We had a woodpecker in our yard. It was kind of annoying because it almost girdled the flowering tree next to the dining room window.
I called an arborist to make sure the tree was ok. He looked, then laughed.
"Most woodpeckers are pecking for bugs. Which could mean the tree is sick. Your tree is fine. This guy was pecking in rows to draw the sap. Which attracted ants. That he then ate."
The woodpecker in my yard had set up a lure. Who knew birds were that smart?
Apparently with Allstate we lack coverage for:
- water/sewer backup
New agent and insurance company? Grants better coverage than Allstate AND covers all of that. Plus an additional $1MM umbrella policy. Our new premium? Less than HALF of what Allstate has on my bill.
Never have I ever had an easier "should I stay or should I go" decision placed in front of me ...
I've spent the past week or so shopping around. Literally everyone is cheaper. I told him so.
He laughed (in writing) and claimed they were lying. So I got their estimates and compared to the coverage from him.
He "suspended" the coverage of the unused car. It was great! Cut our premium in half. We were happy ... until our house premium started going up. And up. And UP.
Well, auto renewal is next month, so I sent him a standard "WTF?!?" and asked for help again. This time ... not so much.
He suggested I add my wife to their Drivewise program because "you're only getting half the discount."
It's an $18 discount ... seriously?!?!?
Needless to say, no amount of "you're in good hands" marketing could fix that. I was livid. Eventually got in touch with a new agent and moved my account to his office. He was just as incensed by the ordeal as I was. Felt good to finally have someone I thought I could trust ...
Then covid hit. We were paying for 2 cars. One used sparingly on weekends, one stuck in the driveway so long I had to start jumping it weekly to save the battery. Why pay a fortune for insurance for both, right?
Several years later, someone hit the car while my wife was at work. I logged into the Allstate site so I could contact my agent and ... his details were nowhere to be found.
I figured their site was broken and resorted to Google to find his phone number. Instead ... I found news reports.
Apparently he'd been arrested. During a child sex exploitation sting. A year prior.
We'd been without an agent contact for a YEAR because he'd been arrested for trying to rape a kid.
One of the first things we needed to consolidate when we got married was insurance. I had Progressive. She had Geico. We were both relatively happy, but needed to merge our auto policies and cover our new house. I shopped around and, well, it turned out Allstate was the most competitive offer.
So we moved to Allstate.
It was further complicated by someone rear-ending me literally the week before our policies cut over. Made my repair claim a bit messy ... but it worked.
Early into the stay-home orders, we realized we didn't really need 2 cars. Because we expected things to open up, we suspended coverage on my wife's Toyota. Great, premiums go down!
Now we've sold the car. Reached out to my agent to remove it entirely. Great! Premiums went up.
Wait, WENT UP?!?! wtaf?
(Removing a vehicle with suspended coverage apparently INCREASED my premium ...)
Browser-based crypto gets a bad rap because of how easily broken the secrecy part of it has become. Every browser could have tens of men in the middle (other browser extensions) eavesdropping on your side of the conversation.
The question is whether this is "good enough" security for this particular use case. I think it could be ...
It's not _quite_ OTR (but similar). It's also not a double ratchet (Signal) but the ephemeral keys provide similar utility and allow for multiple parties in the convo.
Everything could be implemented using the SubtleCrypto API as it stands today with broad platform/browser support.
The only thing to think through is threat model.
Ephemeral keys mean each message is independent. Even if you somehow decrypted one message in the convo you won't be able to read any others (i.e. perfect forward secrecy).
Given the way things are structured, such a scheme could fit into Mastodon today with minimal changes - maybe even as a browser extension to test it out?
By placing the block of keys in an attachment, you don't artificially inflate the size of the message. Could even put the signature on the plaintext as part of the attachment itself (still debating that).
Could further obfuscate the key block by indexing each key based on a _hash_ of the recipient's ID. Recipients will easily find their key but an attacker will have a harder time at it.
First - public keys are public and tied to each account. Super easy for discovery.
Second - they're built into the account (no manual key management) but still well-protected. You could also change your passphrase or even generate a new keypair if you want.
Third - sign-then-encrypt means an outside observer cannot _prove_ you sent a particular message unless they're party to said message.
Fourth - an outside party can attempt to impersonate you, but message recipients won't be fooled.
Reading a message then requires:
1) Using your private key and the ephemeral public key to decrypt your copy of the symmetric key
2) Decrypting the message itself
3) Verifying the signature from the original author.
It looks like a lot of steps but, really, this is fairly straight-forward to abstract, even in browser-based crypto.
This scheme also have a lot of advantages
4) Create an ephemeral symmetric key for the message/conversation
5) Sign the message with your private key.
6) Encrypt the message + signature with the symmetric key
7) Wrap a copy of that key for each recipient by re-encrypting the key with a key derived from the ephemeral private key and each recipient's public key
8) Post the encrypted message
9) Include an attachment that is a collection of the ephemeral public key + each encrypted participant key
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!