@@LethalBubbles when you factor in inflation, it still comes out 1337 times better than the current competition. what do we got now? some obscure maybe quantum proof algorithms? pssh 👋 still poop. thanks to obama (1 year after 2007, coincidence???) we got reddit hug boxes and discordian melodies of forced love that even Ukrainian military rely on. I fart in your general direction (will anyone get that reference?) and laugh at you. Everything is getting leaked these days. Heck you could say they did it before it was cool! ™️
@@LethalBubbles did you delete my comment jody or was it youtube? ☹️ im not mad but would like to know just to know it was a reply in this little thread
The ultimate problem is do you trust the person you are communicating with, they can also be compromised and offered a "deal" etc. This has been shown in many big busts.
If you have an adited source code of the client program and you know that is the code used to make the client program. And you know (from the source audit) the the client program uses end-to-end encryption and never sends out your private key. And from that audit you know standard secure public private key cryptography is used. Then you can be SURE your communication IS truly private, because it would be impossible for the server to decrypt the messages.
@@JacobP81 Public-key cryptography can be hijacked. A man in the middle can intercept, do the crypto handshake with you, then do the crypto handshake with the peer on your behalf. They become a relay and you have no idea. SSL/TLS work around this by declaring certain systems as "certificate authorities." Those authorities' keys are used to validate that the asymmetric keys are the ones issued by the authority for that specific server. E2EE doesn't have certificate authorities. Even if they did, there's no way to know if the CA was compromised by the feds and forced to issue a false cert.
The main problem is that none of the mainstream instant messengers that claim to be "secure" is nowhere close to actually being secure. A good start would be to have a simple, open and encryption-agnostic protocol (like IRC) that everyone can use and host their own servers, with or without encryption.
Hi Jody, Can you tell me if there is any free video editing software? I was checking. Amazon and a lot of the software there came with a hitch..., you have to pay to open certain features and then you have to pay a monthly fee. Any open source programs? Thanks
Openshot is a free open source video editor but I can't speak about how powerful it is. All I've done with it is just combine video files and then output.
There are others but I prefer non-linear editors when I look for most video editing tasks. kdenlive and olive support Linux, Mac, Windows or pitivi on Linux only. Another choice I got into messing with before 2005 is Cinelerra and would likely focus on firing that up again first before falling back to alternatives. It had a lot of capabilities available but was less straightforward in how to accomplish 'basic' tasks which may involve using a few other basic tools to get that end result. It also seemed to use more professional production terminology which confused beginner/basic users until they learned it. For what little I have done, I'm not sure if I could recreate previous projects in the other editors due to transitions+effects and how I was able to use them; might be doable but I'd have a lot of research into how the others offer to try to do somilar. Its Linux only but I have had success manually getting the -cv fork running on FreeBSD in the past but would likely need to 'rework' those efforts to run on a modern system (seems best to move to -gg fork or back to original source heroine virtual to rework it). Really not sure why it gets so little attention in the Linux community since its generally been there longer than the popular choices and has such an extensive set of features.
freenet was supposed to be a way to decentralize the internet and allow all content to be hosted peer to peer in a distributed manner. this differs from onion services, where you have to stay online for people to access your website. freenet was basically abandonware sadly, the last time i checked it out. there is a project called Qortal that is doing something similar which has a lot more flexibility. people host websites, app, shops, videos, etc. it also has chat system and content is fully uncensorable.
XMPP with OMEMO encryption can (but does not have to, depends on each user how paranoid he wants to be), require you to verify the other parties device fingerprint in person through a QR code before sending any messages, and those messages can only be decrypted by that device. If he choses to use a new device, it cannot decrypt older conversation, and you have to set your trust level for it again before sending a message. It does require a server, but you can self host.
It's a video about real-time messengers, not email. Lavabit only came up because it's a rare example of integrity. I don't trust ProtonMail. I have no way of confirming they're telling me the truth about how their service works.
@@JacobP81 Google Play Services has tons of permissions and is already used to bypass permissions for apps by doing it through the framework instead of directly. I would absolutely consider that to be spyware.
With google play services provided to it, 3rd party google play services reimplementation, or were you actually ever able to leave it out entirely? I presume the 1st but would be good to know if its others and if so what bank permitted it. Mine had silly demands like it demanding GPS and other permissions on various tasks that used to be able to be done from a PC with Java and no GPS receiver; similar changes for other invasive permissions with the bank over time have happened too.
All your privacy are belong to us. The game has long been over. You connect to the internet, all of your data can be intercepted and decrypted. Browsers, as well as many applications and perhaps even embedded software in hardware, have READ access to your computer and server.
I don't think it's good to scare people away from secure messenger apps. Yes many so called end-to-end encrypted apps are not really secure. But there are some that are where you control your key.
Oops, someone hasn't heard of Pigeon with the OTR plugin. Its end to end encrypted and you can't talk to anyone with encryption on until both parties have exchanged keys.
I messed with Kopete + GPG encryption back in the day. Fun stuff, good end to end security, but still has privacy + security flaws that could use better design.
@@JodyBruchonoh just woke up and not thinking all that straight, I forgot to also point out perfect forward secrecy again because after keys have been securely exchanged if they are stolen in future that won't help to decrypt prior conversations.
The key is 'you control'. You can't really know if you control the key unless you 100% know what your app/operating system is doing on your device with the said key and Jody did mention that.
@@Wolterhon asymmetric encryption fixes this by separating the private key from the public key. If your public key is compromised there is no risk to the data being decrypted. The biggest risk is mitm attack where the middle man captures both handshakes and replaces the keys with keys they control. Matrix has solved this because you can generate a code to show to your recipient that can validate that the key they are signing their messages with is the same as the one that is on the other parties device and not some malicious actors key. This problem has been solved.
@@JodyBruchon they can send you a picture of the code and unless the mitm is willing to capture that image and manipulate all while betting that you'll not communicate about the verification any further then sure in person is the only option.
@@JodyBruchonthe problem is if the software is storing any keys on a server is not actually a secure software it has to go through peer-to-peer device to device sharing the keys nowhere else anybody else that is not doing that is a liar and is not trustworthy and shouldn't be used as software the big red flag is a company you should never use any software that is represented by a company it should be only by the community and run by the community in a FOSS matter people don't understand the future of the human race is at state if we do not do this cuz they're going to bring in a digital dollar social credit system that's going to control everybody and there will be no more freedom
@@JodyBruchonand also yes government can use their resources and money and their back doors to find anybody in the world but they can't do it in Mass the whole point in collecting all the data on the people is to use the data to control the population they pin AI algorithms and they funneled through their to control the population it's not about stopping criminals it's not about making Society better on spying on people it's about controlling people and there's so many people that are so dumb and don't even realize what the government / corporations doing they don't have a clue what's going on the government / Corporation / banking cartel are scared of people like us that knows what's going on
![เปิด อาณาจักร หมื่นล้าน "สาระตั้ม" l [Nickynachat]](http://i.ytimg.com/vi/3XE0nPF4YkQ/mqdefault.jpg)
no wonder why there are more and more apps, causing more and more vulnerabilities.
The only way to have trust is to get rid of post-2008 mobile tech, throw out your Alexas, and live in walled-off communities like the Amish. I'm game.
AOL chat was the ONLY true secure messenger. That's why they had to shut it down 😢DAMN YOU GLOWIES!!!!
aol was logging everyone and it all got leaked around 2007
@@LethalBubbles when you factor in inflation, it still comes out 1337 times better than the current competition. what do we got now? some obscure maybe quantum proof algorithms? pssh 👋 still poop. thanks to obama (1 year after 2007, coincidence???) we got reddit hug boxes and discordian melodies of forced love that even Ukrainian military rely on. I fart in your general direction (will anyone get that reference?) and laugh at you. Everything is getting leaked these days. Heck you could say they did it before it was cool! ™️
@@LethalBubbles did you delete my comment jody or was it youtube? ☹️ im not mad but would like to know just to know it was a reply in this little thread
I don't recall deleting anything you wrote.
@@JodyBruchon thanks for update lets me know that they are doing it. all I can hope for is *insert sarcasm here*
The ultimate problem is do you trust the person you are communicating with, they can also be compromised and offered a "deal" etc. This has been shown in many big busts.
That's a whole other level of problems. The harsh truth is that you can't.
If you have an adited source code of the client program and you know that is the code used to make the client program. And you know (from the source audit) the the client program uses end-to-end encryption and never sends out your private key. And from that audit you know standard secure public private key cryptography is used. Then you can be SURE your communication IS truly private, because it would be impossible for the server to decrypt the messages.
@@JacobP81 Public-key cryptography can be hijacked. A man in the middle can intercept, do the crypto handshake with you, then do the crypto handshake with the peer on your behalf. They become a relay and you have no idea. SSL/TLS work around this by declaring certain systems as "certificate authorities." Those authorities' keys are used to validate that the asymmetric keys are the ones issued by the authority for that specific server. E2EE doesn't have certificate authorities. Even if they did, there's no way to know if the CA was compromised by the feds and forced to issue a false cert.
The main problem is that none of the mainstream instant messengers that claim to be "secure" is nowhere close to actually being secure.
A good start would be to have a simple, open and encryption-agnostic protocol (like IRC) that everyone can use and host their own servers, with or without encryption.
They do. It's called TCP/IP. 😎
@@JodyBruchon I meant a higher level protocol than that.
Hi Jody,
Can you tell me if there is any free video editing software? I was checking. Amazon and a lot of the software there came with a hitch..., you have to pay to open certain features and then you have to pay a monthly fee.
Any open source programs?
Thanks
Openshot is a free open source video editor but I can't speak about how powerful it is. All I've done with it is just combine video files and then output.
@@anthonybf2 WOW! That was a quick reply! Thank you so much. I'm on the shores of Lake Erie near Presque Isle bay!
DaVinci Resolve has a free version. It's not open source but it's professional level.
There are others but I prefer non-linear editors when I look for most video editing tasks. kdenlive and olive support Linux, Mac, Windows or pitivi on Linux only.
Another choice I got into messing with before 2005 is Cinelerra and would likely focus on firing that up again first before falling back to alternatives. It had a lot of capabilities available but was less straightforward in how to accomplish 'basic' tasks which may involve using a few other basic tools to get that end result. It also seemed to use more professional production terminology which confused beginner/basic users until they learned it. For what little I have done, I'm not sure if I could recreate previous projects in the other editors due to transitions+effects and how I was able to use them; might be doable but I'd have a lot of research into how the others offer to try to do somilar. Its Linux only but I have had success manually getting the -cv fork running on FreeBSD in the past but would likely need to 'rework' those efforts to run on a modern system (seems best to move to -gg fork or back to original source heroine virtual to rework it). Really not sure why it gets so little attention in the Linux community since its generally been there longer than the popular choices and has such an extensive set of features.
@@JodyBruchon DaVinci makes Adobe look like hot trash.
Was that the thinking behind "freenet"?
freenet was supposed to be a way to decentralize the internet and allow all content to be hosted peer to peer in a distributed manner. this differs from onion services, where you have to stay online for people to access your website. freenet was basically abandonware sadly, the last time i checked it out. there is a project called Qortal that is doing something similar which has a lot more flexibility. people host websites, app, shops, videos, etc. it also has chat system and content is fully uncensorable.
They were trying to do the same thing but with the website paradigm, not the messaging one.
XMPP with OMEMO encryption can (but does not have to, depends on each user how paranoid he wants to be), require you to verify the other parties device fingerprint in person through a QR code before sending any messages, and those messages can only be decrypted by that device. If he choses to use a new device, it cannot decrypt older conversation, and you have to set your trust level for it again before sending a message. It does require a server, but you can self host.
If U can do it in person there is no point having an 'app', because U can exchange words & stuff without any 'devices' at all = dum.
I thought you'd mention Protonmail, but nope, nothing.
It's a video about real-time messengers, not email. Lavabit only came up because it's a rare example of integrity. I don't trust ProtonMail. I have no way of confirming they're telling me the truth about how their service works.
The secure system you described sounded a bit like SimpleX. At least with my limited understanding.
@@trstensvold SimpleX uses servers for things. Says so on the front page of the website.
@@JodyBruchon my bad
What your saying is what if Android has spyware built in. Because if Android is going into your app and looking at your private key that IS spyware.
@@JacobP81 Google Play Services has tons of permissions and is already used to bypass permissions for apps by doing it through the framework instead of directly. I would absolutely consider that to be spyware.
I run my banking app on a grapheneos phone just fine.
With google play services provided to it, 3rd party google play services reimplementation, or were you actually ever able to leave it out entirely? I presume the 1st but would be good to know if its others and if so what bank permitted it. Mine had silly demands like it demanding GPS and other permissions on various tasks that used to be able to be done from a PC with Java and no GPS receiver; similar changes for other invasive permissions with the bank over time have happened too.
@@mirror1766 No google and no location. If they ever want that for me I am just uninstalling.
Who do you think created the chips for that phone?
What does that have to do with a banking app working with non-stock android?
All your privacy are belong to us. The game has long been over. You connect to the internet, all of your data can be intercepted and decrypted. Browsers, as well as many applications and perhaps even embedded software in hardware, have READ access to your computer and server.
I don't think it's good to scare people away from secure messenger apps. Yes many so called end-to-end encrypted apps are not really secure. But there are some that are where you control your key.
Maybe such precautions is taking a bit far when the goal is "keep my conversations from being used by ad companies".
@@Iceman5613 That's not what secure messengers are for. Any messenger that doesn't sell your data to ad companies would work for that purpose.
Oops, someone hasn't heard of Pigeon with the OTR plugin. Its end to end encrypted and you can't talk to anyone with encryption on until both parties have exchanged keys.
And what prevents interception and proxying? btw I used Pidgin in the late 00s.
I messed with Kopete + GPG encryption back in the day. Fun stuff, good end to end security, but still has privacy + security flaws that could use better design.
@@JodyBruchonexchange the keys in person like at a gang meeting or at the next capos birthday party
@@JodyBruchonoh just woke up and not thinking all that straight, I forgot to also point out perfect forward secrecy again because after keys have been securely exchanged if they are stolen in future that won't help to decrypt prior conversations.
If you have a private key you control then no one else can decrypt it. You can test it snd see. What are you talking about ?
The key is 'you control'. You can't really know if you control the key unless you 100% know what your app/operating system is doing on your device with the said key and Jody did mention that.
@@Wolterhon asymmetric encryption fixes this by separating the private key from the public key. If your public key is compromised there is no risk to the data being decrypted. The biggest risk is mitm attack where the middle man captures both handshakes and replaces the keys with keys they control. Matrix has solved this because you can generate a code to show to your recipient that can validate that the key they are signing their messages with is the same as the one that is on the other parties device and not some malicious actors key.
This problem has been solved.
It's been solved...but only if you meet up physically.
@@JodyBruchon they can send you a picture of the code and unless the mitm is willing to capture that image and manipulate all while betting that you'll not communicate about the verification any further then sure in person is the only option.
8:00 lol ok
@@oooboo3249 Explain.
@@JodyBruchonthe problem is if the software is storing any keys on a server is not actually a secure software it has to go through peer-to-peer device to device sharing the keys nowhere else anybody else that is not doing that is a liar and is not trustworthy and shouldn't be used as software the big red flag is a company you should never use any software that is represented by a company it should be only by the community and run by the community in a FOSS matter people don't understand the future of the human race is at state if we do not do this cuz they're going to bring in a digital dollar social credit system that's going to control everybody and there will be no more freedom
@@JodyBruchonand also yes government can use their resources and money and their back doors to find anybody in the world but they can't do it in Mass the whole point in collecting all the data on the people is to use the data to control the population they pin AI algorithms and they funneled through their to control the population it's not about stopping criminals it's not about making Society better on spying on people it's about controlling people and there's so many people that are so dumb and don't even realize what the government / corporations doing they don't have a clue what's going on the government / Corporation / banking cartel are scared of people like us that knows what's going on