After major security vulnerabilities or data breaches, "security people" show up and tell you to delete your account immediately. "Oh, time to delete your account! Switch to service/product … instead!"

Such statements totally ignore that security vulnerabilities are widespread and the vast majority of data breaches won't become publicly-known. Full control over your data and devices requires 100% isolation from the internet, not just arbitrarily switching services or products.

#infosec

@infosechandbook yeah, rather then pointing at what people should use, we are better of educating people why one would want to use a service or why not.

Follow

@blacklight447 @infosechandbook teach people that everything they store might end up in public. Do not store unnecessary data no matter what platform or technologically you use.

@Bobo_PK @blacklight447 @infosechandbook

The internet is not safe, and will never be made safe. Anything you make accessible to the internet will be used against you.

@Bobo_PK @blacklight447 @infosechandbook Even encrypted data with proved secure ways? Like gpg encrypted with a asymmetric key?

@sam

You can accidentally leak your private GPG key, or the endpoints of end-to-end encryption can be compromised. GPG also offers no perfect forward secrecy. An attacker can just record encrypted data, and may have the ability to decrypt everything in future.

As @Bobo_PK suggested, cryptographic algorithms change over time. Years ago, DES was considered secure …

@blacklight447

Sign in to participate in the conversation
chaos.social

chaos.social - because anarchy is much more fun with friends.
chaos.social is a small Mastodon instance for and by the Chaos community surrounding the Chaos Computer Club. We provide a small community space - Be excellent to each other, and have a look at what that means around here.
Follow @ordnung for low-traffic instance-related updates.
The primary instance languages are German and English.