(ℹ) Join us now at the IRC channel | ䷉ Find the plain text version at this address (HTTP) or in Gemini (how to use Gemini) with a full GemText version.
*Despatche has quit (Quit: Read error: Connection reset by deer) | Feb 19 00:52 | |
schestowitz | " | Feb 19 01:06 |
---|---|---|
schestowitz | Hello everyone, | Feb 19 01:06 |
schestowitz | While trying to export my real profile, I found out that ** anyone can access my exported data** ( profile and photos) from the Internet without any authorization ! | Feb 19 01:06 |
schestowitz | I created a test user ( the present account ) to make sure I hadn’t misunderstood. Sadly, the same problem happened. This seems to be a serious problem. | Feb 19 01:06 |
schestowitz | Does anyone know of this ? Is my privacy at risk ? Is it a recent problem ? If not, since when this issue has been present ? | Feb 19 01:06 |
schestowitz | I am worried that anyone could have downloaded my profile before and read my private messages without my consent or my knowledge. | Feb 19 01:06 |
schestowitz | Can you help ? Can someone fix this ? | Feb 19 01:06 |
schestowitz | Here is the example , anyone can download the exported profile for this test account : | Feb 19 01:06 |
schestowitz | https://diaspora-fr.org/users/uploads/diaspora_user834534050_data_0_D0c24AaT67cbMxvbLDgg.json.gz | Feb 19 01:06 |
-TechBytesBot/#techbytes- ( status 404 @ https://diaspora-fr.org/users/uploads/diaspora_user834534050_data_0_D0c24AaT67cbMxvbLDgg.json.gz ) | Feb 19 01:06 | |
schestowitz | Any comment would be appreciated. | Feb 19 01:06 |
schestowitz | Thanks | Feb 19 01:06 |
schestowitz | user834534050@diaspora-fr.org | Feb 19 01:06 |
schestowitz | user834534050@diaspora-fr.org - about 24 hours ago | Feb 19 01:06 |
schestowitz | UPDATE : | Feb 19 01:06 |
schestowitz | Hello everyone, | Feb 19 01:06 |
schestowitz | While trying to export my real profile, I found out that ** anyone can access my exported data** ( profile and photos) from the Internet without any authorization ! | Feb 19 01:06 |
schestowitz | I created a test user ( the present account ) to make sure I hadn’t misunderstood. Sadly, the same problem happened. This seems to be a serious problem. | Feb 19 01:06 |
schestowitz | Does anyone know of this ? Is my privacy at risk ? Is it a recent problem ? If not, since when this issue has been present ? | Feb 19 01:06 |
schestowitz | I am worried that anyone could have downloaded my profile before and read my private messages without my consent or my knowledge. | Feb 19 01:06 |
schestowitz | Can you help ? Can someone fix this ? | Feb 19 01:06 |
schestowitz | Here is the example , anyone can download the exported profile for this test account : | Feb 19 01:06 |
schestowitz | UPDATE : Sorry I mistyped the link is : https://diaspora-fr.org/uploads/users/diaspora_user834534050_data_0_D0c24AaT67cbMxvbLDgg.json.gz | Feb 19 01:06 |
schestowitz | Any comment would be appreciated. | Feb 19 01:06 |
schestowitz | Thanks | Feb 19 01:07 |
schestowitz | Michael Fenichel | Feb 19 01:07 |
schestowitz | Michael Fenichel - about 24 hours ago | Feb 19 01:07 |
schestowitz | Comment: That url leads to | Feb 19 01:07 |
schestowitz | 404 These are not the kittens you’re looking for. Move along. | Feb 19 01:07 |
schestowitz | Wondering if you’re seeing your cache or relative rather than absolute link. | Feb 19 01:07 |
schestowitz | Good luck. Hard enough for some of us to access our own data! Hope it’s private. | Feb 19 01:07 |
schestowitz | user834534050@diaspora-fr.org | Feb 19 01:07 |
schestowitz | user834534050@diaspora-fr.org - about 24 hours ago | Feb 19 01:07 |
schestowitz | @ psych@diasp.org | Feb 19 01:07 |
schestowitz | Can you try https://diaspora-fr.org/uploads/users/diaspora_user834534050_data_0_D0c24AaT67cbMxvbLDgg.json.gz ? I have corrected the mistake sorry. | Feb 19 01:07 |
schestowitz | Dennis Schubert | Feb 19 01:07 |
schestowitz | Dennis Schubert - about 24 hours ago | Feb 19 01:07 |
schestowitz | The last part of the filename, D0c24AaT67cbMxvbLDgg, is a 128-bit key, randomly generated for each export. You cannot guess that for any given user and export, and each export will have its own unique key. Unless you yourself share the URL, nobody will know the URL, so nobody else will be able to download the archive. | Feb 19 01:07 |
schestowitz | user834534050@diaspora-fr.org | Feb 19 01:07 |
schestowitz | user834534050@diaspora-fr.org - about 23 hours ago | Feb 19 01:07 |
schestowitz | The last part of the filename, D0c24AaT67cbMxvbLDgg, is a 128-bit key, randomly generated for each export. You cannot guess that for any given user and export, and each export will have its own unique key. Unless you yourself share the URL, nobody will know the URL, so nobody else will be able to download the archive. | Feb 19 01:07 |
schestowitz | Thanks Dennis ! so it is normal. What if someone guess or use random key to access data randomly , is it possible? How long does the exported data link remain valid ? Are developers aware of this ? ( just to be on the safe side) | Feb 19 01:07 |
schestowitz | Michael Fenichel | Feb 19 01:07 |
schestowitz | Michael Fenichel - about 23 hours ago | Feb 19 01:07 |
schestowitz | OK, @user834534050@diaspora-fr.org, Maybe moot but I got 3 .json & 1 .json.gz. | Feb 19 01:07 |
schestowitz | But better and more useful the note from Dennis. Still rooting for a good resolution. | Feb 19 01:07 |
schestowitz | Dennis Schubert | Feb 19 01:07 |
schestowitz | Dennis Schubert - about 23 hours ago | Feb 19 01:07 |
schestowitz | What if someone guess or use random key to access data randomly , is it possible? | Feb 19 01:07 |
schestowitz | It’s pretty much impossible. If an attacker could somehow test 1000 random keys per second (which is impossible in reality), the attacker would have to brute force for an average of 5.3 octillion years (2^128/2 = 1.70×10^38 possibilities for a 50% brute). That’s … not going to happen. | Feb 19 01:07 |
schestowitz | How long does the exported data link remain valid ? | Feb 19 01:07 |
schestowitz | 14 days. | Feb 19 01:07 |
schestowitz | Are developers aware of this ? | Feb 19 01:07 |
schestowitz | Yes. Given what I said above, it’s not an issue. | Feb 19 01:07 |
schestowitz | (Whoops, I deleted my comment because I made a typo, and didn’t copy its contents, so I had to write it again) | Feb 19 01:07 |
schestowitz | user834534050@diaspora-fr.org | Feb 19 01:07 |
schestowitz | user834534050@diaspora-fr.org - about 22 hours ago | Feb 19 01:07 |
schestowitz | Thank you. I don’t understand your calculus to be honest. As long as the community agreed to this and, that it is safe enough, that’s good enough for me I suppose. It is just that with all the data privacy scandals around, I am becoming less confident with how my data is handled by strangers. | Feb 19 01:07 |
schestowitz | user834534050@diaspora-fr.org | Feb 19 01:07 |
schestowitz | user834534050@diaspora-fr.org - about 21 hours ago | Feb 19 01:07 |
schestowitz | On a side note, Facebook protects data exports with a password so I guess it is important in any case. I still think that even though brute force may take years, like winning the lottery, it just takes one single strike to succeed out of millions, why taking the risk ? | Feb 19 01:07 |
schestowitz | What security measures are in place to make sure someone else doesn’t download a copy of my information? | Feb 19 01:07 |
schestowitz | We have a number of security measures in place to help keep your account secure and protect your information on Facebook. Before you can begin downloading a copy of your information, we'll first ask you to enter your password. We may also ask you to complete additional verification steps before allowing your download to begin. To help protect your account, your download request will expire after a few days, and you can always request a new one. | Feb 19 01:07 |
schestowitz | Our security systems are always running to help mitigate threats before they reach you and your friends on Facebook, and we offer tools like Security Checkup and two-factor authentication as additional ways to improve the security of your account. Learn more about keeping your account secure. | Feb 19 01:07 |
schestowitz | Note: Keep in mind that your data request may contain private information. You should keep it secure and take precautions when storing or sending it, or uploading it to another service. You can always select specific sections when requesting a copy of your information. | Feb 19 01:08 |
schestowitz | sources : https://www.facebook.com/help/212802592074644 | Feb 19 01:08 |
-TechBytesBot/#techbytes-m.facebook.com | Help Center | Feb 19 01:08 | |
schestowitz | Dr. Roy Schestowitz (罗伊) | Feb 19 01:08 |
schestowitz | " | Feb 19 01:08 |
schestowitz | https://joindiaspora.com/posts/22282896 | Feb 19 01:08 |
-TechBytesBot/#techbytes-@podmin@joindiaspora.com: # Hello JoinDiaspora there is some unfortunate news to share. Feneas will be dissolved and as Joindiaspora is one of the services. JD will also be shut down on 1 March. This is unless we can find someone who wants to take over the service. If you think you can handle the task please contact us via [hq@feneas.org](mailto:hq@feneas.org). You can find the original post below or via https://git.feneas.org/feneas/ | Feb 19 01:08 | |
-TechBytesBot/#techbytes--> git.feneas.org | meetings/agm-minutes-2021-12-09.txt · master · Feneas / association · GitLab | Feb 19 01:08 | |
-TechBytesBot/#techbytes--> git.feneas.org | meetings/agm-minutes-2022-01-04.txt · master · Feneas / association · GitLab | Feb 19 01:08 | |
-TechBytesBot/#techbytes--> git.feneas.org | Feneas · GitLab | Feb 19 01:08 | |
*Despatche (~desp@u3xy9z2ifjzci.irc) has joined #techbytes | Feb 19 05:09 | |
*DaemonFC has quit (Quit: Leaving) | Feb 19 06:47 | |
*u-amarsh04 (~amarsh04@hngiv8sdpiaf2.irc) has joined #techbytes | Feb 19 07:06 | |
schestowitz | https://twitter.com/BrideOfLinux/status/1494707102786412556 | Feb 19 07:38 |
-TechBytesBot/#techbytes-@BrideOfLinux: LXer is up again, but it appears we might know what happened. https://t.co/tzN1NhzkfN | Feb 19 07:38 | |
-TechBytesBot/#techbytes-@schestowitz: I think we now know why #lxer is not reachable. See update in https://t.co/TRtrQG0uXT @brideoflinux @fossforce | Feb 19 07:38 | |
schestowitz | John Bulloch (@QuirkyForum): "Spent 35 years of my life as a political advocate.. Have been an outsider and an insider. Successful protests are funded by small domestic contributions only. Extremist elements try to infiltrate protests of all kinds. It is always about the money and how it is disguised." | nitter ⚓ https://nitter.eu/QuirkyForum/status/1494674762777473024 ䷉ #nitter | more in http://schestowitz.com/2022/02/19/#latest | Feb 19 07:39 |
-TechBytesBot/#techbytes-nitter.eu | John Bulloch (@QuirkyForum): "Spent 35 years of my life as a political advocate.. Have been an outsider and an insider. Successful protests are funded by small domestic contributions only. Extremist elements try to infiltrate protests of all kinds. It is always about the money and how it is disguised." | nitter | Feb 19 07:39 | |
-TechBytesBot/#techbytes-schestowitz.com | Social Control Media Posts | Feb 19 07:39 | |
schestowitz | https://twitter.com/DankwahMorrison/status/1494639436839141377 | Feb 19 07:39 |
-TechBytesBot/#techbytes-@DankwahMorrison: An intolerant bunch...#RIP brother. https://t.co/fjNMRbjQDD | Feb 19 07:39 | |
-TechBytesBot/#techbytes-@schestowitz: ● NEWS ● #AsiaNews #CivilRights ☞ Christian killed by a group of Muslims in #Lahore https://t.co/tjN8QyDe6H | Feb 19 07:39 | |
*psydruid (~psydruid@jevhxkzmtrbww.irc) has joined #techbytes | Feb 19 07:47 | |
*psydroid2 (~psydroid@cqggrmwgu7gji.irc) has joined #techbytes | Feb 19 07:47 | |
*u-amarsh04 has quit (Quit: Konversation terminated!) | Feb 19 10:36 | |
*u-amarsh04 (~amarsh04@hngiv8sdpiaf2.irc) has joined #techbytes | Feb 19 10:48 | |
*psydroid3 (~psydroid@cqggrmwgu7gji.irc) has joined #techbytes | Feb 19 11:05 | |
*DaemonFC (~daemonfc@zgk86ipra9utw.irc) has joined #techbytes | Feb 19 11:13 | |
*libertybox has quit (Ping timeout: 2m30s) | Feb 19 11:26 | |
*libertybox (~schestowitz_log@pumv3cb2rfinu.irc) has joined #techbytes | Feb 19 11:27 | |
*schestowitz-TR has quit (Ping timeout: 2m30s) | Feb 19 11:27 | |
*Techrights-sec has quit (Ping timeout: 2m30s) | Feb 19 11:27 | |
*Techrights-sec (~quassel@pumv3cb2rfinu.irc) has joined #techbytes | Feb 19 11:27 | |
*schestowitz-TR (~acer-box@pumv3cb2rfinu.irc) has joined #techbytes | Feb 19 11:27 | |
*u-amarsh04 has quit (Quit: Konversation terminated!) | Feb 19 13:28 | |
*u-amarsh04 (~amarsh04@hngiv8sdpiaf2.irc) has joined #techbytes | Feb 19 13:29 | |
*u-amarsh04 has quit (Quit: Konversation terminated!) | Feb 19 13:56 | |
*DaemonFC has quit (Quit: Leaving) | Feb 19 14:28 | |
*u-amarsh04 (~amarsh04@hngiv8sdpiaf2.irc) has joined #techbytes | Feb 19 20:15 | |
*u-amarsh04 has quit (connection closed) | Feb 19 20:30 | |
*DaemonFC (~daemonfc@389qztengum92.irc) has joined #techbytes | Feb 19 20:45 | |
*psydroid3 has quit (connection closed) | Feb 19 21:59 | |
schestowitz | https://twitter.com/iridesce57/status/1495126060081553412 | Feb 19 23:09 |
-TechBytesBot/#techbytes-@iridesce57: @schestowitz Played Wii Sports last night with a friend ... #Timeless | Feb 19 23:09 | |
schestowitz | https://twitter.com/ToolWfh/status/1495121245335359488 | Feb 19 23:10 |
-TechBytesBot/#techbytes-@ToolWfh: @schestowitz Same drama every time , corporate culture dismissed as a singular employee fault. Big4 crooks too big to catch | Feb 19 23:10 | |
schestowitz | https://twitter.com/StansLinux/status/1495098894711205890 | Feb 19 23:10 |
-TechBytesBot/#techbytes-@StansLinux: @schestowitz What's a better headline? :) | Feb 19 23:10 | |
schestowitz | https://twitter.com/danie10/status/1494981426642620417 | Feb 19 23:11 |
-TechBytesBot/#techbytes-@danie10: @schestowitz Too true! I've spent years curating free and open source alternatives to #ProprietarySoftware includin… https://t.co/kvcl3XJQSF | Feb 19 23:11 | |
-TechBytesBot/#techbytes-@danie10: @schestowitz Too true! I've spent years curating free and open source alternatives to #ProprietarySoftware includin… https://t.co/kvcl3XJQSF | Feb 19 23:11 | |
schestowitz | Danie van der Merwe (@danie10): "Too true! I've spent years curating free and open source alternatives to #ProprietarySoftware including a category for Health and Medical at https://gadgeteer.co.za/opensourcesoftware/" | nitter | Feb 19 23:11 |
schestowitz | <p><img src="" border="0" align="left" width="160" hspace="20" vspace="20" style="padding: 17px 17px 17px 17px; box-shadow: 5px 5px 5px #222;" /> | Feb 19 23:11 |
schestowitz | <p class="dropcap-first"> | Feb 19 23:11 |
schestowitz | <a href="https://nitter.eu/danie10/status/1494981426642620417"><img src="/files/read-on-white.png" alt="Read more" title="Read the rest of this article" /></a> | Feb 19 23:11 |
-TechBytesBot/#techbytes- ( status 404 @ https://nitter.eu/danie10/status/1494981426642620417"><img ) | Feb 19 23:11 | |
schestowitz | https://twitter.com/RayPride/status/1494955337857785858 | Feb 19 23:12 |
-TechBytesBot/#techbytes-@RayPride: “Shunned” and “banished” are more appropriate for the Einstein visa holder https://t.co/tgTnY3uJzQ | Feb 19 23:12 | |
-TechBytesBot/#techbytes-@schestowitz: Melania's donation to a computer science school was rejected, so now she feels cancelled | https://t.co/gVqYC5gG4K… https://t.co/pXlW0t7krq | Feb 19 23:12 | |
schestowitz | Turtle (@swimming_free): "Nothing notable about that. News outlets prepare headlines and stories for events that haven't happened and which might never happen, to have something ready to go in case it does. Donetsk has warned of a Ukrainian offensive for weeks. Makes sense they have an evac order ready." | nitter | Feb 19 23:12 |
schestowitz | <p><img src="" border="0" align="left" width="160" hspace="20" vspace="20" style="padding: 17px 17px 17px 17px; box-shadow: 5px 5px 5px #222;" /> | Feb 19 23:12 |
schestowitz | <p class="dropcap-first"> | Feb 19 23:12 |
schestowitz | <a href="https://nitter.eu/swimming_free/status/1494953505500450818"><img src="/files/read-on-white.png" alt="Read more" title="Read the rest of this article" /></a> | Feb 19 23:12 |
-TechBytesBot/#techbytes- ( status 404 @ https://nitter.eu/swimming_free/status/1494953505500450818"><img ) | Feb 19 23:12 | |
schestowitz | https://twitter.com/JohnChivall/status/1494945095031967751 | Feb 19 23:13 |
-TechBytesBot/#techbytes-@JohnChivall: I'm not sure capitalism can be trusted with medical implants https://t.co/19QrIlEicZ | Feb 19 23:13 | |
-TechBytesBot/#techbytes-@schestowitz: ● NEWS ● #IEEE #ProprietarySoftware ☞ Their Bionic Eyes Are Now Obsolete and Unsupported https://t.co/7rd1iPoZDH | Feb 19 23:13 | |
schestowitz | "Forget it, Jake. It's Chinatown." (@Burnera75476493): "Be careful with the grayzone on this issue. They seem to have misunderstood the protesters in Ottawa were very right wing and some were fascist aligned" | nitter ⚓ https://nitter.eu/Burnera75476493/status/1494945759476826112 ䷉ #nitter | more in http://schestowitz.com/2022/02/19/#latest | Feb 19 23:14 |
-TechBytesBot/#techbytes-nitter.eu | "Forget it, Jake. It's Chinatown." (@Burnera75476493): "Be careful with the grayzone on this issue. They seem to have misunderstood the protesters in Ottawa were very right wing and some were fascist aligned" | nitter | Feb 19 23:14 | |
schestowitz | GoWentGone (@ToolWfh): "Same drama every time , corporate culture dismissed as a singular employee fault. Big4 crooks too big to catch" | nitter ⚓ https://nitter.eu/ToolWfh/status/1495121245335359488 ䷉ #nitter | more in http://schestowitz.com/2022/02/19/#latest | Feb 19 23:15 |
-TechBytesBot/#techbytes-nitter.eu | GoWentGone (@ToolWfh): "Same drama every time , corporate culture dismissed as a singular employee fault. Big4 crooks too big to catch" | nitter | Feb 19 23:15 | |
*psydroid2 has quit (Ping timeout: 2m30s) | Feb 19 23:37 | |
*psydruid (~psydruid@jevhxkzmtrbww.irc) has left #techbytes | Feb 19 23:41 |
Generated by irclog2html.py
2.6 | ䷉ find the plain text version at this address (HTTP) or in Gemini (how to use Gemini) with a full GemText version.