Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.social/@noybeu" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>noybeu</span></a></span> so does every <a href="https://infosec.space/tags/GAFAM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GAFAM</span></a> that illegally collects <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> against peoples' explicitly declined consent.</p><ul><li>Am I right, <span class="h-card" translate="no"><a href="https://mastodon.social/@maxschrems" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>maxschrems</span></a></span> ?</li></ul><p>I mean, <a href="https://infosec.space/tags/Shitter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Shitter</span></a> refuses to comply with my request to hand over my data for over a year now, and I think they gonna go full <a href="https://infosec.space/tags/DelayDeposeDeny" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DelayDeposeDeny</span></a> on me if I'm not gonna cough up €€€ to get some lawyer on their ass...</p>
shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.
Administered by:
Server stats:
267active users
shakedown.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.1
#pii
4 posts · 3 participants · 2 posts today
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.sdf.org/@dragonfrog" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>dragonfrog</span></a></span> To add insult to injury, <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> killed the superior <a href="https://infosec.space/tags/TextSecure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TextSecure</span></a> in their <a href="https://infosec.space/tags/Enshittification" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Enshittification</span></a> quest, yet still insist on demandibg <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> in the form of a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a>.</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.social/@stman" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>stman</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@Sempf" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Sempf</span></a></span> <span class="h-card" translate="no"><a href="https://chaos.social/@LaF0rge" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>LaF0rge</span></a></span> yes.</p><p>Because physical SIMs, like any <em>"cryptographic chipcard"</em> (i.e. <span class="h-card" translate="no"><a href="https://social.nitrokey.com/@nitrokey" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>nitrokey</span></a></span> ) did all that fancy public/private crypto on silicon and unless that was compromizeable (which AFAICT always necessistated physical access to the <a href="https://infosec.space/tags/SIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SIM</span></a>, espechally in pre-<a href="https://infosec.space/tags/OMAPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OMAPI</span></a> devices) the SIM wasn't <em>'cloneable'</em> and the weakest link always had been the <a href="https://infosec.space/tags/MNO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MNO</span></a> /.<a href="https://infosec.space/tags/MVNO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MVNO</span></a> issueing (may it be through <a href="https://infosec.space/tags/SocialHacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SocialHacking</span></a> employees into <em><a href="https://infosec.space/tags/SimSwapping" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SimSwapping</span></a></em> or LEAs showng up with a warrant and demanding <em>"<a href="https://infosec.space/tags/LawfulInterception" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LawfulInterception</span></a>"</em>):</p><ul><li>These <em>"attack vectors"</em> were known and whilst <em>unfixable</em> they could at least be mitigated by i.e. <em>NEVER</em> using a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a> for anything <em>and/or</em> using anonymously obtained <a href="https://infosec.space/tags/SIMs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SIMs</span></a>. But more and more services like <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> did <a href="https://infosec.space/tags/regression" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>regression</span></a> demanding <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> <em>and</em> more and more nations <em>criminalized</em> <a href="https://infosec.space/tags/AnonymousSimCards" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AnonymousSimCards</span></a> under utterly <a href="https://infosec.space/tags/cyberfacist" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberfacist</span></a> & <a href="https://infosec.space/tags/FalsePretenses" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FalsePretenses</span></a>!</li></ul><p>Add to that the <em>regression</em> in flexibility: </p><p>Unlike a <a href="https://infosec.space/tags/SimCard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SimCard</span></a> which was designed as a <em>vendor-independent, <a href="https://infosec.space/tags/MultiVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiVendor</span></a>, <a href="https://infosec.space/tags/MultiProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiProvider</span></a>, device agnostic unit to facilitate the the <a href="https://infosec.space/tags/authentification" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentification</span></a> and <a href="https://infosec.space/tags/encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>encryption</span></a> in <a href="https://infosec.space/tags/GSM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GSM</span></a> (and successor standards)</em>, <a href="https://infosec.space/tags/eSIMs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIMs</span></a> act to restrict <a href="https://infosec.space/tags/DeviceFreedom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DeviceFreedom</span></a> and <a href="https://infosec.space/tags/ConsumerChoice" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ConsumerChoice</span></a>, which with shit like <a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KYC</span></a> per <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IMEI</span></a> (i.e. <a href="https://infosec.space/tags/Turkey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Turkey</span></a> demands it after 90 days of roaming per year) und <a href="https://infosec.space/tags/lMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>lMEI</span></a>-based <a href="https://infosec.space/tags/Allowlisting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Allowlisting</span></a> (see <a href="https://infosec.space/tags/Australia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Australia</span></a>'s shitty <a href="https://infosec.space/tags/VoLTE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VoLTE</span></a> + <a href="https://infosec.space/tags/2G" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2G</span></a> & <a href="https://infosec.space/tags/3G" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>3G</span></a> shutdown!) are just acts to clamp down on <a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> and <a href="https://infosec.space/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a>.</p><ul><li>And with <a href="https://infosec.space/tags/EID" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EID</span></a> being unique per <a href="https://infosec.space/tags/eSIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIM</span></a> (like the <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IMEI</span></a> on top!) there's nothing stopping <a href="https://infosec.space/tags/cyberfacist" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberfacist</span></a> regimes like <em>"P.R."</em> <a href="https://infosec.space/tags/China" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>China</span></a>, <a href="https://infosec.space/tags/Russia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Russia</span></a>, <a href="https://infosec.space/tags/Iran" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Iran</span></a>, ... from banning <em>"<a href="https://infosec.space/tags/eSIMcards" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIMcards</span></a>"</em> (<a href="https://infosec.space/tags/eSIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIM</span></a> in SIM card form factor) or entire device prefixes (i.e. all phones that are supported by <span class="h-card" translate="no"><a href="https://grapheneos.social/@GrapheneOS" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>GrapheneOS</span></a></span> ), as M(V)NOs see the EID used to deploy/activate a profile (obviously they don't want people to activate eSIMs more than once, <em>unless explicitly allowed otherwise</em>.</li></ul><p>"[…] [Technologies] must <em>always</em> be evaluated for their ability to oppress. […] </p><ul><li>Dan Olson</li></ul><p>And now you know why I consider a <a href="https://infosec.space/tags/smartphone" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>smartphone</span></a> with eSIM instead of two SIM slots not as a <em>real</em> <a href="https://infosec.space/tags/DualSIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DualSIM</span></a> device because it restricts my ability to freely move devices.</p><ul><li>And whilst German Courts reaffirmed §77 TKG (Telco Law)'s mandate to letting people choose their devices freely, (by declarong <a href="https://infosec.space/tags/fees" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fees</span></a> for reissue of eSIMs illegal) that is only <em>enforceable towards M(V)NOs who are in <a href="https://infosec.space/tags/Germany" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Germany</span></a></em>, so <em>'good luck'</em> trying to enforce that against some overseas roaming provider.</li></ul><p>Thus <a href="https://infosec.space/tags/Impersonation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Impersonation</span></a> attacks in GSM-based networks are easier than ever before which in the age of <em>more skilled than ever</em> <a href="https://infosec.space/tags/Cybercriminals" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybercriminals</span></a> and <a href="https://infosec.space/tags/Cyberterrorists" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyberterrorists</span></a> (i.e. <a href="https://infosec.space/tags/NSA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NSA</span></a> & <a href="https://infosec.space/tags/Roskomnadnozr" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Roskomnadnozr</span></a>) puts espechally the average <em><a href="https://infosec.space/tags/TechIlliterate" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechIlliterate</span></a> User</em> at risk.</p><ul><li>I mean, anyone else remember the <a href="https://infosec.space/tags/Kiddies" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kiddies</span></a> that <em>fucked around</em> with <a href="https://infosec.space/tags/CIA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CIA</span></a> director <a href="https://infosec.space/tags/Brennan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Brennan</span></a>? Those were just using their <em>"weapons-grade <a href="https://infosec.space/tags/boredom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>boredom</span></a>"</em>, not being effective, for-profit cyber criminals!</li></ul><p>And then think about those who don't have <em>privilegued access</em> to <em>protection</em> by their government, but rather <em>"privilegued access" to prosecution</em> by the state <em>because their very existance is criminalized...</em></p> <p>The only advantage eSIMs broight in contrast is <em>'logistical' convenience</em> because it's mostly a <a href="https://infosec.space/tags/QRcode" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>QRcode</span></a> and that's just a way to avoid typos on a cryptic <a href="https://infosec.space/tags/LocalProfileAgent" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LocalProfileAgent</span></a> link.</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://masto.hackers.town/@X00001" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>X00001</span></a></span> yes and I refuse to use any service that demands <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> like a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a>, which never was <a href="https://infosec.space/tags/anonymous" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>anonymous</span></a> but merely <a href="https://infosec.space/tags/pseudonymous" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pseudonymous</span></a> even when it was legal to acquire anonymous (e)SIMs in <a href="https://infosec.space/tags/Germany" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Germany</span></a>...</p>
Dissent Doe :cupofcoffee:<p>Kentfield Hospital is a critical care hospital in California. They appear to have been the victim of a cyberattack by World Leaks, who claim to use an exfiltration-extortion model. </p><p>The hospital has not responded to an inquiry sent to it over the weekend, so they have neither confirmed nor denied any attack at this point, but I was able to preview the data tranche and reported on it all here: </p><p><a href="https://databreaches.net/2025/07/05/kentfield-hospital-victim-of-cyberattack-by-world-leaks-patient-data-involved/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">databreaches.net/2025/07/05/ke</span><span class="invisible">ntfield-hospital-victim-of-cyberattack-by-world-leaks-patient-data-involved/</span></a></p><p><a href="https://infosec.exchange/tags/HIPAA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HIPAA</span></a> <a href="https://infosec.exchange/tags/healthsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>healthsec</span></a> <a href="https://infosec.exchange/tags/PHI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PHI</span></a> <a href="https://infosec.exchange/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>databreach</span></a> <a href="https://infosec.exchange/tags/extortion" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>extortion</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mast.solarisfire.com/@solarisfire" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>solarisfire</span></a></span> how about.stop using <a href="https://infosec.space/tags/discord" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>discord</span></a> since it's not only an <a href="https://infosec.space/tags/InformationBlackhole" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InformationBlackhole</span></a> but demanding <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> is the <a href="https://infosec.space/tags/IllicitActivity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IllicitActivity</span></a>!</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@OhMyGod" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>OhMyGod</span></a></span> Remember: <em>ANY "<a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KYC</span></a>" in terms of <a href="https://infosec.space/tags/Messenger" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Messenger</span></a>| <a href="https://infosec.space/tags/Apps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Apps</span></a> IS the <a href="https://infosec.space/tags/IllicitActivity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IllicitActivity</span></a>!</em></p><p>Regardless if <span class="h-card" translate="no"><a href="https://mastodon.matrix.org/@matrix" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>matrix</span></a></span> or <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> , the sheer request, demand or coercion onto <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> like a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a> or <a href="https://infosec.space/tags/eMail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eMail</span></a>-Address <em>is</em> bad.</p><ul><li>If providers like <span class="h-card" translate="no"><a href="https://mastodon.online/@mullvadnet" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>mullvadnet</span></a></span> can do a <a href="https://infosec.space/tags/VPN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VPN</span></a> without any PII <em>and</em> can offer their Service via <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a> and host their Website as <a href="https://infosec.space/tags/OnionService" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OnionService</span></a>, then there's no good reason for others not to do the same.</li></ul><p>Personally, I'll recommend to switch to some <em>real <a href="https://infosec.space/tags/E2EE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>E2EE</span></a></em> with good <a href="https://infosec.space/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfHosting</span></a> options like <span class="h-card" translate="no"><a href="https://chaos.social/@delta" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>delta</span></a></span> / <a href="https://infosec.space/tags/deltaChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>deltaChat</span></a> [which uses <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PGP</span></a>/MIME) or <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>monocles</span></a></span> / <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monoclesChat</span></a> (which is based upon <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OMEMO</span></a> and who do host their own servers which are user-financed and can be paid for 100% anonymously.</p><p><span class="h-card" translate="no"><a href="https://social.bund.de/@bfdi" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>bfdi</span></a></span> <span class="h-card" translate="no"><a href="https://social.tchncs.de/@kuketzblog" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>kuketzblog</span></a></span> <span class="h-card" translate="no"><a href="https://chaos.social/@netzpolitik_feed" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>netzpolitik_feed</span></a></span> <span class="h-card" translate="no"><a href="https://chaos.social/@ccc" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>ccc</span></a></span> <span class="h-card" translate="no"><a href="https://social.heise.de/@heiseonline" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>heiseonline</span></a></span></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.social/@photovince" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>photovince</span></a></span> anyone who doesn't trust a.<a href="https://infosec.space/tags/centralized" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>centralized</span></a>, <a href="https://infosec.space/tags/proprietary" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>proprietary</span></a> <a href="https://infosec.space/tags/SingleVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SingleVendor</span></a> & <a href="https://infosec.space/tags/SingleProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SingleProvider</span></a> solution that demands <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> for no valid reason like <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> does!</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@artfulmodder" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>artfulmodder</span></a></span> last time I checked <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> still demanded <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> in.the form of a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a>, still peddled the <a href="https://infosec.space/tags/MobileCoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MobileCoin</span></a> <a href="https://infosec.space/tags/Shitcoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Shitcoin</span></a> <a href="https://infosec.space/tags/Scam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Scam</span></a> and didn't move out of the <a href="https://infosec.space/tags/Cyberfacist" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyberfacist</span></a> <a href="https://infosec.space/tags/USA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>USA</span></a> despite <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudAct</span></a> being nothing new!</p><ul><li>Not to mention <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Signal</span></a> is both able and willing to discriminate against users based off said PII. Just because they do it for <em>"<a href="https://infosec.space/tags/Sanctions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sanctions</span></a> <a href="https://infosec.space/tags/Compliance" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Compliance</span></a>"</em> diesn't mean they ain't gonna change that nor that <span class="h-card" translate="no"><a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Mer__edith</span></a></span> (or anyone else at Signal) could be bribed or threatened to do so.</li></ul><p>They are <a href="https://infosec.space/tags/centralized" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>centralized</span></a> <a href="https://infosec.space/tags/SingleVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SingleVendor</span></a> & <a href="https://infosec.space/tags/SingleProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SingleProvider</span></a> and are thus a <a href="https://infosec.space/tags/SinglePointOfFailure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SinglePointOfFailure</span></a> per design!</p><ul><li>Unlike <span class="h-card" translate="no"><a href="https://chaos.social/@delta" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>delta</span></a></span> (which is <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PGP</span></a>/MIME in a different UI) or <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OMEMO</span></a> (which you can use via <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a> and connect to a Server that is an <a href="https://infosec.space/tags/OnionService" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OnionService</span></a>.</li></ul><p>IMHO <em>"memory tagging"</em> is the least of Signal's problems. To me they stench <em>"<a href="https://infosec.space/tags/ControlledOpposition" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ControlledOpposition</span></a>"</em> just as hard as <a href="https://infosec.space/tags/AN%C3%98M" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ANØM</span></a> and <em>incompetence</em> as hard as <a href="https://infosec.space/tags/EncroChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EncroChat</span></a>!</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://social.anoxinon.de/@mit_scharf" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>mit_scharf</span></a></span> the problem with <em>"threat scenarios"</em> is that they tend to change quickly, non-consensual and without warning.</p><ul><li>Demanding any <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> [even by virtue of being correlateable through circumstances] to be able to use a service is inherently bad, espechally since there is no <em>"legitimate interest"</em> for that.</li></ul><p><em>"<a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KYC</span></a>" is the illicit activity!</em> and <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Signal</span></a> acts as a <a href="https://en.wikipedia.org/wiki/Opposition_(politics)#Controlled_opposition" rel="nofollow noopener" target="_blank">controlled opposition</a> by virtue of being a <a href="https://infosec.space/tags/proprietary" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>proprietary</span></a>, <a href="https://infosec.space/tags/centralized" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>centralized</span></a>, <a href="https://infosec.space/tags/SingleVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SingleVendor</span></a> & <a href="https://infosec.space/tags/SingleProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SingleProvider</span></a> "solution" that subjects itself to a juristiction that has 0 <a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> laws and only <a href="https://infosec.space/tags/cyberfacism" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberfacism</span></a> (see <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudAct</span></a> ) to boot...</p><ul><li>I find it more fatiguing and also expensive to try to workaround shite than to migrate folks to secure standards because that's a one-time investment that I'm willing to take vs. having to jump through hoops and paywalls to acquire a working <a href="https://infosec.space/tags/SIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SIM</span></a> (or <a href="https://infosec.space/tags/eSIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIM</span></a>) anonymously and maintaining it.</li></ul><p>It's just not in the cards TBH!</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.social/@Cappyjax" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Cappyjax</span></a></span> IDGAF about <em>"passion"</em>. <a href="https://infosec.space/@kkarhan/114697690127511140" rel="nofollow noopener" target="_blank">All I care about is the security of users!</a></p><p>Requiring <em>any</em> <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> like a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a> is inacceptable when it comes to <a href="https://infosec.space/tags/ComSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ComSec</span></a>, <a href="https://infosec.space/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> & <a href="https://infosec.space/tags/OpSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpSec</span></a>, espechally given <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> is not only able but entirely willing to restrict service based off said numbers, making their "solution" insecure by design.</p><ul><li>There's a reason why <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OMEMO</span></a> and <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PGP</span></a>/MIME [both each over <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a>] is the <em>evidently superior and more secure approach</em>, as being unable to <em>"<a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KYC</span></a>"</em> a user is a matter of security...</li></ul><p>Espechally since obtaining a phone number anonymously is oftentimes illegal (i.e. <a href="https://infosec.space/tags/Germany" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Germany</span></a> made it illegal starting 07/2017, so using any service that demands a phone numner is out of question)</p><ul><li>And even <em>if</em> one can get an anonymous <a href="https://infosec.space/tags/SIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SIM</span></a> (with a phone number) or god forbid <a href="https://infosec.space/tags/eSIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIM</span></a>, (which is at best pseudonymous as tracking down users by virtue of matching ICCID, IMEI & IMSI to location and time) the chances are high that one ends up with recycled phone numbers that have already been used.</li></ul><p>Obviously the devs of <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Signal</span></a> and <span class="h-card" translate="no"><a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Mer__edith</span></a></span> are well aware of this critical flaw, which is why I consider them to act as <a href="https://en.wikipedia.org/wiki/Useful_idiot" rel="nofollow noopener" target="_blank"><em>"useful idiots"</em></a> or rather <a href="https://en.wikipedia.org/wiki/Opposition_(politics)#Controlled_opposition" rel="nofollow noopener" target="_blank"><em>"controlled opposition"</em></a> as <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Signal</span></a> could've been shutdown trivially by the <a href="https://infosec.space/tags/US" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>US</span></a> Government or forced into banning users based off their <a href="https://infosec.space/tags/PhoneNumbers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumbers</span></a> (they may call this <em>"<a href="https://infosec.space/tags/sanctions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sanctions</span></a> <a href="https://infosec.space/tags/compliance" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>compliance</span></a>"</em> given they added a <a href="https://infosec.space/tags/Shitcoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Shitcoin</span></a> - Wallet into Signal!)...</p><ul><li>All the <em>"but <a href="https://infosec.space/tags/Metadata" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Metadata</span></a>"</em> <a href="https://infosec.space/tags/FUD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FUD</span></a> turns into <a href="https://infosec.space/tags/MarketingLies" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MarketingLies</span></a> once put under the looking glass and examined against the risk of state-sponsored / -endordsed / -supported attackers.</li></ul><p>Whereas with <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>monocles</span></a></span> / <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monoclesChat</span></a>, <span class="h-card" translate="no"><a href="https://fosstodon.org/@gajim" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>gajim</span></a></span> / <a href="https://infosec.space/tags/gajim" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gajim</span></a> and <span class="h-card" translate="no"><a href="https://chaos.social/@delta" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>delta</span></a></span> / <a href="https://infosec.space/tags/deltaChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>deltaChat</span></a> and <span class="h-card" translate="no"><a href="https://mastodon.online/@thunderbird" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>thunderbird</span></a></span> / <a href="https://infosec.space/tags/Thunderbird" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Thunderbird</span></a> respectably I can not only use Tor, but do <a href="https://infosec.space/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfHosting</span></a> for the entire <a href="https://infosec.space/tags/communications" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>communications</span></a> infrastructure (i.e. using an <a href="https://infosec.space/tags/OnionService" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OnionService</span></a> = only reachable via Tor) and get the advantages of a self-routing, self-authenticating & battle-hardened against censorship proxy network that can't be shutdown!</p><ul><li>And if you think this is too tinfoilhatted, then consider yourself privilegued enough of having your mere existance not being <a href="https://ilga.org/news/state-sponsored-homophobia-december-2019-decade-update/" rel="nofollow noopener" target="_blank">criminalized by the government under threat of public execution!</a></li></ul><p><a href="https://ilga.org/wp-content/uploads/2024/02/ILGA_World_map_sexual_orientation_laws_December2019.pdf" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ilga.org/wp-content/uploads/20</span><span class="invisible">24/02/ILGA_World_map_sexual_orientation_laws_December2019.pdf</span></a><br><a href="https://infosec.space/@kkarhan/114697690127511140" translate="no" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.space/@kkarhan/1146976</span><span class="invisible">90127511140</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.social/@derekmorr" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>derekmorr</span></a></span> </p><blockquote><p>Let it go, already. No one uses MobileCoin. You can’t even find an exchange to buy it.</p></blockquote><p>Then why does <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> still have that shit in it? <span class="h-card" translate="no"><a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Mer__edith</span></a></span> could've pulled that <a href="https://infosec.space/tags/Shitcoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Shitcoin</span></a> yet refuses to do do!</p><blockquote><p>The Cloud Act is a non-issue. Signal doesn’t have data on users, so they can’t be forced to disclose it.</p></blockquote><p>That's literally wrong!</p><ul><li><a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Signal</span></a> not only collects <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> in the form of a <a href="https://infosec.space/tags/PhoneNumher" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumher</span></a> but explicitly is <em>able and willing</em> to use that to dsicriminate against users and restrict app functionality based off their presumed juristiction. There is no <em>"legitimate interest"</em> for.doing so nor any legal mandate to do so (unless we excuse the ehole <a href="https://infosec.space/tags/MobileCoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MobileCoin</span></a>-<a href="https://infosec.space/tags/Scam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Scam</span></a>!)</li></ul><blockquote><p>It’s been 30 years, and no one uses xmpp. Let it go.</p></blockquote><p>Wrong again. Otherwise there wouldn't be thriving ecosystems and Apps to this day. It's just that corporate shills refuse to acknowledge that Signal - like all centralized, proprietary, <a href="https://infosec.space/tags/SingleVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SingleVendor</span></a> and/or <a href="https://infosec.space/tags/SingleProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SingleProvider</span></a> kessengers before and after - will inevitably die as their business model is not sustainable. Sake with <a href="https://infosec.space/tags/ICQ" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ICQ</span></a> really. The only exceptions are those that abolish <a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> for <a href="https://infosec.space/tags/profit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>profit</span></a>, integrate <em>actually working payments</em> or sellout to a <a href="https://infosec.space/tags/cyberfacist" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberfacist</span></a> <a href="https://infosec.space/tags/government" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>government</span></a> (all those apply to <a href="https://infosec.space/tags/WeChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WeChat</span></a>!)</p><blockquote><p>It’s shocking that people who claim to care about security and privacy push niche apps with terrible UX and no PFS like Delta or XMPP instead of the only private messenger with any real market share, Signal.</p></blockquote><p>You know what's shocking to me: People who are unable or rather unwilling.to acknowledge that Signal is garbage and it's requirement for a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a> kills any <a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> benefits it may have on paper by virtue of being at best pseudonymous (assuming the userd don't live in a juristiction that demands <em>"<a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KYC</span></a>"</em> for even prepaid <a href="https://infosec.space/tags/SIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SIM</span></a> cards (ime. <a href="https://infosec.space/tags/Germany" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Germany</span></a>) or god forbid even <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IMEI</span></a>|s (i.e. <a href="https://infosec.space/tags/Turkey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Turkey</span></a> has a literal allowlist that'll kick any device off it's MNOs after 90 days within 365 days.</p><ul><li>The <a href="https://infosec.space/tags/UScentric" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UScentric</span></a> approach to <a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> and <a href="https://infosec.space/tags/threats" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threats</span></a> makes Signal absolutely useless in many cases, and I do speak here from experience. </li></ul><p>I'd rather help people onboard <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OMEMO</span></a> like <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>monocles</span></a></span> and/or <span class="h-card" translate="no"><a href="https://fosstodon.org/@gajim" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>gajim</span></a></span> or <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PGP</span></a>/MIME like <span class="h-card" translate="no"><a href="https://chaos.social/@delta" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>delta</span></a></span> & <span class="h-card" translate="no"><a href="https://mastodon.online/@thunderbird" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>thunderbird</span></a></span> (incl. setting them up with <a href="https://infosec.space/tags/Orbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Orbot</span></a> / <a href="https://infosec.space/tags/TorBrowserBundle" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TorBrowserBundle</span></a> / <span class="h-card" translate="no"><a href="https://venera.social/profile/tails_live" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tails_live</span></a></span> so their traffic gets through <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> and doesn't provide any useable IP addresses. </p><ul><li><em>I've literally been there and done that!</em></li></ul><p>As for <a href="https://infosec.space/tags/Sustainability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sustainability</span></a>, providers like <a href="https://monocles.eu" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">monocles.eu</span><span class="invisible"></span></a> finance themselves by subscriptions (starting at €2 p.m.) which people can pay <em>fully anonymous</em> using <a href="https://infosec.space/tags/CashByMail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CashByMail</span></a> and <a href="https://infosec.space/tags/Monero" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Monero</span></a> on top of common payment methods (i.e. SEPA wire transfer)...</p><ul><li>So even if you think <em>"<a href="https://infosec.space/tags/monocles" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monocles</span></a> is a <a href="https://infosec.space/tags/honeypot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>honeypot</span></a>"</em> that is mitigateable ciz unlike with Signal you can <em>choose your own client, choose a different provider & exervise self-custody of all tue keys!</em></li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Mer__edith</span></a></span> yet <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> still demands <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> and refuses to pull out of the <a href="https://infosec.space/tags/USA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>USA</span></a> putting it's users at risk as per <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudAct</span></a>. </p><ul><li>Either go <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfCustody</span></a> & <a href="https://infosec.space/tags/decentralized" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>decentralized</span></a> like <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XMPP</span></a>+OMEMO ( i.e. <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>monocles</span></a></span> & <span class="h-card" translate="no"><a href="https://fosstodon.org/@gajim" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>gajim</span></a></span> ) or <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PGP</span></a>/MIME ( i.e. <span class="h-card" translate="no"><a href="https://chaos.social/@delta" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>delta</span></a></span> & <span class="h-card" translate="no"><a href="https://mastodon.online/@thunderbird" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>thunderbird</span></a></span> ) or don't, cuz a <a href="https://infosec.space/tags/VCMoneyBurningParty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VCMoneyBurningParty</span></a> that shills <a href="https://infosec.space/tags/Shitcoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Shitcoin</span></a> - <a href="https://infosec.space/tags/Scams" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Scams</span></a> like <a href="https://infosec.space/tags/MobileCoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MobileCoin</span></a> is <em>never</em> to be trusted!</li></ul><p><a href="https://www.youtube.com/watch?v=0DSGq9FQKU4" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">youtube.com/watch?v=0DSGq9FQKU4</span><span class="invisible"></span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://chaos.social/@markus_netzpolitik" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>markus_netzpolitik</span></a></span> nein, weil <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> genauso shice ist da diese auch unter <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudAct</span></a> fallen und ebenfalls <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> wie <a href="https://infosec.space/tags/Telefonnummer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Telefonnummer</span></a> verlangen.</p><ul><li>Wenn schon dann richtig: <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OMEMO</span></a> ( <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>monocles</span></a></span> & <span class="h-card" translate="no"><a href="https://fosstodon.org/@gajim" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>gajim</span></a></span> ) bzw. <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PGP</span></a>/MIME ( <span class="h-card" translate="no"><a href="https://chaos.social/@delta" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>delta</span></a></span> & <span class="h-card" translate="no"><a href="https://mastodon.online/@thunderbird" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>thunderbird</span></a></span> )..</li></ul><p>Merke: Das Verlangen persönlicher Daten <em>IST</em> die falsche Handlung!</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://functional.cafe/@arianvp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>arianvp</span></a></span> and this is why you don't use <a href="https://infosec.space/tags/PushNotifications" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PushNotifications</span></a> and espechally not <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> which <a href="https://infosec.space/@kkarhan/114234551915193036" rel="nofollow noopener" target="_blank"><em>can, has and will snitch on users!</em></a></p><ul><li>Compare that to <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>monocles</span></a></span> / <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monoclesChat</span></a> which even as a provider has 0 <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> like <a href="https://infosec.space/tags/PhoneNumbers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumbers</span></a> and people can use their <a href="https://infosec.space/tags/Software" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Software</span></a> without being shackled to their servives and even <em>if</em> people do there is no way for them to extract tue private keys in <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OMEMO</span></a> and <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PGP</span></a>/MIME *unless one explicitly allows them!</li></ul>
PrivacyDigest<p>Mysterious Database of 184 Million Records Exposes Vast Array of <a href="https://mas.to/tags/Login" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Login</span></a> <a href="https://mas.to/tags/Credentials" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Credentials</span></a> <br><a href="https://mas.to/tags/pii" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pii</span></a> <a href="https://mas.to/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mas.to/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a><br><a href="https://www.wired.com/story/mysterious-database-logins-governments-social-media/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">wired.com/story/mysterious-dat</span><span class="invisible">abase-logins-governments-social-media/</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://dumbfuckingweb.site/@silhouette" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>silhouette</span></a></span> <span class="h-card" translate="no"><a href="https://vmst.io/@richi" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>richi</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> </p><p><code>1.</code> You <a href="https://dumbfuckingweb.site/@silhouette/statuses/01JVYFY14DGHQ1GRSV6H8DZ2HX" rel="nofollow noopener" target="_blank">completely miss the points!</a> There is no <em>"<a href="https://infosec.space/tags/TechnicalNecessity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechnicalNecessity</span></a>"</em> to demand <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> like a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a> - espechally for a <em>"<a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a>"-focussed messenger</em>!</p><p><code>2. & 3.</code> <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Signal</span></a> is able and willing to comply with <a href="https://infosec.space/tags/Cyberfacism" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyberfacism</span></a> and pushing a <a href="https://infosec.space/tags/Shitcoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Shitcoin</span></a> (<a href="https://infosec.space/tags/MobileCoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MobileCoin</span></a>) makes it trivial to criminalize the App for <em>"illegal & unregilated banking"</em>. If <a href="https://infosec.space/tags/Moxie" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Moxie</span></a> or <span class="h-card" translate="no"><a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Mer__edith</span></a></span> cared they'd yeet that thing (or didn't even integrate it to begin with!) to avoid the attention. And yes Signal does restrict the App functionality when using a phone number from <a href="https://infosec.space/tags/Russia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Russia</span></a> & <a href="https://infosec.space/tags/Iran" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Iran</span></a> (among other nations), thus affecting not only those in need of safe comms but by sending a verification code to them, earmarking them for police & intelligence. Which bings.me to the 1st agrument. </p><p><code>4.</code> <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a> has a stellar record in terms of stability, integrity and censorship circumvention. DIY'ing something instead if following almost two decades of solid progress is absurd and violates <em>"don't roll your own crypto"</em> as a rule!</p><p><code>5.</code> Only with <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfCustody</span></a> can you protect your own data. Or do you really expect Staff from Signal to not talk <a href="https://web.archive.org/web/20220112020000/https://twitter.com/thegrugq/status/1085614812581715968" rel="nofollow noopener" target="_blank">when facing lifetime in jail?</a> If they have the keys, they can decrypt it, thus their <a href="https://infosec.space/tags/E2EE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>E2EE</span></a> is just a <em>"<a href="https://infosec.space/tags/TrustMeBro" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TrustMeBro</span></a>!"</em> concept. I mean, what prevents them from being forced into <a href="https://en.m.wikipedia.org/wiki/National_security_letter" rel="nofollow noopener" target="_blank">backdooring all comms</a> to <span class="h-card" translate="no"><a href="https://mastodon.social/@icij" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>icij</span></a></span> as per <a href="https://infosec.space/tags/NSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NSL</span></a>? Any <a href="https://dumbfuckingweb.site/@silhouette/statuses/01JVYFYWQSWJNYY7ZT4S7E2G0J" rel="nofollow noopener" target="_blank"><em>"guarantee"</em></a> without self-custody is worthless by virtue of being unenforceable!</p><p>Signal pushing <a href="https://infosec.space/tags/TechPopulism" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechPopulism</span></a> instead of teaching folks that their <a href="https://infosec.space/tags/ComSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ComSec</span></a> is worth <em>diddly-piss</em> wothout.<a href="https://infosec.space/tags/OpSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpSec</span></a>, <a href="https://infosec.space/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> & <a href="https://infosec.space/tags/ITsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITsec</span></a> is dangerous!</p><ul><li>And yes claiming <em>"JuSt UsE sIgNaL!"</em> is dangerous in the era of <a href="https://infosec.space/tags/Trump" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Trump</span></a>'s <a href="https://infosec.space/tags/cyberfacist" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberfacist</span></a> regime acting as it does (like with the <a href="https://infosec.space/tags/ICC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ICC</span></a>)!</li></ul><p>Not to mention there are better options that don't do that shite (i.e. demand PII) and just work. <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>monocles</span></a></span> / <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monoclesChat</span></a> & <span class="h-card" translate="no"><a href="https://chaos.social/@delta" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>delta</span></a></span> / <a href="https://infosec.space/tags/deltaChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>deltaChat</span></a> for example can adapt way better to said risks and ain't run by a <a href="https://infosec.space/tags/VCmoneyBurningParty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VCmoneyBurningParty</span></a>!</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://vmst.io/@richi" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>richi</span></a></span> Except <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> is not <em>"<a href="https://infosec.space/tags/Privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Privacy</span></a>-first"</em> cuz if <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Signal</span></a> did, they'd not.demand <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> (<a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a>) nor remain in the <a href="https://infosec.space/tags/USA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>USA</span></a> (<a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudAct</span></a>) nor peddle <a href="https://infosec.space/tags/Shitcoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Shitcoin</span></a>-<a href="https://infosec.space/tags/Scams" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Scams</span></a> (<a href="https://infosec.space/tags/MobileCoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MobileCoin</span></a>) and put their tech on <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a> and fully <a href="https://infosec.space/tags/decentralized" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>decentralized</span></a>.with 100% <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfCustody</span></a> of all the keys!</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://cyberplace.social/@GossiTheDog" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>GossiTheDog</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> it merely prevents <a href="https://infosec.space/tags/Screenshots" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Screenshots</span></a> by claiming it's <a href="https://infosec.space/tags/DRM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DRM</span></a>'d content.</p><ul><li><p>It's a mere <em>ask</em> and <a href="https://infosec.space/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> could specifically close that <a href="https://infosec.space/tags/API" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>API</span></a> and make it subject to contractual agreements (as they did with their <a href="https://infosec.space/tags/Antivirus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Antivirus</span></a> API calls to disable <a href="https://infosec.space/tags/WindowsDefender" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WindowsDefender</span></a>!) if they decide this is against their wishes.</p></li><li><p>It also doesn't prevent the <a href="https://infosec.space/tags/Keylogger" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Keylogger</span></a> nor works against the <a href="http://github.com/kkarhan/windows-ca-backdoor-fix" rel="nofollow noopener" target="_blank">known</a> <a href="https://infosec.space/tags/CryptoAPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CryptoAPI</span></a> <a href="https://infosec.space/tags/backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>backdoor</span></a> affecting all <a href="https://infosec.space/tags/Browsers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Browsers</span></a> (except <a href="https://infosec.space/tags/Firefox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Firefox</span></a> and <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/TorBrowser" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TorBrowser</span></a>) which can be triggered by a single <a href="https://infosec.space/tags/HTTPS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HTTPS</span></a> request.</p></li></ul><p>The correct solution for <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Signal</span></a> would be to alert all their users and specifically block <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows</span></a> in general or at least <a href="https://infosec.space/tags/Windows11" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows11</span></a> simply because it is a <a href="https://infosec.space/tags/Govware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Govware</span></a> and <em>empirically cannot be made private or secure</em>.</p><p>But that would require them to actually give a shit, which thed don't, cuz otherwise they would've stopped demanding <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> like a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a> and moved out of juristiction of <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudAct</span></a>.</p><ul><li>I mean, what's gonna prevent the <a href="https://infosec.space/tags/Trump" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Trump</span></a>-Regime from threatening <span class="h-card" translate="no"><a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Mer__edith</span></a></span> et. al. with lifetime in jail for not kicking the <a href="https://infosec.space/tags/ICC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ICC</span></a> (or anyone else he and his fans dislike) from <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Signal</span></a>'s infrastructure?</li></ul><p>Since they are highly centralized.they certainly <em>are capable</em> to comply with <em>"<a href="https://infosec.space/tags/Sanctions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sanctions</span></a>"</em> (or whatever bs he'll claim!)...</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://meow.social/@Arios" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Arios</span></a></span> The Problem is <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows</span></a>.</p><p>Don't expect the <em>"<a href="https://infosec.space/tags/DRMflag" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DRMflag</span></a>"</em> to work when it's being used by <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> (which in and of itself is problematic for demanding <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> like <a href="https://infosec.space/tags/PhoneNumbers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumbers</span></a> and shilling a <a href="https://infosec.space/tags/Shitcoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Shitcoin</span></a>-<a href="https://infosec.space/tags/Scam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Scam</span></a> named <a href="https://infosec.space/tags/MobileCoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MobileCoin</span></a>!) because like the <a href="https://infosec.space/tags/API" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>API</span></a> to signal to Windows <em>"I'm an <a href="https://infosec.space/tags/Antivirus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Antivirus</span></a> product, disable defender!"</em> this will be abused.</p><ul><li>Also working around <a href="https://infosec.space/tags/MicrosoftRecall" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MicrosoftRecall</span></a> and <a href="https://infosec.space/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a>'s unwillingness to accept (denial of) <a href="https://infosec.space/tags/consent" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>consent</span></a> is just bad and we should stop normalizing the use of said <a href="https://infosec.space/tags/Govware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Govware</span></a> alltogether, as eben <a href="https://infosec.space/tags/pirating" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pirating</span></a> it normalizes it's use.</li></ul><p>If you are actually concerned re: <a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> you'd yert signal, educate others and use <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OMEMO</span></a> (i.e. <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>monocles</span></a></span> / <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monoclesChat</span></a> & <span class="h-card" translate="no"><a href="https://fosstodon.org/@gajim" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>gajim</span></a></span> ) or <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PGP</span></a>/MIME (i.e. <span class="h-card" translate="no"><a href="https://chaos.social/@delta" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>delta</span></a></span> / <a href="https://infosec.space/tags/deltaChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>deltaChat</span></a> & <span class="h-card" translate="no"><a href="https://mastodon.online/@thunderbird" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>thunderbird</span></a></span> ) over <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a> instead.</p><ul><li>It does take a bit of setup, but in return you get extreme gains in <a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> beyond what any <a href="https://infosec.space/tags/VPN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VPN</span></a> provider can offer - legally and technically! </li></ul><p>Not to mention <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Signal</span></a> falls under <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudAct</span></a>, so your privacy there is already nonexistant!</p><ul><li>Otherwise <span class="h-card" translate="no"><a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Mer__edith</span></a></span> would've been in jail for the rest of her life already due to the statistic inevitability of it's abuse!</li></ul>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload