Chaocipher, SQLite, Hashgraph, DMARC, Identities, Starstreak

1. Something not so different? Relaxing sunday reading: "Chaocipher Revealed: The Algorithm" and related Chaocipher (@ Wikipedia) page.

2. JSON improvements in SQLite 3.38.0 (@ GitHub) - Well the link title says it all, good reading and nice new features.

3. Studied concept of Hashgraph (@ Wikipdia). Interesting solution. Yet it doesn't still solve the situations where network split is serious and no consensus can be reached. Yet it's still better than the case with Bitcoin, where the chain would simple get ignored when longer chain (of the majority of nodes) is encountered when split ends. Afaik, only quick solution which I can come up, is to use physical crypto currencies, where the sealed private key can be moved from user to user. It will work when platform is offline. It's interesting obeservation that this is 100% exact opposite of the NFT movement where everything is being digitalized. Making physical versions of digital assets.

4. Continued DMARC & SPF fixing, so much abuse, so much misconfiguration, so much stuff which doesn't just generally make any sense and nobody knows why it's configured like it is. Well, now things are much better.

5. About hosting .onion sites where the server itself doesn't require extra privacy... You should use following configuration: "SocksPort 0, HiddenServiceNonAnonymousMode 1, HiddenServiceSingleHopMode 1" - Which improves performance, reduces load on Tor network and user experienced latency. So why not? Using this configuration allows quick and secure access from Tor network and because the site is already directly accessible over HTTPS there's nothing to hide about the server location anyway.

6. Suggested that Mojeek would add .onion / Tor hidden service for their privacy loving users to use. Posted on Mojeek Community & Twitter.

7. I think I've said this several times, but once again. About privacy, identities, etc. This is actually a chat post: "One project was supposedly handed over but disappeared immediately after (or before? that). Then question is if the entity whom gained the access was a traitor? Who knows. In online world and especially on activism and other operations (whatever those might be) it's very hard to know how things will go. Even close people can back stab you. But positive side with anonymous profiles is... I've got a bunch of friends, of course SWIM. Whom do it very simply. They always rotate identity, they might have multiple pre-warmed identities (or dossiers as they say), old ones are just disposed totally. So you can't ever go back, even if you wanted to. This is for security and to avoid lame mistakes. And they'll never talk about what they have done before. Every discussion and identity starts from fresh. Of course this approach got big positive and negative sides. Pro is that it makes tracking "you" harder, when you always keep on topic, never discuss anything outside it and use multiple parallel identities and limit exposure. Also they use separate identity with every context group. - Some of my contacts are annoyingly good with this.

8. This is exactly why I dislike any "privacy" communication application which doesn't allow "unlimited new and parallel identities". I don't want to use same identity to talk peers in different context... Even if there would be zero public exposure, some other data leak(s) might reveal the identifier(s). Identifier for every contact, or selected contact group should be different. There shouldn't be easy way to detecting that A is talking to B and C. And B and C must not know that A is same contact. - SimpleX achieves exactly this!

9. Meta Code Verify browser extension (@ blog.fb.com) for WhatsApp - Looks good to me. They're addressing exactly the problem with "web crypto" that you can't often verify the authenticity of the code being run, it's all up to the server with TLS keys providing correct content. In theory that's secure, but in practical terms there are many ways this could come back and bite you, because world isn't perfect.

10. Something different? Starstreak missile (@ Wikipedia) that's one fast MANPAD.

2023-05-28