Open Source

31089 readers

759 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Posts must be relevant to the open source ideology
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago

MODERATORS

[email protected]

137

The Rebirth of Mozilla Send as Thunderbird Send (blog.thunderbird.net)

submitted 1 year ago by [email protected] to c/[email protected]

14 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 20 points 1 year ago (2 children)

One red flag from that podcast:

When asked how they might deal with abuse of the service to distribute illegal files, he suggested that you could compare uploaded files to hashes of known files. This doesn't make sense in a system where the server has no knowledge of the unencrypted file, since the same file encrypted with two different passwords will result in two different hashes.

[–] [email protected] 9 points 1 year ago* (last edited 1 year ago) (1 children)

Can’t you hash it before uploading and upload just the hash? Or download the banned hash list locally.

[–] [email protected] 10 points 1 year ago (1 children)

Sure, but then you're trusting the client. I can always encrypt x and send along the hash for y.

[–] [email protected] 14 points 1 year ago

In the end you can always just encrypt the illegal stuff externally before giving it to them...

[–] [email protected] 3 points 1 year ago* (last edited 1 year ago)

The only way I could see them flagging potentially illegal files on the server-side if they don't have access to the cleartext file would be through the filesize, and that would lead to too many false-positives. On the client-side it could be done through a local checksum against a denylist (compared locally for privacy reason) before uploading, but that could be easily defeated.