ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. Attackers can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

I can no longer recommend "pretty easy privacy" a.k.a. pEp email clients due strong unethical behavior of the company behind them. I highly recommend to use alternative solutions.

How to observe law enforcement surveillance

The Atlas of Surveillance is a database of surveillance technologies deployed by law enforcement

The Widespread Power of U.S. Law Enforcement to Search Mobile Phones

Based on 110 public records requests to state and local law enforcement agencies across the country, our research documents more than 2,000 agencies that have purchased these tools, in all 50 states and the District of Columbia. We found that state and local law enforcement agencies have performed hundreds of thousands of cellphone extractions since 2015, often without a warrant.

Building a fenced garden, one step at a time

"In the name of security and privacy, Google is taking away the ability for users to select third-party camera apps in Android 11, forcing users to rely on the built-in camera app."


Which basically can mean that if secret court in US decide they need backdoor in Jira, friendly ASIO (intelligence agency in Australia) might force Atlassian to include backdoor in their products and then pass info to US agencies or others from Five Eyes countries.

And since Atlassian was recently complaining how law impacted Australia and their company... 2/2

@threed according to the legislation as long as they have end users in Australia they might be compelled to include backdoors for following reasons: "enforcing the criminal law, so far as it relates to serious
Australian offences; or assisting the enforcement of the criminal laws in force in
a foreign country, so far as those laws relate to serious foreign offences; or safeguarding national security" 1/2

Considering that Atlassian’s policy and government affairs head, Patrick Zhang complained about the encryption laws in Australia, I'd suggest to give 0 trust to Atlassian products like jira, since most likely it contains some backdoor as required by local laws. Also isolating any email account used by its products

@federico3 @delta at least one project is working on fixing this, ever heard about GNUnet?

@cloud for GPG signatures, you should check project Sequoia PGP. It makes the things easier..

Show more