Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

291
active users

shakedown.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.4

#techliterate

0 posts0 participants0 posts today
Replied in thread
Public
Kevin Karhan :verified:

@ckrypto if@signalapp@mastodon.world wasn't complying with #CloudAct, @Mer__edith would be in jail.

Not to mention even if Signal keeps their "#OpenSource" code updated - which is doubtful, NOONE can actually #verify that it's the code you actually use - regardless if #backend / #Server or #client / #App!

  • #Signal is as secure as #ANØM, otherwise it would've been shutdown ages ago.

Also if Signal was designed for #security, it would've been #decentralized as #XMPP+#OMEMO and not demand #PII like #PhoneNumbers which oftentimes cannot be obtained anonymously in many juristictions at all!

By comparison, @delta doesn't require any PII, only an #eMail account, and @monocles isn't a #VCmoneyBurningParty but sustainable due to #subscription and they don't even require any personal details for #payment: #CashByMail and #Monero are accepted.

Again: It's Signal alone who have to evidence they are trustworthy, and all I get are "#TrustMeBro!" replies, which means they are not to be trusted.

  • Not to mention, it's just not sustainable to run a #service without #revenue, even if it's run entirely by unpaid volunteers and gets all it's #hosting and #costs donated, someone has to pay for expenses due to #abuse of a service (which is an inevitability come mass adoption)...

Whereas with #XMPP I can completely setup my own server and client, even build my own if I don't trust anyone else and pay someone to audit the code.

Whereas with XMPP & PGP/MIME #eMail I can layer @torproject / #Tor over it, make it an #OnionService and keep that thing under my bed with a literal killswitch...

YouTubeSignal's Terrible MobileCoin BetrayalBy The Hated One
Replied in thread
Public
Kevin Karhan :verified:

@max
To quote you directly:

"[...] easy to use solutions that are at the same time private and secure. [...]"

It is easier, faster, cheaper and overall simpler to get someone setup with #XMPP + #OMEMO espechally if they don't have a #PhoneNumber and/or #ID to acquire a #SIM.

And if you go and say, "Just buy a [insert country here] [e]SIM!" and expect #TechIlliterates without a #CreditCard, #PayPal or other means of #OnlinePayment to fiddle around with some #eSIM if not having to get some #eSIMcard because they can only afford to maintain one SIM and can't spend triple-digits on a new devices then you completely missed the point!

It's not that I expect anyone to get #TechLiterate within minutes, but similar to setting up a cordless DECT phone it's something one has to do once in 5 years and just have them put the password in a safe spot to retain...

Point is that #Signal #WontFix their setup and that was evidently clear even before @Mer__edith succeeded #MoxieMarlinspike: Their entire operation has a distinct #CryptoAG stench as it's an #unsustainable #VCmoneyBurning party!

A counterexample on how this could've been done are #Tor, #eMail and other truly #OpenSource as in #MultiVendor & #MultiProvider standards.

Whereas it's trivial to get people setup on one of many XMPP servers I've personally tested!

AFAIK Signal doesn't even have an #OnionService / .onion for their Website, much less any #API enpoints to use it with!

You're free to also provide evidence and supporting data to your arguments, rather then neighsaying against proven to be more secure and reliable [by virtue of decentralization] options like XMPP+OMEMO and/or #PGP/MIME.

The proper fix is to actually assess the situation and acknowledge the risks and limitations as well as the very nature of communications, which means upgrading later is exponentially more painful, thus getting people properly setup once is way easier.

  • Just because WE [ or rather @rysiek in this case ] rather privilegued enough to not be hatecrimed in their current location doesn't mean this is the case for everyone. And having places like Signal rely on a "#CDN" is just another red flag to me because questions like this one just don't arise with monocles.chat as people can just exercise proper #SelfCustody and just use Tor!

Speaking of #monocles: That business is at least #sustainable because it's funded by users (€2 p.m.) which they can pay anonymously

gruene.socialMax L. (@max@gruene.social)@kkarhan@infosec.space Sorry but no, the correct solution is to push for easy to use solutions that are at the same time private and secure. Hiding privacy and security behind a veil of "you need to know" is discrimination of people that are not able (either mentally, physically or monetary) to gain that knowledge. The correct move here is for @signalapp@mastodon.world and any other service to fix this and for legislators to enact laws enforcing proper security and privacy by design.
Public *
Kevin Karhan :verified:

@douglevin see, this exact scenario is why I act as "#BenevolentDictator" and literally lockdown stuff so hard #TechIlliterates cant fuck up!

  • Unless you put that option on the table as a.fellot #TechLiterate, you won't be able to survive this game.

I wasted 15+ years of my life trying to make #Windows somewhat secure to come to terms with the fact that ut's an #unfixable #Givware that is #UnsafeAtAnyConfiguration / #InsecureAtAnyConfiguration.

  • Believe me when I'd tell you that "#Users" like her don't give a shit about what Hardware/OS they get: Just set her up once with a good config (i.e. #UbuntuLTS if you're lazy like me), backup all the important stuff, setup regular backups, remove #sudo privilegues and then you'd only need to check in once a year at most if not have a system that just runs for the next 2-5 years without intervention.

On the flipside I've seen cases where #Scam|my Sales Reps were able to upsell some 5-digit 21,5" gaming monster to a photographer that uses ACDSee to do minimalist editing of their JPEGs.

At least I won't deal with #Windows11 or any of that shite because noone is gonna pay me enough to loose my sanity over such a garbage software!

And yes, WE, THE "TECH LITERATES" ARE TO BLAME FOR THIS because we didn't demand #Security and #Simplicity before #Convenience!!!

Infosec ExchangeDoug Levin (@douglevin@infosec.exchange)This weekend I spent half a day remediating an elderly relative's Win 11 home laptop. Totally overpowered and overpriced for her needs, it was recommended to her by BestBuy when her old machine was complaining it wasn't compatible with the new MS OS rollout :( Both her OS and primary email were compromised. The threat actor did not disable Defender but just excluded every important directory from scans. May have also punched a hole in her device firewall for all I could tell. Only reason she even knew an issue had occured was due to issues with her email. She stopped receiving any emails and we reached out upon recieving what appeared to be a phish from her account. (No link to click in initial message, but an invitation to a longer urgent conversation.) Turns out they just redirected her email to her outlook account email (which she didn't even know she had, but was generated as part of her Win 11 install). They created a new alias and added some other rules to auto-forward further comms. FWIW, the rogue device attached to her account was coming from a TX location - many states away from us. No 2FA, no adblocker, no password manager, no understanding of firewalls, what makes a password stronger vs weaker, confused by messages about actions that were computer/browser/OS related. But look. She's 80+. I only had a few hours to investigate and remediate. I can't change all that and expect her to manage it on her own. How the f*ck is it possible that an average user can manage this stuff? Why is Win such a trash fire? Can't MSFT make a default config for non-technical home users that is locked down by default? She has literally ZERO chance against threat actors on the modern web. We in tech have totally lost the plot... I am NOT looking for advice (just use Linux or w/e). I am venting about shit UI, shit tech co's pushing the next new crap tech for no other reason than $, and the state of the modern web.
Replied in thread
Public
Kevin Karhan :verified:

@libreleah the only advantage of fancy #GUI's is that they allow #tech to be mire #accessible espechally for those that re "#TechIlliterates" and don't know basics around the terminal.

  • That's not to say either is right or wrong, but the #PC took off when it became accessible to the average person and not just the rich #TechLiterate electronics enthusiast or academic with high amounts of disposable income who are able and willing to solder, code and compile themselves...

  • I consider mainstream distros like #UbuntuLTS a good "compromise" as they offer an easy to use GUI which requires few mins to get started and don't prevent one from getting under the hood in a terminal.

  • OFC I want to build more #TUI's in like @OS1337 because I want to make something as brutally utilitarian as a #Balisong that can run on any MDA shitscreen or 80x25 serial terminal @ 9600/8/N/1 if need be... Even if it's just to partition stuff with cfdisk and curl | dd an OS image onto a headless system or SSH into some other system...

#pc#techliterate#ubuntults
Public
Kevin Karhan :verified:

@GrapheneOS *pressing X for doubt re: #Signal and #SimpleX to some degree.

  • They may just have said files encrypted on their servers but can't distinguish or decryot them * if* actual self-custody of keys is the case.

Personally I'd always recommend people to never ever trust any #SingleVendor and/or #SingleProvider solution even if that means they've to actually get #TechLiterate or at least do some more steps...

#telegram#trustmebro
Replied in thread
Public
Kevin Karhan :verified:

@protonprivacy @puppygirlhornypost @vfrmedia

pressing X for doubt Good #OpSec dictates to never ever rely on any provder to cover one's ass...

I just think that you overstate your #privacy claims like all those #VPN companies do to bamboozle #TechIlliterates and I find that insulting to me personally, because I'd rather have honest providers like cock.li and @monocles that will not lie into the face of customers.

But that's #NotLegalAdvice...

I just think that being honest like @tomscott is way better long-term and more beneficial to one's personal #reputation, but that's just me as a #consumer and #TechLiterate.

  • I'm shure as a #PublicCompany (not traded publicly on exchanges !!!) you do have an obligation to maximize profit and share value for your #shareholders - #Switzerland isn't that different in that regard compared to #Germany - so OFC that may not roll with your board of directors.

It's just that previous blunders left a sour taste as like a #postal service or #telco what people communicate and with whom is none of your business unless you're forced to do so for "legitimate reasons" like #ITsec or to comply with duely submitted court orders...

  • Otherwise we'll soon have #regulators and #ConsumerProtection forcing hard advertisement regulation on the entire industry with big ass disclaimers being tagged on because someone made too outrageous claims re: privacy and security...
Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”
#regulators#consumerprotection
ExploreLive feeds
About