What are the implications of this?

I thought I was commenting on a different post. Sorry about that

I hope you realise that the comment you replied to is really just a reference to the Succulent Chinese Meal video.

The source is this article.

It’s not just “technically difficult” to eavesdrop. Properly implemented, it’s computationally impossible to eavesdrop on a connection secured with TLS.

Not being end-to-end encrypted is meaningless to law enforcement if Telegram refuses to turn over the chat contents (which they do). Law enforcement can’t just eavesdrop on the conversation without Telegram’s cooperation. The chat contents are still secured by TLS from the user’s device to the Telegram servers.

Smart professional criminals rarely use Telegram for this stuff anyway. There’s WhatsApp and plenty of other popular platforms of end-to-end encrypted

What is the charge? For operating a messaging platform? A succulent private messaging platform?

This is kind of what people are missing. These people really do produce millions of dollars worth of labour. That’s how entertainers are paid; the more people want to see their performance, the more that performance is worth.

Password is necessary for two-factor authentication. The factors of authentication are something you know (like a password), something you have (like a cell phone), and something you are (like a biometric).

An example of three-factor authentication would be this—imagine a spy going into a secret bunker. They need to scan their iris, insert a key card, and then enter a passcode before the door opens. This has all three factors of authentication; the passcode is something they know, the key card is something they have, the iris scan is something they are.

If it just sends a code to your phone, that’s one-factor authentication (something you have). Anyone with your phone can get into your account. Unless, of course, your phone hides its notifications and you have a screen lock. Then that’s actually two-factor authentication because you also need to know the phone PIN or have the biometric.

If it just asks for a password, that’s one-factor authentication (something you know).

If it asks for your password and then sends a code to your phone, which you need a fingerprint or face scan to unlock, you have achieved three-factor authentication.

Edit: Interesting tidbit—in the USA, you can rent a mailbox at the post office to receive mail when you don’t want to give out your real address. Useful for privacy reasons. I’m sure they have similar things in other countries. These mailboxes come with a key. This is actually two-factor authentication, because the keys usually don’t have the mailbox number written on them! So you have to have the key and also have to know which mailbox among the hundreds at the post office it opens.

TOTP is standardised by RFC 6238 so all TOTP clients must comply with the standard and therefore work equally well. Pick the one whose UI you like the most and is otherwise good enough for your use case and personal preferences. It’s similar to arguments over CPU thermal paste—its presence or absence makes a much larger difference than the method of application.

You do, however, want to pick something that is free and open-source and also popular. Google Authenticator (closed source) definitely is a functional TOTP client but you have to trust that the Google engineers have done a good job building a secure app. Since it’s Google, they probably have, but a principle in security is that you should not have to trust more people than absolutely necessary.

Yes, but this is like replacing the front door of your house with a bank vault door. Yes, it’s more secure, but there is a point of “reasonably secure enough” for most people and at some point, you are just inconveniencing yourself for no tangible gain.

It’s not a hard concept. In almost every well-designed security system, the weakest links are invariably the humans

The passwords are stored locally. You can test this yourself by turning off your WiFi or disconnecting your Ethernet cable and then going to about:logins. All the passwords will still be there.

Me who only has the original Cantonese version:

…which increases the cost of doing business for those companies.

And if eco-terrorists are successfully killing their directors, then they are probably also setting fire to their offices, mailing poison to managers, sending death threats and hate mail to employees, vandalising company property, calling in bomb threats to their refineries, executing those threats…

I add an asterisk to your comment.

If enough executives get killed by eco-terrorists then people will reconsider wanting to be an executive at those companies.

No, it’s not science. It’s logic based on a few observations. If you don’t observe the same things as I do, you will not come to the same conclusions.

Oh, I understand they are usually human. I just don’t think their viewpoints are worthy of discussion. And you make this judgement every day as well, even if you refuse to admit it. And perhaps you make it on grounds that are less sound.

You can say that. It doesn’t matter though. I am right. You can keep saying “nuh uh” if you want.

No, of course, I cannot. I do not judge what category someone likely falls into based on whether what they say matches nearly word for word a “promoted” viewpoint. In some cases, I mostly agree with what they said but it’s painfully obvious that person didn’t come to that conclusion through their own thinking but is rather just parroting a screenshot of a post on the site formerly known as Twitter.

You have missed the entire point of my comment. If someone is likely to be in categories 2 or 3, I dismiss them if the viewpoint is otherwise not worthy of discussion, which it usually is not. I don’t care if this causes me to misjudge the intentions of some people, because that is inevitable in any probability-based judgement system. What matters is picking what is most likely correct.

I don’t feel that you have the ability to grasp this point and you’re just going to come up with another argument I didn’t make to attack.

No, I am not. I wouldn’t say it if it were made up. Who have I got to convince by making shit up? I am not pushing any viewpoint at all.

I base my assertion on interactions with people on this platform. Whenever someone parrots a point that is promoted this way, they’re almost universally just repeating what some wisecrack said on X that sounds correct enough to not investigate further or think critically about and is agreeable to their worldview.

I will not argue over this. You either accept what I am saying or you don’t, but I don’t give enough of a shit either way to get into an argument.