Shamar @Shamar@qoto.org

@wim_v12e@octodon.social

BB encoding.

@alice

@wim_v12e@octodon.social

I'd like to read such blog.
I like the idea a lot in particular because it does NOT play well with typeclasses.

BTW, you should also add an example of interpretation.

@alice

Crazy web service idea of the week.

GET /$HASH_OF_URL
return the hashes of the contents followed by first recorded timestamp. One per line.

POST /add?$URL
queue the hashing of URL's content (it will be executed sometime in the future)

@yarmo

Actually a clear separation between encryption&signing on one side and identity management in the other would allow to separate packaging, deployment and upgrade.

For example you could install the browser-only system on a server that do not provide any serverside scripting.

This would reduce the attack surface both for the server and for the visitor.

It's not safe(TM) anyway, but it could be useful in some self-hosted system.

@yarmo

Fine thanks!

A question: did you consider to separate the crypto functionality that can be executed in the browser and the identity related ones in two different applications?

While I don't like crypto done in Javascript, I think a clear separation of concerns would reduce the attack surface.

@yarmo

Interesting tool, good for self-hosting.

Where does cryptography happen? On the browser or on the server?

@michi@social.tchncs.de

I'll dive deeper into the Play Services thing. Actually I know about the advertising ID and routinarily change it (but I'd like an App that change it once an hour... i looked to write it myself but apparently I can't find the proper Android's API to use).

As for the Tor Browser's plugin, I'd say it doesn't take #uMatrix into account.
It prevents third parties HTTP requests to be sent, so there's nothing to anonymize.

@icedquinn

Didn't know... thanks!

@ademalsasa @alcinnz @Nixfreak

@icedquinn

Uhm... good point!

Actually I did not think about them... but do they enable smartphones to use an ethernet connection?

@ademalsasa @alcinnz @Nixfreak

@tobtobxx

That was the original plan, but I thought: let's try something anybody can do without voiding the warranty.

So far I only had to download one apk from apkmirror (printer driver) and I double checked SHA-256 from several sources.

Ultimately everything is fine.

Which is very interesting: it's a very simple way to avoid #SurveillanceCapitalism that does NOT require much technical knowledge once you know how to do it.

@aral

Is it compatible with #uMatrix too, right?