Melody Fwygon

Now we wait for someone to build an absolutely wonderful chat app on top of this wonderful bit of PoC code…

I genuinely hope someone does. Imagine what this could do if this was routed over Tor using Private Services.

Run this over that; and you’d have a bullet-proof text chat. Wrap a nice GUI client around all of that and you have a proper secure, anonymous messenger with no problems. With a little more build-out; you could even implement the Matrix protocol over this wire-line and basically have full inter-federation and moderation over a secure wire protocol; allowing for complete privacy and client integration.

TL;DR: Matrix over PQChat over Tor. Think about it. A Post-Quantum Dark-Matrix web.

Can it? Maybe. It’s not impossible; but it isn’t practical and most ISPs limit their shenanigans to grabbing your unencrypted DNS requests.

Will it? Probably no; aside from the previously mentioned DNS redirections; they’re not interested in most people’s packets, only in how many they deliver.

Should you care? I won’t tell you not to take precaution, but I do urge you to consider your threat model carefully and consider the tradeoffs. When Security & Privacy goes up, Convenience and Functionality WILL go down. Balance your needs. Don’t put yourself in a state of Privacy fatigue.

Are there easy fixes? Maybe. I think a VPN or using Tor would solve your concerns here anyways; it’s not required that your modem be running OSS that you can control. If you can achieve it; that’s still good for you; but it’s not something to be sweating if your modem isn’t capable and your invasive ISP is the only effective option.

(As if spoken by the King to Simba:)

Rust: Everything from the bottom of this cliff to the acacia tree there is ours. Make sure you ask permission before you take something, take nothing you are not permitted to take. We don’t go beyond that tree; and if you even think about the elephant graveyard beyond it; I’ll kill you myself.

C: Everything the sun touches is yours. I caution you to not venture into the shadows; but I will not stop you, for you are a king, and nothing a king can do is unnecessary if it is for his people.

I think there’s a problem with the ‘C only’ devs refusing to be accomodating to the Rust developers. Instead of being stubborn; why not provide them what is needed and help the Rust team learn how to maintain what is needed themselves?

None of the reasons I’ve seen mentioned are legitimate reasons for refusing to at least help them a few times, and helping them to learn how to do the onerous task themselves so they can keep it off the main plate for too long.

C devs do not need to learn Rust to provide critical information; they need only be present and cooperative with Rust devs to help them find, convert, and localize data structures for Rust use. They can stand to sit and pair code with their Rust Dev counterparts long enough to teach a Rust Dev counterpart how and what they need to look for in C code. It’s not that big of an ask, and it’s not something that really is a large ask. Provide the bindings for a short period of time, and work on training a team of Rust Devs to maintain the bindings.

That way both sides are stepping up to meet the others and the data isn’t being sat on by the C-only Devs.

Typically, using your own VPN should suffice. Depending on your situation you can do other things as well. If you are unable to download these tools on the school network in question; do not attempt to do so again. Use a public or other network connection elsewhere to obtain the tools you need to bypass their crap.

For example, NextDNS could be helpful. By running their client app; ( https://github.com/nextdns/nextdns/wiki/Windows ) you can make sure all your DNS requests are encrypted. Similarly you could simply set up a local DNS server that you point Windows at which can redirect those requests over DNS-Over-(HTTPS or TLS) to a DNS provider of your choosing.

Your argument is irrelevant.

Don’t they, err, already do this?

No, They don’t. They have stolen that initial choice from you by paying companies to be the “default” choice. They do this to capture those who are lazy or indolent about their choices, or to entrap those who are too un-savvy to change the preference.

Even if the punishment is largely symbolic and Google only pays a tiny (compared to it’s massive size) fine; I’d still call that a significant win.

• Google can be REQUIRED to give users A CHOICE of Search Engines.
• Google can be FORBIDDEN from giving their OWN ENGINE an advantage in search results or advertising
• Google can be FORCED to ALLOW THIRD PARTIES access to the SAME APIs used in Chrome and Chromium.
• Google can be FORBIDDEN from BLOCKING THIRD PARTY FRONTENDS from using Google Search, Youtube and more.

I use SimpleLogin; and for the most part they don’t show up like this most of the time.

That being said; I also don’t deeply do investigation unless the emails being sent from the alias vary from that alias’ purpose.

Typically as long as the emails remain from the same relative sender (From: field in header) and the subject matter of the emails do not materially differ from what I initially get on the alias; I don’t really fiddle with them.

But since the alias typically is a fixed sender; I also have them configured to include the actual From: header in the alias From: fields. This allows me to quickly block with granularity from my inbox any stray emails that might wander onto an alias without making it necessary for me to kill the entire alias. (Assuming the alias is still in use and worthy of preserving)

But then again I don’t have nearly the spam problem that most do. I have segmented inboxes for various needs; and my GMail catches most of my crap being the biggest inbox. Between SL and GMail spam filters alongside of additional inbox filters I have setup there; most of the spam I get is generally funneled to the correct place and spam is minimal.

Tuta does.

While I don’t understand how people could possibly fail to remember ONE PASSWORD; since it is brilliantly easy to remember whole sentences and phrases that resonate with you; I do understand that laziness is profoundly common.

For this kind of laziness; I do think Password Managers should routinely scan the local disk(s) for documents with strings that can hash into being the ‘master passphrase’. When found; you’re instantly greeted with a requirement to change your password to a new one that isn’t one you used in the past.

We do need to punish laziness like that in password managers at least. Similarly; OSes need to do this too with their own passwords.

Solution: Backup all data, Blank the disk and install an appropriate Linux Distro.

It’s not hard; and if you need Windows for something, you should run that in a virtual machine.