browser-based crypto gets a bad rap because of how easily broken the secrecy part of it has become. Every browser could have tens of men in the middle (other browser extensions) eavesdropping on your side of the conversation.

The question is whether this is "good enough" security for this particular use case. I think it could be ...


Show thread

It's not _quite_ OTR (but similar). It's also not a double ratchet (Signal) but the ephemeral keys provide similar utility and allow for multiple parties in the convo.

Everything could be implemented using the SubtleCrypto API as it stands today with broad platform/browser support.

The only thing to think through is threat model.


Show thread

Ephemeral keys mean each message is independent. Even if you somehow decrypted one message in the convo you won't be able to read any others (i.e. perfect forward secrecy).

Given the way things are structured, such a scheme could fit into Mastodon today with minimal changes - maybe even as a browser extension to test it out?


Show thread

By placing the block of keys in an attachment, you don't artificially inflate the size of the message. Could even put the signature on the plaintext as part of the attachment itself (still debating that).

Could further obfuscate the key block by indexing each key based on a _hash_ of the recipient's ID. Recipients will easily find their key but an attacker will have a harder time at it.


Show thread

First - public keys are public and tied to each account. Super easy for discovery.

Second - they're built into the account (no manual key management) but still well-protected. You could also change your passphrase or even generate a new keypair if you want.

Third - sign-then-encrypt means an outside observer cannot _prove_ you sent a particular message unless they're party to said message.

Fourth - an outside party can attempt to impersonate you, but message recipients won't be fooled.


Show thread

Reading a message then requires:

1) Using your private key and the ephemeral public key to decrypt your copy of the symmetric key
2) Decrypting the message itself
3) Verifying the signature from the original author.

It looks like a lot of steps but, really, this is fairly straight-forward to abstract, even in browser-based crypto.

This scheme also have a lot of advantages


Show thread

4) Create an ephemeral symmetric key for the message/conversation
5) Sign the message with your private key.
6) Encrypt the message + signature with the symmetric key
7) Wrap a copy of that key for each recipient by re-encrypting the key with a key derived from the ephemeral private key and each recipient's public key
8) Post the encrypted message
9) Include an attachment that is a collection of the ephemeral public key + each encrypted participant key


Show thread

Consider this:

Every account has a public/private keypair that's generated during setup. The keypair is encrypted (either with a symmetric key based on your password or some other keyphrase you know) and stored with the account. Due to strong crypto, you're the only one who can get it back out.

Sending a DM then becomes a multi-step process.
1) Decrypt your key
2) Fetch the public keys of the other parties in the convo
3) Create an ephemeral public/private keypair for the conversation


Eric Mann boosted

Here's a tip for using the federated timeline!

If you see something you don't like or there are too many posts from a user or instance, you can click to view a user profile and choose to mute or block any user. Then, leave a note to remember why.

You can also block an entire domain.

Finally, if someone is violating our local code of conduct, you may report the account, and our moderators will decide how to handle it.

(Apologies to @ericmann for using his profile as an example.)

Eric Mann boosted

Upgraded to Mastodon 3.5.2. A fresh coat of paint is always welcome :-)

Though I wonder what it might take to support automatic updates sometime in the future ...


Wordle 321 4/6


Eric Mann boosted

The last episode of #Picard season 2 was finally really good, with a few awesome surprises.

#StrangeNewWorlds episode 1 was amazing! Anson Mount is perfect in the role as Pike. I’m looking forward to the rest of this season.

Eric Mann boosted

Call me crazy, but maybe free speech isn't about choosing the "right" billionaire or government to protect it.

Maybe if we want free speech, we should make it impossible for billionaires and governments to shut it down.

Show thread
Eric Mann boosted

Note: I don't just critique Trek. I've also been (trying to watch) the live-action Halo series and ... wow. Also quite a let down.

Some good moments, sure. But this should've been just a generic sci-fi show. Feels like a poorly constructed fan fic.

Enchilada casserole with homemade pork carnitas.

I've been planning this for weeks and only realized today that it's also Cinco de Mayo.

After being more or less disappointed by season 2 of Picard I was blown away by the writing and quality of the first episode of Strange New Worlds. Captain Pike is one of the best written (and acted) characters I've seen in sci-fi, hand's down.

Show older

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!