@dzwiedziu @fj @signalapp not really, as the #Metadata #FUD cited by #Signal is mitigateable with proper measures.

• You can't even run Signal over @torproject and even if that point is moot when you're forced to quasi-#KYC by virtue of a #PhoneNumber aka. #PII they have neither legitimate interest nor technical reason to demand in the first place!

Every claim that things like #ITsec, #InfoSec, #OpSec & #ComSec can be solved with "Just use Signal!" is "#TechPopulism" at best if not being a "#UsefulIdiot"!

• All #centralized, #SingleVendor & #SingleProbider systems are inherently insecure!

@Andromxda @mollyim no it's not bs and fanboying @signalapp isn't going to change that.

If #Signal was secure it would be the #1 comms tool of organized crime...

• Yet I've only seen #TechIlliterates shill it.

Real professionals use #SelfHosting capable, fully #FLOSS'd solutions like #PGP/MIME & #XMPP+#OMEMO.

• Again: Demanding #PII like #PhoneNumbers and shilling a #Shitcoin-#Scam (#MobileCoin) makes Signal literally untrustworthy and if it doesn't for you then maybe your standards are just too low...

It's just me reading the room: Cuz #ComSec isn't done woth "JuSt UsE sIgNaL!" and everyone who claims so without pointing out #OpSec, #InfoSec & #ITsec is BSing hard.

• The cold hard truth is that #TechLiteracy is irreplaceable and the only solution to it is to actually teach normies how to "get gud" with stuff like PGP.

Fortunatelty, @thunderbird and @tails_live / @tails / #Tails and many other tools make that easier than ever before.

• So rather than vomiting insults against my intellect in my mentions, go to the next @cryptoparty@mastodon.earth / #Cryptoparty / @cryptoparty@chaos.social and lend a hand.

@maldr0id it's called #InfoSec, #ComSec & #OpSec.

• Without it #ITsec is nonexistant.

Not to mention people got jailed for far less shite!

@crazy_pony when @signalapp isn't being run as a #VCMoneyBurningParty and they take #InfoSec, #OpSec, #ComSec & #ITsec serious and stop shilling the #Shitcoin #Scams that is #MobileCoin!

For everyone else, there's #XMPP+#OMEMO (see @monocles / #monoclesChat) & #PGO/MIME (see @delta / #deltaChat)…

@osman If your #OpSec, #InfoSec, #ComSec and/or #ITsec relies on @signalapp and/or @Mer__edith risking jail or worse, you fucked up!

• If #Signal was secure, it would've been shutdown like #EncroChat & #SkyECC.

Seriously, to me #Signal stenches #Honeypot like #ANØM & #CryptoAG.

• All Signal fans do is #FUD #PGP/MIME and#XMPP+#OMEMO which are truly #decentralized and allow real #SelfHosting as well as #SelfCustody for complete control of all the data and keys...

That's why I get people setup with it!

@charlesmok no, it's just a sign of #incompetence re: #InfoSec, #OpSec, #ComSec & #ITsec as this is a criminally gross violation of standards that even #POTUS has to abide to.

• There's a reason the #US #MILINTEL have half a dozen different "secure networks" for comms ranging from unclassified to top-secret+nofor!

#Trump should've been forced to hand over his personal devices at entry of the #SCIF this was sent from and only allowed on sanctioned and certified systems with vetted contacts only as pre-appointed who themselves are in a SCIF

• This is such a huge #OpSec failure, it makes #WarThunderForumsLeaks look like a minor indiscretion by comparison.

@hudelwick #CloudAct macht 99,99% aller #Cloud-Anbieter illegal nach #DSGVO & #BDSG!

• @noybeu et.al. hatten jediglich noch keine Zeit dagegen erfolgreich zu klagen!

https://de.wikipedia.org/wiki/CLOUD_Act

@cmccullough if your #ComSec relies on a provider like @Tutanota defying a court order, then you already lost.

@moanos @halfredgreenapple So yeah, use #Tails, #TorBrowser, #PGO/MIME, @delta and espechally @monocles and if you follow basic #ITsec, #InfoSec ,#OpSec & #ComSec you should be golden...

@StaceyCornelius In the past I did configure seperate systems for clients so they can travel without fuss regardless if "P.R." #China or #Russia or the #USA or #KSA...

• The trick is to never have anything on your device and have a dedicaded burner!

Using @tails_live / @tails / #Tails and @torproject / #TorBrowser and when that's not an option, a #SSH-Tunnel / #OpenVPN or #WireGuard-#VPN to be able to #VNC into a machine.

• Remember: They can only extract data that was saved on a machine!

CONSIDER THE #US ENEMY TERRITORY AS IN "If you wouldn't enter #NorthKorea, then why would you enter the USA?"

@notjustbikes precisely!

Only #OpenSource & #OpenStandards can yield #MultiVendor & #MultiProvider systems necessary to prevent #monopolies and #oligopolies and enshure #ITsec, #InfoSec, #OpSec & #ComSec, thus being able to comply with #NatSec & #IntlSec demands.

Guess why #NORAD runs #BusyBox / #Linux?

• Because they demand every single line of code to be audited MANUALLY!

@moanos @halfredgreenapple @vkc precisely that...

• Not to mention distros like @tails_live / @tails / #Tails come pre-setup to deal with a hostile envoirment...

OFC trying to condense #ITsec, #InfoSec, #OpSec & #ComSec down to <11k (or god forbid <500) letters counting spaces is not realistic.

@Sturmflut @fabiscafe @vkc

Or to put it more on the nose: You can be certain that i.e. @Mer__edith of @signalapp will talk cuz she can't pull the 5th on behalf of a user and won't go to jail for any of them.

Whereas if i.e. @monocles (or any #XMPP provider) got sent an order (and just like #Signal they'd comply if done so duely through legal channels, which is way harder in #Germany than the #USA cuz #GDPR & #BDSG & #LawfulInterception being way stricter than #CloudAct), if users used #OMEMO or #PGP/MIME, they (or any other provider) literally can't decrypt even when held at gunpoint, because asymetric public-private cryptography was literally designed to not be breakable unless someone managed to MITM comms from the first contact and any verification.

• Which is unlikely to impossible unless one's able to literally isolate and manipulate all comms and means to communicate of at least one party, at which point they'd already have warrants to search everything and don't even bother to try MITMing comms but instead kick in doors.

But that's a totally different subject of #OpSec & #InfoSec, not #ComSec & #ITsec on it's own...

@voxel personally, I despise @brave and I think it, @Vivaldi or any other #Chromium-#Fork|s are just bad to the point that I recommend using @torproject / #TorBrowser, @dillo / #dillo and #LynxBrowser over those.

• Espechally since the #Tor Project actually care about #privacy!

I consider #Edge to be #Givware just like #MicrosoftOutlook which leaks all login details to #Microsoft!

@CCC +9001%

Ich erwarte dass #TechLiteracy gefördert wird und sämtliche #Angstkultur, #Entrechtung, #Überwachungsstaat und #Polizeistaat die nach 1949 eingeführt wurden ersatzlos gestrichen werden - MIT ZINSESZINSEN!

@soatok still, in that case one should invest in proper #ITsec, #InfoSec #OpSec & #ComSec!

• Learn real #E2EE with #SelfCustody of all the keys!

• Have contingencies and protocils in place to deal with forced disappearrance of personnel and theft of IT assets.

@hkrn
Unbelievable idiocy.
Also ROTF.
#computer #security #comsec
https://jltee.substack.com/p/new-zealand-companys-impossible-to-hack-security

@masterhajoda so fundamentale #ITsec, #InfoSec, #OpSec & #ComSec-Fehler have uch nirgendwo gesehen.

• Würde ich sowas remote versuchen könnte ich mich glücklich schätzen wenn nur meine Tür eingetreten wird und ich nicht in ner #BlackSite alla #DiegoGarcia aufwache.

• Vor-Ort würde es eher in nem Bodybag denn Handschellen enden.

Aber anscheinend hat keiner seit #Mitnick gelernt, random Leuten Zugänge und Zutritt zu verweigern!