logo

blog

My little blog can’t be this cute! git clone https://hacktivis.me/git/blog.git
commit: ea013762a131986923f09936c5519b6784da4ec1
parent 4fc6ea16d8d5da6d24ebfd9a2d70bce36720f197
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date:   Wed,  1 Jul 2020 19:52:37 +0200

projects/badwolf: Rephrase session isolation


Diffstat:


Marticles/Pretty Bad Privacy.xhtml1+


Mprojects/badwolf.shtml2+-


2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/articles/Pretty Bad Privacy.xhtml b/articles/Pretty Bad Privacy.xhtml
@@ -138,6 +138,7 @@ Compression: Uncompressed, ZIP, ZLIB, BZIP2
 <h2 id="keybase">Bonus: Keybase is a fuck</h2>
 <p>Keybase is what you get when you want crypto (just the math), but you do not care about security (they are called secrets for a reason) or privacy (social-media with a cryptographically verified graph that lives forever…).</p>
 <ul>
+	<li>It got bought by Zoom, which is known-bad/evil for privacy. (<a href="https://en.wikipedia.org/wiki/Zoom_Video_Communications#Criticism">Zoom Video Communications - Wikipedia</a>)</li>
 	<li>You are encouraged to upload your private keys to them, with <a href="https://keybase.io/triplesec">their own algorithm</a>) and it is hard to revoke (Please revoke your key and create another): <a href="https://github.com/keybase/keybase-issues/issues/160">Uploading private keys puts users at risk, keybase/keybase-issues#160</a>, <a href="https://github.com/keybase/keybase-issues/issues/731">Can't revoke the proof from web, keybase/keybase-issues#731</a> (note: even after revocation it could still be verified, revocation being advisory), <a href="https://github.com/keybase/keybase-issues/issues/1946">GPG smartcard security bypassed by delegated private key, keybase/keybase-issues#1946</a>, <a href="https://github.com/keybase/keybase-issues/issues/1912">How to export private key from keybase with API or kbpgp.js?, keybase/keybase-issues#1912</a></li>
 	<li>It is centralised (and so proprietary) and harms decentralisation. For example: pleroma basically can’t have keybase integration because the instances are too small, lol, mastodon instances are way too big.</li>
 </ul>
diff --git a/projects/badwolf.shtml b/projects/badwolf.shtml
@@ -23,7 +23,7 @@
 		<p>BadWolf is a minimalist and privacy-oriented <a href="http://webkitgtk.org/">WebKitGTK+</a> browser.</p>
 		<dl>
 			<dt>Privacy-oriented</dt>
-				<dd>No browser-level tracking, ephemeral sessions, isolated tabs, JavaScript off by default</dd>
+				<dd>No browser-level tracking, multiple ephemeral isolated sessions per new unrelated tabs, JavaScript off by default</dd>
 			<dt>Minimalist</dt>
 				<dd>Small codebase (~1 500 <abbr title="Lines of Code">LoC</abbr>), reuses existing components when available or makes it available</dd>
 			<dt>Customizable</dt>