interesting, win10 during setup tells you “create a super memorable password”, doesn’t tell “create a super unbrutforcable password” or something more security oriented. because super memorable is an alias to easily breakable, right? probably. (:

#microsoft #security #password #windows10 #usability #privacy

բնօրինակ սփիւռքում(եւ մեկնաբանութիւննե՞ր)

would like to write about protonmail.ch or protonmail.com

It might look like I am criticizing the project, while I do not. Apparently I have even donated them money.

Recently they’ve opened free registration, so you can get your protonmail.com address. Actually I do not understand why sometimes you get protonmail.com and sometimes protonmail.ch domain. Your username @ protonmail.com does not work as username@protonmail.ch and vice versa.

So, protonmail claims that they encrypt your mailbox, and only you can decrypt it. You need to have two passwords - first for the login, and second to decrypt the mailbox. If you happen to forget the second password, then your mailbox will be lost forever, you can create a new mailbox and encrypt it with different password.

It all seems very attractive, however there are questions:

— if the mailbox is encrypted, then when you receive the email, they cannot put it to the mailbox? Then they have to store it at some temporary location? Wait until you login to decrypt the mailbox, so that they can add the email to that mailbox while it’s temporarily decrypted?

— if there is such a state, then if they required to retrieve your emails, they can do that technically, when you are logged in? and when you are not logged in, they can make copies (again, technically) of your emails while they were not added to your mailbox?

— if you send emails to the other email provider, like google, then obviously, your email will be stored and never erased by google. that is why Protonmail suggests to send emails from proton to proton in order to stay safe.

#protonmail #mail #security #cryptography #privacy

բնօրինակ սփիւռքում(եւ մեկնաբանութիւննե՞ր)

there were one network administrator, and he was saying than he is frustrated that Armenia did not ban free wifi spots. when i’ve asked why, he answered that there is a lot of crime happening because of free wifi spots, and he gets a lot of requests, even got request from interpol.

well, i believe it’s a way of thinking of policeman, not system administrator.

policeman wants to simplify it’s work, and putting everyone to cell they can decrease the probability of crime. by banning open windows they can decrease probability that some thief can use them. but it’s not a way of thinking of administrator. well, i believe it should not be.

when i came to work where i work now, i’ve learned a sentence from my colleagues: “we are not police, we are administrators.” i like it a lot.

#police #surveillance #network #safety #security #wifi #freedom

բնօրինակ սփիւռքում(եւ մեկնաբանութիւննե՞ր)

here was a ted talk, i believe, and one guy from Sweden was saying - if somebody is watching me, i would prefer it to be local NSA, rather than US NSA.

Well, I envy him. He trusts local NSA so much. He believes that it’s not engaged in crime, corruption, unlawful activities. At least, it’s likely engaged less than the NSA of my country. Thus he feels himself more confident than me.

I am afraid of my local NSA more than of wolves, vampires, ghosts. It’s not they who might nock my door at 5am, when I am completely innocent. And definitely not US NSA. It’s my native, lovely, NSA. Which supposedly defends interests of the nation, but I am not quite sure it does not actually defend interests of other parties like their own, government, criminals instead. Sigh.

#safety #naive #sweden #nsa #privacy #surveillance #corruption #crime #confidence #security #freedom

բնօրինակ սփիւռքում(եւ մեկնաբանութիւննե՞ր)

connecting to the piratebay from my hotel wifi. it asks to accept a self signed certificate issued by gibnet.ru. of course i did not, instead, via tor it did not require to accept any unknown certificate. if i would accept it they would be able to intercept my traffic. (:

#russia #security #privacy #thepiratebay #ssl #https #crypto #intercept #screenshot #freedom

բնօրինակ սփիւռքում(եւ մեկնաբանութիւննե՞ր)