Wow. These things have become so common, the Quora hack didn't even make it into my newsfeed.
If you need person-to-person private conversation, why not email with PGP/GPG ? You could also use GPG to convert messages to text and insert it into a tiddler. Then any public exposure would be irrelevant. PGP has been around since almost the beginning. It's had slow adoption because of the fiddly steps needed to set it up on both ends of a conversation. Something like it should be the default -- the way https is becoming the default. You mentioned Bob can run scripts for you. I can imagine invoking a script that converts tiddler text to gpg and turns it into a tiddler. 2FA as commonly implemented with SMS turns out to be no panacea -- cell phone numbers can be hijacked. Using a FIDO device might be better, but is not widely supported yet. None of this 2FA does any good if the main database, as in the case of Quora, is hacked. -- Mark On Thursday, December 6, 2018 at 6:22:05 AM UTC-8, @TiddlyTweeter wrote: > > I'm getting very interested in TW as a potentially secure way to chat, and > publish material that is ONLY for selected users/participants. > > Part of the background is that its becoming clearer that large online > services are NOT, ultimately, able to secure conversation. I spent the last > two days sorting out the aftermath for me of the Quora meltdown ... > https://www.forbes.com/sites/daveywinder/2018/12/04/quora-hacked-what-happened-what-data-was-stolen-and-what-do-100-million-users-need-to-do-next/ > > The problem is those types of system are owned and run at huge scale by > far off companies and you don't know what they are doing. In fact THEY > often don't know what they are doing till its too late. This just is the > latest of a long line of serious cloud hacks. I basically don't trust them > now. The hassle re-setting everything after an attack is both a PITA and > very worrying. Identity theft can be a very complicated thing to sort out. > > TW seems interesting if you can add *two step verification*. > > Practically I'm very interested in being able to run a TW online just for > conversation with ONE person ... i.e. One Wiki Per Converser. In this way > we can chat AND in teaching I can show all but only what is needed. This is > appropriate for how I work, which is all one-on-one. More collectivist > security models interest me too, but the simple person-to-person is a > specific interest. And I think it may be simpler to establish really > robustly? > > This is just one set of thoughts. My main concern is: can TW be maximally > secure? I think, if it could be demonstrably so on-line it could be a USP > for it. > > Any comments welcomed ... > > These are just early thoughts > Josiah > > > -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/tiddlywiki. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/5351c4ab-1e02-4a57-a402-b9dbb0222372%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
