As @future wrote in chat today: “Everyone use the encrypted DM feature”

For those not aware, the site admin (@sidco), ownership (@future), and someone else (@cxojinu) can access and read your DMs. E.g.:

You may ask, why does that matter?

[link]

Consider how much IP (SOPs, etc.) and other info that @sidco or @future could monetize (like, say, @future’s consultation business or his extract/isolate business) is likely shared in DMs. And besides IP theft many members are still in the traditional market selling products illegally, so I’m sure they value their privacy.

And don’t assume the @Feds or anti-states won’t try to pull an overgrow.com (where they got access to all DMs because they weren’t encrypted) with future4200.com. All it takes is illegal activity allowed to flourish with full knowledge of ownership (check!) to open an investigation…or anti-hardons who will find what they need to act.

If the Feds would go after any canna site, my bets are on this site without question.

Now you may ask: How?

It’s simple, but takes a few steps. I won’t get into the nuts and bolts of client-side end-to-end encryption, except to say it’s the gold standard and Discourse (the forum software) open-sourced their plug-in code (implementation).

The only potential negative I see to Discourse-engrypt (their pulgin) is lack of an independent 3rd party security audit. They may have had their plug-in audited and I"m just not aware.

To enable encrypted DMs, check out the short how-to videos on Discourse’s meta page for their DM encryption plugin:

I’m setting up encrypted DMs today, so moving forward, anyone who wants to DM me needs to also setup encrypted DMs. (Not that I get many DMs anyway , lol)

For a little more on this topic, and other security related topics, check out the ChitChat chat channel from today. Myself and a few other members had a fruitful discussion.

Don’t forget the paper key!

Screenshot_20230408-1435141080×777 55.9 KB

100%.

And if anyone wants to generate the STRONGEST password, create a 20+ character passphrase using Diceware because encryption with a weak passphrase is useless. You can use it as a master password with passwords managers like Dashlane, Bitwarden (what I use), 1Password, etc., so you only need to remember on passphrase for all your logins.

Diceware is a method used to generate cryptographically strong passphrases based on the principle that truly random selection of words from a wordlist can result in easily memorable passwords that are also extremely resistant to attack. Passwords that are six words or longer are thought to be safe for any very high security applications.

Here is a great FAQ from Virgina Tech:

How to roll a new passphrase:

It’s best to do it physically (with dice), but there are a few software implementations of Diceware password creation like:

1. Diceware Secure Passphrase and Password Generator
   (Electronic Frontier Foundation wordlist by Virginia Tech)

2. Diceware Secure Passphrase and Password Generator
   (Diceware wordlist by Virginia Tech)

3. Passwordsy
   (Python GUI script to run on local computer; this is brand new and looks pretty great)

Wouldn’t using a tool to generate a password inheritly allow for the password be automatically compromised from conception?

You’re better off making a funny sentence you can’t forget or acronym.

Yup, it’s possible (even if unlikely), which is why I wrote:

Nope! That’s very insecure.

Some people who want to use Diceware may get not do so to avoid the hassle of manual Diceware passphrase creation. So in that case, it’s better to use software so at least they will use Diceware to create a master passphrase.

Can you compile your own diceware? Open source?
Does it rely on the internet?
Passwords even this level of intense are no match to Chatgpt-5 + Bruteforce methods I fear.

Imagine having a LLM be the world’s largest password database and it not even know it.

With the rise in all the word databases (LLMs) disguised as Ai, I think we will very much need to rethink passwords/keys/sentences/Blockchain style security based on combinations of words / letters / numbers / symbols / alt codes whatever. We keep feeding it combinations of words and sentences, it keeps it all to build a better experience.

The company with the most data is also the company most capable of unlocking everything. My 2c

You don’t “compile” Diceware. You get some dice, you roll them, you correlate to the wordlist, you have your ultra secure and cryptographically strong passphrase

See this link I shared above. It’s from the EFF with a nice guide on rolling dice for Diceware passphrase creation. I prefer the EFF long wordlist to the Diceware’s original wordlist:

And the Diceware creator’s website also has a nice guide for rolling dice (he never created software, it was always a physical process of rolling dice):

https://theworld.com/~reinhold/diceware.html

The software implementation is only for people who won’t bother to do it physically. Because it’s better to create a Diceware passphrase using software than not using a Diceware passphrase at all.

As long as it’s not an actual software

Even better: make up your own word list lol

It’s not software, doesn’t relay on the Internet, and should withstand any bruteforce if it’s >20 chars and >6 dice rolls (quantum bruteforce not included). But some people did create software implementations, like VA Tech, etc.

The wordlist isn’t the important part, the random number generation by physically rolling the dice is the important part. The wordlist matters, but for the sake of getting more people to use this method, the EFF wordlist is fine.

Simpler option that doesn’t require you to trust the platform you’re on:

Don’t use the encrypted chat feature. Don’t trust it. Don’t trust the platform you’re on. Don’t give yourself a false sense of security.

Regardless of the above, don’t say anything that could be compromising or incriminating in the DMs of a fucking public cannabis dumpster fire/circus/forum. Or anywhere on the internet.

Does the encrypted DM feature retroactively encrypt all of your past messages? On my quick scan of the tech previously I believe the answer was no.

So unless you’ve already been practicing good opsec, enabling encrypted chats gives you absolutely zero retroactive protection from snooping.

The plugin hasn’t been third party audited. Neither has the system itself, not had the codebase of this websites implementation.

There’s zero guarantee that there isn’t a backdoor or implementation bug in the platform or f4.2k itself that would nullify the encryption.

In my mind, the illusion of security and privacy is worse than no security and privacy at all.

Expectations lead to disappointment. And maybe bars, if you’re unlucky.

Don’t expect, know.

GnuPG for the win.

I’m pretty sure there is no encrypted chat, only end-to-end encrypted DMs. And the whole reason to use user-side end-to-end encryption is so you can send DMs and know that if the site is comprised your DMs won’t be (assuming, of course, that the encryption is carried out correctly, salted, etc.).

The encryption happens on the user-side, not server-side, and is end-to-end (user to user), so, no, older DMs won’t retroactively become encrypted. But the simple answer is to download them if you need the info and then delete them; optionally, re-create them once you have encryption setup.

It doesn’t mater if the site code base hasn’t been audited (and I’m not sure that’s true) because the whole point of end-to-end encryption is zero-trust. So if the base code has backdoor it doesn’t affect the DM security.

That’s true. But you first need to understand what you’re talking about before you can say if something is an illusion. Many people say private/public key encryption (i.e., GnuPG born from PGP) is an illusion, and the strength of Tor is an illusion. They are wrong.

At this point you can’t say if the Discourse-encrypt plugin offers illusionary security, unless you are a cryptographer and programmer and audited the plugin’s code. However, considering the code is on Git hub (open source) and thousands of eyes with brains much smarter than mine and yours on these topics have reviwed the code, my bet is that it’s well written and secure - NOT illusionary.

The biggest problem I see with your post is the straight FUD you’re spreading. FUD means Fear Uncertainty and Doubt, and it’s the main way people who don’t understand try to dismiss security and privacy solutions. If you have proof that it’s flawed, please provide it. If not, it’s best to trust people who do know what they’re talking about.

100% for *nix and macOS users. For Windows users, the Windows fork of GnuPG: Gpg4win. Relying on Kleopatra for the GUI and certificate manager.

However, getting people to use GnuPG for DMs would be a million times harder than getting them to use the Discourse DM encryption feature.

It’s all about each users threat model. I assume the treat model for most members is quite low. I know mine isn’t stringent, but I’m a computer security and privacy geek so I like this stuff.

What I’m trying to say is the vast majority of users don’t need GnuPG level of protection and the default DM encryption should be fine.

The goal is to get more people using good encryption rather than a couple of people using perfect encryption.

The big takeaway should be “Don’t let perfect be the enemy of good” (attributed to the Italian philosopher Voltaire)

That’s my point. I can’t say that without investing far more time and effort than I care to do. Doing encryption right is very very difficult, and very easy to fuck up. I haven’t seen any in depth third party analysis of the Discourse system by people smarter than I.

From what I see, there is a non-trivial amount of information pointing to this possibly being a non-broken system. And a non-zero number of open questions regarding the integrity of the system, and implementation or other issues.

There are many other options that we can say with much higher confidence levels are reasonably secure. Many of them are reasonably simple to use.

When I put anything involving random internet forum that involves discussion of topics that are illegal in many global jurisdictions into my threat model, don’t trust it, don’t pretend to trust it, act as if it’s already compromised drops out the bottom.

Use Signal if you want a user-friendly and probably-secure communication channel for sensitive discussions. It’s a lot simpler than any of the various PGP type implementations out there.

My personal bet based on the security community’s analysis is that Signal is likely presently secure to at least a first approximation, though I believe that that is not always going to be true. I think SimpleX is a better long-term bet from security perspective, but it’s new and not as polished as Signal yet, and not something I’d suggest to anyone who isn’t tech savvy.

LOTS of people have spent a lot of time validating the Signal protocols and implementation, and many more have spent even more time trying to break it. If it gets broken, there’s a non-zero chance that that fact will become publicly known and/or fixed relatively quickly.

Is the same attention being lavished on the Discourse plugin? I doubt it.

You choose to trust it. You understand what a threat model is, so I very much doubt you’re using it for “end up in a concrete and steel box” conversations. I don’t have any real reason or need to want to trust it.

No fear. Yes uncertainty and doubt.

IF the DM encryption is not compromised or broken, sure.

You’re not going to hear any argument from me on this one. I think everything always should be end to end encrypted and secure from anyone who isn’t an intended recipient.

The Discourse encryption might be just fine. Could be reasonably secure.

I’m pointing out what I feel are reasonable concerns about the uncertainty of the security of this system so that those who may not have a copy of Applied Cryptography on their shelves might become aware that it’s not as simple as “they have Encryption - that makes everything safe and I can freely talk about illegal drug deals using the messaging platform of this internet forum and it’ll be fine.”

I personally feel that the risk of putting any level of trust into this specific unproven system is high enough that it’s not worth it, when there are options out there that have a lot more points in the “reasons to believe this is secure” column.

If members of this site are having the kinds of discussions that an individual in a uniform is going to ask pointed questions about, trusting encryption here seems like a bad idea all-around.

If they’re not, why bother with it? So the admins probably can’t read your messages? Sure, that’s not useless I guess. But I prefer to move to different channels for anything I don’t want someone else reading.

Excellent post! Thank you for your comments.

I agree with every single letter you wrote.

Signal is great.

Also, I underestimated your understanding of these issues. I apologize for that. You obviously have a solid knowledge base regarding these topics. Name dropping Applied Cryptography made me smile

Thanks for your comments.

That was my only reason for suggesting it. Id much rather people not talk about illegal things in the DMs here