The server side code is also proprietary. The main dev has provided justification for this, but if you really need security (instead of a convenient app) then you don't need a centralized server (that you have no control over) to begin with, even if it is just storing encrypted data.

just use Signal. I still use Telegram because Im a member of many tech groups but I just view it as this app is not encrypted. except private chats, which no one uses. Signal is 1000% better if privacy is important

wow that's great, just found you today on my recommended page, i'm mainly into tech and videogames!

Regardless of TG's backend security, its main issue is being tied to a number. Anyone who wants in can take the number and voila - access to everything. There are options to make this more secure, but there's a catch: it's very likely the user has used said number for _other_ online recovery methods. Which, are what TG uses to verify the 2FA. These corps have created a circular loop of insecurity via the information they make us divulge "for our security." Ironic.

Telegram should never be used 😂😂😂😂😂😂

i am cloud

Space computer = cyber cloud?

Unless you make your own, then it's "Your Cloud" haha.

Cloud or "Rented hardware"(the real term)?

I used to parrot that meme until i got into the workforce Cloud computing and edge computing are actual things

just because its in the cloud doesnt mean its secure. 🍿🚬... it means its still your problem to validate. validate. validate.

@@KJ-xt3yu Confirmed by the list of sites at haveibeenpwned.that that have leaked my info.

The "Cloud" is someone's server.

@@Sonya_Makepeace looked up tahoe-lafs?

Security has been an issue with corporations for years. They only see it as a cost rather than something that needs to be done. One org I worked at had almost no interest in getting the security issues with our systems fixed. There's also a constant stream of Reddit threads of other people saying they have those issues in their orgs as well. Until insurance companies and/or legislation make this a bigger priority, then things like the 23andme hack will continue.

Check any magazine from the 90’s. You will find a bunch install CDs there! Hahaha!

lol

Prodigy had prettier colors

Add Netscape Navigator for maximum nostalgia!

My coffee cup is sitting on it. 🤣

Encrypt the data before you upload it.

@@njpmeNo, I will not use them at all.

@@geofftottenperthcoys9944 seems a lil extreme, but I respect it. An encrypted offline backup can be the beneficial to something on-prem

You're still relying on other companies, just in a different way.

@@BenjaminWalburn says who? If geoff is like me, he has his own mailserver running, and makes offline backups weekly and local online backups daily... so on which company do we rely for our data then?

Yet here you are.

@@zer00rdie Might wanna try to make sense

@@Ebani Are you really that daft?

@@zer00rdie Sounds like you need help

@@Ebani Okay bud.

Had to for my school account when I was in college. My personal account is pretty much only used for Xbox though

Me too.

Well yeah, but this was an issue with Exchange Online permissions. Libre Office is not a mail server.

@@incandescentwithrageYeah. OP is like “I’m a vegan. Ask me anything because I’m interesting.”

But everything allows you to reset your password with your primary email. So if your main email is hacked you're screwed anyway. Might as well use oauth for secondary accounts then.

The problem with this approach is that a cloud provider manages thousands of services, invisible to you. They need OAUTH. What is true is that centralized authentication across multiple vendors is not necessarily a safe move. One vendor's security fails, and you watch the domino effect..

@@zazethe6553 the difference is that you can change your email password, what happened in this attack was an read access to the mailbox, they can read mails that where there, after the security is patched, the new mails with the confirmation won't be getting there. the problem with this reset approach is that you must use a token second factor authentication, the email must be the third factor, the password always the first. OAuth is insecure by design, it was created for laziness and social login, which is bullshit.

@@pascalmartin1891 There's other ways of doing federation of services without using oauth.

The fact that's even a thing is ridiculous. The idea that our own car could be used to spy on us, I mean. What kind of cursed world are we living in.

if you're afraid of that, then look into that smartphone you put into the car first, that's 10x more terrible for privacy, especially iphones, they straight out lie to you when you set them on "privacy mode"

I'm not fully sure about the privacy of their offering. I know they started offering something called Advanced Data Protection not long ago. It apparently uses zero knowledge encryption, but it doesn't apply for the entirety of iCloud.

Never used 365 and refused at every turn use an email account to log into my computer. I just knew it would turn bad someday

@@legionofanon Indeed. I've always thought it was dangerous not to use a local administrator account. I guess I was right.

And they thought I was crazy for wanting a local user account 🤣

AI would theoretically break both of those with relative ease. If the recipient is willing to undo an xor, then a safer choice is using the SHA-1 of a zip archive's name as the PW. An AI would need to pull down an implementation of SHA-1 and run it to break the PW, which most AIs I'm aware of simply won't be able to achieve. For now. The WolframAlpha plugin shows it's just a matter of time.

@@Mavendow i like that hash of file as pw idea. seems obvious in hindsight. i feel like theres only so much that an ai can try to do before its gives up right? like what indicates to give up on trying to open file? wolfram alpha’s new to me. i looked it up looks cool

It's not your emails they're looking for, they got those as part of the wide net no doubt, but it's not your data they're looking for

@@liquidsnake6879 seriously, some businesses that deal with government secrets as well as our government and military sometimes uses M365. I know a lot of public universities do (as I work for one). So I will fight you on those words you privacy heathen.

What the hack is TLS certificate? That hilarious Secretary said while important "recipes for disasters" were leaked for 2 whole months costing the secretary her promotion. And then she blame the patriarchy.🤷

because its annoying

Epstein island backdoor!

How has using OpenOffice protected you from anything?

@@o0Donuts0o No Microsoft No Cloud what don't you understand?

@@ausfoodgarden So you think because you use Open Office you are somehow magically protected for all your documents being exfiltrated from your device, server, network or premises? Okay…

Not Outlook directly but if someone uses the O365 email service, then yes. Hotmail wasn't mentioned in the articles I looked through.

A good security policy is to assume everything has been breached. I won't go into too much detail (YT won't allow my comment if I do) but basically these guys are skilled at obtaining access to other parts of organizations once they have admin access somewhere else. That's why we regularly see companies announce "they got X, but not Y and Z." Then weeks later: "Well, it seems they got Y too. But don't worry, Z is safe!" Then next month: "Ah, it seems they got everything." It's literally their job; they do this for a living. Save the hassle of finding out later, once it's too late, by assuming everything was taken.

My man! Thanks for the sub! 🍻

Hell yeah brother, thanks for the support! I think Apple has a solid eco system. It seems like they take security more seriously than MS. Looking at that from an OS perspective, a lot of that has to do with how Windows works. Apple has also been doing well with increasing their security overall too. Lockdown Mode and Advanced Data Protection are a couple of their most recent features that I think are really good. I haven't tried Private Relay yet, but I heard that's also good. Apple wants people to think they are the better option, which is probably why they have done a better job at securing their stuff overall. If they had stuff like this happening to them, it'd be a huge blow to their PR.

Shame it was the CIA and not Russia that did the hack then... you are already "fooked"...

Or incriminating evidence! Maybe someone showed Bill his ‘Fantasy Island’ videos!

Attention 304

gimme attention please@@robertanderson5092

😂😂😂😂😂😂 I love it 😻

Me, too. I am SSSOOOO significant.

I haven't seen any information covering that specifically, only that all accounts were able to be accessed.

@@KenHarrisio Thank you most gratefully.

This is spot on. I think the reason that the "cloud" has taken off so much has mostly been because of the marketing. The suits think that outsourcing and getting rid of most of the on prem staff/infrastructure is the easy way. I suppose it might work well for some, but the security issues will always be there and the costs for this stuff just keep rising.

Bingo 😀

They already have that option. Would not have stopped this.

@@rinzler9775 the only way this would have stopped is if they encrypted the mail inbox with the user credentials, why don't they do that ? probably because stupid spy agencies used that "test Oauth token" to do "their job".

@@rinzler9775 Option being the pivotal word. It's not mandatory. Token protection helps. Token protection creates a cryptographically secure tie between the token and the device (client secret) it's issued to. It's another layer of security.

Windows 11 requires a custom ISO to do it reliably. While I have modded my copy of Windows, this is not what everyone should be doing, because it makes the OS and by extension the device cryptographically insecure. A popular tool to do this is Rufus, and who's to say that developer's PC hasn't been compromised? Heck, Microsoft included a backdoor within their Visual C++ *compiler* years ago. Only after people noticed that their compiled exe's were contacting MS's servers did they backtrack. The solution is to start avoiding MS tools wherever security is required.

I figure CIA more likely, they have access to the Epstein Island footage, plenty of leverage!

apple, lol, those guys that told the state couldn't hack their phones and within 2 weeks it was announced that the iphone was unlocked... you gotta believe everything apple says, and then after you gained all that knowledge, just take the opposite of those words and forget what apple said. They're the biggest hypocrits and liars in tech

Hmm, tell me again, How fast does a computer work with no human interaction? OOOOOOhhhhhhhhhhhhhh - huh.

Password changes aren't nearly as helpful as you think.

exactly!

I got the impression from the article that MS is trying to downplay this as much as they can. I noticed some articles coming up in previous weeks talking about it as well, but I haven't noticed it get much coverage.

Everyone knows......

Lamestream?

You realise that this attack was conducted by hacked "home computers" in residential areas, so the traffic comes from clean IP addresses in the region. Not protecting your IT infrastructure, be that web sites LAN or WAN just gives the bad guys more choice. "Midnight Blizzard used residential proxy networks, routing their traffic through a vast number of IP addresses that are also used by legitimate users"

Your data is training the next generations of AI advent into cyborgs and androids. Your likeness, views, and thoughts have all been sold to the highest bidder long ago. All hail Skynet that will continue to live in our image.. right down to the mannerisms and personalities. Immortality???

The point is that that information that you deem unimportant paints a very accurate image of you. To the extent it can be used to predict your behaviour. If your behaviour can be predicted, it becomes very easy to manipulate you.

@@guser7137 If they have enough information to manipulate me, they're not doing a very good job. Plus all these passwords and accounts are not going to protect any data from the people who are selling it.

You might consider that a criminal could use that 'second tier' data to convince a friend or family member that they know you personally. "I went to school with your son years ago." "Oh, that's nice."

You're clearly not a dev, or someone with critical thinking skills.

@@BenjaminWalburn

@@BenjaminWalburn You're clearly someone with more pronouns than braincells.

I was waiting for this to be mentioned too. This is the first video I’ve seen on this channel, so I’ll look at the other videos here.

No

Something like Jitsi or Signal's calling service is going to be better for security and privacy.

Isn’t hangouts discontinued like everything else google makes?

​@@TheZettaze It's called 'chat' now. It's the one product they somehow keep rebranding after saying it's going to end.

@@TheZettaze no its part of gmail and google workspace, it got renamed to Google meet and google chat

A think a more intelligent questions would be, who created a toggle for being able to read everybody's emails. Plenty of reasons why somebody would want that. But not many people who would admit to having actually done it. I think it must have been by design.

@@DailyCorvid you and I both know that my question was entirely rhetorical. Hence the exclamation instead of a question mark. And I'm pretty sure most of the people in this comment section are smart enough to give an answer to yours. We all knew this was a thing. We just didn't know the extent of their capabilities and now that the cat is out of the bag it's going to be real sad to see nothing get done about it. I always knew that emails and windows itself had backdoors written into them. But I had at least hoped that the backdoor for emails had to be toggled per individual. Fucking crazy that there is an all or nothing. I have a few thoughts about how this scenario could be weaponized for evil obviously, but a few wear it could be used for good as well. Let's say someone at Microsoft is just waiting on a certain initiative to do a mass leak of corrupt government officials. And these hackers just destroyed their timeline. Hopefully we will see some positive fallout from this. Whether it is action against privacy invasion or some action similar to what I theorized. hopefully both

I think you missed the point of what I was saying - I wasn't making out your comment was dumb, I was saying it must have been done purposefully to begin with, and that's why it was never detected. Somebody covered their tracks having set it up, and it was done with intention to be used the way it was.

@@DailyCorvid I know you weren't friend. I'm not arguing that you were. And I'm agreeing with your statement as well if you read into my reply. I just didn't say so outright. Sorry for the confusion

@@DailyCorvid but I do realize that maybe I missed your point that this was always a singular agent or entity(agency) who meant for this do be kept secret and hidden even from the heads of the hydra. I touched on that thought, but may have misread that that was you focus.

I’d believe CIA state hackers before Russian!

Our mail

He mentioned tutanota which is the old name for tuta

Thanks I MISSED HIM SAYING IT. @@Lownwolf-sm5py

I'll need to get some more context to help you out. Are you currently using Windows, and If so, which version? Also, what anti virus do you have installed on your computer? Do you also have any more details on the infection, like odd programs appearing or any other odd behavior?

@@KenHarrisio yes it is windows... not sure what antivirus was on it.. I know it did have McAfee, Norton and Avast were all on it. I have been extremely stalked for a while now. To the point every thinks I am crazy. I am not technology inclined. Whoever has hacked me has been keeping a record of all that I do for a feed years it seems. They told me so by posting on the different social media apps and they are hacked into my home TVs as well as my phone. It is an iPhone. It taunts me. At some point I know they will have a very bad end. But I wish them to stop now. It literally drives me crazy.

@@beckylowery5236 As far as Windows, I would recommend using something called a second opinion scanner. A good one is Kaspersky Virus Removal Tool. You could also try Malwarebytes. You don't need to pay for it, as you can just use the on demand scanner for free. As for the iPhone, if it has iOS 16 or newer, you could consider using Lockdown Mode. It'll restrict the usability of the phone though. You can find more info on Apple's website about it. It's really easy to turn on and off if you decide to try it.

Yes this true because the guids for each account are different for each tenant. So the test account in a separate tenant is not the same.