Posted by: 3421748?
Posting time: 1.2 years ago on
Last edit time: never edited.
Archived on: 12/11/2019 10:00:00 AM
Views: 451
SCP: 72
73 upvotes, 1 downvotes (99% upvoted it)
~91 user(s) here now
Subverse anonymized: usernames are hidden and votes don't count.
NSFW: Yes
Authorized: No
Anon: Yes
Private: No
Type: Default
view the rest of the comments →
[–] 20539136? 1 point 0 points 1 point (+1|-1) ago
Of course it’s stored unencrypted, you don’t know the first goddamned thing about computers. Even if it was encrypted on disk, he key has to live somewhere; as long as the Voat servers themselves are going to store your message, it’s going to be decryptable without your knowledge.
The SSL certificate has fucking nothing to do with that. That’s encryption across the wire, not at rest.
If you wanted your messages across Voat to be secure, you would have to have a private encryption key in your client, and a public key in your profile, and other people’s clients would encrypt their messages to your public key.
Note that there’s nothing stopping you from using Keybase to store keys and then using GPG, but we would need users to get some goddamned agency and set up all of that, which they’re not going to do.
[–] 20542735? ago (edited ago)
I am sorry, you are retarded, and I , the OP and specifically hired to implement security on millions of computers for several fortune-100 corporations throughout history. By the way I am a SSL long time PROGRAMMER as well.
I told the truth. You must be a fed shill.
My words went over your head.
I guess I did not explain myself. Or you dont know what cloudflare is , or how their system works.
1 > cloudflare offers free anti-ddos and dns fail-over to tens of thousands of large sites, including voat.co
2 > its free, because it is NOT ALLOWED to send gibberish encrypted data predominantly through them, all data must be clear unencrypted and only encrypted with a CLOUDFLARE owned and cloudflare controlled key. In the near past they even reused this same key for thousands of servers, like voat.co.
3 > for extra $, and rare according to their own FAQs , cloudflare will let voat.co also receive ssl encrypted data AFTER DECRYPED and stored at cloudflare for US gov and others, then re-encrypt using adifferent SSL key no user ever sees, but to make sure data on last part of the trip is ssl protected.
No one here, not even me is talking about voat.co servers representation of data, it gets decrypted at some point , so your lame "straw man" argument with yourself is retarded.
I TRIED TO WARN YOU GUYS, but morons here get in the way!
read this thread , i already addressed my points but you never read them I think or followed the links! Read here , it explains how Cloudflare prohibits real SSL controlled by voat.co : https://voat.co/v/QRV/3421748/20538241