Shakedown Social

1 post1 participant0 posts today

Kevin Karhan :verified:<a href="https://mastodon.social/@dzwiedziu" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@dzwiedziu</a> <a href="https://mastodon.social/@fj" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@fj</a> <a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@signalapp</a> not really, as the <a href="https://infosec.space/tags/Metadata" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Metadata</a> <a href="https://infosec.space/tags/FUD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FUD</a> cited by <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Signal</a> is mitigateable with proper measures.<ul><li>You can't even run Signal over <a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@torproject</a> and even if that point is moot when you're forced to quasi-<a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#KYC</a> by virtue of a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PhoneNumber</a> aka. <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PII</a> they have neither legitimate interest nor technical reason to demand in the first place!</li></ul>Every claim that things like <a href="https://infosec.space/tags/ITsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ITsec</a>, <a href="https://infosec.space/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a>, <a href="https://infosec.space/tags/OpSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpSec</a> & <a href="https://infosec.space/tags/ComSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ComSec</a> can be solved with "Just use Signal!" is "<a href="https://infosec.space/tags/TechPopulism" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TechPopulism</a>" at best if not being a "<a href="https://infosec.space/tags/UsefulIdiot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#UsefulIdiot</a>"!<ul><li>All <a href="https://infosec.space/tags/centralized" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#centralized</a>, <a href="https://infosec.space/tags/SingleVendor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SingleVendor</a> & <a href="https://infosec.space/tags/SingleProbider" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SingleProbider</a> systems are inherently insecure!</li></ul><a href="https://infosec.space/tags/EOD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EOD</a> <a href="https://infosec.space/tags/thxbye" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#thxbye</a> <a href="https://infosec.space/tags/next" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#next</a>

Kevin Karhan :verified:<a href="https://hachyderm.io/@dalias" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@dalias</a> <a href="https://mastodon.laurenweinstein.org/@lauren" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@lauren</a> <a href="https://troet.cafe/@pixelschubsi" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@pixelschubsi</a> Also the <a href="https://hachyderm.io/@dalias/113999748481227961" rel="nofollow noopener noreferrer" target="_blank">blatant dismissal</a> of absolitely basic <a href="https://infosec.space/tags/OpSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpSec</a> & <a href="https://infosec.space/tags/ComSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ComSec</a> is just flabberghasting.<ul><li>It's inherently wrong to put all eggs in one basket and <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Signal</a> being not shut down like <a href="https://infosec.space/tags/SkyECC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SkyECC</a> & <a href="https://infosec.space/tags/EncroChat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EncroChat</a> makes it just as sus as <a href="https://infosec.space/tags/AN%C3%98M" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ANØM</a> / <a href="https://infosec.space/tags/OperationIronside" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OperationIronside</a> / <a href="https://infosec.space/tags/OperatioTr%C3%B8janShield" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OperatioTrøjanShield</a> and <a href="https://infosec.space/tags/CryptoAG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CryptoAG</a> / <a href="https://infosec.space/tags/MINERVA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MINERVA</a> / <a href="https://infosec.space/tags/RUBIKON" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RUBIKON</a>.</li></ul>Only <a href="https://infosec.space/tags/decentralized" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#decentralized</a>, <a href="https://infosec.space/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenSource</a> & <a href="https://infosec.space/tags/OpenStandards" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenStandards</a> can actuall survive long-term and remain <a href="https://infosec.space/tags/secure" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#secure</a>.<ul><li>Otherwise we'd all gaslight ourselves into ignoring the hard lessions we learned that bought us to the <a href="https://infosec.space/tags/Fediverse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Fediverse</a> and why we ain't on <a href="https://infosec.space/tags/Shitter" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Shitter</a> or <a href="https://infosec.space/tags/tumblr" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tumblr</a> or <a href="https://infosec.space/tags/BrownSky" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BrownSky</a> or <a href="https://infosec.space/tags/NSAbook" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NSAbook</a> (any more)!</li></ul>It's the same reasons we use <a href="https://infosec.space/tags/PGPG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PGPG</a>/MIME & <a href="https://infosec.space/tags/SSH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SSH</a> and not <a href="https://infosec.space/tags/X400" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#X400</a> & <a href="https://infosec.space/tags/X25" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#X25</a>!<ul><li>Unlike with <a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@signalapp</a> one doesn't has to trust the provider or app. <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#XMPP</a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OMEMO</a> works regardless if you use <a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@monocles</a> or <a href="https://fosstodon.org/@gajim" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@gajim</a> or do <a href="https://infosec.space/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SelfHosting</a> and only trust code you wrote yourself...</li></ul>IOW: Think "How can you weaponize Signal?" and see what you csn do just holding key people in contempt...<ul><li>And I'm not even talkibg about <a href="https://infosec.space/tags/Govware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Govware</a> - <a href="https://infosec.space/tags/Backdoors" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Backdoors</a> and <a href="https://infosec.space/tags/MassSurveillance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MassSurveillance</a> alike <a href="https://infosec.space/tags/Room651A" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Room651A</a>, but just duely submitted warrants that <a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@Mer__edith</a> will comply with... </li></ul>The less <a href="https://infosec.space/tags/info" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#info</a> a provider has, the less they can be forced to snitch upon customers.<ul><li>So even if you don't give a shit that <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudAct</a> makes this a "<a href="https://infosec.space/tags/CantUse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CantUse</a> & <a href="https://infosec.space/tags/WintUse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WintUse</a>" (out of US-centrist privilegue to not comply <a href="https://infosec.space/tags/GDPR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GDPR</a> & <a href="https://infosec.space/tags/BDSG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BDSG</a>) for many, it's still dishonest.</li></ul>"<a href="https://infosec.space/tags/JustUseSgnal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#JustUseSgnal</a>!" is a form of dangerous "<a href="https://infosec.space/tags/TechPopulism" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TechPopulism</a>" aimed at bamboozling <a href="https://infosec.space/tags/TechIlliterates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TechIlliterates</a> who don't know better, abusing information asymetry to pull rank instead of investing the time and effort to *explain "how" and "why" this is indeed a good or bad idea.<ul><li>There's a reason why <a href="https://venera.social/profile/tails_live" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@tails_live</a> / <a href="https://fosstodon.org/@tails" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@tails</a> / <a href="https://infosec.space/tags/Tails" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Tails</a> doesn't include <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Signal</a> and why I'll say it again that XMPP+OMEMO over <a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@torproject</a> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Tor</a> is the gold standard in terms of <a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#privacy</a> and <a href="https://infosec.space/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> when it comes to <a href="https://infosec.space/tags/ComSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ComSec</a> that isn't <a href="https://infosec.space/tags/airgapped" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#airgapped</a> aka. <a href="https://www.youtube.com/watch?v=vdab4T_CoN8" rel="nofollow noopener noreferrer" target="_blank">"Airgapped PGP"</a>.</li></ul>The only ones that have a chance to beat that are <a href="https://chaos.social/@delta" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@delta</a> / <a href="https://infosec.space/tags/deltaChat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#deltaChat</a> but that's just <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PGP</a>/MIME <a href="https://infosec.space/tags/eMail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#eMail</a> in a nice UI...<ul><li>You may now laugh at me and think my "<a href="https://infosec.space/tags/TinfoilHat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TinfoilHat</a> sits too tight" but I'm shure sooner or later I'll be evidenced as correct...</li></ul>

Kevin Karhan :verified:<a href="https://darmstadt.social/@claudius" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@claudius</a> <a href="https://gruene.social/@max" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@max</a> <a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@signalapp</a> No problem:<ul><li><a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PGP</a>/MIME [see <a href="https://chaos.social/@delta" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@delta</a> / <a href="https://infosec.space/tags/deltaChat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#deltaChat</a> & <a href="https://mastodon.online/@thunderbird" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@thunderbird</a> / <a href="https://infosec.space/tags/Thunderbird" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Thunderbird</a>] </li><li><a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#XMPP</a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OMEMO</a> [see <a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@monocles</a> / <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#monoclesChat</a> & <a href="https://fosstodon.org/@gajim" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@gajim</a> / <a href="https://infosec.space/tags/gajim" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#gajim</a>] </li><li><a href="https://infosec.space/tags/Monero" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Monero</a> [obviously, because there's a huge-ass bounty on it.</li><li><a href="https://infosec.space/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Linux</a> </li><li><a href="https://infosec.space/tags/OpenBSD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenBSD</a> </li><li><a href="https://infosec.space/tags/OpenSSH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenSSH</a> </li><li><a href="https://infosec.space/tags/dropbear" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dropbear</a> SSH</li><li>...</li></ul><a href="https://infosec.space/@kkarhan/113872410016175384" rel="nofollow noopener noreferrer" target="_blank">I could go on all night</a>, so please shove that <a href="https://infosec.space/tags/TechPopulism" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TechPopulism</a> somewhere the sun doesn't shine!<ul><li>Please go <a href="https://infosec.space/tags/TouchGrass" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TouchGrass</a> for the next 24 hours...</li></ul><a href="https://infosec.space/tags/EOD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EOD</a> <a href="https://infosec.space/tags/thxbye" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#thxbye</a> <a href="https://infosec.space/tags/next" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#next</a> <a href="https://infosec.space/tags/muted" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#muted</a>

Kevin Karhan :verified:<a href="https://gruene.social/@max" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@max</a> To <a href="https://gruene.social/@max/113872018769294131" rel="nofollow noopener noreferrer" target="_blank">quote you directly</a>:<blockquote>"[...] easy to use solutions that are at the same time private and secure. [...]"</blockquote><ul><li>The fact that <a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@signalapp</a> requires <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PII</a> like a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PhoneNumber</a> which more often than not cannot be legally acquired anonymously makes it not <a href="https://infosec.space/tags/private" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#private</a>. </li></ul>It is easier, faster, cheaper and overall simpler to get someone setup with <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#XMPP</a> + <a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OMEMO</a> espechally if they don't have a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PhoneNumber</a> and/or <a href="https://infosec.space/tags/ID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ID</a> to acquire a <a href="https://infosec.space/tags/SIM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SIM</a>. And if you go and say, "Just buy a [insert country here] [e]SIM!" and expect <a href="https://infosec.space/tags/TechIlliterates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TechIlliterates</a> without a <a href="https://infosec.space/tags/CreditCard" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CreditCard</a>, <a href="https://infosec.space/tags/PayPal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PayPal</a> or other means of <a href="https://infosec.space/tags/OnlinePayment" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OnlinePayment</a> to fiddle around with some <a href="https://infosec.space/tags/eSIM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#eSIM</a> if not having to get some <a href="https://infosec.space/tags/eSIMcard" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#eSIMcard</a> because they can only afford to maintain one SIM and can't spend triple-digits on a new devices then you completely missed the point!<ul><li>I can much faster and easier get TechIlliterates setup show them around - either in a <a href="https://mastodon.earth/@cryptoparty" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@cryptoparty@mastodon.earth</a> / <a href="https://chaos.social/@cryptoparty" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@cryptoparty@chaos.social</a> / <a href="https://infosec.space/tags/CryptoParty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CryptoParty</a> - style <a href="https://infosec.space/tags/classroom" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#classroom</a> / <a href="https://infosec.space/tags/seminar" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#seminar</a> or 1:1 tutoring than I can legally acquire and activate a new SIM in <a href="https://infosec.space/tags/Germany" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Germany</a> [since 07/2017]...</li></ul>It's not that I expect anyone to get <a href="https://infosec.space/tags/TechLiterate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TechLiterate</a> within minutes, but similar to setting up a cordless DECT phone it's something one has to do once in 5 years and just have them put the password in a safe spot to retain... Point is that <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Signal</a> <a href="https://infosec.space/tags/WontFix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#WontFix</a> their setup and that was evidently clear even before <a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@Mer__edith</a> succeeded <a href="https://infosec.space/tags/MoxieMarlinspike" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MoxieMarlinspike</a>: Their entire operation has a distinct <a href="https://infosec.space/tags/CryptoAG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CryptoAG</a> stench as it's an <a href="https://infosec.space/tags/unsustainable" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#unsustainable</a> <a href="https://infosec.space/tags/VCmoneyBurning" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#VCmoneyBurning</a> party!<ul><li><a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudAct</a> and the <a href="https://infosec.space/tags/NOBUS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NOBUS</a> <a href="https://en.wikipedia.org/wiki/NOBUS#Criticism" rel="nofollow noopener noreferrer" target="_blank">hegemony</a> ain't something that just got executed now (neither was <a href="https://infosec.space/tags/GDPR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GDPR</a> & <a href="https://infosec.space/tags/BDSG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BDSG</a>!)... </li></ul>A counterexample on how this could've been done are <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Tor</a>, <a href="https://infosec.space/tags/eMail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#eMail</a> and other truly <a href="https://infosec.space/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenSource</a> as in <a href="https://infosec.space/tags/MultiVendor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MultiVendor</a> & <a href="https://infosec.space/tags/MultiProvider" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MultiProvider</a> standards. <ul><li>NOTHING compells Signal to <a href="https://en.wikipedia.org/wiki/Signal_(software)" rel="nofollow noopener noreferrer" target="_blank">demand PII</a>, run a <a href="https://infosec.space/tags/Shitcoin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Shitcoin</a> <a href="https://infosec.space/tags/Scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Scam</a> <a href="https://en.wikipedia.org/wiki/Signal_(software)#In-app_payments" rel="nofollow noopener noreferrer" target="_blank">aka.</a> <a href="https://infosec.space/tags/MobileCoin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MobileCoin</a> that even seasoned <a href="https://infosec.space/tags/TechLiterates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TechLiterates</a> and <a href="https://infosec.space/tags/CryptoBros" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CryptoBros</a> <a href="https://www.youtube.com/watch?v=0DSGq9FQKU4" rel="nofollow noopener noreferrer" target="_blank">can't setup properly</a>, and in fact Signal using <a href="https://en.wikipedia.org/wiki/Signal_(software)#Controversial_use" rel="nofollow noopener noreferrer" target="_blank">phone numbers makes it trivial to discriminate against users and easier for them to identify them</a>!</li><li>If <a href="https://infosec.space/@kkarhan/113869305765533809" rel="nofollow noopener noreferrer" target="_blank">my reasoning</a> didn't resonate with you, then try helping i.e. undocumented migrants aka. "<a href="https://infosec.space/tags/SansPapier" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SansPapier</a>|s" to get setup with it without violating laws and/or ToS and/or needing an imported SIM which I'm shure most folks don't have on hand!</li></ul>Whereas it's trivial to get people setup on <a href="https://github.com/greyhat-academy/lists.d/blob/main/xmpp.servers.list.tsv" rel="nofollow noopener noreferrer" target="_blank">one of many XMPP servers I've personally tested</a>!<ul><li>Not to mention clients like <a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@monocles</a> / <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#monoclesChat</a> and <a href="https://fosstodon.org/@gajim" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@gajim</a> / <a href="https://infosec.space/tags/gajim" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#gajim</a> are way more user-friendly and unlike Signal can also work perfectly fine over <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Tor</a>, including <a href="https://infosec.space/tags/OnionServices" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OnionServices</a> as endpoints. </li></ul>AFAIK Signal doesn't even have an <a href="https://infosec.space/tags/OnionService" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OnionService</a> / <a href="https://en.wikipedia.org/wiki/.onion" rel="nofollow noopener noreferrer" target="_blank"><code>.onion</code></a> for their Website, much less any <a href="https://infosec.space/tags/API" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#API</a> enpoints to use it with!<ul><li>Them relying on <a href="https://infosec.space/tags/ClownFlare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ClownFlare</a> is just something that makes them even more <a href="https://infosec.space/tags/sus" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#sus</a> as there is <a href="https://en.wikipedia.org/wiki/Cloudflare#Controversies" rel="nofollow noopener noreferrer" target="_blank">no legitimate reason</a> to use a <a href="https://infosec.space/tags/RogueISP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RogueISP</a> like that.</li></ul> You're free to also provide evidence and supporting data to your arguments, rather then neighsaying against proven to be more secure and reliable [by virtue of decentralization] options like XMPP+OMEMO and/or <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PGP</a>/MIME. <ul><li>What gets my blood boiling is the constant <a href="https://infosec.space/tags/disinfo" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#disinfo</a> by <a href="https://mstdn.social/@rysiek/113868777937162686" rel="nofollow noopener noreferrer" target="_blank">Signal</a> <a href="https://mstdn.social/@rysiek/113869169340313254" rel="nofollow noopener noreferrer" target="_blank">Fanboys</a> like <a href="https://mstdn.social/@rysiek" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@rysiek</a> who sell it like <a href="https://infosec.space/tags/DigitalSnakeoil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DigitalSnakeoil</a> akin to <a href="https://infosec.space/tags/AntivirusSoftware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AntivirusSoftware</a>, because it's at best "<a href="https://infosec.space/tags/TechPopulism" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TechPopulism</a>" and at worst <a href="https://infosec.space/@agturcz@circumstances.run/113868748895262202" rel="nofollow noopener noreferrer" target="_blank">will mislead "TechIlliterates"</a> with a <a href="https://infosec.space/@kkarhan/113868987217053362" rel="nofollow noopener noreferrer" target="_blank">false sense of security</a>, which in turn puts more users at risk.</li></ul>The proper fix is to actually assess the situation and acknowledge the risks and limitations as well as the very nature of communications, which means upgrading later is exponentially more painful, thus getting people properly setup once is way easier.<ul><li>Just because WE [ or rather <a href="https://mstdn.social/@rysiek" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@rysiek</a> in this case ] rather privilegued enough to not be hatecrimed in their current location doesn't mean this is the case for everyone. And having places like Signal rely on a "<a href="https://infosec.space/tags/CDN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CDN</a>" is just another red flag to me because questions like <a href="https://circumstances.run/@agturcz/113866980398547492" rel="nofollow noopener noreferrer" target="_blank">this one</a> just don't arise with <a href="http://monocles.chat" rel="nofollow noopener noreferrer" target="_blank">monocles.chat</a> as people can just exercise proper <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SelfCustody</a> and just use Tor!</li></ul>Speaking of <a href="https://infosec.space/tags/monocles" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#monocles</a>: That business is at least <a href="https://infosec.space/tags/sustainable" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#sustainable</a> because it's funded by users <a href="https://store.monocles.eu/produkt/monocles-starter-account/" rel="nofollow noopener noreferrer" target="_blank">(€2 p.m.)</a> which they can <a href="https://monocles.eu/more/#payment-section" rel="nofollow noopener noreferrer" target="_blank">pay anonymously</a>

Kevin Karhan :verified:<a href="https://mstdn.social/@rysiek" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@rysiek</a> <a href="https://circumstances.run/@agturcz" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@agturcz</a> that's not how you fix <a href="https://infosec.space/tags/TechIlliteracy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TechIlliteracy</a>, espechally since things changed for the better.<a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@monocles</a> / <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#monoclesChat</a> & <a href="https://fosstodon.org/@gajim" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@gajim</a> / <a href="https://infosec.space/tags/gajim" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#gajim</a> are quite easy, whereas <a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@signalapp</a> / <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Signal</a> demands <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PII</a> in the form of a <a href="https://infosec.space/tags/Phone" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Phone</a> number which is more often than not not legally obtainable without "<a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#KYC</a>" aka. "forced <a href="https://infosec.space/tags/SelfDoxxing" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SelfDoxxing</a>" all whilst being an extremely <a href="https://infosec.space/tags/centralized" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#centralized</a>, <a href="https://infosec.space/tags/SingleVendor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SingleVendor</a> & <a href="https://infosec.space/tags/SingleProvider" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SingleProvider</a> solution that falls under <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudAct</a> ant thus cannot adhere to <a href="https://infosec.space/tags/GDPR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GDPR</a> & <a href="https://infosec.space/tags/BDSG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BDSG</a>!<ul><li>Sorry, but "<a href="https://infosec.space/tags/TechPopulism" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TechPopulism</a>" alike <a href="https://mstdn.social/@rysiek/113869169340313254" rel="nofollow noopener noreferrer" target="_blank"><code>"JuSt UsE sIgNaL !"</code></a> won't fix <a href="https://infosec.space/tags/TechIlliteracy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TechIlliteracy</a> but rather provide false sense of security to <a href="https://infosec.space/tags/TechIlliterates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TechIlliterates</a> when the correct solution is to teach proper <a href="https://infosec.space/tags/TechLiteracy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TechLiteracy</a> like <a href="https://chaos.social/@cryptoparty" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@cryptoparty@chaos.social</a> / <a href="https://mastodon.earth/@cryptoparty" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@cryptoparty@mastodon.earth</a> / <a href="https://infosec.space/tags/CryptoParty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CryptoParty</a> does...</li></ul>Otherwise we'd only perpetuate the <a href="https://infosec.space/tags/Enshittification" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Enshittification</a>-<a href="https://infosec.space/tags/Lifecycle" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Lifecycle</a> as has happened with <a href="https://infosec.space/tags/AIM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#AIM</a>, <a href="https://infosec.space/tags/ICQ" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICQ</a>, <a href="https://infosec.space/tags/BBM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BBM</a> and so many more...<ul><li>Mark my words, cuz I've been proven correct up to this point.</li></ul>If <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Signal</a> and <a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@Mer__edith</a> actually cared, they would've setup their system truly decentralized as an <a href="https://infosec.space/tags/OnionService" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OnionService</a> over <a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@torproject</a> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Tor</a>!<a href="https://infosec.space/tags/THXBYE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#THXBYE</a> <a href="https://infosec.space/tags/EOD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EOD</a> <a href="https://infosec.space/tags/ITsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ITsec</a> <a href="https://infosec.space/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://infosec.space/tags/OpSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpSec</a> <a href="https://infosec.space/tags/ComSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ComSec</a> <a href="https://infosec.space/tags/DigitalSnakeoil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DigitalSnakeoil</a> <a href="https://infosec.space/tags/FakeSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FakeSec</a>

Recent searches

Search options

Administered by:

Server stats:

#techpopulism