site banner

What if the hackers come for us?

Gab - hacked. Truth social - hacked. What if they come for us? The rdrama codebase probably isn't perfectly secure! Chrome or firefox has layers of sandboxes, a hundred different gadgets like 'stack protection' or 'W xor X', and still has a new RCE every week. rdrama can probably be trivially owned if someone googles all the dependency versions for a few hours. also, lol commit history, 'sneed'. If that happens - what leaks? i guess just associations between stored ip addresses (if they are) and post histories. And IP can reveal a lot, or nothing, depending on where you live, ISP, etc. Combine that with a post history referencing improvements you made to your house or your occupation ... might be bad.

Practically, seems incredibly unlikely anyone will care enough to do anything, it's a small community and the essay format gets in the way of 'omg these rightwingers grr'. But, always good to ponder potential security issues. Also, you wanted content, so content.

4
Jump in the discussion.

No email address required.

You can never be perfectly secure, no matter how many resources you spend on the path there. After having my identity stolen a few years ago, I ramped up my level of paranoia, but even when you're dealing with financial issues you can only go so far.

In my opinion, the most important layers I use are:

  1. Use a separate, randomly generated password for each site, tracked in an offline encrypted password store

  2. Don't admit to criminal activity online, or make any statements that would pass the "local newspaper headline" bar

  3. Harden your personal finances and personal relationships so they're robust to perturbation

From 1, there is no correlated danger from any particular site being hacked, even if they're storing passwords in plaintext. (Which I certainly hope we're not doing here...)

From 2, you acknowledge the fact that any anonymizing procedure can always be broken, and mitigate the consequences regardless. I don't care if it's a VPN, Tor, or your own personal series of hardware proxies, it can be broken. The only way out is to act within your risk tolerance. I'm confident that if someone came up to my boss with some mildly spicy rant I wrote on the Motte, he'd be glad to ignore it so long as it didn't draw public attention. Thus, the local paper headline limit.

From 3, which I admit is a bit beyond scope, you make certain that should the worst happen you'll be all right regardless. (And financial independence is a good thing to have regardless.)

If somebody intends to spend their life as a hardcore political dissident, these sorts of measures aren't sufficient, but then I'm not intending to do that.

yeah i should've incluced "dont use an irl email or shared password". the signup page should probably have that like kiwi does