Q&A: Nate's Phone Literally Exploded. What Now?
Added 2024-09-18 17:00:07 +0000 UTCQ&A195: Nate's phone literally exploded. What's the plan to replace it and how does we use our phones? What changes have we noticed in our personal lives as a result of our privacy journeys? How would we summarize threat modeling? What are our thoughts on the risks of services that break TLS? Do we have recommendations for encrypted Slack alternatives for enterprise environments? Is a dedicated IP Address worth it?
Video Version: https://youtu.be/m_qJ-GFIzDo
00:00 Introduction
00:30 Nate's Phone Situation
07:12 Life Changes Due to Privacy
14:58 Threat Modeling
18:30 TLS Interception
21:42 Slack Alternatives
24:03 Dedicated IPs
---
π Go ahead and leave some questions below for us to look at for SR196 this weekend! (Note: We record on Friday nights in the US, so it's highly recommended to leave all questions by noon on Friday in the US)
It can be about a specific story, a general question about privacy/security, a question about the world, a question you tried last week, or anything else. Due to time restraints we can't promise that we'll get to yours, but we appreciate all of them!
To receive these posts via RSS, get your own custom link using these instructions.
Comments
If you were asked to help draft privacy regulations, what regulations would you want to see? Can privacy regulation help protect users who donβt follow best practices (password manager with unique passwords, 2FA)?
Apricot
2024-09-20 02:13:46 +0000 UTCCybersecurity experts often appear to categorically condemn secrecy safeguards that lie outside of ordinary encryption/authentication as "security by obscurity". However, every safeguard seems to boil down to "hiding a needle in a haystack", and is thus vulnerable to users overestimating how big and opaque their "haystack" is, and how hard-to-guess their "needle" is. In other words, people often underestimate the predictability/transparency of their IRL behaviors just as they do with the predictability of their passwords and usernames and other online behaviors. What is your opinion on this subject, and what do you think are good/bad, underrated/overrated safeguards outside conventional encryption/authentication? It is probably far easier to precisely calculate the strength of conventional encryption/authentication than for unconventional safeguards. However, the former can often only be implemented in conjunction with the latter, and it is the latter that seems to be more frequently exploited by attackers (i.e. old-school scam techniques). At the same time, the organisations we consider the most secure in the world make extensive use of "security by obscurity". Moreover, most of the unsolved tantalizing mysteries of history remain mysteries because of "security by obscurity", not because of robust encryption.
David Johnson
2024-09-19 10:54:40 +0000 UTC
![J.A.X [Ai art]](https://xaiju.com/istorage/100248.jpg)
