Have I got some news about the Apex for you.
I hope you are having a lovely day.
2 Likes
Youāre still connecting to certain IPs and TLS <1.3 has basically the same info unencrypted.
Just look at how China blocks certain stuff even with DoH.
No, they still see who you are talking to.
Yes. This is the only solution.
Wdym? I can sure as heck still use it without internet and completely without using VivoKey stuff. E.g. sign something with PGP, no internet required.
I guess it is dependent on use case.
I will fix that.
They see who you are talking to (sigint) but not what you are actually saying (unless they do perform a MITM attack and they are right there so that they could do it easily enough). That was what I meant.
TOR also has its weaknesses but there are limits to how paranoid you can get and still be online.
1 Like
Not a patch on The not so civil engineer, but I have upset people before by telling them exactly what they didnāt want me to say. (Hint: donāt post a picture of a building and say āguess where in Europe I amā if you donāt want an answer.)
2 Likes
Ok so DNS over https handles the resolver requestsā¦ the ISP can just see the IP address youāre talking to but in the days of massive server farms sharing load balancer IPs, CDNs, etc. that is fairly useless data at this point.
With MITM attacksā¦ how exactly could an ISP do that successfully considering signed certs? This isnāt Chinaā¦ so actually how easy would it be for an ISP to successfully execute a MITM attacks to derive SSL traffic for sites and services with signed certs?
2 Likes
The problem with this is how do these big clouds know where to route the encrypted request?
Thereās something called Server Name Identification, SNI, so even without DNS you can identify the target host. TLS 1.3 solved that by somehow encrypting that aswell, but Iām not sure there arenāt other ways to leak the server name. Many sites dont use 1.3 yet. Also, Iām not sure that the certificate doesnāt leak when making the handshake, not too familiar tbh.
ISPs can generate certificates as long as they have already persuaded you that they are a valid CA. There is enterprise software that does this already for companies to track what their employees are up to.
So, it comes down to whether you verify every certificate you are sent. I am not saying that anyone is doing this yet, just that they could.
Unfortunately the organisations capable of this are also the ones most likely to do this.
Kazakhstan recently forced everyone to install their root CA, and then browser makers had to fight back iirc. Defenitely something to think about.
?!
I recently saw an extension for certificate pinning, so you actually have to do that.
Iāll see if I can find it.
EDIT: found it
1 Like
As long asā¦ So if they have already got their root CA into your browser you are screwed. The problem comes when they make it so that you want (or need) their CA cert for some other reason.
Yeah, I mean the idea is if you want to do the development work yourself or someone else in the community has already done it, then you donāt need VivoKey involved in your Apex applet. The VivoKey official applets are for the rest of the people who just want it to work 
2 Likes
I donāt speak german so I donāt have a clue on what they are saying, but I think that someone is trying to make a blinky thatās signifficanly larger than the xSIID and xLED implants.
2 Likes
That is awesome! XD
Can we get something like that for the guys downstairs?
I want my special bits to shine too XD
Interesting, I think Iād rather do matching downstate magnets with my gf. That might be fun lol
Ehhh just use a large magnet and flip it if it doesnāt have the right polarity 
1 Like
interesting application line of thought,
Sensing magnet in sex organ, and another magnet in a partner that is ā¦ahemā¦ oscillating, could cause interesting benefits
Alternatively
Sensing magnet in sex organ, and pair it with with something like the speaker coils for the Tragus projectā¦ could be interesting and fun 
Iād guess it would be of more benefit the higher the nerve ending per area
1 Like