Skip Navigation

User banner

Arthur Besse

@ cypherpunks @lemmy.ml

Posts
645
Comments
1186
Joined
4 yr. ago

cultural reviewer and dabbler in stylistic premonitions

  • For glory

    Jump

  • One could wake up at 8am and watch both seasons of TAS, and still have time for a full season of LD before midnight.

  • For glory

    Jump

  • Star Trek: Picard consisting of three seasons of 10 episodes each:

  • YSK: There are hundreds of monuments around the world to people who abetted or took part in the murder of Jews and others during the Holocaust

    Jump

  • Everything's fine. Nothing to see here.

    Jump

  • Whoever implementsed this agents without proper oversight needs to be fired.

  • Well. That escalated quickly

    Jump

  • Idk it works for me.

    I don't think there is any possible value for the sign variable which would make that if statement do anything other than raise a TypeError.

    Also "8:00:00" > "10:00:00"

    but "08:00:00" < "10:00:00". comparing timestamps as strings is weird but actually works, as long as the hour is zero-padded :)

    the problem with this code is that & (bitwise AND) has higher operator precedence than > and == do, so it is first trying to bitwise AND "10:00:00" with sign (which i'm assuming would also be a string) and that will always raise a TypeError.

    to do what the author appears to have intended to do, they would either need use parenthesis around both comparisons to actually bitwise AND their results, or (better) to use the boolean AND operator (and) instead of &.

    The boolean and operator is the right tool for the job, and since it is lower precedence it also wouldn't require that any parenthesis be added here.

  • Every year

    Jump

  • don't trust anyone over 30 0x30

    don't trust anyone over 3020

    (that's vigesimal notation, btw)

  • Well. That escalated quickly

    Jump

  • TypeError: unsupported operand type(s) for &: 'str' and 'str'

  • With great power...ignorance is bliss?

    Jump

  • A gentle visual critique of Blueman, from a UX design perspective

    Jump

  • 💯

    hopefully a FOSS organization will hire the person who made this

  • With great power...ignorance is bliss?

    Jump

  • Reputable news source “GLOBAL FACTZ”

    😂

    Fwiw, before reposting this meme, I actually checked to make sure that the underlying "weird news" story here was not solely reported by random clickbait fake news sites but was also covered by an actual news organization.

  • Best apps for private messaging

    Jump

  • So in summary. You’re right. Sealed sender is not a great solution. But

    Thanks :)

    But, I still maintain it is entirely useless - its only actual use is to give users the false impression that the server is unable to learn the social graph. It is 100% snake oil.

    it is a mitigation for the period where those messages are being accepted.

    It sounds like you're assuming that, prior to sealed sender, they were actually storing the server-visible sender information rather than immediately discarding it after using it to authenticate the sender? They've always said that they weren't doing that, but, if they were, they could have simply stopped storing that information rather than inventing their "sealed sender" cryptographic construction.

    To recap: Sealed sender ostensibly exists specifically to allow the server to verify the sender's permission to send without needing to know the sender identity. It isn't about what is being stored (as they could simply not store the sender information), it is about what is being sent. As far as I can tell it only makes any sense if one imagines that a malicious server somehow would not simply infer the senders' identities from their (obviously already identified) receiver connections from the same IPs.

  • Best apps for private messaging

    Jump

  • Sure. If a state serves a subpoena to gather logs for metadata analysis, sealed sender will prevent associating senders to receivers, making this task very difficult.

    Pre sealed-sender they already claimed not to keep metadata logs, so, complying with such a subpoena^[it would more likely be an NSL or some other legal instrument rather than a subpoena] should already have required them to change the behavior of their server software.

    If a state wanted to order them to add metadata logging in a non-sealed-sender world, wouldn't they also probably ask them to log IPs for all client-server interactions (which would enable breaking sealed-sender through a trivial correlation)?

    Note that defeating sealed sender doesn't require any kind of high-resolution timing or costly analysis; with an adversary-controlled server (eg, one where a state adversary has compelled the operator to alter the server's behavior via a National Security Letter or something) it is easy to simply record the IP which sent each "sealed" message and also record which account(s) are checked from which IPs at all times.

  • Best apps for private messaging

    Jump

  • sealed sender isn’t theater, in my view. It is a best effort attempt to mitigate one potential threat

    But, what is the potential threat which is mitigated by sealed sender? Can you describe a specific attack scenario (eg, what are the attacker's goals, and what capabilities do you assume the attacker has) which would be possible if Signal didn't have sealed sender but which is no longer possible because sealed sender exists?

  • Best apps for private messaging

    Jump

  • In case it wasn't clear, I'm certainly not advocating for using WhatsApp or any other proprietary, centralized, or Facebook-operated communication systems 😂

    But I do think Facebook probably really actually isn't exploiting the content of the vast majority of whatsapp traffic (even if they do turn out to be able to exploit it for any specific users at any time, which i wouldn't be surprised by).

  • Best apps for private messaging

    Jump

  • "Anonymity" is a vague term which you introduced to this discussion; I'm talking about metadata privacy which is a much clearer concept.

    TLS cannot prevent an observer from seeing the source and destination IPs, but it does include some actually-useful metadata mitigations such as Encrypted Client Hello, which encrypts (among other things) the Server Name Indicator. ECH a very mild mitigation, since the source and destination IPs are intrinsically out of scope for protection by TLS, but unlike Sealed Sender it is not an entirely theatrical use of cryptography: it does actually prevent an on-path observer from learning the server hostname (at least, if used alongside some DNS privacy system).

    The on path part is also an important detail here: the entire world's encrypted TLS traffic is not observable from a single choke point the way that the entire world's Signal traffic is.

  • Best apps for private messaging

    Jump

  • Many people have reverse-engineered and analyzed whatsapp; it's clear that they are actually doing e2ee. It is not certain that they don't have ways to bypass it for targeted users, and there is currently a lawsuit alleging that they do, but afaik no evidence has been presented yet.

  • Best apps for private messaging

    Jump

  • Signal protocol is awesome for privacy, not anonymity

    The "privacy, not anonymity" dichotomy is some weird meme that I've seen spreading in privacy discourse in the last few years. Why would you not care about metadata privacy if you care about privacy?

    Signal is not awesome for metadata privacy, and metadata is the most valuable data for governments and corporations alike. Why do you think Facebook enabled e2ee after they bought WhatsApp? They bought it for the metadata, not the message content.

    Signal pretends to mitigate the problem it created by using phone numbers and centralizing everyone's metadata on AWS, but if you think about it for just a moment (see linked comment) the cryptography they use for that doesn't actually negate its users' total reliance on the server being honest and following their stated policies.

    Signal is a treasure-trove of metadata of activists and other privacy-seeking people, and the fact that they invented and advertise their "sealed-sender" nonsense to pretend to blind themselves to it is an indicator that this data is actually being exploited: Signal doth protest too much, so to speak.

  • Best apps for private messaging

    Jump

  • 100% of options funded by western governments

    One of their four, SimpleX, is not funded by western governments (...but it instead has some venture capital 🤡)

  • i'm a hardliner

    Jump

  • a wifi access point that gets online via a cellular network is called a mobile hotspot, regardless of if it's running on a phone or a dedicated router device

  • Cybersecurity @sh.itjust.works
    Arthur Besse @lemmy.ml

    Bluetooth Headphone Jacking: A Key to Your Phone

    media.ccc.de /v/39c3-bluetooth-headphone-jacking-a-key-to-your-phone
  • World News @lemmy.world
    Arthur Besse @lemmy.ml

    NATO could end if US takes over Greenland — Danish PM

    www.dw.com /en/nato-could-end-if-us-takes-over-greenland-danish-pm/a-75401270
  • World News @lemmy.ml
    Arthur Besse @lemmy.ml

    NATO could end if US takes over Greenland — Danish PM

    www.dw.com /en/nato-could-end-if-us-takes-over-greenland-danish-pm/a-75401270
  • World News @lemmy.ml
    Arthur Besse @lemmy.ml

    Venezuelan Military reaffirms loyalty to Acting President Delcy Rodriguez

    www.telesurenglish.net /venezuelan-military-loyalty-rodriguez/
  • Late Stage Capitalism @lemmygrad.ml
    Arthur Besse @lemmy.ml

    Private equity acquired more than 500 autism centers over the past decade, new study shows

    medicalxpress.com /news/2026-01-private-equity-autism-centers-decade.html
  • United States | News & Politics @lemmy.ml
    Arthur Besse @lemmy.ml

    In latest indictment, DoJ has dropped its claim that Venezuela’s "Cartel de los Soles" is an actual group. (Bonus: that name originated from one of the CIA's cocaine smuggling operations in the 90s)

  • Chapotraphouse @hexbear.net
    Arthur Besse @lemmy.ml

    In latest indictment, DoJ has dropped its claim that Venezuela’s "Cartel de los Soles" is an actual group. (Bonus: that name originated from one of the CIA's cocaine smuggling operations in the 90s)

  • World News @lemmy.ml
    Arthur Besse @lemmy.ml

    Maduro: I'm innocent, I am still the president of Venezuela

    www.plenglish.com /news/2026/01/05/maduro-im-innocent-i-am-still-the-president-of-venezuela/
  • You Should Know @lemmy.world
    Arthur Besse @lemmy.ml

    YSK: TeleSUR (a TV network sponsored by the governments of Venezuela, Cuba, and Nicaragua) has an English-language live stream which you can watch on youtube

  • Fuck AI @lemmy.world
    Arthur Besse @lemmy.ml

    OpenAI's transcription tool ("Whisper") hallucinates more than any other, experts say—but hospitals keep using it (2024)

    fortune.com /2024/10/26/openai-transcription-tool-whisper-hallucination-rate-ai-tools-hospitals-patients-doctors/
  • videos @hexbear.net
    Arthur Besse @lemmy.ml

    Debunking John Oliver's Venezuela Episode

  • music @hexbear.net
    Arthur Besse @lemmy.ml

    Es nuestra América - Mayito Rivera, Alexander José Gil y Akilin (w/ english subtitles)

  • World News @lemmy.world
    Arthur Besse @lemmy.ml

    U.S. Kidnaps Maduro, Trump Says “We Are Going to Run” Country (Democracy Now Special Report)

    www.democracynow.org /2026/1/3/us_attacks_venezuela_in_large_scale
  • World News @lemmy.ml
    Arthur Besse @lemmy.ml

    U.S. Kidnaps Maduro, Trump Says “We Are Going to Run” Country (Democracy Now Special Report)

    www.democracynow.org /2026/1/3/special_report_on_venezuela_us_kidnaps
  • Fuck AI @lemmy.world
    Arthur Besse @lemmy.ml

    Capitalism will not automate itself out of existence.

    web.archive.org /web/20170212214341/http://www.dmytri.info/capital-doesnt-automate-it-entangles/
  • Fuck AI @lemmy.world
    Arthur Besse @lemmy.ml

    I don't care how well your "AI" works - fiona fokus

    fokus.cool /2025/11/25/i-dont-care-how-well-your-ai-works.html
  • History @hexbear.net
    Arthur Besse @lemmy.ml

    Govan Mbeki was an activist–intellectual whose lifelong commitment to African nationalism and Marxism shaped South Africa’s liberation struggle.

    progressive.international /wire/2025-12-26-govan-mbeki-was-a-brilliant-pioneer-of-african-marxism/en
  • A Boring Dystopia @lemmy.world
    Arthur Besse @lemmy.ml

    ‘It’s surreal’: US sanctions lock International Criminal Court judge out of daily life

    www.irishtimes.com /world/us/2025/12/12/its-surreal-us-sanctions-lock-international-criminal-court-judge-out-of-daily-life/
  • World News @lemmy.ml
    Arthur Besse @lemmy.ml

    ‘It’s surreal’: US sanctions lock International Criminal Court judge out of daily life

    www.irishtimes.com /world/us/2025/12/12/its-surreal-us-sanctions-lock-international-criminal-court-judge-out-of-daily-life/
  • Privacy @lemmy.ml
    Arthur Besse @lemmy.ml

    Anyone can track WhatsApp and Signal users' activity, knowing only their phone number: "Careless Whisper: Exploiting Silent Delivery Receipts to Monitor Users on Mobile Instant Messengers"

    arxiv.org /abs/2411.11194