Techrights logo

IRC: #techbytes @ Techrights IRC Network: Saturday, February 19, 2022

(ℹ) Join us now at the IRC channel | ䷉ Find the plain text version at this address (HTTP) or in Gemini (how to use Gemini) with a full GemText version.

*Despatche has quit (Quit: Read error: Connection reset by deer)Feb 19 00:52
schestowitz"Feb 19 01:06
schestowitzHello everyone,Feb 19 01:06
schestowitzWhile trying to export my real profile, I found out that ** anyone can access my exported data** ( profile and photos) from the Internet without any authorization !Feb 19 01:06
schestowitzI created a test user ( the present account ) to make sure I hadn’t misunderstood. Sadly, the same problem happened. This seems to be a serious problem.Feb 19 01:06
schestowitzDoes anyone know of this ? Is my privacy at risk ? Is it a recent problem ? If not, since when this issue has been present ?Feb 19 01:06
schestowitzI am worried that anyone could have downloaded my profile before and read my private messages without my consent or my knowledge.Feb 19 01:06
schestowitzCan you help ? Can someone fix this ?Feb 19 01:06
schestowitzHere is the example , anyone can download the exported profile for this test account :Feb 19 01:06
schestowitzhttps://diaspora-fr.org/users/uploads/diaspora_user834534050_data_0_D0c24AaT67cbMxvbLDgg.json.gzFeb 19 01:06
-TechBytesBot/#techbytes- ( status 404 @ https://diaspora-fr.org/users/uploads/diaspora_user834534050_data_0_D0c24AaT67cbMxvbLDgg.json.gz )Feb 19 01:06
schestowitzAny comment would be appreciated.Feb 19 01:06
schestowitzThanksFeb 19 01:06
schestowitzuser834534050@diaspora-fr.orgFeb 19 01:06
schestowitzuser834534050@diaspora-fr.org - about 24 hours agoFeb 19 01:06
schestowitzUPDATE :Feb 19 01:06
schestowitzHello everyone,Feb 19 01:06
schestowitzWhile trying to export my real profile, I found out that ** anyone can access my exported data** ( profile and photos) from the Internet without any authorization !Feb 19 01:06
schestowitzI created a test user ( the present account ) to make sure I hadn’t misunderstood. Sadly, the same problem happened. This seems to be a serious problem.Feb 19 01:06
schestowitzDoes anyone know of this ? Is my privacy at risk ? Is it a recent problem ? If not, since when this issue has been present ?Feb 19 01:06
schestowitzI am worried that anyone could have downloaded my profile before and read my private messages without my consent or my knowledge.Feb 19 01:06
schestowitzCan you help ? Can someone fix this ?Feb 19 01:06
schestowitzHere is the example , anyone can download the exported profile for this test account :Feb 19 01:06
schestowitzUPDATE : Sorry I mistyped the link is : https://diaspora-fr.org/uploads/users/diaspora_user834534050_data_0_D0c24AaT67cbMxvbLDgg.json.gzFeb 19 01:06
schestowitzAny comment would be appreciated.Feb 19 01:06
schestowitzThanksFeb 19 01:07
schestowitzMichael FenichelFeb 19 01:07
schestowitzMichael Fenichel - about 24 hours agoFeb 19 01:07
schestowitzComment: That url leads toFeb 19 01:07
schestowitz    404 These are not the kittens you’re looking for. Move along.Feb 19 01:07
schestowitzWondering if you’re seeing your cache or relative rather than absolute link.Feb 19 01:07
schestowitzGood luck. Hard enough for some of us to access our own data! Hope it’s private.Feb 19 01:07
schestowitzuser834534050@diaspora-fr.orgFeb 19 01:07
schestowitzuser834534050@diaspora-fr.org - about 24 hours agoFeb 19 01:07
schestowitz@ psych@diasp.orgFeb 19 01:07
schestowitzCan you try https://diaspora-fr.org/uploads/users/diaspora_user834534050_data_0_D0c24AaT67cbMxvbLDgg.json.gz ? I have corrected the mistake sorry.Feb 19 01:07
schestowitzDennis SchubertFeb 19 01:07
schestowitzDennis Schubert - about 24 hours agoFeb 19 01:07
schestowitzThe last part of the filename, D0c24AaT67cbMxvbLDgg, is a 128-bit key, randomly generated for each export. You cannot guess that for any given user and export, and each export will have its own unique key. Unless you yourself share the URL, nobody will know the URL, so nobody else will be able to download the archive.Feb 19 01:07
schestowitzuser834534050@diaspora-fr.orgFeb 19 01:07
schestowitzuser834534050@diaspora-fr.org - about 23 hours agoFeb 19 01:07
schestowitz    The last part of the filename, D0c24AaT67cbMxvbLDgg, is a 128-bit key, randomly generated for each export. You cannot guess that for any given user and export, and each export will have its own unique key. Unless you yourself share the URL, nobody will know the URL, so nobody else will be able to download the archive.Feb 19 01:07
schestowitzThanks Dennis ! so it is normal. What if someone guess or use random key to access data randomly , is it possible? How long does the exported data link remain valid ? Are developers aware of this ? ( just to be on the safe side)Feb 19 01:07
schestowitzMichael FenichelFeb 19 01:07
schestowitzMichael Fenichel - about 23 hours agoFeb 19 01:07
schestowitzOK, @user834534050@diaspora-fr.org, Maybe moot but I got 3 .json & 1 .json.gz.Feb 19 01:07
schestowitzBut better and more useful the note from Dennis. Still rooting for a good resolution.Feb 19 01:07
schestowitzDennis SchubertFeb 19 01:07
schestowitzDennis Schubert - about 23 hours agoFeb 19 01:07
schestowitz    What if someone guess or use random key to access data randomly , is it possible?Feb 19 01:07
schestowitzIt’s pretty much impossible. If an attacker could somehow test 1000 random keys per second (which is impossible in reality), the attacker would have to brute force for an average of 5.3 octillion years (2^128/2 = 1.70×10^38 possibilities for a 50% brute). That’s … not going to happen.Feb 19 01:07
schestowitz    How long does the exported data link remain valid ?Feb 19 01:07
schestowitz14 days.Feb 19 01:07
schestowitz    Are developers aware of this ?Feb 19 01:07
schestowitzYes. Given what I said above, it’s not an issue.Feb 19 01:07
schestowitz(Whoops, I deleted my comment because I made a typo, and didn’t copy its contents, so I had to write it again)Feb 19 01:07
schestowitzuser834534050@diaspora-fr.orgFeb 19 01:07
schestowitzuser834534050@diaspora-fr.org - about 22 hours agoFeb 19 01:07
schestowitzThank you. I don’t understand your calculus to be honest. As long as the community agreed to this and, that it is safe enough, that’s good enough for me I suppose. It is just that with all the data privacy scandals around, I am becoming less confident with how my data is handled by strangers.Feb 19 01:07
schestowitzuser834534050@diaspora-fr.orgFeb 19 01:07
schestowitzuser834534050@diaspora-fr.org - about 21 hours agoFeb 19 01:07
schestowitzOn a side note, Facebook protects data exports with a password so I guess it is important in any case. I still think that even though brute force may take years, like winning the lottery, it just takes one single strike to succeed out of millions, why taking the risk ?Feb 19 01:07
schestowitzWhat security measures are in place to make sure someone else doesn’t download a copy of my information?Feb 19 01:07
schestowitzWe have a number of security measures in place to help keep your account secure and protect your information on Facebook. Before you can begin downloading a copy of your information, we'll first ask you to enter your password. We may also ask you to complete additional verification steps before allowing your download to begin. To help protect your account, your download request will expire after a few days, and you can always request a new one.Feb 19 01:07
schestowitzOur security systems are always running to help mitigate threats before they reach you and your friends on Facebook, and we offer tools like Security Checkup and two-factor authentication as additional ways to improve the security of your account. Learn more about keeping your account secure.Feb 19 01:07
schestowitzNote: Keep in mind that your data request may contain private information. You should keep it secure and take precautions when storing or sending it, or uploading it to another service. You can always select specific sections when requesting a copy of your information.Feb 19 01:08
schestowitzsources : https://www.facebook.com/help/212802592074644Feb 19 01:08
-TechBytesBot/#techbytes-m.facebook.com | Help CenterFeb 19 01:08
schestowitzDr. Roy Schestowitz (罗伊)Feb 19 01:08
schestowitz"Feb 19 01:08
schestowitzhttps://joindiaspora.com/posts/22282896Feb 19 01:08
-TechBytesBot/#techbytes-@podmin@joindiaspora.com: # Hello JoinDiaspora there is some unfortunate news to share. Feneas will be dissolved and as Joindiaspora is one of the services. JD will also be shut down on 1 March. This is unless we can find someone who wants to take over the service. If you think you can handle the task please contact us via [hq@feneas.org](mailto:hq@feneas.org). You can find the original post below or via https://git.feneas.org/feneas/Feb 19 01:08
-TechBytesBot/#techbytes--> git.feneas.org | meetings/agm-minutes-2021-12-09.txt · master · Feneas / association · GitLabFeb 19 01:08
-TechBytesBot/#techbytes--> git.feneas.org | meetings/agm-minutes-2022-01-04.txt · master · Feneas / association · GitLabFeb 19 01:08
-TechBytesBot/#techbytes--> git.feneas.org | Feneas · GitLabFeb 19 01:08
*Despatche (~desp@u3xy9z2ifjzci.irc) has joined #techbytesFeb 19 05:09
*DaemonFC has quit (Quit: Leaving)Feb 19 06:47
*u-amarsh04 (~amarsh04@hngiv8sdpiaf2.irc) has joined #techbytesFeb 19 07:06
schestowitzhttps://twitter.com/BrideOfLinux/status/1494707102786412556Feb 19 07:38
-TechBytesBot/#techbytes-@BrideOfLinux: LXer is up again, but it appears we might know what happened. https://t.co/tzN1NhzkfNFeb 19 07:38
-TechBytesBot/#techbytes-@schestowitz: I think we now know why #lxer is not reachable. See update in https://t.co/TRtrQG0uXT @brideoflinux @fossforceFeb 19 07:38
schestowitzJohn Bulloch (@QuirkyForum): "Spent 35 years of my life as a political advocate.. Have been an outsider and an insider. Successful protests are funded by small domestic contributions only. Extremist elements try to infiltrate protests of all kinds. It is always about the money and how it is disguised." | nitter ⚓ https://nitter.eu/QuirkyForum/status/1494674762777473024 ䷉ #nitter | more in http://schestowitz.com/2022/02/19/#latestFeb 19 07:39
-TechBytesBot/#techbytes-nitter.eu | John Bulloch (@QuirkyForum): "Spent 35 years of my life as a political advocate.. Have been an outsider and an insider. Successful protests are funded by small domestic contributions only. Extremist elements try to infiltrate protests of all kinds. It is always about the money and how it is disguised." | nitterFeb 19 07:39
-TechBytesBot/#techbytes-schestowitz.com | Social Control Media PostsFeb 19 07:39
schestowitzhttps://twitter.com/DankwahMorrison/status/1494639436839141377Feb 19 07:39
-TechBytesBot/#techbytes-@DankwahMorrison: An intolerant bunch...#RIP brother. https://t.co/fjNMRbjQDDFeb 19 07:39
-TechBytesBot/#techbytes-@schestowitz: ● NEWS ● #AsiaNews #CivilRights ☞ Christian killed by a group of Muslims in #Lahore https://t.co/tjN8QyDe6HFeb 19 07:39
*psydruid (~psydruid@jevhxkzmtrbww.irc) has joined #techbytesFeb 19 07:47
*psydroid2 (~psydroid@cqggrmwgu7gji.irc) has joined #techbytesFeb 19 07:47
*u-amarsh04 has quit (Quit: Konversation terminated!)Feb 19 10:36
*u-amarsh04 (~amarsh04@hngiv8sdpiaf2.irc) has joined #techbytesFeb 19 10:48
*psydroid3 (~psydroid@cqggrmwgu7gji.irc) has joined #techbytesFeb 19 11:05
*DaemonFC (~daemonfc@zgk86ipra9utw.irc) has joined #techbytesFeb 19 11:13
*libertybox has quit (Ping timeout: 2m30s)Feb 19 11:26
*libertybox (~schestowitz_log@pumv3cb2rfinu.irc) has joined #techbytesFeb 19 11:27
*schestowitz-TR has quit (Ping timeout: 2m30s)Feb 19 11:27
*Techrights-sec has quit (Ping timeout: 2m30s)Feb 19 11:27
*Techrights-sec (~quassel@pumv3cb2rfinu.irc) has joined #techbytesFeb 19 11:27
*schestowitz-TR (~acer-box@pumv3cb2rfinu.irc) has joined #techbytesFeb 19 11:27
*u-amarsh04 has quit (Quit: Konversation terminated!)Feb 19 13:28
*u-amarsh04 (~amarsh04@hngiv8sdpiaf2.irc) has joined #techbytesFeb 19 13:29
*u-amarsh04 has quit (Quit: Konversation terminated!)Feb 19 13:56
*DaemonFC has quit (Quit: Leaving)Feb 19 14:28
*u-amarsh04 (~amarsh04@hngiv8sdpiaf2.irc) has joined #techbytesFeb 19 20:15
*u-amarsh04 has quit (connection closed)Feb 19 20:30
*DaemonFC (~daemonfc@389qztengum92.irc) has joined #techbytesFeb 19 20:45
*psydroid3 has quit (connection closed)Feb 19 21:59
schestowitzhttps://twitter.com/iridesce57/status/1495126060081553412Feb 19 23:09
-TechBytesBot/#techbytes-@iridesce57: @schestowitz Played Wii Sports last night with a friend ... #TimelessFeb 19 23:09
schestowitzhttps://twitter.com/ToolWfh/status/1495121245335359488Feb 19 23:10
-TechBytesBot/#techbytes-@ToolWfh: @schestowitz Same drama every time , corporate culture dismissed as a singular employee fault. Big4 crooks too big to catchFeb 19 23:10
schestowitzhttps://twitter.com/StansLinux/status/1495098894711205890Feb 19 23:10
-TechBytesBot/#techbytes-@StansLinux: @schestowitz What's a better headline? :)Feb 19 23:10
schestowitzhttps://twitter.com/danie10/status/1494981426642620417Feb 19 23:11
-TechBytesBot/#techbytes-@danie10: @schestowitz Too true! I've spent years curating free and open source alternatives to #ProprietarySoftware includin… https://t.co/kvcl3XJQSFFeb 19 23:11
-TechBytesBot/#techbytes-@danie10: @schestowitz Too true! I've spent years curating free and open source alternatives to #ProprietarySoftware includin… https://t.co/kvcl3XJQSFFeb 19 23:11
schestowitzDanie van der Merwe (@danie10): "Too true! I've spent years curating free and open source alternatives to #ProprietarySoftware including a category for Health and Medical at https://gadgeteer.co.za/opensourcesoftware/" | nitterFeb 19 23:11
schestowitz<p><img src="" border="0" align="left" width="160" hspace="20" vspace="20"  style="padding: 17px 17px 17px 17px; box-shadow: 5px 5px 5px #222;" />Feb 19 23:11
schestowitz<p class="dropcap-first">Feb 19 23:11
schestowitz<a href="https://nitter.eu/danie10/status/1494981426642620417"><img src="/files/read-on-white.png" alt="Read more" title="Read the rest of this article" /></a>Feb 19 23:11
-TechBytesBot/#techbytes- ( status 404 @ https://nitter.eu/danie10/status/1494981426642620417"><img )Feb 19 23:11
schestowitzhttps://twitter.com/RayPride/status/1494955337857785858Feb 19 23:12
-TechBytesBot/#techbytes-@RayPride: “Shunned” and “banished” are more appropriate for the Einstein visa holder https://t.co/tgTnY3uJzQFeb 19 23:12
-TechBytesBot/#techbytes-@schestowitz: Melania's donation to a computer science school was rejected, so now she feels cancelled | https://t.co/gVqYC5gG4K… https://t.co/pXlW0t7krqFeb 19 23:12
schestowitzTurtle (@swimming_free): "Nothing notable about that. News outlets prepare headlines and stories for events that haven&#x27;t happened and which might never happen, to have something ready to go in case it does. Donetsk has warned of a Ukrainian offensive for weeks. Makes sense they have an evac order ready." | nitterFeb 19 23:12
schestowitz<p><img src="" border="0" align="left" width="160" hspace="20" vspace="20"  style="padding: 17px 17px 17px 17px; box-shadow: 5px 5px 5px #222;" />Feb 19 23:12
schestowitz<p class="dropcap-first">Feb 19 23:12
schestowitz<a href="https://nitter.eu/swimming_free/status/1494953505500450818"><img src="/files/read-on-white.png" alt="Read more" title="Read the rest of this article" /></a>Feb 19 23:12
-TechBytesBot/#techbytes- ( status 404 @ https://nitter.eu/swimming_free/status/1494953505500450818"><img )Feb 19 23:12
schestowitzhttps://twitter.com/JohnChivall/status/1494945095031967751Feb 19 23:13
-TechBytesBot/#techbytes-@JohnChivall: I'm not sure capitalism can be trusted with medical implants https://t.co/19QrIlEicZFeb 19 23:13
-TechBytesBot/#techbytes-@schestowitz: ● NEWS ● #IEEE #ProprietarySoftware ☞ Their Bionic Eyes Are Now Obsolete and Unsupported https://t.co/7rd1iPoZDHFeb 19 23:13
schestowitz"Forget it, Jake. It&#x27;s Chinatown." (@Burnera75476493): "Be careful with the grayzone on this issue. They seem to have misunderstood the protesters in Ottawa were very right wing and some were fascist aligned&quot; | nitter ⚓ https://nitter.eu/Burnera75476493/status/1494945759476826112 ䷉ #nitter | more in http://schestowitz.com/2022/02/19/#latestFeb 19 23:14
-TechBytesBot/#techbytes-nitter.eu | "Forget it, Jake. It's Chinatown." (@Burnera75476493): "Be careful with the grayzone on this issue. They seem to have misunderstood the protesters in Ottawa were very right wing and some were fascist aligned" | nitterFeb 19 23:14
schestowitzGoWentGone (@ToolWfh): "Same drama every time , corporate culture dismissed as a singular employee fault. Big4 crooks too big to catch" | nitter ⚓ https://nitter.eu/ToolWfh/status/1495121245335359488 ䷉ #nitter | more in http://schestowitz.com/2022/02/19/#latestFeb 19 23:15
-TechBytesBot/#techbytes-nitter.eu | GoWentGone (@ToolWfh): "Same drama every time , corporate culture dismissed as a singular employee fault. Big4 crooks too big to catch" | nitterFeb 19 23:15
*psydroid2 has quit (Ping timeout: 2m30s)Feb 19 23:37
*psydruid (~psydruid@jevhxkzmtrbww.irc) has left #techbytesFeb 19 23:41

Generated by irclog2html.py 2.6 | ䷉ find the plain text version at this address (HTTP) or in Gemini (how to use Gemini) with a full GemText version.