Scan your passport to join our social network.
-
-
@vonKordke @lain @aral you know who this response paints you as? A geniune Nazi
Only fascists whine “oh you call everyone a fascist” when called out as what they are
-
@aral@mastodon.ar.al @mynameistillian@plush.city
to any dumbass reporting this post, a simple google search would have spared you the effort of reporting what's a known meme on the polish side of internet
go care about actual doxxing that happens on your very own cesspool instead of getting mad over a photo of an ID that might as well never really exist
-
@EregLoch@mastodon.coffee @aral@mastodon.ar.al @lain@lain.com if the verification is truly fully on device, then in theory someone can just spoof the results that get sent back to the server and pretend theyre a real person, which completely defeats the point
the only way ID verification truly works is when there is some external server doing the verification, which of course has its own even worse problems
there is no way to make ID verification both private and trustworthy, the two are fundamentally interlinked, so theres no point even entertaining the idea either way -
@vonKordke @lain @aral pspspspspspsps monkey
-
@vonKordke @lain @aral pspspspspspsps monkey
@vonKordke @aral @lain thats right i dont actually care youve proven you’re not worth listening to heh
just trolling for the entertainment value now
-
@vonKordke @aral @lain thats right i dont actually care youve proven you’re not worth listening to heh
just trolling for the entertainment value now
-
Scan your passport to join our social network.
Don’t worry, it’s European.
Needless to say, unless you’re a complete and utter fool, do not join W and warn your friends not to join W either.
#EU #europe #W #socialNetwork #identityVerification #surveillance #privacy #humanRights #democracy #data @lain https://lain.com/objects/aaa7d9d6-331b-4a59-aeda-b2badafc15c3
@aral @lain@lain.com as it was said: mr gorbachev, tear that bullshit down
-
Scan your passport to join our social network.
Don’t worry, it’s European.
Needless to say, unless you’re a complete and utter fool, do not join W and warn your friends not to join W either.
#EU #europe #W #socialNetwork #identityVerification #surveillance #privacy #humanRights #democracy #data @lain https://lain.com/objects/aaa7d9d6-331b-4a59-aeda-b2badafc15c3
-
@crv@akkoma.kruhlovo.xyz @aral@mastodon.ar.al @mynameistillian@plush.city
tylko na fedi takie kwiatki
-
@crv@akkoma.kruhlovo.xyz @aral@mastodon.ar.al @mynameistillian@plush.city
tylko na fedi takie kwiatki
-
Scan your passport to join our social network.
Don’t worry, it’s European.
Needless to say, unless you’re a complete and utter fool, do not join W and warn your friends not to join W either.
#EU #europe #W #socialNetwork #identityVerification #surveillance #privacy #humanRights #democracy #data @lain https://lain.com/objects/aaa7d9d6-331b-4a59-aeda-b2badafc15c3
@aral on a somewhat related note LinkedIn wants me to upload my ID to be able to close my account because I do not agree with uploading my ID to continue to use it… and you need an unblocked account to contact the DPO to exercise your rights which implies… uploading the ID. Kind of a catch-22
-
@aral
You are missing rule 2: the server is untrustworthy. In networking any system can be malignant or hacked and become malignant. Assuming otherwise is failure in the waiting.(Rule 3: use open source and invite the world to find vulnerabilities)
-
Scan your passport to join our social network.
Don’t worry, it’s European.
Needless to say, unless you’re a complete and utter fool, do not join W and warn your friends not to join W either.
#EU #europe #W #socialNetwork #identityVerification #surveillance #privacy #humanRights #democracy #data @lain https://lain.com/objects/aaa7d9d6-331b-4a59-aeda-b2badafc15c3
-
Scan your passport to join our social network.
Don’t worry, it’s European.
Needless to say, unless you’re a complete and utter fool, do not join W and warn your friends not to join W either.
#EU #europe #W #socialNetwork #identityVerification #surveillance #privacy #humanRights #democracy #data @lain https://lain.com/objects/aaa7d9d6-331b-4a59-aeda-b2badafc15c3
@aral thank you for speaking up! Also see @_elena's post: https://mastodon.social/@_elena/116537351402947996
-
@aral
You are missing rule 2: the server is untrustworthy. In networking any system can be malignant or hacked and become malignant. Assuming otherwise is failure in the waiting.(Rule 3: use open source and invite the world to find vulnerabilities)
@EregLoch @aral seems i need to make my argument explicit as youve clearly misunderstood
We know that the client is not guaranteed to be trustworthy from the perspective of the server. We assume that the identity verification is done on the client only as stated. Per this assumption that means that the result of the verification is sent back as some form of yes/no (coupled with a name to be matched on the server, in case of success) or similar, without any other data that would allow the verification to be repeated on the server being sent back. As the client may be untrustworthy, it may manipulate the verification process or just send back modified data from a recorded successful verification with the attackers preferred values. Therefore, we can conclude that it is trivially possible to create fake accounts unless the assumption is false.
Whether or not the server is trustworthy is irrelevant to this attack.
-
@EregLoch @aral seems i need to make my argument explicit as youve clearly misunderstood
We know that the client is not guaranteed to be trustworthy from the perspective of the server. We assume that the identity verification is done on the client only as stated. Per this assumption that means that the result of the verification is sent back as some form of yes/no (coupled with a name to be matched on the server, in case of success) or similar, without any other data that would allow the verification to be repeated on the server being sent back. As the client may be untrustworthy, it may manipulate the verification process or just send back modified data from a recorded successful verification with the attackers preferred values. Therefore, we can conclude that it is trivially possible to create fake accounts unless the assumption is false.
Whether or not the server is trustworthy is irrelevant to this attack.
@EregLoch If you have an actual counterargument (i.e. not another non sequitur) then now is the time to present it
-
Scan your passport to join our social network.
Don’t worry, it’s European.
Needless to say, unless you’re a complete and utter fool, do not join W and warn your friends not to join W either.
#EU #europe #W #socialNetwork #identityVerification #surveillance #privacy #humanRights #democracy #data @lain https://lain.com/objects/aaa7d9d6-331b-4a59-aeda-b2badafc15c3
-
@aral on a somewhat related note LinkedIn wants me to upload my ID to be able to close my account because I do not agree with uploading my ID to continue to use it… and you need an unblocked account to contact the DPO to exercise your rights which implies… uploading the ID. Kind of a catch-22
-
@aral on a somewhat related note LinkedIn wants me to upload my ID to be able to close my account because I do not agree with uploading my ID to continue to use it… and you need an unblocked account to contact the DPO to exercise your rights which implies… uploading the ID. Kind of a catch-22
