Natanael

@Natanael@infosec.pub

This is a remote user, information on this page may be incomplete. View at Source ↗

⁨Comment⁩ on ⁨Google’s ‘Secret’ Update Scans All Your Photos⁩ ⁨⁨2⁩ ⁨days⁩ ago⁩:
The scaling attack specifically can make a photo sent to you look innocent to you and malicious to the reviewer, see the link above
⁨Comment⁩ on ⁨Google’s ‘Secret’ Update Scans All Your Photos⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
Yeah so here’s the next problem - downscaling attacks exists against those algorithms too.

scaling-attacks.net
⁨Comment⁩ on ⁨Google’s ‘Secret’ Update Scans All Your Photos⁩ ⁨⁨3⁩ ⁨days⁩ ago⁩:
Apple had it report suspected matches, rather than warning locally
⁨Comment⁩ on ⁨Scientists move to Bluesky, transitioning away from X and Meta platforms⁩ ⁨⁨6⁩ ⁨days⁩ ago⁩:
github.com/bluesky-social/atproto/tree/…/bsky

The old design was built to scale to a few million users. The new backend is revised to handle ~hundreds of millions. They’ll releasing bits and pieces at a time.
⁨Comment⁩ on ⁨Scientists move to Bluesky, transitioning away from X and Meta platforms⁩ ⁨⁨6⁩ ⁨days⁩ ago⁩:
Sure, but the openness of the protocols, especially the portability of accounts, makes it hard for them to push negative changes on users.
⁨Comment⁩ on ⁨John Oliver promoted alternatives to big tech in last night's episode, including Mastodon and Pixelfed⁩ ⁨⁨6⁩ ⁨days⁩ ago⁩:
Bridgy started without that requirement and it pissed off too many Mastodonians so they reworked it
⁨Comment⁩ on ⁨Scientists move to Bluesky, transitioning away from X and Meta platforms⁩ ⁨⁨6⁩ ⁨days⁩ ago⁩:
Bluesky is a public benefit corporation. That’s very different from for profit
⁨Comment⁩ on ⁨Scientists move to Bluesky, transitioning away from X and Meta platforms⁩ ⁨⁨6⁩ ⁨days⁩ ago⁩:
3rd party moderation tools already exists, using the same API as the official moderation system, available to subscribe to even directly in the official app. If you don’t want bluesky’s moderation decisions enforced, you can run a different client which don’t apply the bluesky labels (or if the bluesky appview blocks something entirely, you can circumvent that and retrieve it directly from that user’s PDS)

is specifically not clarified to leave open the possibility for monetization such as forcing as on users

What

The network is specifically designed around portability and content addressing so they can’t lock you in

it would never be a useful alternative to the Official Bubble maintained by the Bluesky corporation that you must submit to or be left out in the cold interacting with users only on alternate, small personal networks.

There are already plenty of people running their own self hosted PDS servers to host their account, talking to the rest of the bluesky users, using 3rd party moderation filters and 3rd party clients, with 3rd party feed generators to view stuff like topic specific feeds

Also there’s bridgy so you can talk across Mastodon / bluesky by letting bridgy mirror posts and replies between the two networks
⁨Comment⁩ on ⁨John Oliver promoted alternatives to big tech in last night's episode, including Mastodon and Pixelfed⁩ ⁨⁨6⁩ ⁨days⁩ ago⁩:
Have you heard of bridgy?
⁨Comment⁩ on ⁨Scientists move to Bluesky, transitioning away from X and Meta platforms⁩ ⁨⁨6⁩ ⁨days⁩ ago⁩:
Bluesky is open source though
⁨Comment⁩ on ⁨nuked from orbit⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
As long as these types pay attention to what the scientists tell them and explain it to others accurately, they’re helpful
⁨Comment⁩ on ⁨Community creation question⁩ ⁨⁨1⁩ ⁨week⁩ ago⁩:
Jerry passed me control of !crypto@infosec.pub already, started posting to it to get it started
⁨Comment⁩ on ⁨Community creation question⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
… Does it not have access right control? The FAQ doesn’t describe any delegation
⁨Comment⁩ on ⁨Community creation question⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Great!
⁨Comment⁩ on ⁨Community creation question⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
I’ll see what I can do. Don’t have hosting ready for anything automated though.
⁨Comment⁩ on ⁨Community creation question⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Separate question, is there any automoderator equivalent around here?
⁨Comment⁩ on ⁨Community creation question⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
So the new account only sees posts less than a year old, but this account (also on the very same host!) sees that plus older posts 🤷
⁨Comment⁩ on ⁨Community creation question⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
infosec.pub/post/23658227

No way from admin tooling to do it?
⁨Comment⁩ on ⁨hexbear.net comically loses its domain name⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
The postage stamp asked strangers to lick its behind!
⁨Comment⁩ on ⁨Community creation question⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Just made a registration - same username over here as my moderator’s flair over on my reddit account, haha (trusted third party)
⁨Comment⁩ on ⁨Community creation question⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Fine by me if you prefer it that way
⁨Comment⁩ on ⁨Community creation question⁩ ⁨⁨2⁩ ⁨weeks⁩ ago⁩:
Just checked who the existing mod is, and I recognize the handle @SqueamishOssifrage@infosec.pub from reddit (although they haven’t been active in either place recently)

Like I said, wouldn’t just want to suddenly kick out existing mods, although they don’t seem to be around so 🤷
⁨Comment⁩ on ⁨Community creation question⁩ ⁨⁨4⁩ ⁨weeks⁩ ago⁩:
Way ahead of you, our reddit forum mentions the difference in every single place we can put a custom text
Community creation question
Submitted ⁨⁨4⁩ ⁨weeks⁩ ago⁩ to ⁨infosecpub@infosec.pub⁩ | ⁨24⁩ ⁨comments⁩