Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

286
active users

shakedown.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.4

#multivendor

0 posts0 participants0 posts today
Replied in thread
Public
Kevin Karhan :verified:

@ckrypto if@signalapp@mastodon.world wasn't complying with #CloudAct, @Mer__edith would be in jail.

Not to mention even if Signal keeps their "#OpenSource" code updated - which is doubtful, NOONE can actually #verify that it's the code you actually use - regardless if #backend / #Server or #client / #App!

  • #Signal is as secure as #ANØM, otherwise it would've been shutdown ages ago.

Also if Signal was designed for #security, it would've been #decentralized as #XMPP+#OMEMO and not demand #PII like #PhoneNumbers which oftentimes cannot be obtained anonymously in many juristictions at all!

By comparison, @delta doesn't require any PII, only an #eMail account, and @monocles isn't a #VCmoneyBurningParty but sustainable due to #subscription and they don't even require any personal details for #payment: #CashByMail and #Monero are accepted.

Again: It's Signal alone who have to evidence they are trustworthy, and all I get are "#TrustMeBro!" replies, which means they are not to be trusted.

  • Not to mention, it's just not sustainable to run a #service without #revenue, even if it's run entirely by unpaid volunteers and gets all it's #hosting and #costs donated, someone has to pay for expenses due to #abuse of a service (which is an inevitability come mass adoption)...

Whereas with #XMPP I can completely setup my own server and client, even build my own if I don't trust anyone else and pay someone to audit the code.

Whereas with XMPP & PGP/MIME #eMail I can layer @torproject / #Tor over it, make it an #OnionService and keep that thing under my bed with a literal killswitch...

YouTubeSignal's Terrible MobileCoin BetrayalBy The Hated One
Replied in thread
Public
Kevin Karhan :verified:

@delta also the whole "BuT #mEtAdAtA?" Discussion is completely blown out of proportions by #Signal fanboys.

In fact, I'm convinced someone already made a #delta #chat #server as an #OnionService over @torproject / #Tor just for the lulz.

  • The biggest Advantage for Delta Chat is that it doesn't require yet another server but instead just uses #IMAP + #SMTP and can even be integrated in #corporate communications that require #archival and #indexing by merely feeding the private keys to said #eMail archival software [i.e. #benno #MailArchiv], which makes it possible to comply with regulations like #GoBD & #HGB where applicable.

Not that this is something the average user encounters, but it is a big bonus for larger organizations!

Replied in thread
Public *
Kevin Karhan :verified:

@compl4xx @Layer8 @nick @kuketzblog @marcel @mspro

  • EXAKT DAS!

Meine Rede...

Oder um es einfach zu erklären: Warum gibt es #HTTP(S) & #HTML sowie #eMail ( #IMAP & #SMTP) bis heute und keiner nutzt mehr #AOL, #MSN, #ICQ?

Wenn @signalapp / #Signal wegen #CloudAct geflipped wird wie #EncroChat, #ANØM & #SkyECC dann stehen Leute alternativlos in der shice ubd die ganzen "Sicherheitsversprechen" lösen sich in "#TrustMeBro!" und #Lügen auf.

Ich nutze meinen XMPP-Account seit Ewigkeiten und habe drölfzig Clients durch. Aber Kontakte erreichen mich darüber Problemlos!

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@kuketzblog@social.tchncs.de naja, @signalapp@mastodon.world fällt auch unter #CloudAct ubd #Threema ist noch #proprietärer als #Signal. - Gibt mit #XMPP+#OMEMO eine wirklich #sichere & #dezentrale Alternative die keine #PII wie #Telefonnummern oder #Google-Dienste braucht! Ach ja, @monocles@monocles.social / #moniclesChat haben [grade](https://monocles.social/@monocles/113925173206088469) ne #Promo zum #GlobalSwitchDay und bieten deren #App kostenlos an. - Und sonst gibt's auch noch @delta@chaos.social / #deltaChat welche #PGO/MIME & #eMail als Basis nutzen! Für [beide gibt's](https://github.com/greyhat-academy/lists.d/blob/main/xmpp.servers.list.tsv) [kostenlose Anbieter](https://github.com/greyhat-academy/lists.d/blob/main/email.servers.list.tsv) und #SelfHosting ist genauso machbar wie deren *echte #E2EE* mit #SelfCustody!
Replied in thread
Public
Kevin Karhan :verified:

@max
To quote you directly:

"[...] easy to use solutions that are at the same time private and secure. [...]"

It is easier, faster, cheaper and overall simpler to get someone setup with #XMPP + #OMEMO espechally if they don't have a #PhoneNumber and/or #ID to acquire a #SIM.

And if you go and say, "Just buy a [insert country here] [e]SIM!" and expect #TechIlliterates without a #CreditCard, #PayPal or other means of #OnlinePayment to fiddle around with some #eSIM if not having to get some #eSIMcard because they can only afford to maintain one SIM and can't spend triple-digits on a new devices then you completely missed the point!

It's not that I expect anyone to get #TechLiterate within minutes, but similar to setting up a cordless DECT phone it's something one has to do once in 5 years and just have them put the password in a safe spot to retain...

Point is that #Signal #WontFix their setup and that was evidently clear even before @Mer__edith succeeded #MoxieMarlinspike: Their entire operation has a distinct #CryptoAG stench as it's an #unsustainable #VCmoneyBurning party!

A counterexample on how this could've been done are #Tor, #eMail and other truly #OpenSource as in #MultiVendor & #MultiProvider standards.

Whereas it's trivial to get people setup on one of many XMPP servers I've personally tested!

AFAIK Signal doesn't even have an #OnionService / .onion for their Website, much less any #API enpoints to use it with!

You're free to also provide evidence and supporting data to your arguments, rather then neighsaying against proven to be more secure and reliable [by virtue of decentralization] options like XMPP+OMEMO and/or #PGP/MIME.

The proper fix is to actually assess the situation and acknowledge the risks and limitations as well as the very nature of communications, which means upgrading later is exponentially more painful, thus getting people properly setup once is way easier.

  • Just because WE [ or rather @rysiek in this case ] rather privilegued enough to not be hatecrimed in their current location doesn't mean this is the case for everyone. And having places like Signal rely on a "#CDN" is just another red flag to me because questions like this one just don't arise with monocles.chat as people can just exercise proper #SelfCustody and just use Tor!

Speaking of #monocles: That business is at least #sustainable because it's funded by users (€2 p.m.) which they can pay anonymously

gruene.socialMax L. (@max@gruene.social)@kkarhan@infosec.space Sorry but no, the correct solution is to push for easy to use solutions that are at the same time private and secure. Hiding privacy and security behind a veil of "you need to know" is discrimination of people that are not able (either mentally, physically or monetary) to gain that knowledge. The correct move here is for @signalapp@mastodon.world and any other service to fix this and for legislators to enact laws enforcing proper security and privacy by design.
Replied in thread
Public
Kevin Karhan :verified:

@zeank @MastoDenunzianten Auch sind all.dies #Merting-#Versprechen oder auch #Lügen, denn woher soll mensch verifizieren können, dass das was #Threeema behauptet auch stimmt?

  • Die werden mich das ja nicht persönlich an deren Servern abchecken lassen.

Bei #XMPP+#OMEMO (z.B. @monocles / #monoclesChat & @gajim / #Gajim) & #PGP/MIME (z.B @delta / #DeltaChat) kann ich im Zweifelsfalle #SelfHosting mit nem #RaspberryPi im Kleiderschrank machen.

Angriffe auf dezentrale & offene, #MultiVendor & #MultiProvider-Standards funktionieren nicht skalierbar!

pwnagotchi.aiPwnagotchi - Deep Reinforcement Learning instrumenting bettercap for WiFi pwning. :: Usage
Replied in thread
Public
Kevin Karhan :verified:

@zackwhittaker @kevincollier

Remember:

The only way we can prevent a #Cyberfacist #dystopia is to make it impossible!

Replied in thread
Public
Kevin Karhan :verified:

@ai6yr people need to fucking learn proper #InfoSec, #OpSec, #CkmSec & #ITsec and that means learning to proper use #XMPP+#OMEMO & #PGP/MIME.

@tails_live / @tails / #Tails exists. @gajim / #Gajim exists. @monocles / #monoclesChat exists. @delta / #deltaChat exists. @thunderbird / #Thunderbird exists. @cryptoparty@mastodon.earth / @cryptoparty@chaos.social / #CryptoParties exist.
#Documentation in writing and videos exist.

#selfhosting#multivendor#multiprovider
Replied in thread
Public *
Kevin Karhan :verified:

@perry_mitchell makes sense tho I personally tens to just start with like smaller drives and consistently grow the pool as more storage is available...

  • Granted I usually have to provide more resilient stuff that can't really downtime, so RAID-Z3 / #ZRAID in #ZFS is a necessity alongside #MultiVendor - Diversity strategy...

But then again I don't think you're used to having to comply with #finance and #healthcare regulations or would even consider said system outside a #HomeLab or other non-critical setup where #downtime is a mere inconvenience...

  • And that's totally fine: Noones gonna setup an entire proxmox cluster just to spin up some storage...
Public
Kevin Karhan :verified:

@doerk the problem is that we accept #TechIlliterates just regurgitating #MarketingLies of #NSAbook et. al.

Or does anyone believe @signalapp 's @Mer__edith would protect any user if that means she'd be in jail for the rest of her life?

  • Cuz whoever believes that really huffed too much Copium amidst #CloudAct existing and precedents existing!

1
2
3

www.youtube.com - YouTubeEnjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
Public
Kevin Karhan :verified:

@thegibson Well, what if I told you that neither #Signal nor #Threema nor any #centralized #SingleVendor & #SingleProvider messenger will be secure.

But don't take my word for it, because just as logless VPNs don't exist so will @signalapp snitch on every user if served with a court order or forced at gunpoint by LEAs and/or facing jail for not complying with #CloudAct.

  • In fact, I'd be surprised if they haven't done so already...

If you want real #security and #privacy, then don't use any #messenger that demands #PII like #PhoneNumbers at all and choose #decentralized, #MultiVendor & #MultiProvider solutions like #XMPP+#OMEMO where you have #SelfCustody of all #Keys and thus you are in control!

Also #Telegram is exclusively being used by #Neonazis, #ConspiracyTheorists and #Disinfo groups...

Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”
ExploreLive feeds
About