𝒍𝒆𝒎𝒂𝒏𝒏

Hey 👋 I’m Lemann

I like tech, bicycles, and nature.

Dancing Parrot wearing sunglasses

  • 2 Posts
  • 424 Comments
Joined 1 year ago
cake
Cake day: June 6th, 2023

help-circle
  • Flash drive hidden under the carpet and connected via a USB extension, holding the decryption keys - threat model is a robber making off with the hard drives and gear, where the data just needs to be useless or inaccessible to others.

    There’s a script in the initramfs which looks for the flash drive, and passes the decryption key on it to cryptsetup, which then kicks off the rest of the boot mounting the filesystems underneath the luks

    I could technically remove the flash drive after boot as the system is on a UPS, but I like the ability to reboot remotely without too much hassle.

    What I’d like to do in future would be to implement something more robust with a hardware device requiring 2FA. I’m not familiar with low level hardware security at all though, so the current setup will do fine for the time being!






  • It’s not natively supported by the base RCS standard, in the section at the end of the paper in the section titled “Third Party RCS Clients” Google explains that they’ve built the e2ee their Messages app themselves, (on top of standard RCS).

    A developer has to use Google’s implementation specifically in order to send and recieve e2ee messages to Google’s Messages app (and Samsung Messages who also implemented this recently)

    Although the e2ee implementation is using the Signal protocol under the hood, it’s for message content only - this is what is transmitted in cleartext (taken from the paper)

    • Phone numbers of senders and recipients
    • Timestamps of the messages
    • IP addresses or other connection information
    • Sender and recipient’s mobile carriers
    • SIP, MSRP, or CPIM headers, such as User-Agent strings which may contain device manufacturers and models
    • Whether the message has an attachment
    • The URL on content server where the attachment is stored
    • Approximated size of messages, or exact size of attachments

    Without using this implementation of the Signal protocol on top of RCS, the message will deliver to the contact’s phone, but shows up as unencrypted garbled text

    That is a very useful resource though, never knew there was a paper available on the implementation. Saving 😁









  • Edit: sorry, I may have misunderstood your post - free email != email masking.

    My original post below…


    Curious why you consider email address masking services as for those with “drastic anonymity” requirements?

    I personally don’t think so: they are pretty much just a digital P.O. box, and are typically not anonymous in any way (subpoena/court order to the provider). They are built-in to Firefox too, it will automatically create new ones OOTB as you sign up on websites, if you click the autofill.

    They are however IMO one effective tool out of many to restrict the ability of data brokers and hacking groups (aggregated breach datasets) alike from making money from your online presence without your consent.

    In almost all cases this data is freely searchable for law enforcement and private investigators, allowing them to avoid going through the legal system to investigate and possibly detain you for things you’re not guilty of