In today's episode of "Can It Run Doom": DNS fucking TXT records.

@k3ym0 "Bonus: this is a fully functional globally-distributed covert data exfil channel that your NGFW will never fucking see if you're not doing deep DNS inspection. Sleep well."

Doesn't work anymore for a decade. Most serious companies don't allow DNS queries to servers outside of their network. The only endpoints allowed to do that are the corporate internal DNS.
With DoH I'm also not sure that will work because of the corporate web proxy.

To make data exfiltrations there are so many easy ways to do so ... Why spending time to make something over DNS when you can simply upload the files or exploit USB keys, it's not hard to bypass FW and EDR policies.

@gardencourt Please, don't forget to put on your corset !

@lumi @dalias He also doesn't understand what legislation is too. This is against GPDR.

@rebane2001 Feels like I've made the right choice to connect a selfhosted matrix bridge to my discord account last year.

@taylorlorenz I've actually though of how to describe Mastodon in a short way to non techi-people, while keeping in mind what prevented me to join any federated network before.

The whole point of Mastodon is to put back controls of their social networks to the users. That means it's not design around advertisements and unknown way to select content for you. Instead people run servers around given thematics. There is no need to have algorithms which choose for you content you might be interrested for, instead you find a server which have a community around the same interrests or localisation, and your local timeline will be filled of content from people of the same server, which have the same interrests.
But as it's federated, nothing prevent you to read content from other users. Because an account creation is easy, you can also have alt-accounts to discover other communities, and follow people from there on you main account. Most of the Mastodon apps can manage multiple accounts.