Login

Recent searches

No recent searches

Search options

Only available when logged in.
mastodon.ar.al is one of the many independent Mastodon servers you can use to participate in the fediverse.
This is my personal fediverse server.

Administered by:

Server stats:

1
active users

mastodon.ar.al: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.8

Aral Balkan

Security isn’t about protecting everything from everything. It’s knowing what you’re protecting from what (and what you’re not protecting). That’s why we use threat models.

An analogy: you don’t protect food from the environment; you protect different types of food from different factors of the environment. You might design a heat lamp to protect the freshness of your dinner but a freezer for your ice cream. What you don’t do is design a heat lamp and assume it’ll protect your ice cream also.

Feb 18, 2019, 08:59 AM·Public·Web
26boosts·28favorites
Public
b9AcE 🐊

@aral ...and if one, in your analogy, tries to protect everything from everything, one ends up with a heat lamp in the freezer, keeping everything tepid,
which is pretty much the worst case scenario.

Public
Franz Geffke

@aral spoken like a true politician, with a matching, completely unrelated comparison, that's supposed to conclude the argument.

What threads do we (our phones) face? Physical theft; digital theft? Have you ever considered that over 50% of the world population, live under oppressive governments, that have all resources, to access your phone?

Not to mention that most of these tools, find their way online - so even if I can't access your stuff today, I'll likely tomorrow.

Public
Franz Geffke

@aral so instead of hailing a $1200 device as more secure (which by the way, some 25% of the world population cannot afford in a lifetime); we should instead raise awareness of howto better protect yourself; or at least, be more aware what happens with your data - and maybe, not to trust your phone to keep it "safe" for you.

So yeah, maybe for an API, you can create a "thread model"; but with our phones, this is a completely different issue.

Public
Aral Balkan

@franz Yep, I’m a politican, Franz. You really managed to capture my essence. Congratulations, man. As you were…

Public
written in heart signs, faintly
@franz @aral

it’s difficult. the tech holon at heropunch.io is taking a holistic approach to user security starting at the hardware all of the way through to the os and application layers. it’ll be a minute before we are ready for production, but our tech will be the safest shit you can make/buy.
Public
Franz Geffke

@xj9 @aral user friendly, safest shit? I'm curious either way!

Public
bhaugen

@aral

Do you know of any threat models for anything in the fediverse?

Public
Aral Balkan

@bhaugen On the fediverse, in its current incarnation at least (if we’re talking about ActivityPub), there is no expectation of privacy. Everything is public. I don’t know if there’s a formal threat model of ActivityPub in the spec (it’s been a while since I looked at it).

Public
bhaugen

@aral
I don't see any mention of "threat" in the spec. But I assume you know that @cwebber is working on AP-related code that is aimed partly (but not only) at privacy: gitlab.com/spritely/golem/blob

Threat model? Sorta informal, list of problems...

GitLabREADME.org · master · spritely / golem · GitLabGolem is a demonstration of how to distribute content over ActivityPub securely over peer to peer networks.
ExploreLive feeds
About