AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Lost allpasswords on zorin 83/29/2023 ![]() An exercise to learn this: install an SSH server on a virtual Linux machine, and open that to the internet with port 22 open (default). Maybe you do not believe this, but as soon as there is an opportunity for evil with profit, bad people will take it. Everyone here is right losing your data IS good UX when compared to having your data accessible by those who don't own it (Even if it's the vendor, like Apple) If it becomes someone else's responsibility. Your information is always your responsibility. But you will succeed in learning, which is the bigger picture. They are complex, they are hard, and you will probably fail to complete it. Not one they teach on the first week of school, a real Algo used in the real world. I think a good exercise is to implement a proper encryption Algo. Your views on technology are interesting. git folder at this point and starting anew. Honestly, it may be worth just deleting your. Your whole git log needs to be combed through so you can remove the databases of private info. You messed up and it can have some pretty fucked up consequences. honestly man I know you are still figuring things out but you need to just take some advice and remove your site. We have a moral obligation to do everything we can to protect and educate users, not exploit them like Google, Facebook, Amazon, Alibaba, Tencent, TikTok, if you go into his. This is why data privacy is so important. All of this by analyzing patterns in the data, not even by understanding what it is you wrote because natural language processing isn’t even there yet. These can show, with surprising and terrifying accuracy, where you live, who you know, what you like, what you are likely to buy/do/vote for (and when, down to the hour), your mood, if you are depressed, have a mental illness, are likely to have children within five years, love/hate your job, if you are cheating, what medications you are on, etc. Timing on posts, timing on traffic, search terms, use of specific wording, writing style, tone, new words, new interests, and above all else: trends of the above. The worst part, though, is that they share it.Įverything that goes online is permanent, and says a hell of a lot more about you than you will ever realize. And of course they are always getting better at correlating the data, so they continually learn more from everything they’ve stored. They store everything, and correlate it as they learn more. Every http request to google’s servers tracks you and your activity across about 75% of websites, as I remember the statistic. Recaptcha, font and js CDNs, analytics, Gmail - especially Gmail - etc. The more data they have about you, the more money they can make.Įverything they do is designed to gather data. Google’s entire business model is data mining to target ads. And strong security doesn’t necessarily mean the data is easy to Apple appears to care about privacy google does not. ![]() The takeaway is that, while you can’t have perfect security and impose no limitations on the user, security is much more important. ![]() The data and its access are secure, and safe so long as the users don’t share said passwords with anyone else. But this also makes it impervious to DB leaks and social engineering, like what happened with Twitter verified accounts. True, if all users lose both their passwords and reset tokens, the data is irretrievable. All without ever allowing third party access. That way the server has zero knowledge of the data, nothing is transmitted in the clear, multiple users can access said data, and they can change their passwords using the reset token. ![]() Only the user could decrypt their copy, transmitted to the client only in encrypted form, which in turn allows them to decrypt the shared data on the client. However, you can still apply the same principle by adding one layer: you can easily encrypt the decryption key with the user’s password hash, or other encryption key depending on your implementation, and store it securely on the server. In such a case, you would need a central store of decryption keys there is no way around it. This obviously poses problems for having multiple users able to access the data. If you lose both, your data is irretrievable. For passwords, you have one, and a reset key. All decryption and encryption happens entirely on the client, meaning nothing is ever transmitted in clear text. They can read just enough to route emails to their intended recipients, and little else. Ideally, services would operate similar to TutaNota, where the service has almost zero knowledge of the users or their data.
0 Comments
Read More
Leave a Reply. |