That’s why audits exist
giacomo@lemmy.dbzer0.com 14 hours ago
oh dude, they promised to be privacy friendly! maybe I’m just to american to believe in promises.
Vinstaal0@feddit.nl 9 hours ago
Bloomcole@lemmy.world 9 hours ago
The EU is almost just as bad, I know the bar is high compared to the US, but still.
Honytawk@feddit.nl 7 hours ago
There are tons of things the EU is doing well, dude.
From resisting the technocapitalist rethoric of the US, to standing up against imperial bullies like Russia.
I’m not saying it is perfect, nothing is. But sometimes it feels like the EU is the only reasonable beacon in a sea of corruption.
Bloomcole@lemmy.world 7 hours ago
LOL ‘dude’
The EU just bent over to get fucked by US tarrifs.
They shouldn’t worry about Russia as much as they should about US imperialism that causes all the trouble.
But these sell outs will gladly suffer as good obedient vasals. 🤡qweertz@programming.dev 7 hours ago
The EU only cares about blocking the private sector from getting their citizen’s data. They actively harm privacy when it’s about government access
AwesomeLowlander@sh.itjust.works 14 hours ago
You don’t have to trust them any more than you trust your local Starbucks WiFi. We’re at the point where your traffic should no longer be vulnerable just because you’re on the wrong WiFi network.
prole@lemmy.blahaj.zone 1 hour ago
I don’t really trust that either
AwesomeLowlander@sh.itjust.works 15 minutes ago
That’s the point, you don’t have to. The system works on the assumption that the AP is untrusted.
PlexSheep@infosec.pub 7 hours ago
Been that way since https became common
hisao@ani.social 1 hour ago
How do we know intelligence agencies are not in collusion with certificate authorities though? What if they actually have access to ROOT CA private keys and can just automatically strip https from most of the traffic in their mass surveillance software? This is something I found with a very quick search: en.wikipedia.org/wiki/DigiNotar
8fingerlouie@sh.itjust.works 9 hours ago
My traffic is not vulnerable, but my device might be.
When you connect to public WiFi, you also share it with others, and maybe someone on that network wants to test out their new hacker skills ?
Maybe not as much of a problem for phones, but that juicy developer laptop running unauthenticated MongoDB with a dump of the production database… yup, that now “mine”.
Ideally all those services should be listening on 127.0.0.1 / ::1, but everybody makes mistakes. Maybe the service comes preconfigured to listen on 0.0.0.0.
loudwhisper@infosec.pub 3 hours ago
Someone runs MongoDB unauthenticated, bound on 0.0.0.0 with production data, on a computer without a VPN, and the problem is the WiFi?
Like I get what you are saying, but this sounds like saying that we should ban speedbumps because imagine there is a guy with a loaded gun pointed at a kid with no safe, finger on the trigger, and high on coke, if the car hits the speedbump the toddler is gone. Yeah, but I would hardly say the speedump is the same.
Honytawk@feddit.nl 7 hours ago
Just keep your firewall set to public network and you will most likely be fine.
8fingerlouie@sh.itjust.works 7 hours ago
Again, people make mistakes, so they may think the firewall is on, but that one time 3 weeks ago when they were debugging something and they turned off the firewall for it, yeah, we never got around to enabling it again.
Also, my home network is a lot more secure by default than shared public WiFi. At home I have decent control over who and what connects. Sure, people could in theory crack my WiFi password, but the risk of that is low compared to sitting on public WiFi.
shalafi@lemmy.world 11 hours ago
I feel like the OP you’re responding to. Explain how I should be comfortable? The idea creeps me out, but I admit I haven’t delved into security for a few years.
neukenindekeuken@sh.itjust.works 4 hours ago
Every site uses HTTPS which encrypts your data in transit. Even if they sniff the packets, they would spend literal decades trying to decrypt it.
Just be wary of visiting sites or sending traffic not over HTTPS. Its rare, but it does happen.
Ontimp@feddit.org 2 hours ago
What the others said. If you want a practical example of this working, have a look at eduroam. It’s the joint WiFi of all European universities and I cannot recall that there ever were any privacy issues.
AwesomeLowlander@sh.itjust.works 10 hours ago
You don’t HAVE to be comfortable. But if you use any sort of public WiFi, this is no riskier than any of those networks. They can grab some metadata unless you use a VPN, but likely less than what your ISP already has on you anyway. Basically, there’s no reason this should be putting up any major red flags. We’re past the days when a malicious access point could MitM most connections due to lack of encryption.