Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

289
active users

shakedown.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.4

#cryptoparty

0 posts0 participants0 posts today
Replied in thread
Public *
Kevin Karhan :verified:

@Andromxda @mollyim no it's not bs and fanboying @signalapp isn't going to change that.

If #Signal was secure it would be the #1 comms tool of organized crime...

Real professionals use #SelfHosting capable, fully #FLOSS'd solutions like #PGP/MIME & #XMPP+#OMEMO.

It's just me reading the room: Cuz #ComSec isn't done woth "JuSt UsE sIgNaL!" and everyone who claims so without pointing out #OpSec, #InfoSec & #ITsec is BSing hard.

  • The cold hard truth is that #TechLiteracy is irreplaceable and the only solution to it is to actually teach normies how to "get gud" with stuff like PGP.

Fortunatelty, @thunderbird and @tails_live / @tails / #Tails and many other tools make that easier than ever before.

YouTubeSignal's Terrible MobileCoin BetrayalBy The Hated One
#cryptoparty
Replied in thread
Public
Kevin Karhan :verified:

@lauren I disagree as @signalapp requires a #PhoneNumber = #PII & cost barrier and they restrict access based off #PhoneNumbers.

  • Plus it's illegal in an increasing number if juristictions to gmeven attempt to acquire a phone number or SIM anonymously.

Whereas it's so easy and fast to get #TechIlliterates setup with #XMPP+#OMEMO (which uninke #Signal doesn't demand PII!) that I'd challenge you to a #speedrun with step-by-step documentation for every #TechIlliterate to follow along to setup Signal from scratch vs. me doing #XMPP+#OMEMO on @monocles @gajim.

Also #Signal being #centralized makes it as vulnerable as any other #SingleVendor & #SingleProvider solution!

  • Whereas even if #monocles were to shutdown, one could easily switch over to any other provider or #SelfHosting.

I'd not count on the #Trump-Regime not flexing #CloudAct against anyone they deem undesireable!

Replied in thread
Public *
Kevin Karhan :verified:

@COSAntiFascists @iris @Em0nM4stodon I'd not trust @protonprivacy in that regard because they have access to keys and have been caught snitching on #ProtonMail users without a warrant.

Furthermore, #monocles - and every other decent provider - won't bamboozle you with false promises they legally can't fulfill and #DigitalSnakeoil services...

Please amp up you #ITsec, #InfoEec, #OpSec and #ComSec because naively believing a corporation to not snitch on you disqualifies you at best if not put other peoples' lives in danger!

YouTubeProtonMail Sends User IP and Device Info to Swiss Authorities.By Mental Outlaw
Replied in thread
Public
Kevin Karhan :verified:

@max
To quote you directly:

"[...] easy to use solutions that are at the same time private and secure. [...]"

It is easier, faster, cheaper and overall simpler to get someone setup with #XMPP + #OMEMO espechally if they don't have a #PhoneNumber and/or #ID to acquire a #SIM.

And if you go and say, "Just buy a [insert country here] [e]SIM!" and expect #TechIlliterates without a #CreditCard, #PayPal or other means of #OnlinePayment to fiddle around with some #eSIM if not having to get some #eSIMcard because they can only afford to maintain one SIM and can't spend triple-digits on a new devices then you completely missed the point!

It's not that I expect anyone to get #TechLiterate within minutes, but similar to setting up a cordless DECT phone it's something one has to do once in 5 years and just have them put the password in a safe spot to retain...

Point is that #Signal #WontFix their setup and that was evidently clear even before @Mer__edith succeeded #MoxieMarlinspike: Their entire operation has a distinct #CryptoAG stench as it's an #unsustainable #VCmoneyBurning party!

A counterexample on how this could've been done are #Tor, #eMail and other truly #OpenSource as in #MultiVendor & #MultiProvider standards.

Whereas it's trivial to get people setup on one of many XMPP servers I've personally tested!

AFAIK Signal doesn't even have an #OnionService / .onion for their Website, much less any #API enpoints to use it with!

You're free to also provide evidence and supporting data to your arguments, rather then neighsaying against proven to be more secure and reliable [by virtue of decentralization] options like XMPP+OMEMO and/or #PGP/MIME.

The proper fix is to actually assess the situation and acknowledge the risks and limitations as well as the very nature of communications, which means upgrading later is exponentially more painful, thus getting people properly setup once is way easier.

  • Just because WE [ or rather @rysiek in this case ] rather privilegued enough to not be hatecrimed in their current location doesn't mean this is the case for everyone. And having places like Signal rely on a "#CDN" is just another red flag to me because questions like this one just don't arise with monocles.chat as people can just exercise proper #SelfCustody and just use Tor!

Speaking of #monocles: That business is at least #sustainable because it's funded by users (€2 p.m.) which they can pay anonymously

gruene.socialMax L. (@max@gruene.social)@kkarhan@infosec.space Sorry but no, the correct solution is to push for easy to use solutions that are at the same time private and secure. Hiding privacy and security behind a veil of "you need to know" is discrimination of people that are not able (either mentally, physically or monetary) to gain that knowledge. The correct move here is for @signalapp@mastodon.world and any other service to fix this and for legislators to enact laws enforcing proper security and privacy by design.
Replied in thread
Public *
Kevin Karhan :verified:

@rysiek @agturcz that's not how you fix #TechIlliteracy, espechally since things changed for the better.

@monocles / #monoclesChat & @gajim / #gajim are quite easy, whereas @signalapp / #Signal demands #PII in the form of a #Phone number which is more often than not not legally obtainable without "#KYC" aka. "forced #SelfDoxxing" all whilst being an extremely #centralized, #SingleVendor & #SingleProvider solution that falls under #CloudAct ant thus cannot adhere to #GDPR & #BDSG!

Otherwise we'd only perpetuate the #Enshittification-#Lifecycle as has happened with #AIM, #ICQ, #BBM and so many more...

  • Mark my words, cuz I've been proven correct up to this point.

If #Signal and @Mer__edith actually cared, they would've setup their system truly decentralized as an #OnionService over @torproject / #Tor!

Mastodon 🐘Michał "rysiek" Woźniak · 🇺🇦 (@rysiek@mstdn.social)@kkarhan@infosec.space I ran and hosted a bunch of XMPP servers a while back. It was a pain to use, and it was easy for users to make mistakes and accidentally send messages in the clear. You are making people les safe. Last time: please stop doing this in my mentions and replies. @agturcz@circumstances.run @torproject@mastodon.social
#THXBYE#EOD#ITsec
Public
Bündnis Privatsphäre Leipzig

Angesichts des weltweiten Rechtsrucks sind alternative soziale Netzwerke wie #Mastodon und Selfhosting so wichtig wie nie. Wir stellen euch weitere Netzwerke vor und erklären, was es beim Selfhosting zu beachten gibt. Kostenlos und ohne Anmeldung.

⌚ Wann: Kommenden Samstag ab 13 Uhr
📍Wo: Inspirata (Deutscher Platz 4)

👉 Alle Infos: privatsphaere-leipzig.org/post

Comic-artiges Logo zur Veranstaltung. In der Mitte eine große Eule, die auf einem Ast sitzt und den Betrachter anschaut. Darüber steht der Text "Beobachte mich nicht!" und darunter "Vorträge und Workshops Digitale Selbstverteidigung".
#Cryptoparty#Leipzig#Privatsphäre
Replied in thread
Public
Kevin Karhan :verified:

@jupiter_rowland OFC this is also due to the fact that the last 50+ years no serious attempt at teaching #TechLiteracy has been done anywhere in a formal matter.

Luckily #Education and #Knowledge isn't monopolized and Initiatives like @cryptoparty / #CryptoParty exist that basically get #TechIlliterates to a level that if they follow up what has been trained don't act as "#UnofficialEmployees" of #NSAbook et. al.

Either way, we'll all have to take part in making the world better, even if that meremy means not contribute to #Enshittification...

OFC that is a constant struggle.

  • Needless to say all #Fediverse Software like #Mastodon actually tells people: 'Hey, #DMs are not private nor encrypted beyond #SSL - #Admins can read them if they actually want to!'
#fediverse#Mastodon#dms
Replied in thread
Public
Kevin Karhan :verified:

@samueljohn @ditol @linuzifer @Mer__edith @signalapp @tails@mastodon.world

Well, how can you claim that doesn't work when you never tried it?

Seriously, check for your local @cryptoparty or just start one.

  • Good #Technology has become way easier to access and use these days...
#technology
Replied in thread
Public *
Kevin Karhan :verified:

@linuzifer das sollten wir sowieso und von Anfang an!

  • Und damit meine ich nicht nur nen bisschan #Camover oder ne #CryptoParty am Wochenende...

  • Sondern "Get Tactical" mit #Tails-Sticks auf Schulhöfen verteilen und #CyberGuerilla-Meshnets aufbaun sowie alles auf #Tor packen!!

Die Zeit um einfach nur friedlich & freundlich lustige Protestlieder zu singen ist seit langem vorbei...

YouTubeZensursulaBy ReviloRecords
#polizeistaat#cyberfaschismus#uberwachungskapitalismus
ExploreLive feeds
About