Natanael

joined 1 month ago
[–] Natanael@infosec.pub 10 points 5 hours ago* (last edited 5 hours ago)

Apple had it report suspected matches, rather than warning locally

It got canceled because the fuzzy hashing algorithms turned out to be so insecure it's unfixable (easy to plant false positives)

[–] Natanael@infosec.pub 14 points 1 day ago (1 children)

Judges can deputize if necessary

[–] Natanael@infosec.pub 5 points 1 day ago

Found the alt for swiftonsecurity

[–] Natanael@infosec.pub 1 points 2 days ago

https://github.com/bluesky-social/atproto/tree/main/packages/bsky

The old design was built to scale to a few million users. The new backend is revised to handle ~hundreds of millions. They'll releasing bits and pieces at a time.

[–] Natanael@infosec.pub 1 points 2 days ago

Sure, but the openness of the protocols, especially the portability of accounts, makes it hard for them to push negative changes on users.

[–] Natanael@infosec.pub 2 points 2 days ago (1 children)

https://bsky.app/profile/jay.bsky.team/post/3krxdfy6koc22

He never had ownership. Not all investments provide ownership.

[–] Natanael@infosec.pub 12 points 2 days ago (2 children)

Bridgy started without that requirement and it pissed off too many Mastodonians so they reworked it

[–] Natanael@infosec.pub 0 points 2 days ago (2 children)

Bluesky is a public benefit corporation. That's very different from for profit

[–] Natanael@infosec.pub 0 points 2 days ago (2 children)

3rd party moderation tools already exists, using the same API as the official moderation system, available to subscribe to even directly in the official app. If you don't want bluesky's moderation decisions enforced, you can run a different client which don't apply the bluesky labels (or if the bluesky appview blocks something entirely, you can circumvent that and retrieve it directly from that user's PDS)

is specifically not clarified to leave open the possibility for monetization such as forcing as on users

What

The network is specifically designed around portability and content addressing so they can't lock you in

it would never be a useful alternative to the Official Bubble maintained by the Bluesky corporation that you must submit to or be left out in the cold interacting with users only on alternate, small personal networks.

There are already plenty of people running their own self hosted PDS servers to host their account, talking to the rest of the bluesky users, using 3rd party moderation filters and 3rd party clients, with 3rd party feed generators to view stuff like topic specific feeds

Also there's bridgy so you can talk across Mastodon / bluesky by letting bridgy mirror posts and replies between the two networks

[–] Natanael@infosec.pub 2 points 2 days ago

If you've already noticed incoming traffic is weird, you try to look for what distinguishes the sources you don't want. You write rules looking at the behaviors like user agent, order of requests, IP ranges, etc, and put it in your web server and tells it to check if the incoming request matches the rules as a session starts.

Unless you're a high value target for them, they won't put endless resources into making their systems mimic regular clients. They might keep changing IP ranges, but that usually happens ~weekly and you can just check the logs and ban new ranges within minutes. Changing client behavior to blend in is harder at scale - bots simply won't look for the same things as humans in the same ways, they're too consistent, even when they try to be random they're too consistently random.

When enough rules match, you throw in either a redirect or an internal URL rewrite rule for that session to point them to something different.

[–] Natanael@infosec.pub 1 points 2 days ago (2 children)

The trick is distinguishing them by behavior and switching what you serve them

view more: next ›