=> back to Techrights (Main Index)
00:52 *Despatche has quit (Quit: Read error: Connection reset by deer)
01:06 schestowitz; "
01:06 schestowitz; Hello everyone,
01:06 schestowitz; While trying to export my real profile, I found out that ** anyone can access my exported data** ( profile and photos) from the Internet without any authorization !
01:06 schestowitz; I created a test user ( the present account ) to make sure I hadnt misunderstood. Sadly, the same problem happened. This seems to be a serious problem.
01:06 schestowitz; Does anyone know of this ? Is my privacy at risk ? Is it a recent problem ? If not, since when this issue has been present ?
01:06 schestowitz; I am worried that anyone could have downloaded my profile before and read my private messages without my consent or my knowledge.
01:06 schestowitz; Can you help ? Can someone fix this ?
01:06 schestowitz; Here is the example , anyone can download the exported profile for this test account :
01:06 schestowitz; https://diaspora-fr.org/users/uploads/diaspora_user834534050_data_0_D0c24AaT67cbMxvbLDgg.json.gz
=> ↺ https://diaspora-fr.org/users/uploads/diaspora_user834534050_data_0_D0c24AaT67cbMxvbLDgg.json.gz
01:06 -TechBytesBot/#techbytes- ( status 404 @ https://diaspora-fr.org/users/uploads/diaspora_user834534050_data_0_D0c24AaT67cbMxvbLDgg.json.gz )
=> ↺ https://diaspora-fr.org/users/uploads/diaspora_user834534050_data_0_D0c24AaT67cbMxvbLDgg.json.gz
01:06 schestowitz; Any comment would be appreciated.
01:06 schestowitz; Thanks
01:06 schestowitz; user834534050@diaspora-fr.org
01:06 schestowitz; user834534050@diaspora-fr.org - about 24 hours ago
01:06 schestowitz; UPDATE :
01:06 schestowitz; Hello everyone,
01:06 schestowitz; While trying to export my real profile, I found out that ** anyone can access my exported data** ( profile and photos) from the Internet without any authorization !
01:06 schestowitz; I created a test user ( the present account ) to make sure I hadnt misunderstood. Sadly, the same problem happened. This seems to be a serious problem.
01:06 schestowitz; Does anyone know of this ? Is my privacy at risk ? Is it a recent problem ? If not, since when this issue has been present ?
01:06 schestowitz; I am worried that anyone could have downloaded my profile before and read my private messages without my consent or my knowledge.
01:06 schestowitz; Can you help ? Can someone fix this ?
01:06 schestowitz; Here is the example , anyone can download the exported profile for this test account :
01:06 schestowitz; UPDATE : Sorry I mistyped the link is : https://diaspora-fr.org/uploads/users/diaspora_user834534050_data_0_D0c24AaT67cbMxvbLDgg.json.gz
=> ↺ https://diaspora-fr.org/uploads/users/diaspora_user834534050_data_0_D0c24AaT67cbMxvbLDgg.json.gz
01:06 schestowitz; Any comment would be appreciated.
01:07 schestowitz; Thanks
01:07 schestowitz; Michael Fenichel
01:07 schestowitz; Michael Fenichel - about 24 hours ago
01:07 schestowitz; Comment: That url leads to
01:07 schestowitz; 404 These are not the kittens youre looking for. Move along.
01:07 schestowitz; Wondering if youre seeing your cache or relative rather than absolute link.
01:07 schestowitz; Good luck. Hard enough for some of us to access our own data! Hope its private.
01:07 schestowitz; user834534050@diaspora-fr.org
01:07 schestowitz; user834534050@diaspora-fr.org - about 24 hours ago
01:07 schestowitz; @ psych@diasp.org
01:07 schestowitz; Can you try https://diaspora-fr.org/uploads/users/diaspora_user834534050_data_0_D0c24AaT67cbMxvbLDgg.json.gz ? I have corrected the mistake sorry.
=> ↺ https://diaspora-fr.org/uploads/users/diaspora_user834534050_data_0_D0c24AaT67cbMxvbLDgg.json.gz
01:07 schestowitz; Dennis Schubert
01:07 schestowitz; Dennis Schubert - about 24 hours ago
01:07 schestowitz; The last part of the filename, D0c24AaT67cbMxvbLDgg, is a 128-bit key, randomly generated for each export. You cannot guess that for any given user and export, and each export will have its own unique key. Unless you yourself share the URL, nobody will know the URL, so nobody else will be able to download the archive.
01:07 schestowitz; user834534050@diaspora-fr.org
01:07 schestowitz; user834534050@diaspora-fr.org - about 23 hours ago
01:07 schestowitz; The last part of the filename, D0c24AaT67cbMxvbLDgg, is a 128-bit key, randomly generated for each export. You cannot guess that for any given user and export, and each export will have its own unique key. Unless you yourself share the URL, nobody will know the URL, so nobody else will be able to download the archive.
01:07 schestowitz; Thanks Dennis ! so it is normal. What if someone guess or use random key to access data randomly , is it possible? How long does the exported data link remain valid ? Are developers aware of this ? ( just to be on the safe side)
01:07 schestowitz; Michael Fenichel
01:07 schestowitz; Michael Fenichel - about 23 hours ago
01:07 schestowitz; OK, @user834534050@diaspora-fr.org, Maybe moot but I got 3 .json & 1 .json.gz.
01:07 schestowitz; But better and more useful the note from Dennis. Still rooting for a good resolution.
01:07 schestowitz; Dennis Schubert
01:07 schestowitz; Dennis Schubert - about 23 hours ago
01:07 schestowitz; What if someone guess or use random key to access data randomly , is it possible?
01:07 schestowitz; Its pretty much impossible. If an attacker could somehow test 1000 random keys per second (which is impossible in reality), the attacker would have to brute force for an average of 5.3 octillion years (2^128/2 = 1.7010^38 possibilities for a 50% brute). Thats not going to happen.
01:07 schestowitz; How long does the exported data link remain valid ?
01:07 schestowitz; 14 days.
01:07 schestowitz; Are developers aware of this ?
01:07 schestowitz; Yes. Given what I said above, its not an issue.
01:07 schestowitz; (Whoops, I deleted my comment because I made a typo, and didnt copy its contents, so I had to write it again)
01:07 schestowitz; user834534050@diaspora-fr.org
01:07 schestowitz; user834534050@diaspora-fr.org - about 22 hours ago
01:07 schestowitz; Thank you. I dont understand your calculus to be honest. As long as the community agreed to this and, that it is safe enough, thats good enough for me I suppose. It is just that with all the data privacy scandals around, I am becoming less confident with how my data is handled by strangers.
01:07 schestowitz; user834534050@diaspora-fr.org
01:07 schestowitz; user834534050@diaspora-fr.org - about 21 hours ago
01:07 schestowitz; On a side note, Facebook protects data exports with a password so I guess it is important in any case. I still think that even though brute force may take years, like winning the lottery, it just takes one single strike to succeed out of millions, why taking the risk ?
01:07 schestowitz; What security measures are in place to make sure someone else doesnt download a copy of my information?
01:07 schestowitz; We have a number of security measures in place to help keep your account secure and protect your information on Facebook. Before you can begin downloading a copy of your information, we'll first ask you to enter your password. We may also ask you to complete additional verification steps before allowing your download to begin. To help protect your account, your download request will expire after a few days, and you can always request a new one.
01:07 schestowitz; Our security systems are always running to help mitigate threats before they reach you and your friends on Facebook, and we offer tools like Security Checkup and two-factor authentication as additional ways to improve the security of your account. Learn more about keeping your account secure.
01:08 schestowitz; Note: Keep in mind that your data request may contain private information. You should keep it secure and take precautions when storing or sending it, or uploading it to another service. You can always select specific sections when requesting a copy of your information.
01:08 schestowitz; sources : https://www.facebook.com/help/212802592074644
=> ↺ https://www.facebook.com/help/212802592074644
01:08 -TechBytesBot/#techbytes-m.facebook.com | Help Center
01:08 schestowitz; Dr. Roy Schestowitz ()
01:08 schestowitz; "
01:08 schestowitz; https://joindiaspora.com/posts/22282896
=> ↺ https://joindiaspora.com/posts/22282896
01:08 -TechBytesBot/#techbytes-@podmin@joindiaspora.com: # Hello JoinDiaspora there is some unfortunate news to share. Feneas will be dissolved and as Joindiaspora is one of the services. JD will also be shut down on 1 March. This is unless we can find someone who wants to take over the service. If you think you can handle the task please contact us via hq@feneas.org. You can find the original post below or via https://git.feneas.org/feneas/
=> ↺ https://git.feneas.org/feneas/
01:08 -TechBytesBot/#techbytes--> git.feneas.org | meetings/agm-minutes-2021-12-09.txt master Feneas / association GitLab
01:08 -TechBytesBot/#techbytes--> git.feneas.org | meetings/agm-minutes-2022-01-04.txt master Feneas / association GitLab
01:08 -TechBytesBot/#techbytes--> git.feneas.org | Feneas GitLab
05:09 *Despatche (~desp@u3xy9z2ifjzci.irc) has joined #techbytes
06:47 *DaemonFC has quit (Quit: Leaving)
07:06 *u-amarsh04 (~amarsh04@hngiv8sdpiaf2.irc) has joined #techbytes
07:38 schestowitz; https://twitter.com/BrideOfLinux/status/1494707102786412556
=> ↺ https://twitter.com/BrideOfLinux/status/1494707102786412556
07:38 -TechBytesBot/#techbytes-@BrideOfLinux: LXer is up again, but it appears we might know what happened. https://t.co/tzN1NhzkfN
07:38 -TechBytesBot/#techbytes-@schestowitz: I think we now know why #lxer is not reachable. See update in https://t.co/TRtrQG0uXT @brideoflinux @fossforce
07:39 schestowitz; John Bulloch (@QuirkyForum): "Spent 35 years of my life as a political advocate.. Have been an outsider and an insider. Successful protests are funded by small domestic contributions only. Extremist elements try to infiltrate protests of all kinds. It is always about the money and how it is disguised." | nitter https://nitter.eu/QuirkyForum/status/1494674762777473024 #nitter | more in http://schestowitz.com/2022/02/19/#latest
=> ↺ https://nitter.eu/QuirkyForum/status/1494674762777473024
=> ↺ http://schestowitz.com/2022/02/19/#latest
07:39 -TechBytesBot/#techbytes-nitter.eu | John Bulloch (@QuirkyForum): "Spent 35 years of my life as a political advocate.. Have been an outsider and an insider. Successful protests are funded by small domestic contributions only. Extremist elements try to infiltrate protests of all kinds. It is always about the money and how it is disguised." | nitter
07:39 -TechBytesBot/#techbytes-schestowitz.com | Social Control Media Posts
07:39 schestowitz; https://twitter.com/DankwahMorrison/status/1494639436839141377
=> ↺ https://twitter.com/DankwahMorrison/status/1494639436839141377
07:39 -TechBytesBot/#techbytes-@DankwahMorrison: An intolerant bunch...#RIP brother. https://t.co/fjNMRbjQDD
07:39 -TechBytesBot/#techbytes-@schestowitz: NEWS #AsiaNews #CivilRights Christian killed by a group of Muslims in #Lahore https://t.co/tjN8QyDe6H
07:47 *psydruid (~psydruid@jevhxkzmtrbww.irc) has joined #techbytes
07:47 *psydroid2 (~psydroid@cqggrmwgu7gji.irc) has joined #techbytes
10:36 *u-amarsh04 has quit (Quit: Konversation terminated!)
10:48 *u-amarsh04 (~amarsh04@hngiv8sdpiaf2.irc) has joined #techbytes
11:05 *psydroid3 (~psydroid@cqggrmwgu7gji.irc) has joined #techbytes
11:13 *DaemonFC (~daemonfc@zgk86ipra9utw.irc) has joined #techbytes
11:26 *libertybox has quit (Ping timeout: 2m30s)
11:27 *libertybox (~schestowitz_log@pumv3cb2rfinu.irc) has joined #techbytes
11:27 *schestowitz-TR has quit (Ping timeout: 2m30s)
11:27 *Techrights-sec has quit (Ping timeout: 2m30s)
11:27 *Techrights-sec (~quassel@pumv3cb2rfinu.irc) has joined #techbytes
11:27 *schestowitz-TR (~acer-box@pumv3cb2rfinu.irc) has joined #techbytes
13:28 *u-amarsh04 has quit (Quit: Konversation terminated!)
13:29 *u-amarsh04 (~amarsh04@hngiv8sdpiaf2.irc) has joined #techbytes
13:56 *u-amarsh04 has quit (Quit: Konversation terminated!)
14:28 *DaemonFC has quit (Quit: Leaving)
20:15 *u-amarsh04 (~amarsh04@hngiv8sdpiaf2.irc) has joined #techbytes
20:30 *u-amarsh04 has quit (connection closed)
20:45 *DaemonFC (~daemonfc@389qztengum92.irc) has joined #techbytes
21:59 *psydroid3 has quit (connection closed)
23:09 schestowitz; https://twitter.com/iridesce57/status/1495126060081553412
=> ↺ https://twitter.com/iridesce57/status/1495126060081553412
23:09 -TechBytesBot/#techbytes-@iridesce57: @schestowitz Played Wii Sports last night with a friend ... #Timeless
23:10 schestowitz; https://twitter.com/ToolWfh/status/1495121245335359488
=> ↺ https://twitter.com/ToolWfh/status/1495121245335359488
23:10 -TechBytesBot/#techbytes-@ToolWfh: @schestowitz Same drama every time , corporate culture dismissed as a singular employee fault. Big4 crooks too big to catch
23:10 schestowitz; https://twitter.com/StansLinux/status/1495098894711205890
=> ↺ https://twitter.com/StansLinux/status/1495098894711205890
23:10 -TechBytesBot/#techbytes-@StansLinux: @schestowitz What's a better headline? :)
23:11 schestowitz; https://twitter.com/danie10/status/1494981426642620417
=> ↺ https://twitter.com/danie10/status/1494981426642620417
23:11 -TechBytesBot/#techbytes-@danie10: @schestowitz Too true! I've spent years curating free and open source alternatives to #ProprietarySoftware includin https://t.co/kvcl3XJQSF
23:11 -TechBytesBot/#techbytes-@danie10: @schestowitz Too true! I've spent years curating free and open source alternatives to #ProprietarySoftware includin https://t.co/kvcl3XJQSF
23:11 schestowitz; Danie van der Merwe (@danie10): "Too true! I've spent years curating free and open source alternatives to #ProprietarySoftware including a category for Health and Medical at https://gadgeteer.co.za/opensourcesoftware/" | nitter
23:11 schestowitz;
23:11 schestowitz;
23:11 schestowitz;
=>
23:11 -TechBytesBot/#techbytes- ( status 404 @ https://nitter.eu/danie10/status/1494981426642620417"><img )
=>
23:12 schestowitz; https://twitter.com/RayPride/status/1494955337857785858
=> ↺ https://twitter.com/RayPride/status/1494955337857785858
23:12 -TechBytesBot/#techbytes-@RayPride: Shunned and banished are more appropriate for the Einstein visa holder https://t.co/tgTnY3uJzQ
23:12 -TechBytesBot/#techbytes-@schestowitz: Melania's donation to a computer science school was rejected, so now she feels cancelled | https://t.co/gVqYC5gG4K https://t.co/pXlW0t7krq
=> ↺ https://t.co/gVqYC5gG4K
=> ↺ https://t.co/pXlW0t7krq
23:12 schestowitz; Turtle (@swimming_free): "Nothing notable about that. News outlets prepare headlines and stories for events that haven't happened and which might never happen, to have something ready to go in case it does. Donetsk has warned of a Ukrainian offensive for weeks. Makes sense they have an evac order ready." | nitter
23:12 schestowitz;
23:12 schestowitz;
23:12 schestowitz;
=>
23:12 -TechBytesBot/#techbytes- ( status 404 @ https://nitter.eu/swimming_free/status/1494953505500450818"><img )
=>
23:13 schestowitz; https://twitter.com/JohnChivall/status/1494945095031967751
=> ↺ https://twitter.com/JohnChivall/status/1494945095031967751
23:13 -TechBytesBot/#techbytes-@JohnChivall: I'm not sure capitalism can be trusted with medical implants https://t.co/19QrIlEicZ
23:13 -TechBytesBot/#techbytes-@schestowitz: NEWS #IEEE #ProprietarySoftware Their Bionic Eyes Are Now Obsolete and Unsupported https://t.co/7rd1iPoZDH
23:14 schestowitz; "Forget it, Jake. It's Chinatown." (@Burnera75476493): "Be careful with the grayzone on this issue. They seem to have misunderstood the protesters in Ottawa were very right wing and some were fascist aligned" | nitter https://nitter.eu/Burnera75476493/status/1494945759476826112 #nitter | more in http://schestowitz.com/2022/02/19/#latest
=> ↺ https://nitter.eu/Burnera75476493/status/1494945759476826112
=> ↺ http://schestowitz.com/2022/02/19/#latest
23:14 -TechBytesBot/#techbytes-nitter.eu | "Forget it, Jake. It's Chinatown." (@Burnera75476493): "Be careful with the grayzone on this issue. They seem to have misunderstood the protesters in Ottawa were very right wing and some were fascist aligned" | nitter
23:15 schestowitz; GoWentGone (@ToolWfh): "Same drama every time , corporate culture dismissed as a singular employee fault. Big4 crooks too big to catch" | nitter https://nitter.eu/ToolWfh/status/1495121245335359488 #nitter | more in http://schestowitz.com/2022/02/19/#latest
=> ↺ https://nitter.eu/ToolWfh/status/1495121245335359488
=> ↺ http://schestowitz.com/2022/02/19/#latest
23:15 -TechBytesBot/#techbytes-nitter.eu | GoWentGone (@ToolWfh): "Same drama every time , corporate culture dismissed as a singular employee fault. Big4 crooks too big to catch" | nitter
23:37 *psydroid2 has quit (Ping timeout: 2m30s)
23:41 *psydruid (~psydruid@jevhxkzmtrbww.irc) has left #techbytes
=> back to Techrights (Main Index) This content has been proxied by September (3851b).Proxy Information
text/gemini;lang=en-GB