Ciao Mark S. FYI I'm interested in TW online, rather than secure email, because in a "conversation" in TW online I can introduce materials email would struggle with ...
Another thing. My partners are not tech. They could cope with a login. I doubt they could cope with PGP setup. J On Thursday, 6 December 2018 16:46:15 UTC+1, Mark S. wrote: > > Wow. These things have become so common, the Quora hack didn't even make > it into my newsfeed. > > If you need person-to-person private conversation, why not email with > PGP/GPG ? > > You could also use GPG to convert messages to text and insert it into a > tiddler. Then any public exposure would be irrelevant. > > PGP has been around since almost the beginning. It's had slow adoption > because of the fiddly steps needed to set it up on both ends of a > conversation. Something like it should be the default -- the way https is > becoming the default. > > You mentioned Bob can run scripts for you. I can imagine invoking a script > that converts tiddler text to gpg and turns it into a tiddler. > > 2FA as commonly implemented with SMS turns out to be no panacea -- cell > phone numbers can be hijacked. Using a FIDO device might be better, but is > not widely supported yet. None of this 2FA does any good if the main > database, as in the case of Quora, is hacked. > > -- Mark > > On Thursday, December 6, 2018 at 6:22:05 AM UTC-8, @TiddlyTweeter wrote: >> >> I'm getting very interested in TW as a potentially secure way to chat, >> and publish material that is ONLY for selected users/participants. >> >> Part of the background is that its becoming clearer that large online >> services are NOT, ultimately, able to secure conversation. I spent the last >> two days sorting out the aftermath for me of the Quora meltdown ... >> https://www.forbes.com/sites/daveywinder/2018/12/04/quora-hacked-what-happened-what-data-was-stolen-and-what-do-100-million-users-need-to-do-next/ >> >> The problem is those types of system are owned and run at huge scale by >> far off companies and you don't know what they are doing. In fact THEY >> often don't know what they are doing till its too late. This just is the >> latest of a long line of serious cloud hacks. I basically don't trust them >> now. The hassle re-setting everything after an attack is both a PITA and >> very worrying. Identity theft can be a very complicated thing to sort out. >> >> TW seems interesting if you can add *two step verification*. >> >> Practically I'm very interested in being able to run a TW online just for >> conversation with ONE person ... i.e. One Wiki Per Converser. In this way >> we can chat AND in teaching I can show all but only what is needed. This is >> appropriate for how I work, which is all one-on-one. More collectivist >> security models interest me too, but the simple person-to-person is a >> specific interest. And I think it may be simpler to establish really >> robustly? >> >> This is just one set of thoughts. My main concern is: can TW be maximally >> secure? I think, if it could be demonstrably so on-line it could be a USP >> for it. >> >> Any comments welcomed ... >> >> These are just early thoughts >> Josiah >> >> >> -- You received this message because you are subscribed to the Google Groups "TiddlyWiki" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at https://groups.google.com/group/tiddlywiki. To view this discussion on the web visit https://groups.google.com/d/msgid/tiddlywiki/9e509c16-a68d-4a94-960e-68ac3aa320f4%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
