shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

270
active users

#e2ee

1 post1 participant0 posts today
ThePfromtheO<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@Em0nM4stodon" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Em0nM4stodon</span></a></span> <br><a href="https://social.vivaldi.net/tags/VivaldiBrowser" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VivaldiBrowser</span></a> does have both!<br><a href="https://social.vivaldi.net/tags/endToEndEncryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>endToEndEncryption</span></a> and <a href="https://social.vivaldi.net/tags/NoAI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NoAI</span></a>! </p><p><a href="https://social.vivaldi.net/tags/E2EE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>E2EE</span></a> <a href="https://social.vivaldi.net/tags/no_ai" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>no_ai</span></a> <a href="https://social.vivaldi.net/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> <a href="https://social.vivaldi.net/tags/dataPrivacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dataPrivacy</span></a> <a href="https://social.vivaldi.net/tags/DataProtection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataProtection</span></a> <a href="https://social.vivaldi.net/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://social.vivaldi.net/tags/AIcrap" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AIcrap</span></a> <a href="https://social.vivaldi.net/tags/European" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>European</span></a> <a href="https://social.vivaldi.net/tags/VivaldiTechnologies" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VivaldiTechnologies</span></a> <a href="https://social.vivaldi.net/tags/Vivaldi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Vivaldi</span></a></p>
khaleesi (Elina Eickstädt)<p><a href="https://eupolicy.social/tags/Chatkontrolle" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Chatkontrolle</span></a><br>Mit <span class="h-card" translate="no"><a href="https://chaos.social/@Chatgeheimnis" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Chatgeheimnis</span></a></span> sind wir weiter zusammen dran. Einen guten Überblick findet ihr hier: </p><p><a href="https://chat-kontrolle.eu/index.php/2025/07/08/neuer-anlauf-zur-chatkontrolle/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">chat-kontrolle.eu/index.php/20</span><span class="invisible">25/07/08/neuer-anlauf-zur-chatkontrolle/</span></a></p><p>Wenn ihr Organisationen kennt die sich dem Büdnis anschließen sollten immer her damit. Wir setzen uns für den Schutz von <a href="https://eupolicy.social/tags/E2EE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>E2EE</span></a> ein egal ob <a href="https://eupolicy.social/tags/Chatkontrolle" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Chatkontrolle</span></a> oder <a href="https://eupolicy.social/tags/ProtectEU" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ProtectEU</span></a></p>
Strypey<p>Hey <span class="h-card" translate="no"><a href="https://mastodon.matrix.org/@matrix" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>matrix</span></a></span>, given recent events around the world, I think it would be really helpful to have a regularly reviewed security status page on your website, summarising all known information affecting the security of the Matrix protocol. Threat models, security audits, disclosed vulnerabilities and mitigations, etc.</p><p>If such a thing already exists, please link me!</p><p>Oh and <span class="h-card" translate="no"><a href="https://mastodon.matrix.org/@element" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>element</span></a></span>, same for you and the software you steward.</p><p><a href="https://mastodon.nzoss.nz/tags/chat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>chat</span></a> <a href="https://mastodon.nzoss.nz/tags/E2EE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>E2EE</span></a> <a href="https://mastodon.nzoss.nz/tags/Matrix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Matrix</span></a> <a href="https://mastodon.nzoss.nz/tags/SecurityStatus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SecurityStatus</span></a></p>
Strypey<p>"This article charts the privacy–public safety debate with a focus on its relevance to a sound philosophical, legal and ethical position on E2EE for Aotearoa New Zealand’s legal system ... Ultimately, Aotearoa New Zealand should adopt a technologically and legally defensible position rather than enacting emotionally clouded emergency legislation in the wake of a crisis exacerbated by E2EE."</p><p><a href="https://mastodon.nzoss.nz/tags/BejaminChristy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BejaminChristy</span></a>, Public Interest Law Journal of New Zealand, 2022</p><p><a href="https://www.auckland.ac.nz/en/law/our-research/research-publications/piljnz/past-issues.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">auckland.ac.nz/en/law/our-rese</span><span class="invisible">arch/research-publications/piljnz/past-issues.html</span></a></p><p><a href="https://mastodon.nzoss.nz/tags/E2EE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>E2EE</span></a> <a href="https://mastodon.nzoss.nz/tags/PILJNZ" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PILJNZ</span></a></p>
Em :official_verified:<p>Magical backdoor only for "the good guys" is a complete fantasy 🔑✨</p><p>Let's say the strategy is akin to creating a MagicalKey that unlocks every door (a magical key because thinking encryption backdoors would only be used by "the good guys" is a great example of magical thinking).</p><p>Imagine only 1000 police officers have MagicalKeys. </p><p>Overtime, let's say only 1% of the police officers accidentally lose their MagicalKey. Now 10 MagicalKeys are lost in the wild and could be used by anyone else, for any purposes, including crime.</p><p>Then, let's say only 0.1% of police officers get corrupted by a crime gang. That's just one right? This corrupted "good guy" lets the gang create a double of the MagicalKey. Which crime gang wouldn't want a key that can magically open any door? </p><p>Now, the gang creates doubles of the MagicalKey they have. They use it subtly at first to avoid detection. They make sure they never leave traces behind, so victims have no idea their door got unlocked.</p><p>During this time, they steal your data, they sell it, they use it to impersonate you, they use it to harm you and your loved ones.</p><p>Then, another criminal figures out on their own how to emulate a MagicalKey without even having access to one. </p><p>The criminal creates a reproducible mold for this Emulated-MagicalKey and sells it to other criminals on the criminal market. Now, the MagicalKey™️ is available to any criminals looking for it. </p><p>Restrictions on the backdoor are off. Your personal data is up for grabs.</p><p>This is what is going to happen if backdoors are implemented in end-to-end encryption. But don't worry they say, "it's only for the good guys!".</p><p>At least, the criminals' data will also be up for grabs, right?</p><p>Nope! The criminals knew about this, so they just started using different channels that weren't impacted. </p><p>Criminals will have their privacy intact, they don't care about using illegal tools, but your legal privacy protections will be gone.</p><p>Backdoored end-to-end encryption isn't end-to-end anymore, it's just open-ended encryption. This offers pretty much no protection at all.</p><p>Extract from: <a href="https://www.privacyguides.org/articles/2025/04/11/encryption-is-not-a-crime/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">privacyguides.org/articles/202</span><span class="invisible">5/04/11/encryption-is-not-a-crime/</span></a></p><p><a href="https://infosec.exchange/tags/Privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Privacy</span></a> <a href="https://infosec.exchange/tags/Encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Encryption</span></a> <a href="https://infosec.exchange/tags/E2EE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>E2EE</span></a> <a href="https://infosec.exchange/tags/RootForE2EE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RootForE2EE</span></a></p>
Miguel Afonso Caetano<p>"Billions of people worldwide use private messaging platforms like Signal, WhatsApp, and iMessage to communicate securely. This is possible thanks to end-to-end encryption (E2EE), which ensures that only the sender and the intended recipient(s) can view the contents of a message, with no access possible for any third party, not even the service provider itself. Despite the widespread adoption of E2EE apps, including by government officials, and the role of encryption in safeguarding human rights, encryption, which can be lifesaving, is under attack around the world. These attacks most often come in the form of client-side scanning (CSS), which is already being pushed in the EU, UK, U.S., and Australia.</p><p>CSS involves scanning the photos, videos, and messages on an individual’s device against a database of known objectionable material, before the content is then sent onwards via an encrypted messaging platform. Before an individual uploads a file to an encrypted messaging window, it would be converted into a digital fingerprint, or “hash,” and compared against a database of digital fingerprints of prohibited material. Such a database could be housed on a person’s device, or at the server level.</p><p>Proponents of CSS argue that it is a privacy-respecting method of checking content in the interests of online safety, but as we explain in this FAQ piece, CSS undermines the privacy and security enabled by E2EE platforms. It is at odds with the principles of necessity and proportionality, and its implementation would erode the trustworthiness of E2EE channels; the most crucial tool we have for communicating securely and privately in a digital ecosystem dominated by trigger-happy surveillance."</p><p><a href="https://www.accessnow.org/why-client-side-scanning-is-lose-lose-proposition/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">accessnow.org/why-client-side-</span><span class="invisible">scanning-is-lose-lose-proposition/</span></a></p><p><a href="https://tldr.nettime.org/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CyberSecurity</span></a> <a href="https://tldr.nettime.org/tags/Encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Encryption</span></a> <a href="https://tldr.nettime.org/tags/ClientSideScanning" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ClientSideScanning</span></a> <a href="https://tldr.nettime.org/tags/E2EE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>E2EE</span></a> <a href="https://tldr.nettime.org/tags/Privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Privacy</span></a> <a href="https://tldr.nettime.org/tags/DataProtection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataProtection</span></a> <a href="https://tldr.nettime.org/tags/Surveillance" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Surveillance</span></a></p>
Replied in thread

@OhMyGod Remember: ANY "#KYC" in terms of #Messenger| #Apps IS the #IllicitActivity!

Regardless if @matrix or @signalapp , the sheer request, demand or coercion onto #PII like a #PhoneNumber or #eMail-Address is bad.

Personally, I'll recommend to switch to some real #E2EE with good #SelfHosting options like @delta / #deltaChat [which uses #PGP/MIME) or @monocles / #monoclesChat (which is based upon #XMPP+#OMEMO and who do host their own servers which are user-financed and can be paid for 100% anonymously.

@bfdi @kuketzblog @netzpolitik_feed @ccc @heiseonline

Replied in thread

@cathygellis I concur with @AndrewHenry that Thunderbird is a suitable alternative for most. However, that's only the easy half of the problem. The email and (if shared among devices) contacts and calendars still need to be hosted somewhere online.

I'm still looking for an end-to-end encrypted email, contacts, and calendar host with an open API for bridging desktop email clients, so I can have all my email and calendars in one place without any vendor lock-in.

So far, @protonprivacy offers Proton Mail Bridge exclusively for paid Proton Mail subscribers, but that's inadequate, as it's proprietary and incompatible with competing services such as @Tutanota and @mailbox_org. As far as I can tell, neither of those competitors offer any bridge options at all, and an email and (especially) calendar host is useless to me if I can't access all accounts—personal and work—across services in a single interface.

Meanwhile, none of those services offer #E2EE cross-compatibility, which makes their E2EE offering next to useless, as it's only effective within their respective walled gardens. (I expect zero prospective clients would migrate service providers in order to do business with me, and I'll no sooner maintain multiple concurrent email and calendar hosting subscriptions than I would multiple concurrent streaming video entertainment services.)

A non-proprietary shared API and a single open-source bridging program for all three (and any other competitors) would suffice for me to migrate all my personal and business email and calendars to one of those services. E2EE competitive compatibility, in addition to that, would suffice for me to begin guiding all my clients to migrate off Google and Microsoft. None of the three seem to realize yet that their main gains would be at the expense of Google and Microsoft, not each other, at least insofar as their lack of competitive compatibility indicates.

But that's all tangential to your question. If you want a not-terrible email and calendar client on Windows, the only option I'd consider is Thunderbird. Although eM Client seems to be well developed, I'd never consider proprietary desktop software for email or calendars for the same reason I'd never consider a proprietary desktop web browser: replacing Windows with Linux (or BSD) is relatively quick and easy, if that becomes necessary, but migrating accounts, mailboxes, rules, contacts, and calendars; translating configuration; and developing and learning a new workflow for the new email and calendar client would a major business disruption for anyone (like me, and I'm guessing for a lawyer such as yourself) to whose workflow email and calendars are central.

If eM Client Inc. decides to impose AI features in a manner which conflicts with your or my confidentiality obligations to our respective clients, we may only find out retroactively, and may while dealing with the fallout of that breach, we'd still need to urgently migrate everything to a new client. If the Mozilla Foundation decides to push similar misfeatures into Thunderbird, however, we'd be able to determine that beforehand, and it wouldn't take much for drop-in Thunderbird replacements (analogous to LibreWolf or Waterfox) to be released and adopted, because Thunderbird is open source. Transferring all data and settings from Thunderbird to such a replacement would be as simple as renaming one folder.

Replied in thread

@Tutanota The main selling features I'm looking for are #E2EE interoperability with such competitors as @protonprivacy and @mailbox_org, and a shared non-proprietary API to locally bridge Tuta and competitors with common desktop mail, contacts, and calendar apps.

No one should need to maintain multiple subscriptions or break end-to-end encryption to carry on a three-party email exchange with subscribers to one of the three services each, nor to invite the other two to an event in the calendar. Anyone should be able to view their work email and their private email in the same UI. And many customers will want to bulk drag and drop or cut and paste mail and events from their old Google or Microsoft accounts into their new Tuta, Protoon, or Mailbox accounts.

Make E2EE mail and calendars federated (i.e., protocol-compatible across competing services) and compatible with desktop clients (via a single cross-compatible locally client-hosted bridging server), and you'll remove one the main barriers to customer adoption.

A non-profit trade association (like the W3C, but for E2EE mail, contacts, and calendars) would be the best place for the copyright etc. in the bridging software, and the best employer for the lead maintainers of it. Eliminate the trade-off between vendor lock-in and privacy.

Other features are nice, but till no one needs multiple concurrent competing subscriptions, or multiple mail, contact, or calendar apps, other features are practically irrelevant. What uses is an overview of my personal calendar when I can only see my own schedule there, without the context of my work and university calendars in the same view?

All #encryption #e2ee experts around the world — please consider applying to save the EU from its own fuckwitted police ideas about “safe” backdoors
From: @aristot73
infosec.exchange/@aristot73/11

Infosec ExchangeAristotelis Tzafalias (@aristot73@infosec.exchange)European Commission- Call for applications - Expert Group for a Technology Roadmap on Encryption (E04005) ACTIVE - deadline 1 September 2025. #dataretention #lawfulinterception #digitalforensics #encryption "The selection shall prioritise experts with technical profiles, coming from either public or private sector, whilst aiming to ensure proportional representation across the following fields of expertise: • Home affairs, ideally with an experience in fighting high-tech crime, and/or a background in the area of decryption and artifact extraction, computer forensics, network forensics, smartphone forensics, cloud forensics, IoT forensics, memory forensics and/or lawful interception; • Cybersecurity. with diverse backgrounds including but not limited to vulnerability management, evaluation of cybersecurity risks and certification and encryption (including quantum and post-quantum cryptography); • Telecommunication, including with experience in computer networks/Internet, 5G/6G, IoT, VoIP, Satellite, Quantum communication and/or encrypted communication applications; • Big data analysis, including with expertise in AI technologies; • Standardisation, notably in relation with cybersecurity and/or telecommunication technologies, including protocol networks, exchanges of digital data, and lawful interception; • Justice and fundamental rights, including experience in data protection and privacy, as well as experience in criminal justice, such as cyber-enabled and/or cyber-dependent crimes" https://ec.europa.eu/transparency/expert-groups-register/screen/expert-groups/consult?lang=en&groupID=4005
Replied in thread

@ticho @delta @torproject isn't that related to that "#blockchain-based" #AntisocialNetwork?

  • Having real #E2EE & decoupling the #message from #transport mechanism is key when communicating behind enemy lines and facing massive #SIGINT deployments against oneself.

Stuff like The "#OfflinePGP method" are really important skill for everyone!

youtube.com/watch?v=vdab4T_CoN8