#sanitizing — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #sanitizing, aggregated by home.social.
-
The #Microsoft report on the technical investigations for #Storm0558 key acquisition is a rather interesting read.
They of course can't and don't go into specifics about the nature of the key leakage. I'm totally guessing here, but it might be that the tooling Microsoft used to detect and sanitize the #keymaterial didn't identify the key in the specific key schedule form. Maybe a new #encryption cipher was used that uses a new key schedule format that the tooling didn't support, or the cipher implementation started to store the key schedule in a new, different way.
This incident is a good example on how attempts of #sanitizing logs, memory dumps and similar of sensitive information are a losing game. At best it can be considered best effort, there's always ways information can end up leaking out despite your best efforts in trying to identify it.
For critical systems the encryption key should only ever exists in a security enclave or HSM. That'd be the only way to ensure that the key cannot leak: It's nowhere in the memory to begin with.
-
And you should return the favor by never posting unsanitized Twitter links to the #Fediverse either 🙂
I recommend you do a search for "IndyWeb POSSE" program. Which explains the philosophy behind only posting Fediverse links into the deprecated legacy silos, and never posting unsanitized links from places there like twitter into the Fediverse.
Basically, you do a disservice posting links in the Fediverse that lead people to the very monolithic, privacy disrespecting silos that they've already left behind.
Instead, if you even bother to use those deprecated legacy silo systems, post links bringing the people there at places like twitter to content that exists here in the Fediverse, thereby providing incentives to create accounts on Fediverse platforms like #Friendica, #FunkWhale, #MicroPub, #Mitra, #PeerTube, #Pixelfed, #Pleroma, #Soapbox, #Quanta, Etc., Thereby joining the Fediverse 👍
If you find that you really must post a link leading to one of the deprecated silos, then please consider #sanitizing such links. i.e., in the case of Twitter, you can use the very popular #Nitter by just replacing the "twitter .com" with "nitter .net" in the URL.
If you're on #Android, #Fedilab does this "automagically" for you if you have safe posting enabled.
If you're on desktop, there's a whole list of similar sanitation tools you can use for #Reddit, for example, by changing the domain in the URL to #Teddit .net and similar tools for #InstaSPAM, #Quora, and many others too. For #YouTube, you can use #Invidious.
A long list of these privacy protecting utilities is provided at:
And you can install Fedilab from F-Droid too:
You can also install the #UntrackMe app at F-Droid for generating safe links when not posting to the Fediverse - desks details are at three Fedilab website above.
I hope that helps!
#tallship #FOSS #ActivityPub #POSSE #Indyweb_POSSE #privacy #fdroid
⛵
.