shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

270
active users

#phonenumbers

0 posts0 participants0 posts today
Replied in thread

@Cappyjax IDGAF about "passion". All I care about is the security of users!

Requiring any #PII like a #PhoneNumber is inacceptable when it comes to #ComSec, #InfoSec & #OpSec, espechally given @signalapp is not only able but entirely willing to restrict service based off said numbers, making their "solution" insecure by design.

  • There's a reason why #XMPP+#OMEMO and #PGP/MIME [both each over @torproject / #Tor] is the evidently superior and more secure approach, as being unable to "#KYC" a user is a matter of security...

Espechally since obtaining a phone number anonymously is oftentimes illegal (i.e. #Germany made it illegal starting 07/2017, so using any service that demands a phone numner is out of question)

  • And even if one can get an anonymous #SIM (with a phone number) or god forbid #eSIM, (which is at best pseudonymous as tracking down users by virtue of matching ICCID, IMEI & IMSI to location and time) the chances are high that one ends up with recycled phone numbers that have already been used.

Obviously the devs of #Signal and @Mer__edith are well aware of this critical flaw, which is why I consider them to act as "useful idiots" or rather "controlled opposition" as #Signal could've been shutdown trivially by the #US Government or forced into banning users based off their #PhoneNumbers (they may call this "#sanctions #compliance" given they added a #Shitcoin - Wallet into Signal!)...

  • All the "but #Metadata" #FUD turns into #MarketingLies once put under the looking glass and examined against the risk of state-sponsored / -endordsed / -supported attackers.

Whereas with @monocles / #monoclesChat, @gajim / #gajim and @delta / #deltaChat and @thunderbird / #Thunderbird respectably I can not only use Tor, but do #SelfHosting for the entire #communications infrastructure (i.e. using an #OnionService = only reachable via Tor) and get the advantages of a self-routing, self-authenticating & battle-hardened against censorship proxy network that can't be shutdown!

ilga.org/wp-content/uploads/20
infosec.space/@kkarhan/1146976

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@renardboy@mastodon.social @derekmorr@mastodon.social depends... Did you have to remotely onboard someone onto a secure communication stack whilst they are on the run from the authorities *and* blood relatives due to *"living while trans"* with a *literal "dead or alive" bounty on their head* whilst stuck in a besieged city that's being shelled? - Cuz I did... @signalapp@mastodon.world is evidently a solution appealing to #TechIlliterates with *dangerous 'semi-knowledge'* who are willing to accept a *"#TrustMeBro!"* by @Mer__edith@mastodon.world and #MoxieMarlinspike before her. - Using #Signal would've gotten said person tracked down and killed by the de-facto aithorities for merely having their phone # linked to that shite!
Replied in thread

@arianvp and this is why you don't use #PushNotifications and espechally not @signalapp which can, has and will snitch on users!

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)Content warning: Rant re: Signal Shills being dangerous Tech Illiterates
Replied in thread

@Arios The Problem is #Windows.

Don't expect the "#DRMflag" to work when it's being used by @signalapp (which in and of itself is problematic for demanding #PII like #PhoneNumbers and shilling a #Shitcoin-#Scam named #MobileCoin!) because like the #API to signal to Windows "I'm an #Antivirus product, disable defender!" this will be abused.

If you are actually concerned re: #privacy you'd yert signal, educate others and use #XMPP+#OMEMO (i.e. @monocles / #monoclesChat & @gajim ) or #PGP/MIME (i.e. @delta / #deltaChat & @thunderbird ) over @torproject / #Tor instead.

  • It does take a bit of setup, but in return you get extreme gains in #privacy beyond what any #VPN provider can offer - legally and technically!

Not to mention #Signal falls under #CloudAct, so your privacy there is already nonexistant!

  • Otherwise @Mer__edith would've been in jail for the rest of her life already due to the statistic inevitability of it's abuse!
Replied in thread

@debby @monocles @Stuxhost well, @delta / #deltaChat is not using #XMPP+#OMEMO (unlike #monoclesChat & #gajim) but #PGP/MIME on regular #eMail, which makes it way easier to setup in organizations as not "yet another server needed" and also easier to comply with mandatory #archival laws in #business use-cases.

docs.monocles.euOverview - monocles Documentation
Replied in thread

@dave_andersen @AVincentInSpace personally I consider any "#KYC" a risk-factor, and @signalapp has proven their ability and willingness to restrict functionality (i.e. their #Shitcoin-#Scam #MobileCoin) based off said #PhoneNumbers (Cuban, Russian and North Korean Numbers were excluded) which are in fact #PII (even if one doesn't have to #ID for obtaining a #SIM, they are circumstantial PII)...

  • They have neither "legitimate interest" nor legal mandate to collect said data (or to integrate a scammy Shitcoin for that matter) as the discontinuation of #ChatSecure / #TextSecure has eliminated the "technical necessity" to have those.

Either way they either have to yeet #Hegseth as client and/or stop collecting PII like PhoneNumbers - they gotta have to do something

#ITsec is a different story, but unlike #Signal these do not depend on a #PhoneNumber and work through @torproject / #Tor.

  • And I've been using Tor for almost 15 years daily now...
Replied in thread

@adisonverlice personally, I think @signalapp should not have integrated any #wallet or #cryptocurrency at all and instead not eben request #PhoneNumbers (which are #PII) and move tueir system onto #Tor and have their endpoints as #OnionServce, because being a #PaymentProcessor (and lets be honest #MobileCoin got pitched for #payments) is at best a "legal nightmare" if not a straight-up "You go to Jail!"-card as a matter f principle!

Anyone who wants to coordinate #payments and #finance can do so with external wallets like #FeatherWallet anyway.

TweeseCakeadison verlice (@adisonverlice@tweesecake.social)@kkarhan@infosec.space yeah, I wonder how "private" it actually is. but i'd need to test that by looking at the Blockchain, otherwise I have no idea. but yeah they could (and should) just entigrate monero rather than whatever it is they've got now
Replied in thread

@signalapp no it's not.

Being a #centralized, #SingleVendor & #SingleProvider solution subject to #CloudAct makes you inherently vulnerable by your own choice and thus trivial to shutdown compared to real #E2EE with #SelfCustody of all the keys and true #decentralization as well as #SelfHosting (i.e. #PGP/MIME [see @delta / #deltaChat et. al.] and #XMPP+#OMEMO [see @monocles / #monoclesChat et. al.]!)

And don't even get me started on you collecting #PII (espechally #PhoneNumbers) for no valid reason, (thus violating #GDPR & #BDSG)...

But yeah, I'll be patient to shout "#ToldYaSo" to your annoying cult of fanboys!

Replied in thread

@Andromxda @mollyim no it's not bs and fanboying @signalapp isn't going to change that.

If #Signal was secure it would be the #1 comms tool of organized crime...

Real professionals use #SelfHosting capable, fully #FLOSS'd solutions like #PGP/MIME & #XMPP+#OMEMO.

It's just me reading the room: Cuz #ComSec isn't done woth "JuSt UsE sIgNaL!" and everyone who claims so without pointing out #OpSec, #InfoSec & #ITsec is BSing hard.

  • The cold hard truth is that #TechLiteracy is irreplaceable and the only solution to it is to actually teach normies how to "get gud" with stuff like PGP.

Fortunatelty, @thunderbird and @tails_live / @tails / #Tails and many other tools make that easier than ever before.

Replied in thread

@pixelcode @taylan @signalapp the #centralization, espechally without means to hide it's traffic via @torproject / #Tor makes it trivial to detect and track @signalapp / #Signal users.

  • Add to that the fact that Signal has #PhoneNumbers = #PII on them and the fact they are incorporated in the #USA, thus subject to #CloudAct and it's not a matter if they snitch on users but how many thousands if not millions got subopena'd to this day.

And with no self-custody of keys it's trivial to #Room641A the users if the devs get "motivated" under threat of spending the rest of theor lives in jail.

Replied in thread

@signalapp It's not #disinfo when one points out that you demand #PII aka. #PhoneNumbers from Users and that is literally a architectural vulnerability, alongside your #proprietary & #Centralized #Infrastructure.

Not to mention the lack of @torproject / #Tor support with an #OnionService or the willingness to fulfill #cyberfacist "Embargoes" or shilling a #Shitcoin #Scam named #MobileCoin!

  • #KYC is the illicit activity!!!

And don't get me started on the #cyberfacism that is #CloudAct.

  • If you were secure, criminals would've used your platform so hard, it would've been shutdown like #EncroChat and #SkyECC.

I may nit have allvthe.evidence yet, but #Signal stenches like #ANØM: #Honeypot-esque!

Replied in thread

@jrredho @walkinglampshade @fj

Don't 'splain me, m8!

Their figleaf exuses are not legitimate and @signalapp's @Mer__edith knows that...

  • After all, @monocles doesn't require any #PII at all and they are in fact sustainable as in not requiring #donations, since they are user-financed (subscription)...

Read criticisms before commenting...
youtube.com/watch?v=tJoO2uWrX1M

Replied in thread

@fj I still think @signalapp has fundamental flaws like demanding #PII (#PhoneNumbers can't be obtained anonymously around the globe and are trivial to track down to devices and thus users), being subject to #CloudAct as an unnecessary & 100% avoidable risk as well as #Shitcoin-#Scam shilling (#MobileCoin) and it's #proprietary, #SingleVendor & #SingleProvider nature that makes it inferior to real #E2EE with #SelfCustody like #PGP/MIME & #XMPP+#OMEMO!

Replied in thread

@licho @osman provide evidence the code @signalapp released is actually being deployed.

Not to mention pushing a #Shitcoin-#Scam (#MobileCoin) disqualifies #Signal per very design!
youtube.com/watch?v=tJoO2uWrX1M

  • Given the collection of #PII like #PhoneNumbers, the ability to restrict functionality based off those and the fact that #Signal is subject to #CloudAct make it inherently not trustworthy.

And don't even get me started on the fact.it's not sustainable to run it as a #VCmoneyBurningParty!

Same as identifying users: They already got a #PhoneNumber which in many juristictions one can't even obtain without #ID legally, thus making it super easy to i.e. find and locate a user. Even tze cheapest LEAs can force their local M(V)NOs to #SS7 a specific number...

  • All these are unnecessary risks, that could've been avoided, but explicitly don't even get remediated retroactively!

Again: Signal has a #Honeypot stench, and you better learn proper #E2EE, #SelfCustody and #TechLiteracy because corporations can't pull the 5th [Amendment] on your behalf!

Replied in thread

@ckrypto if@signalapp@mastodon.world wasn't complying with #CloudAct, @Mer__edith would be in jail.

Not to mention even if Signal keeps their "#OpenSource" code updated - which is doubtful, NOONE can actually #verify that it's the code you actually use - regardless if #backend / #Server or #client / #App!

  • #Signal is as secure as #ANØM, otherwise it would've been shutdown ages ago.

Also if Signal was designed for #security, it would've been #decentralized as #XMPP+#OMEMO and not demand #PII like #PhoneNumbers which oftentimes cannot be obtained anonymously in many juristictions at all!

By comparison, @delta doesn't require any PII, only an #eMail account, and @monocles isn't a #VCmoneyBurningParty but sustainable due to #subscription and they don't even require any personal details for #payment: #CashByMail and #Monero are accepted.

Again: It's Signal alone who have to evidence they are trustworthy, and all I get are "#TrustMeBro!" replies, which means they are not to be trusted.

  • Not to mention, it's just not sustainable to run a #service without #revenue, even if it's run entirely by unpaid volunteers and gets all it's #hosting and #costs donated, someone has to pay for expenses due to #abuse of a service (which is an inevitability come mass adoption)...

Whereas with #XMPP I can completely setup my own server and client, even build my own if I don't trust anyone else and pay someone to audit the code.

Whereas with XMPP & PGP/MIME #eMail I can layer @torproject / #Tor over it, make it an #OnionService and keep that thing under my bed with a literal killswitch...