Scan your passport to join our social network.
-
Scan your passport to join our social network.
Don’t worry, it’s European.
Needless to say, unless you’re a complete and utter fool, do not join W and warn your friends not to join W either.
#EU #europe #W #socialNetwork #identityVerification #surveillance #privacy #humanRights #democracy #data @lain https://lain.com/objects/aaa7d9d6-331b-4a59-aeda-b2badafc15c3
-
Scan your passport to join our social network.
Don’t worry, it’s European.
Needless to say, unless you’re a complete and utter fool, do not join W and warn your friends not to join W either.
#EU #europe #W #socialNetwork #identityVerification #surveillance #privacy #humanRights #democracy #data @lain https://lain.com/objects/aaa7d9d6-331b-4a59-aeda-b2badafc15c3
@aral thank you for speaking up! Also see @_elena's post: https://mastodon.social/@_elena/116537351402947996
-
@aral
You are missing rule 2: the server is untrustworthy. In networking any system can be malignant or hacked and become malignant. Assuming otherwise is failure in the waiting.(Rule 3: use open source and invite the world to find vulnerabilities)
@EregLoch @aral seems i need to make my argument explicit as youve clearly misunderstood
We know that the client is not guaranteed to be trustworthy from the perspective of the server. We assume that the identity verification is done on the client only as stated. Per this assumption that means that the result of the verification is sent back as some form of yes/no (coupled with a name to be matched on the server, in case of success) or similar, without any other data that would allow the verification to be repeated on the server being sent back. As the client may be untrustworthy, it may manipulate the verification process or just send back modified data from a recorded successful verification with the attackers preferred values. Therefore, we can conclude that it is trivially possible to create fake accounts unless the assumption is false.
Whether or not the server is trustworthy is irrelevant to this attack.
-
@EregLoch @aral seems i need to make my argument explicit as youve clearly misunderstood
We know that the client is not guaranteed to be trustworthy from the perspective of the server. We assume that the identity verification is done on the client only as stated. Per this assumption that means that the result of the verification is sent back as some form of yes/no (coupled with a name to be matched on the server, in case of success) or similar, without any other data that would allow the verification to be repeated on the server being sent back. As the client may be untrustworthy, it may manipulate the verification process or just send back modified data from a recorded successful verification with the attackers preferred values. Therefore, we can conclude that it is trivially possible to create fake accounts unless the assumption is false.
Whether or not the server is trustworthy is irrelevant to this attack.
@EregLoch If you have an actual counterargument (i.e. not another non sequitur) then now is the time to present it
-
Scan your passport to join our social network.
Don’t worry, it’s European.
Needless to say, unless you’re a complete and utter fool, do not join W and warn your friends not to join W either.
#EU #europe #W #socialNetwork #identityVerification #surveillance #privacy #humanRights #democracy #data @lain https://lain.com/objects/aaa7d9d6-331b-4a59-aeda-b2badafc15c3
-
@aral on a somewhat related note LinkedIn wants me to upload my ID to be able to close my account because I do not agree with uploading my ID to continue to use it… and you need an unblocked account to contact the DPO to exercise your rights which implies… uploading the ID. Kind of a catch-22
-
@aral on a somewhat related note LinkedIn wants me to upload my ID to be able to close my account because I do not agree with uploading my ID to continue to use it… and you need an unblocked account to contact the DPO to exercise your rights which implies… uploading the ID. Kind of a catch-22
-
@TimWardCam @freci Oh, I reported Twitter to the Irish DPO as they don’t actually delete accounts regardless.
Went nowhere.
CC @noybeu
-
R revengeday@corteximplant.com shared this topic
-
@Zeb@merovingian.club @lain You and your antisemitic account can fuck right off. Go! Shoo!
-
Scan your passport to join our social network.
Don’t worry, it’s European.
Needless to say, unless you’re a complete and utter fool, do not join W and warn your friends not to join W either.
#EU #europe #W #socialNetwork #identityVerification #surveillance #privacy #humanRights #democracy #data @lain https://lain.com/objects/aaa7d9d6-331b-4a59-aeda-b2badafc15c3
-
Scan your passport to join our social network.
Don’t worry, it’s European.
Needless to say, unless you’re a complete and utter fool, do not join W and warn your friends not to join W either.
#EU #europe #W #socialNetwork #identityVerification #surveillance #privacy #humanRights #democracy #data @lain https://lain.com/objects/aaa7d9d6-331b-4a59-aeda-b2badafc15c3
@aral
Look, this is what a modern scam for the good of the people should look like. 🤯
@lain @wraith#EU #europe #W #socialNetwork #identityVerification #surveillance #privacy #humanRights #democracy #data
-
@aral on a somewhat related note LinkedIn wants me to upload my ID to be able to close my account because I do not agree with uploading my ID to continue to use it… and you need an unblocked account to contact the DPO to exercise your rights which implies… uploading the ID. Kind of a catch-22
-
@TimWardCam @freci Oh, I reported Twitter to the Irish DPO as they don’t actually delete accounts regardless.
Went nowhere.
CC @noybeu
@aral @TimWardCam @freci @noybeu They don’t?
The bastards won’t let me see it! And they certainly don’t include it in search results!
-
@vonKordke @aral @lain thats right i dont actually care youve proven you’re not worth listening to heh
just trolling for the entertainment value now
@hsza @lain @aral @vonKordke why are you arguing with a troll lol
-
@hsza @lain @aral @vonKordke why are you arguing with a troll lol
-
-
@holdenweb @aral that’s intentional. There are various forms available to contact the customer service without being logged in but if you use an email address associated with a LinkedIn account they will redirect you to the FAQ instead of sending your question and if you use another email they will tell you they can’t do anything because they cannot confirm the account belongs to you. They apparently cannot just send a mail to verify your email address even though it’s apparently enough if you forgot your password.
-
@lennybacon @Julianoe @lain Well, Hitler did kill himself but I’m not sure if that counts.
-
@aral on a somewhat related note LinkedIn wants me to upload my ID to be able to close my account because I do not agree with uploading my ID to continue to use it… and you need an unblocked account to contact the DPO to exercise your rights which implies… uploading the ID. Kind of a catch-22
@freci @aral I had an issue like this once with PayPal. I'd made the account as a kid and when they found out, they locked it and told me to make a new one, but a bank account can only be tied to one PayPal account, so I needed to delete the old one. My account was so limited I couldn't delete it. Not only had to upload my ID, but their online chat literally always said it was outside business hours somehow so I had trouble getting anyone to come allow a deletion. What eventually worked was DMing them on Twitter. Was sorted out in under 24 hours. Of course I waited years before getting that desperate, so I'll probably always have a bit of a hatred for PayPal. -
Scan your passport to join our social network.
Don’t worry, it’s European.
Needless to say, unless you’re a complete and utter fool, do not join W and warn your friends not to join W either.
#EU #europe #W #socialNetwork #identityVerification #surveillance #privacy #humanRights #democracy #data @lain https://lain.com/objects/aaa7d9d6-331b-4a59-aeda-b2badafc15c3
