I think it fits.
Prunebutt
joined 2 years ago
What about that bloke who started all this stuff about alpha and beta wolves?
Sorry, homie. I'm not gonna keep arguing with you if you obviously can't argue without moving the goal posts, if your life depends on it.
My point still stands: Encrypting metadata can be sensible/necessary for your threat model and does not count as security through obscurity. You have failed to explain how it would be and then started to attack me, personally.
Have fun misrepresenting this comment as well, bye.
Firstly, if the police confiscate your PC, they already know (and have proven to a judge) that you conduct illegal activity and likely already have enough to convict you of a crime. lol
Not if it's for securing evidence. That is only collected before the verdict/conviction. Otherwise, there wouldn't be any need for a trial.
Also, your metadata can put others in jeopardy. If you're busted for being an antifascist activist, who the police deems a "terrorist" and you're also member of another activist group which up to then wasn't in the sights of law enforcement, then you're putting that other activist group's members in danger.
Secondly, you can have an account at a private torrent tracker [...]
That wasn't my argument, though. You can criticise the circumstances that started my example premise, but the point still stands: having metadata that's clearly visible can be dangerous, because it can give an attacker more information on you (depending on your threat model).
These are exceptionally poor arguments.
You've actually only attacked my examples, not my argument. My original point still stands: The type of accounts you have can be something you legitimately want/need to encrypt. Not only the credentials.
Because if the data is secure, it makes no difference if a bad actor knows you have an account with a service or not
Bullshit. It's not about the obvious services, but rather the ones that give more info about my profile.
If the police confiscates my PC because of e.g. piracy, they could nail me down if they also knew that I had an account at a darkweb marketplace, or that I am a member of an organization that's deemed to be "terrorist".
The only way to hide that info with pass is to give it a cryptic name which make it less obvious, what the account is actually for. That is both inconvenient and I would argue: also quite security of obscurity.
This is an example of security through obscurity.
It is not. Security through obscurity relies on having a visible secret hidden somewhere where "no one would think to check". That's different than encrypting the whole meta-structure of your digital life.
That's a non-sequitur.
How is encrypting the metadata, as well as the data security through obscurity? O.o
OP is talking about hhe meta-structure being visible.
If my filesystem gets compromised (stolen, confiscated, etc.) and I use pass, the infiltrators will know that I have a password that I labeled "slrpnk.net". They won't have access to the password itself, but they'll be able to determine all the services I have accounts at.
Left of Hawking is Gauss
RA3 brought us Soviet Russian Tim Curry. Nothing has to be redeemed, fight me.
Yes, it's all debunked