Mastodawn

You cannot visually distinguish a phishing site from the real one. Pixel-perfect clones exist.

Standard defense: check the URL, hope for the best.

WIGGWIGG: shows your avatar, security phrase, and audio signature. Ones you set up. A clone can't show what it's never seen.

More at https://wiggwigg.ca/en/security/anti-phishing/

#AntiPhishing #InfoSec #PrivacyMatters #ZeroKnowledge #Fediverse

DWeb 21h ago

Would you like to play with audiovisual tools, join a great community, and support the Decentralized Web?

@ZFAVClub runs on small networks of people who help recordings survive and remain usable long after the event. 🎥

✨ Check out their open opportunities → https://zkav.club/opportunities/

#audio #video #production #videoProduction #ZkAvClub #zeroKnowledge #opportunity #volunteer

Opportunities

Zk Av Club: privacy-first training, AV documentation, and volunteer AV for open-source & decentralized tech communities at meetups, conferences, and camps.

zkav.club

Built In EU 23h ago

Most cloud providers use "Encryption at Rest", meaning they still have a master key. For true sovereignty, you need Zero-Knowledge Encryption.

🇨🇭 Tresorit: Swiss-based, zero-knowledge.

🇺🇸 Dropbox: Great UX, but a privacy risk for sensitive files.

Check the post for a full comparison between Dropbox and Tresorit:

https://builtineu.eu/blog/tresorit-vs-dropbox-comparison

#ZeroKnowledge #Privacy #SaaS #EUTech #Tresorit

WIGGWIGG 2d ago

Does your employer know your gaming handle?

Employers don't just Google job candidates. Many monitor current employees online too. Same username across platforms makes that search trivially easy.

WIGGWIGG lets you build a dedicated streaming identity, separate number and all. Zero-knowledge encrypted, compartmentalized from your real life.

#PrivacyMatters #StreamerLife #Fediverse #ZeroKnowledge #Gaming

Illustrated with AI | WIGGWIGG

Daniel Fisher(lennybacon)Mar 3

Anybody in the topic of age verification with hash chains?

I ask myself… if there is a trusted entity … why not just sign a message with a nonce and the >18 years with a digital signature?

#AgeVerification #ZeroKnowledge

Marcus "MajorLinux" Summers Feb 19

And this puts me one step closer to migrating my cloud vault in-house...

Password managers' promise that they can't see your vaults isn't always true

https://arstechnica.com/security/2026/02/password-managers-promise-that-they-cant-see-your-vaults-isnt-always-true/

#PasswordManagers #ZeroKnowledge #Security #Privacy #Vulnerabilities #Tech

Teddy / Domingo (🇨🇵/🇬🇧)Feb 18

#zeroknowledge #vulnérabilité

Votre gestionnaire de #motsdepasse est peut-être plus vulnérable que vous ne le pensez.
Des chercheurs suisses viennent de démontrer qu’un serveur compromis pouvait manipuler la synchronisation de #Bitwarden, #Dashlane et #LastPass.
https://www.clubic.com/actualite-600880-votre-gestionnaire-de-mots-de-passe-est-peut-etre-plus-vulnerable-que-vous-ne-le-pensez.html

Zero Knowledge : une étude pointe les carences de Bitwarden, LastPass et Dashlane
https://next.ink/224992/zero-knowledge-une-etude-pointe-les-carences-de-bitwarden-lastpass-et-dashlane/

Votre gestionnaire de mots de passe est peut-être plus vulnérable que vous ne le pensez

Zero-knowledge, vraiment ? Des chercheurs suisses viennent de démontrer qu’un serveur compromis pouvait manipuler la synchronisation de Bitwarden, Dashlane et LastPass, jusqu’à altérer des entrées. Théorique, mais assez critique pour pousser les éditeurs à prendre des mesures.

clubic.com

momo Feb 18

This paper is worth a read:

Security of cloud based password managers:

Paper:
- https://eprint.iacr.org/2026/058

German news article:
- https://ethz.ch/de/news-und-veranstaltungen/eth-news/news/2026/02/passwortmanager-bieten-weniger-schutz-als-versprochen.html

#ethz #bitwarden #lastpass #dashlane #passwords #zeroknowledge #security

Zero Knowledge (About) Encryption: A Comparative Security Analysis of Three Cloud-based Password Managers

Zero Knowledge Encryption is a term widely used by vendors of cloud-based password managers. Although it has no strict technical meaning, the term conveys the idea that the server, who stores encrypted password vaults on behalf of users, is unable to learn anything about the contents of those vaults. The security claims made by vendors imply that this should hold even if the server is fully malicious. This threat model is justified in practice by the high sensitivity of vault data, which makes password manager servers an attractive target for breaches (as evidenced by a history of attacks). We examine the extent to which security against a fully malicious server holds true for three leading vendors who make the Zero Knowledge Encryption claim: Bitwarden, LastPass and Dashlane. Collectively, they have more than 60 million users and 23% market share. We present 12 distinct attacks against Bitwarden, 7 against LastPass and 6 against Dashlane. The attacks range in severity, from integrity violations of targeted user vaults to the complete compromise of all the vaults associated with an organisation. The majority of the attacks allow recovery of passwords. We have disclosed our findings to the vendors and remediation is underway. Our attacks showcase the importance of considering the malicious server threat model for cloud-based password managers. Despite vendors’ attempts to achieve security in this setting, we uncover several common design anti-patterns and cryptographic misconceptions that resulted in vulnerabilities. We discuss possible mitigations and also reflect more broadly on what can be learned from our analysis by developers of end-to-end encrypted systems.

IACR Cryptology ePrint Archive