waffle

Damn already working on an app? That's so cool! Starting E2EE there is definitely a good idea then!

MeroChat is such a nice project, thank you for working on it <3

The server might always send a modified script that just uploads the plaintext private key.

Yeah, you'd need a way to validate the client code before it's executed to solve that issue

Section "2. Client application security" of MEGA's Security Whitepaper discusses this exact problem. Their best solution to that issue is to just cram the whole frontend in a signed web extension and not serve any code to the user when the extension is active, which is not very user friendly but works for those who want an extra layer of protection

I just can't find a good user-friendly implementation, sorry for not being of more help. The web just isn't E2EE-friendly ig :/

Yeah, I'm not used to E2EE in the browser either and StackExchange seems to agree that there's no nice solution :/

The sanest option in terms of user practicality to me appears to be storing the private key on the server, maybe encrypted with the user's password, and sending it to the user on successful login where it would be decrypted client side. It seems like it's more or less what MEGA is doing since they have a similar issue

If the server having temporary access to the user's password is an issue maybe the password could be partially pre-hashed before being sent?

It's be interesting to talk about it with someone with more experience, especially since implementing all of that will be a pain so it can't be redone every Thursday

I know Matrix has E2EE with some public documentation on its implementation. Maybe it could help you? Idk how familiar you're with E2EE or what kind of implementation you'd want, anything will have drawbacks :/

Nothing forbids sharing US news in this community. Anything interesting on the globe goes afaik :)

Also while many countries don't have inequality issues in the "highly privatised health care" industry, I genuinely can't name a single country without inequality issues and Luigi's story may be inspirational to some of these ppl facing inequalities so imo it's good to see it shared here!

Damn, that's sad. Since I already have tons of games I want to play I'll probably never end up getting it then. Thanks for telling me :/

No worries! I've just realized you were asking for games on sale (reading is hard ugh...) so hopefully the ones you want will be discounted mb ^^'

Great games that came out in 2024:

• UFO 50
• Peglin
• ANIMAL WELL
• Balatro

2024 games that I haven't tried yet but seem promising:

• Pepper Grinder
• Yellow Taxi Goes Vroom
• Lorelei and the Laser Eyes
• Rabbit and Steel
• Another Crab's Treasure
• Felvidek

All are in no particular order. Dunno if you'll like those but these ones come to mind :)

I'm sorry what the hell did you call me??

The encrypted files are very suspicious and, in the new canary, they removed the part that stated they didn't receive a gag order: https://web.archive.org/web/20240405132835/https://cock.li/transparency/warrant-canary.txt

It's possible that it's Vincent's way of warning the users of a gag order. He may be an insufferable edgy little twat but he cares a lot about transparency and, had he received a gag order, he would definitely try to communicate it

Maybe I'm just being paranoid, you tell me

Yes! uYouPlus is amazing although it can be a pain to install because of Apple's shenanigans. It's a collection of patches over the official YouTube app

It runs fine! :)

32-bit Windows programs can run on 64-bit Windows just fine thanks to WoW64 (with probably very few exceptions)