Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

289
active users

shakedown.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.4

#OnionServices

1 post1 participant0 posts today
Replied in thread
Public *
Ultra-Largest 🐭

@cadey My thoughts on #Anubis after encountering it multiple times as a user:
* mascot is nice, creative and intuitive to understand
* as a user of tor it works! cloudflare and others reject me as a bot, but anubis left me through, thank you
* onion services do not require anubis protection, though, right? Since they have their own proof of work system integrated by default …
blog.torproject.org/introducin

… equi-x function based on what Tor uses?
pony.social/@cadey/11423626384

blog.torproject.orgIntroducing Proof-of-Work Defense for Onion Services | Tor ProjectToday, we are officially introducing a proof-of-work (PoW) defense for onion services designed to prioritize verified network traffic as a deterrent against denial of service (DoS) attacks with the release of Tor 0.4.8.
#OnionServices#tor#proofof
Replied in thread
Public
Kevin Karhan :verified:

@max
To quote you directly:

"[...] easy to use solutions that are at the same time private and secure. [...]"

It is easier, faster, cheaper and overall simpler to get someone setup with #XMPP + #OMEMO espechally if they don't have a #PhoneNumber and/or #ID to acquire a #SIM.

And if you go and say, "Just buy a [insert country here] [e]SIM!" and expect #TechIlliterates without a #CreditCard, #PayPal or other means of #OnlinePayment to fiddle around with some #eSIM if not having to get some #eSIMcard because they can only afford to maintain one SIM and can't spend triple-digits on a new devices then you completely missed the point!

It's not that I expect anyone to get #TechLiterate within minutes, but similar to setting up a cordless DECT phone it's something one has to do once in 5 years and just have them put the password in a safe spot to retain...

Point is that #Signal #WontFix their setup and that was evidently clear even before @Mer__edith succeeded #MoxieMarlinspike: Their entire operation has a distinct #CryptoAG stench as it's an #unsustainable #VCmoneyBurning party!

A counterexample on how this could've been done are #Tor, #eMail and other truly #OpenSource as in #MultiVendor & #MultiProvider standards.

Whereas it's trivial to get people setup on one of many XMPP servers I've personally tested!

AFAIK Signal doesn't even have an #OnionService / .onion for their Website, much less any #API enpoints to use it with!

You're free to also provide evidence and supporting data to your arguments, rather then neighsaying against proven to be more secure and reliable [by virtue of decentralization] options like XMPP+OMEMO and/or #PGP/MIME.

The proper fix is to actually assess the situation and acknowledge the risks and limitations as well as the very nature of communications, which means upgrading later is exponentially more painful, thus getting people properly setup once is way easier.

  • Just because WE [ or rather @rysiek in this case ] rather privilegued enough to not be hatecrimed in their current location doesn't mean this is the case for everyone. And having places like Signal rely on a "#CDN" is just another red flag to me because questions like this one just don't arise with monocles.chat as people can just exercise proper #SelfCustody and just use Tor!

Speaking of #monocles: That business is at least #sustainable because it's funded by users (€2 p.m.) which they can pay anonymously

gruene.socialMax L. (@max@gruene.social)@kkarhan@infosec.space Sorry but no, the correct solution is to push for easy to use solutions that are at the same time private and secure. Hiding privacy and security behind a veil of "you need to know" is discrimination of people that are not able (either mentally, physically or monetary) to gain that knowledge. The correct move here is for @signalapp@mastodon.world and any other service to fix this and for legislators to enact laws enforcing proper security and privacy by design.
Replied in thread
Public
Kevin Karhan :verified:

@ploum instead of @signalapp which also falls under #CloudAct and is also a #Proprietary, #SingleVendor & #SingleProvider solution, consider #XMPP+#OMEMO for real #E2EE with #SelfCustody of all the keys!

#email#chat#ads
Replied in thread
Public
Kevin Karhan :verified:

@cryptoparty +9001%

Außerdem geht es darum #Massenüberwachung so kostenintensiv und unrealistisch wie möglich zu machen...

Hier muss die doppelte*" Aggression"* geliefert werden die #Cyberfaschisten uns #Polizeistaat-Fans an den Tag legen!

Replied in thread
Public
Kevin Karhan :verified:

@dw_innovation okay, maybe not the answer I hoped for given that this means manually dropping security in @torproject / #TorBrowser.

  • Still I'm not completely sketched out by that given #DWnews reputation, but I know this could he done better, as various websites and even stores and forums as #OnionServices showcase...

Given upcoming #accessibility requirements in #Germany I'm convinced cross-testing with #LynxBrowser over #Tor will likely be one of those things that'll necessitate changing that.

  • A potential workaround is to use an "accessibility proxy" like @ActionRetro 's #FrogFind ¹ which already comes in handy on extreme narrowband connections like #Iridium ²...
www.youtube.com - YouTubeEnjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.
#frogfind#iridium
Public
Kevin Karhan :verified:

#BlamingTheUser instead of #FixingTech is just a #TechBro way of #VictimBlaming!

#FACT: #JavaScript is a clear case of everything wrong with modern tech stacks and it

Espechally when the situation is so obvious...

If your website can't be used with #LynxBrowser over #Iridium and/or #TorBrowser in it's strictest security settings, than it should be illegal!

If you need evidence for the woeful unnecessarity of JS, please go and look up all the #OnionServices that don't!

  • AS IT SHOULD BE!
hj@shigusegubu.club fractured :flag: @hj@shigusegubu.club @kkarhan @radmin @SuperDicq the only #TechIlliterate here is you. Learn how to use Adblock and/or Umatrix to block undesireable js instead of avoiding it entirely like a caveman. 29. July 2024, 11:39
hj@shigusegubu.club fractured :flag: @hj@shigusegubu.club @kkarhan @radmin @SuperDicq >WHAT ABOUT #THXBYE #EOD IS NOT CLEAR? if you #EOD then why are you continuing it? I'm continuing discussion with other people participating, you don't need to reply. >THE WHOLE #ADBLOCKING STUFF LIKE #NoScript SHOULD NOT HAVE A REASON TO EXIST TO BEGIN WITH! Much like anti-virus and other anti-malware and such, firewalls shouldn't exist, all C programs must be compiled from source and made with benign and honest intend with no malpractices and no accidents ever. >I AVOID THAT SHIT BECAUSE IT IS A NET NEGATIVE TO THE WORLD, LIKE #WINDOWS, AND THUS I WON'T WASTE TIME OR ENERGY HAVING TO CLEANUP DIGITAL FECES FROM MY TRAFFIC AFTER I GOT.IT SHIT ALL OVER THE WEB!!! you avoid it but rest of the world can't. It's all over the world, have you seen CrowdStrike outage? >THERE IS NO LEGITIMATE REASON FOR #JavaScript WHEN THERE ARE AMPLE OF RICH WEBSITES, ESPECHALLY #OnionServices SHOWING THAT THEY DON'T NEED THAT SHITE! There is legitimate reason, it's called making a GUI application. Can you please disable your cruise control (aka CapsLock)?
Comparison Meme: - Ancient Roman Road in pristine Condition: "UNIX PROGRAM WRITTEN 30 YEARS AGO" - Modern Street with huge craters and bumps in it: "JS PACKAGE WRITTEN 30 MONTHS AGO"
Replied in thread
Public
Kevin Karhan :verified:

@hj @radmin @SuperDicq

  1. WHAT ABOUT #THXBYE #EOD IS NOT CLEAR?
    infosec.space/@kkarhan/1128691

  2. THE WHOLE #ADBLOCKING STUFF LIKE #NoScript SHOULD NOT HAVE A REASON TO EXIST TO BEGIN WITH!

  3. I AVOID THAT SHIT BECAUSE IT IS A NET NEGATIVE TO THE WORLD, LIKE #WINDOWS, AND THUS I WON'T WASTE TIME OR ENERGY HAVING TO CLEANUP DIGITAL FECES FROM MY TRAFFIC AFTER I GOT.IT SHIT ALL OVER THE WEB!!!

  4. THERE IS NO LEGITIMATE REASON FOR #JavaScript WHEN THERE ARE AMPLE OF RICH WEBSITES, ESPECHALLY #OnionServices SHOWING THAT THEY DON'T NEED THAT SHITE!

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@hj@shigusegubu.club @radmin@limepeeps.perchinup.top @SuperDicq@minidisc.tokyo Well, no. That assumes I'd install such garbage to begin with! And yes [JS is malware]( https://mastodon.sdf.org/@gnemmi/112869080794988869 )... - There's no reason for something like that to require a fucking app when 25+ years ago a goddamn website would do just fine... But hey go live in the dystopian world where everyone but you is a #TechIlliterate #Zoomer... I've got more pressing things to do than debate bs. #thxbye #next #EOD
#thxbye#eod#adblocking
Public
The Tor Project

We have released updates to #Arti to resolve a pair of security issues related to circuit construction for onion services. If you use arti to connect to #OnionServices or to run onion services, and you are using Arti 1.2.2 or tor-circmgr 0.18.0, you should upgrade. 🟢🔁🧅blog.torproject.org/arti_1_2_3

blog.torproject.orgSecurity release: Arti 1.2.3. (Please upgrade.) | Tor ProjectArti 1.2.3 is released and ready for download.
ExploreLive feeds
About