But, yeah, anti-fingerprinting is still a useful signal if less people do it. So more people should do it; especially if they're less likely to be targeted.
i feel like this is the same as voting independant. it's the right idea in theory, but given the fact that 99% of people don't do it , righteousness is decreased. in this case very literally as having a unique fingerprint is entirely counter intuitive to the idea of privacy
I really want to be in a world where that's true. in the meantime we live in a zero sum survival of the fittest game where the powerful execute the weak for insubordination. in this world it is often necessary to take roundabout paths to reach the objective.
for example, a constitutional representative in my country attempted to place restrictions on unfettered gambling advertisements. a single day later, photos emerged of that politician having dressed as a nazi for a costume party in his youth. that politician stood up for what was right and then got fired for it, by losing his job and his status in the court of public opinion, effectively achieving no change.
exacting change isnt always such a simple process as embodying the end result.
Maybe I'm only noticing the times when it messes things up, but it kinda seems like these auto-edits cause a lot of confusion that could be avoided if they were shown up-front to submitters, who would then have the option to undo them.
Or maybe judicious use of an LLM here could be helpful. Replace the auto-edits with a prompt? Ask an LLM to judge whether the auto-edited title still retains its original meaning? Run the old and new titles through an embedding model and make sure they still point in roughly the same direction?
oh interesting, TIL I can go edit my submission titles! That's useful, I've definitely submitted stuff and gotten a less-good title due to the automated fixes, so I'll have to pay attention to this next time
> It explains why the implementation can produce a fixed secret under malicious input, and that there’s an RFC saying “don’t implement it like this” but not what effect it has on the security of the system.
Yeah, I get it. Their code quality is not great. They do a bad job of making it robust. There's a history here.
I'm still curious if this particular issue actually has a material effect on the protocol. I found a little bit more: "Consider also how this could affect a group chat." Okay, I considered it. I haven't the faintest clue how Matrix's group chat thing works [0], and I can totally imagine that, if a group's chat ciphertext is stored on an untrusted server and it's encrypted against a fixed key, then the server gets all the plaintext. But I also think that, if any participant in a group has permission to read all the messages, then they could also email the messages to the server operator, which makes it a little bit less interesting if they can maliciously force the key to be zero. (Maybe the key is also used for authentication of other parties -- I dunno. That's why I'm asking.)
[0] On the two occasions I've tried to use Matrix, I did not succeed in making a chat with more participants than just myself, so it seemed highly secure, and also completely useless.
Taggart's blog post was their opinion on Discord alternatives with an arbitrary ranking. Mine was about the whole notion of asking for alternatives to Discord being a bad question to ask. They're not really the same discussion. The only thing similar is the (truncated) title.
(Truncated because the actual title is On Discord Alternatives rather than merely "Discord Alternatives".)
I believe you that the articles were different in that way, but I looked over the comments pretty closely (well, closely-ish) before merging the threads, and the two HN discussions seemed indistinguishable topic-wise. Otherwise I wouldn't have merged them.
Sorry, I know it's annoying when your article is the one that 'loses' in a merge transaction. Hopefully we can eventually mitigate some of this with URL aggregation.
But, yeah, anti-fingerprinting is still a useful signal if less people do it. So more people should do it; especially if they're less likely to be targeted.
"More haystack" makes their job harder.
reply