InfoSec Handbook – AMA event:

Beginning tomorrow, we host our first “Ask Me Anything” (AMA) event. The rules are simple: Ask us anything; don’t be afraid to ask.

– Start: Monday, July 13
– End: Thursday, July 23
– What can I ask? “Anything.” However, a focus on information security is appreciated.
– Where can I ask?: E-mail us or ask in the Fediverse.
– Who answers my questions?: Jakub and Benjamin.

You can already ask questions! 👍

@infosechandbook Should I avoid encrypted cloud services/storage? E.g. Luckycloud, Tresorit and so on...!


If you trust these parties, there is no reason to avoid them.

If you don't trust their encryption, you can still encrypt your data offline before uploading and decrypt it offline after downloading. This should keep your data secure even if the service is compromised. (Of course, there may be other data in cleartext like metadata or user data; e.g., the username of your account.)

@infosechandbook Should I start setting Feature-Policy/Permissions-Policy headers now or wait for the spec to stabilise?


There is no reason for setting the (new) Permissions Policy since no web browser supports it.

Setting the (old) Feature Policy is also not recommended since there is only experimental support that differs from browser to browser (see

Sign in to participate in the conversation – a Fediverse instance for & by the Chaos community