shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

269
active users

#LawfulInterception

1 post1 participant0 posts today
Replied in thread

@stman @Sempf @LaF0rge yes.

Because physical SIMs, like any "cryptographic chipcard" (i.e. @nitrokey ) did all that fancy public/private crypto on silicon and unless that was compromizeable (which AFAICT always necessistated physical access to the #SIM, espechally in pre-#OMAPI devices) the SIM wasn't 'cloneable' and the weakest link always had been the #MNO /.#MVNO issueing (may it be through #SocialHacking employees into #SimSwapping or LEAs showng up with a warrant and demanding "#LawfulInterception"):

Add to that the regression in flexibility:

Unlike a #SimCard which was designed as a vendor-independent, #MultiVendor, #MultiProvider, device agnostic unit to facilitate the the #authentification and #encryption in #GSM (and successor standards), #eSIMs act to restrict #DeviceFreedom and #ConsumerChoice, which with shit like #KYC per #IMEI (i.e. #Turkey demands it after 90 days of roaming per year) und #lMEI-based #Allowlisting (see #Australia's shitty #VoLTE + #2G & #3G shutdown!) are just acts to clamp down on #privacy and #security.

  • And with #EID being unique per #eSIM (like the #IMEI on top!) there's nothing stopping #cyberfacist regimes like "P.R." #China, #Russia, #Iran, ... from banning "#eSIMcards" (#eSIM in SIM card form factor) or entire device prefixes (i.e. all phones that are supported by @GrapheneOS ), as M(V)NOs see the EID used to deploy/activate a profile (obviously they don't want people to activate eSIMs more than once, unless explicitly allowed otherwise.

"[…] [Technologies] must always be evaluated for their ability to oppress. […]

  • Dan Olson

And now you know why I consider a #smartphone with eSIM instead of two SIM slots not as a real #DualSIM device because it restricts my ability to freely move devices.

  • And whilst German Courts reaffirmed §77 TKG (Telco Law)'s mandate to letting people choose their devices freely, (by declarong #fees for reissue of eSIMs illegal) that is only enforceable towards M(V)NOs who are in #Germany, so 'good luck' trying to enforce that against some overseas roaming provider.

Thus #Impersonation attacks in GSM-based networks are easier than ever before which in the age of more skilled than ever #Cybercriminals and #Cyberterrorists (i.e. #NSA & #Roskomnadnozr) puts espechally the average #TechIlliterate User at risk.

  • I mean, anyone else remember the #Kiddies that fucked around with #CIA director #Brennan? Those were just using their "weapons-grade #boredom", not being effective, for-profit cyber criminals!

And then think about those who don't have privilegued access to protection by their government, but rather "privilegued access" to prosecution by the state because their very existance is criminalized...

The only advantage eSIMs broight in contrast is 'logistical' convenience because it's mostly a #QRcode and that's just a way to avoid typos on a cryptic #LocalProfileAgent link.

Continued thread

European Commission- Call for applications - Expert Group for a Technology Roadmap on Encryption (E04005) ACTIVE - deadline 1 September 2025.
#dataretention #lawfulinterception #digitalforensics #encryption

"The selection shall prioritise experts with technical profiles, coming from either public or private sector, whilst aiming to ensure proportional representation across the following fields of expertise: • Home affairs, ideally with an experience in fighting high-tech crime, and/or a background in the area of decryption and artifact extraction, computer forensics, network forensics, smartphone forensics, cloud forensics, IoT forensics, memory forensics and/or lawful interception; • Cybersecurity. with diverse backgrounds including but not limited to vulnerability management, evaluation of cybersecurity risks and certification and encryption (including quantum and post-quantum cryptography); • Telecommunication, including with experience in computer networks/Internet, 5G/6G, IoT, VoIP, Satellite, Quantum communication and/or encrypted communication applications; • Big data analysis, including with expertise in AI technologies; • Standardisation, notably in relation with cybersecurity and/or telecommunication technologies, including protocol networks, exchanges of digital data, and lawful interception; • Justice and fundamental rights, including experience in data protection and privacy, as well as experience in criminal justice, such as cyber-enabled and/or cyber-dependent crimes"

ec.europa.eu/transparency/expe

Replied in thread

@walkinglampshade @jrredho @fj It's basic #InfoSec, really:

Thus #Signal fails at protevting #Journalists and theor sources because they do have that data and can be #subopena'd for it if they don't already provide #BulkSurveillance & #LawfulInterception #API|s to comply with #CloudAct. (Or are you guys so naive and believe @Mer__edith will risk dying of old age in jail for non-paying users?)

  • This entire "thread vector" just doesn't exist with #XMPP+#OMEMO nor #PGP/MIME!

And if you believe "this won't ne used/abused me because I'm from 'Murica!" and point at #ANØM as an example, then you really ignored all tze #Cyberfacism since 9/11…

Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”
Replied in thread

@Sturmflut @fabiscafe @vkc

Or to put it more on the nose: You can be certain that i.e. @Mer__edith of @signalapp will talk cuz she can't pull the 5th on behalf of a user and won't go to jail for any of them.

Whereas if i.e. @monocles (or any #XMPP provider) got sent an order (and just like #Signal they'd comply if done so duely through legal channels, which is way harder in #Germany than the #USA cuz #GDPR & #BDSG & #LawfulInterception being way stricter than #CloudAct), if users used #OMEMO or #PGP/MIME, they (or any other provider) literally can't decrypt even when held at gunpoint, because asymetric public-private cryptography was literally designed to not be breakable unless someone managed to MITM comms from the first contact and any verification.

  • Which is unlikely to impossible unless one's able to literally isolate and manipulate all comms and means to communicate of at least one party, at which point they'd already have warrants to search everything and don't even bother to try MITMing comms but instead kick in doors.

But that's a totally different subject of #OpSec & #InfoSec, not #ComSec & #ITsec on it's own...

Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”
Replied in thread

@kubikpixel @malwaretech @tomscott or to put it into perspective:

I worked at a telco, and whilst clients were above-average in terns of bahaviour, one does get a high single digit or low double-digit amount of LEA requests per day per x million customers.

Now imagine the average #VPN has similar utilization as a #CGNAT, so easily they'll have #LawfulInterception going on 24/7 because logless VPNs are a lie and besides circumventing #Geoblocking they don't do anything else...

  • In fact I'd argue it'll be more privacy friendly to self-host a VPN on-demand with flexible hoster or just having a fixed IP at home, simply because those usually have a higher bar for getting surveillance approved.

TLDR: Just get @torproject @tails_live @tails / #Tails and good.

Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”
Replied in thread

@mattround same with any #Services and #Companies having an office in the #USA or being registered there or having a U.S. owner.

Migrate to #XMPP+#OMEMO right now!

Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”
Replied in thread

@deilann +9001%

Use actually secure comms instead that are #decentralized, #SelfHosting-capable, auditable and provide actual #SelfCustody of all the #Keys, so you can enforce your 5th Amendment!

Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”
#xmpp#omemo#pgp
Replied in thread

@HackyScientress @zl2tod @fj

Remember:

And yes, AFAICT this applies to all #Telcos which have to provide "#LawfulInterception" #Backdoors if not put #Govware in their core systems.

  • And yes, speaking as an insider, this can happen in.any juristiction where said #API|s and systems are mandatory.

So like all #EU / #EFTA & #G20 members!

  • I've yet to hear of any nation that doesn't demand such tech to be installed capable of both targeted and/or #BulkSurveillance.

-Just because laws demand a #judge to sign a #warrant doesn't mean said judge is actually in control or able to prevent someone from using it without permission!

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@munin@infosec.exchange @wuest@hachyderm.io OFC #Cyberfacists will demand #cyberfacism. - #Backdoor Integration *is the illicit activity*! - #Wiretapping *is the illicit activity*! - #CustodialKeys *are the illicit activity*! - #KYC *is the illicit activity*! Sadly this shite is [mandatory in every juristiction I know of]( https://infosec.space/@kkarhan/113292738181126901 )...