Posts

Discord Attachments and Privacy

Attachment privacy Attachment links Discord attachments use no access control list (ACL). Anyone with the URL to the attachment can download the attachment without any authentication. This is by design not secure, as it is a typical security through obscurity approach. We will see why that is the case in a second. First let us see how the attachment URL is generated. For example, here I have an attachment picture uploaded by someone in NYC mech keyboard group.

Privomega: A Privacy-Preserving Random Stranger Chat Protocol (Sketch)

Like Omegle, but with more privacy, with provable randomness, E2EE, and more

⚠️ This is a work-in-progress sketch. Introduction Omegle is the one of the first stranger chat services. To quote from their website: Omegle (oh·meg·ull) is a great way to meet new friends. When you use Omegle, we pick someone else at random and let you talk one-on-one. To help you stay safe, chats are anonymous unless you tell someone who you are, and you can stop a chat at any time.

Cross-IPFS-site scripting

IPFS vs same-origin policy

Introduction These days, browsers are pretty secure, and some are even privacy conscious (Firefox, Brave) that block third party trackers by default. But today’s browsers are ultimately designed for HTTP, not IPFS. And they have a different threat model in mind. All the sites on IPFS are served from the same origin as the gateway, which has some interesting implications for privacy and security. How IPFS gateway works IPFS gateway is a web server that connects to some IPFS node daemon.

Privacy Issues and Concerns on Ethereum Network Layer

Or, why not to use Metamask (with default settings)

Introduction Ethereum’s network layer, or more precisely devp2p (or libp2p) while providing encryption and authentication, does not necessarily give user anonymity or privacy. In this post I will point out some of the privacy issues, and potential attacks to de-anonymize Ethereum account owners (i.e. associating an Ethereum account address with the IP address of its owner). For simplicity we do not consider anonymity networks during attack like Tor or I2P, although they will be discussed in the Mitigation section.

Blogging on IPFS

With Hugo, IPNS, dnslink, and Cloudflare IPFS gateway

A little fun fact about this site This blog is a static site generated by Hugo, hosted on IPFS. I personally run an IPFS node, and the files are pinned on my node. If you came here though your own IPFS gateway, then congrats! You already know where this is going. Otherwise, keep reading and I’ll explain the entire setup of the site. The site lives permanently by the IPNS name

Ethereum State Channel Games - Part 1

State Serialization and Fastforward Consensus

In the first part of this state channel tutorial / demonstration, we’ll explore some simple use cases for turn based games like tic tac toe or chess. I’ll skip the basics — if you don’t know what a state channel is or does, please read up about them before moving on. Furthermore, this article aims to be a conceptual guide on implementing state channel, without much copy-paste code. > If you are looking for an easy-to-use state channel framework, I am shamelessly self promoting my OpenArcade game engine which comes with state channel support without requiring much effort from game developers.