Privacy matters?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
14 messages Options
Reply | Threaded
Open this post in threaded view
|

Privacy matters?

Roland Haeder
Hello all,

I have been chatting with my girlfriend over Linphone and I started
sending her "classified" pictures (means nude). Now I found out that
your storage server is not really much secured, only by obscurity
(complex link name) which is according to Wikipedia [1] not secure at all.

So, please can you tell me how long the images stay there? Maybe just 24
hours?

Best regards,
Roland Haeder

PS: I then better upload those pics on my NextCloud instance.

1: https://en.wikipedia.org/wiki/Security_through_obscurity



_______________________________________________
Linphone-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/linphone-users

signature.asc (201 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Privacy matters?

Bret Busby-2
On 17/11/2019, Roland Häder <[hidden email]> wrote:

> Hello all,
>
> I have been chatting with my girlfriend over Linphone and I started
> sending her "classified" pictures (means nude). Now I found out that
> your storage server is not really much secured, only by obscurity
> (complex link name) which is according to Wikipedia [1] not secure at all.
>
> So, please can you tell me how long the images stay there? Maybe just 24
> hours?
>
> Best regards,
> Roland Haeder
>
> PS: I then better upload those pics on my NextCloud instance.
>
> 1: https://en.wikipedia.org/wiki/Security_through_obscurity
>
>
>

My understanding is that sending such images out into the Internet
(and, especially, into the clouds), is like publishing the images and
sending them to newspapers and magazines, and to all of the law
enforcement agencies, at each Internet node that your data passes
through, between your sending and the destination.

I could be wrong.

But, I recommend that your girlfriend proceed with extreme caution, if
she is considering doing the same.

And, any such images could become further published on porn web sites.

And, of course, for both of you, any images so transmitted, could come
back to haunt you both, in the future, when such images could cause
even more harm.

It is an area in which everyone should be extremely cautious.

But, that is my understanding, and, I could be wrong.

It is a gamble with extremely high stakes.

--
Bret Busby
Armadale
West Australia
..............

"So once you do know what the question actually is,
 you'll know what the answer means."
- Deep Thought,
 Chapter 28 of Book 1 of
 "The Hitchhiker's Guide to the Galaxy:
 A Trilogy In Four Parts",
 written by Douglas Adams,
 published by Pan Books, 1992

....................................................

_______________________________________________
Linphone-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/linphone-users
Reply | Threaded
Open this post in threaded view
|

Re: Privacy matters?

Sergei Zhigar
In reply to this post by Roland Haeder
The Wikipedia article is not relevant to your question. A long random file name is no worse than a username/password pair. I assume that on the server the data is stored no more than a week. if your file is protected by LIME technology, then you have nothing to worry about.




17.11.2019, 08:31, "Roland Häder" <[hidden email]>:

Hello all,

I have been chatting with my girlfriend over Linphone and I started
sending her "classified" pictures (means nude). Now I found out that
your storage server is not really much secured, only by obscurity
(complex link name) which is according to Wikipedia [1] not secure at all.

So, please can you tell me how long the images stay there? Maybe just 24
hours?

Best regards,
Roland Haeder

PS: I then better upload those pics on my NextCloud instance.

1: https://en.wikipedia.org/wiki/Security_through_obscurity


_______________________________________________
Linphone-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/linphone-users


_______________________________________________
Linphone-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/linphone-users
Reply | Threaded
Open this post in threaded view
|

Re: Privacy matters?

Roland Haeder
On 11/17/2019 12:01 PM, Сергей Жигарь wrote:
> The Wikipedia article is not relevant to your question. A long random
> file name is no worse than a username/password pair. I assume that on
> the server the data is stored no more than a week. if your file is
> protected by LIME technology, then you have nothing to worry about.
Okay, and brute-forcing takes to much time to go through all + Trillion
(wrong maybe) possibilities.


_______________________________________________
Linphone-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/linphone-users

signature.asc (201 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

flatpak reinstall

John White-3

 

 

Linphone is freezing too often on my debian buster (flatpak) system. Debian just updated flatpak and I am thinking that a reinstall of linphone might help, partly because I get the following error when running flatpak update:

 

Can't find app/com.belledonnecommunications.linphone/x86_64/4.1.1 metadata for dependencies: Unable
to load metadata from remote com.belledonnecommunications.linphone-1-origin: summary fetch error: GPG signatur
es found, but none are in trusted keyring
Nothing to do.

Anyone know what problems should I expect if I simply reinstall linphone flatpak?


_______________________________________________
Linphone-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/linphone-users
Reply | Threaded
Open this post in threaded view
|

Re: flatpak reinstall

Ken-3

The Debian GNU/Linux project has released an updated version of its stable Linux distribution Debian 10 (“buster”). You must upgrade to get corrections for security problem as this version made a few adjustments for the severe issue found in Debian version 10.1. Debian is a Unix-like (Linux distro) operating system and a distribution of Free Software. It is mainly maintained and updated through the work of many users who volunteer their time and effort. The Debian Project was first announced in 1993 by Ian Murdock.

On Wed, Nov 20, 2019 at 1:55 AM, John White <[hidden email]> wrote:

 

 

Linphone is freezing too often on my debian buster (flatpak) system. Debian just updated flatpak and I am thinking that a reinstall of linphone might help, partly because I get the following error when running flatpak update:

 

Can't find app/com.belledonnecommunications.linphone/x86_64/4.1.1 metadata for dependencies: Unable
to load metadata from remote com.belledonnecommunications.linphone-1-origin: summary fetch error: GPG signatur
es found, but none are in trusted keyring
Nothing to do.

Anyone know what problems should I expect if I simply reinstall linphone flatpak?


_______________________________________________
Linphone-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/linphone-users
Reply | Threaded
Open this post in threaded view
|

Re: flatpak reinstall

John White-3

Thanks much. I updated to the latest buster a few days ago, which included a new flatpak. The question is how to get linphone updated to the new flatpak.

I suspect it doesn't happen automatically but I am new to flatpak.

 

My thinking is that I just reinstall linphone on the updated flatpak and I am wondering what harm that might cause. I doubt it will hurt much as linphone now generally freezes on completion of a sip call.

 

John

 

 

On Wednesday, November 20, 2019 2:59:20 AM PST Ken wrote:

> Originally published at:

> https://www.cyberciti.biz/howto/debian-linux/debian-linux-10-x-released-and-

> here-is-how-to-upgrade-it/

>

> The Debian GNU/Linux project has released an updated version of its

> stable Linux distribution Debian 10 (“buster”). You must upgrade to

> get corrections for security problem as this version made a few

> adjustments for the severe issue found in Debian version 10.1. Debian

> is a Unix-like (Linux distro) operating system and a distribution of

> Free Software. It is mainly maintained and updated through the work of

> many users who volunteer their time and effort. The Debian Project was

> first announced in 1993 by Ian Murdock.

>

> On Wed, Nov 20, 2019 at 1:55 AM, John White <[hidden email]> wrote:

> > Linphone is freezing too often on my debian buster (flatpak) system.

> > Debian just updated flatpak and I am thinking that a reinstall of

> > linphone might help, partly because I get the following error when

> > running flatpak update:

> >

> > Can't find app/com.belledonnecommunications.linphone/x86_64/4.1.1

> > metadata for dependencies: Unable

> > to load metadata from remote

> > com.belledonnecommunications.linphone-1-origin: summary fetch error:

> > GPG signatur

> > es found, but none are in trusted keyring

> > Nothing to do.

> >

> > Anyone know what problems should I expect if I simply reinstall

> > linphone flatpak?

 


_______________________________________________
Linphone-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/linphone-users
Reply | Threaded
Open this post in threaded view
|

Re: flatpak reinstall

John White

So,

 

A few minutes ago I uninstalled flatpak linphone and then reinstalled it, using the linphone web site install url. I did not lose the addresses. So far I have made 3 calls without it freezing so perhaps this helped. Sure hope so.

 

John

 

On Wednesday, November 20, 2019 7:57:09 AM PST John White wrote:

> Thanks much. I updated to the latest buster a few days ago, which included

> a new flatpak. The question is how to get linphone updated to the new

> flatpak. I suspect it doesn't happen automatically but I am new to flatpak.

>

> My thinking is that I just reinstall linphone on the updated flatpak and I

> am wondering what harm that might cause. I doubt it will hurt much as

> linphone now generally freezes on completion of a sip call.

>

> John

>

> On Wednesday, November 20, 2019 2:59:20 AM PST Ken wrote:

> > Originally published at:

> > https://www.cyberciti.biz/howto/debian-linux/debian-linux-10-x-released-an

> > d-> here-is-how-to-upgrade-it/

> >

> > The Debian GNU/Linux project has released an updated version of its

> > stable Linux distribution Debian 10 (“buster”). You must upgrade to

> > get corrections for security problem as this version made a few

> > adjustments for the severe issue found in Debian version 10.1. Debian

> > is a Unix-like (Linux distro) operating system and a distribution of

> > Free Software. It is mainly maintained and updated through the work of

> > many users who volunteer their time and effort. The Debian Project was

> > first announced in 1993 by Ian Murdock.

> >

> > On Wed, Nov 20, 2019 at 1:55 AM, John White <[hidden email]> wrote:

> > > Linphone is freezing too often on my debian buster (flatpak) system.

> > > Debian just updated flatpak and I am thinking that a reinstall of

> > > linphone might help, partly because I get the following error when

> > > running flatpak update:

> > >

> > > Can't find app/com.belledonnecommunications.linphone/x86_64/4.1.1

> > > metadata for dependencies: Unable

> > > to load metadata from remote

> > > com.belledonnecommunications.linphone-1-origin: summary fetch error:

> > > GPG signatur

> > > es found, but none are in trusted keyring

> > > Nothing to do.

> > >

> > > Anyone know what problems should I expect if I simply reinstall

> > > linphone flatpak?

 


_______________________________________________
Linphone-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/linphone-users
Reply | Threaded
Open this post in threaded view
|

Re: Privacy matters?

Sylvain Berfini
In reply to this post by Roland Haeder

Hi,

Indeed if you transfer sensible information we recommend you to use LIME for end-to-end encryption of messages and files.

Also for information files are stored for 1 month on our server but links are only valid for 1 week.

Cheers,

Le 17/11/2019 à 15:03, Roland Häder a écrit :
On 11/17/2019 12:01 PM, Сергей Жигарь wrote:
The Wikipedia article is not relevant to your question. A long random
file name is no worse than a username/password pair. I assume that on
the server the data is stored no more than a week. if your file is
protected by LIME technology, then you have nothing to worry about.
Okay, and brute-forcing takes to much time to go through all + Trillion
(wrong maybe) possibilities.


_______________________________________________
Linphone-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/linphone-users

_______________________________________________
Linphone-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/linphone-users
Reply | Threaded
Open this post in threaded view
|

Re: Privacy matters?

Bret Busby-2
On 28/11/2019, Sylvain Berfini
<[hidden email]> wrote:
> Hi,
>
> Indeed if you transfer sensible information we recommend you to use LIME
> for end-to-end encryption of messages and files.
>


Ah, I think you might mean sensitive information. What he is
transmitting is not very sensible, but, probably, more sensitive.


--
Bret Busby
Armadale
West Australia
..............

"So once you do know what the question actually is,
 you'll know what the answer means."
- Deep Thought,
 Chapter 28 of Book 1 of
 "The Hitchhiker's Guide to the Galaxy:
 A Trilogy In Four Parts",
 written by Douglas Adams,
 published by Pan Books, 1992

....................................................

_______________________________________________
Linphone-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/linphone-users
Reply | Threaded
Open this post in threaded view
|

Re: Privacy matters?

Roland Haeder
In reply to this post by Sylvain Berfini
On 11/28/2019 05:23 PM, Sylvain Berfini wrote:

>
> Hi,
>
> Indeed if you transfer sensible information we recommend you to use
> LIME for end-to-end encryption of messages and files.
>
> Also for information files are stored for 1 month on our server but
> links are only valid for 1 week.
>
> Cheers,
>
Bonjur Sylvain,

my partner doesn't have the option for LIME to enable. :-( At least our
video call is encrypted (TLS + ZSRP, I see a lock symbol with a checkbox
in it).

Greetings,
Roland


_______________________________________________
Linphone-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/linphone-users

signature.asc (201 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: flatpak reinstall

Karl Schmidt-2
In reply to this post by John White
On 11/20/19 4:44 PM, John White wrote:
> So,
>
> A few minutes ago I uninstalled flatpak linphone and then reinstalled it, using the linphone web
> site install url. I did not lose the addresses. So far I have made 3 calls without it freezing so
> perhaps this helped. Sure hope so.
>
> John

I tried a flatpak - what a nightmare - never again...
I found it easier just to build a Debian package - Desktop 4.1.1 - Qt5.11.3


flatpak is a bad idea for many reasons - security is a joke, but worse, when applications use their
own libs - they don't get security updates - nor bug fixes found in other code that shares the lib.
It is particularly bad for the Linux ecosystem - it is the polishing of shared libs that makes code
robust - the particular difference from the Windoze world. There is a place to use
snaps/AppImage/flatpak - to test something to see if it is worth building - but flatpak appears to
be the worst one and non of them should be used for a working program.  Using custom libs is what
makes so much of the Windoze programs insecure/buggy.  ( I've been running a Debian desktop for 20
years now - most users don't understand why these paks are such a bad idea. )




--------------------------------------------------------------------------------
Karl Schmidt                                  EMail [hidden email]
3209 West 9th Street                             Ph (785) 979-8397
Lawrence, KS 66049

I can live for two months on a good compliment. -- Mark Twain
--------------------------------------------------------------------------------

_______________________________________________
Linphone-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/linphone-users
Reply | Threaded
Open this post in threaded view
|

Re: Privacy matters?

Roland Haeder
In reply to this post by Bret Busby-2
On 11/28/2019 11:36 PM, Bret Busby wrote:

> On 28/11/2019, Sylvain Berfini
> <[hidden email]> wrote:
>> Hi,
>>
>> Indeed if you transfer sensible information we recommend you to use LIME
>> for end-to-end encryption of messages and files.
>>
>
> Ah, I think you might mean sensitive information. What he is
> transmitting is not very sensible, but, probably, more sensitive.
>
>
At least you should have added a robots.txt file:

https://www.linphone.org:444/robots.txt

gives me a 404 reply.

Don't just add "Disallow /" to it, that is not enough, Google may ignore
it (User-Agent: * is not enough, too).



_______________________________________________
Linphone-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/linphone-users

signature.asc (201 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Privacy matters?

Sylvain Berfini
In reply to this post by Roland Haeder

Hi Roland,

There is no option to enable or disable LIME at app level, it is just a matter of enabling the "shield" toggle while creating a chat room.

Cheers,

Le 30/11/2019 à 17:23, Roland Häder a écrit :
On 11/28/2019 05:23 PM, Sylvain Berfini wrote:
Hi,

Indeed if you transfer sensible information we recommend you to use
LIME for end-to-end encryption of messages and files.

Also for information files are stored for 1 month on our server but
links are only valid for 1 week.

Cheers,

Bonjur Sylvain,

my partner doesn't have the option for LIME to enable. :-( At least our
video call is encrypted (TLS + ZSRP, I see a lock symbol with a checkbox
in it).

Greetings,
Roland


_______________________________________________
Linphone-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/linphone-users

_______________________________________________
Linphone-users mailing list
[hidden email]
https://lists.nongnu.org/mailman/listinfo/linphone-users