shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

264
active users

#esimcards

0 posts0 participants0 posts today
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.social/@stman" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>stman</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@Sempf" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Sempf</span></a></span> <span class="h-card" translate="no"><a href="https://chaos.social/@LaF0rge" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>LaF0rge</span></a></span> yes.</p><p>Because physical SIMs, like any <em>"cryptographic chipcard"</em> (i.e. <span class="h-card" translate="no"><a href="https://social.nitrokey.com/@nitrokey" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>nitrokey</span></a></span> ) did all that fancy public/private crypto on silicon and unless that was compromizeable (which AFAICT always necessistated physical access to the <a href="https://infosec.space/tags/SIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SIM</span></a>, espechally in pre-<a href="https://infosec.space/tags/OMAPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OMAPI</span></a> devices) the SIM wasn't <em>'cloneable'</em> and the weakest link always had been the <a href="https://infosec.space/tags/MNO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MNO</span></a> /.<a href="https://infosec.space/tags/MVNO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MVNO</span></a> issueing (may it be through <a href="https://infosec.space/tags/SocialHacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SocialHacking</span></a> employees into <em><a href="https://infosec.space/tags/SimSwapping" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SimSwapping</span></a></em> or LEAs showng up with a warrant and demanding <em>"<a href="https://infosec.space/tags/LawfulInterception" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LawfulInterception</span></a>"</em>):</p><ul><li>These <em>"attack vectors"</em> were known and whilst <em>unfixable</em> they could at least be mitigated by i.e. <em>NEVER</em> using a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a> for anything <em>and/or</em> using anonymously obtained <a href="https://infosec.space/tags/SIMs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SIMs</span></a>. But more and more services like <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> did <a href="https://infosec.space/tags/regression" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>regression</span></a> demanding <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> <em>and</em> more and more nations <em>criminalized</em> <a href="https://infosec.space/tags/AnonymousSimCards" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AnonymousSimCards</span></a> under utterly <a href="https://infosec.space/tags/cyberfacist" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberfacist</span></a> &amp; <a href="https://infosec.space/tags/FalsePretenses" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FalsePretenses</span></a>!</li></ul><p>Add to that the <em>regression</em> in flexibility: </p><p>Unlike a <a href="https://infosec.space/tags/SimCard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SimCard</span></a> which was designed as a <em>vendor-independent, <a href="https://infosec.space/tags/MultiVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiVendor</span></a>, <a href="https://infosec.space/tags/MultiProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiProvider</span></a>, device agnostic unit to facilitate the the <a href="https://infosec.space/tags/authentification" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentification</span></a> and <a href="https://infosec.space/tags/encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>encryption</span></a> in <a href="https://infosec.space/tags/GSM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GSM</span></a> (and successor standards)</em>, <a href="https://infosec.space/tags/eSIMs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIMs</span></a> act to restrict <a href="https://infosec.space/tags/DeviceFreedom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DeviceFreedom</span></a> and <a href="https://infosec.space/tags/ConsumerChoice" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ConsumerChoice</span></a>, which with shit like <a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KYC</span></a> per <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IMEI</span></a> (i.e. <a href="https://infosec.space/tags/Turkey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Turkey</span></a> demands it after 90 days of roaming per year) und <a href="https://infosec.space/tags/lMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>lMEI</span></a>-based <a href="https://infosec.space/tags/Allowlisting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Allowlisting</span></a> (see <a href="https://infosec.space/tags/Australia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Australia</span></a>'s shitty <a href="https://infosec.space/tags/VoLTE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VoLTE</span></a> + <a href="https://infosec.space/tags/2G" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2G</span></a> &amp; <a href="https://infosec.space/tags/3G" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>3G</span></a> shutdown!) are just acts to clamp down on <a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> and <a href="https://infosec.space/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a>.</p><ul><li>And with <a href="https://infosec.space/tags/EID" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EID</span></a> being unique per <a href="https://infosec.space/tags/eSIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIM</span></a> (like the <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IMEI</span></a> on top!) there's nothing stopping <a href="https://infosec.space/tags/cyberfacist" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberfacist</span></a> regimes like <em>"P.R."</em> <a href="https://infosec.space/tags/China" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>China</span></a>, <a href="https://infosec.space/tags/Russia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Russia</span></a>, <a href="https://infosec.space/tags/Iran" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Iran</span></a>, ... from banning <em>"<a href="https://infosec.space/tags/eSIMcards" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIMcards</span></a>"</em> (<a href="https://infosec.space/tags/eSIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIM</span></a> in SIM card form factor) or entire device prefixes (i.e. all phones that are supported by <span class="h-card" translate="no"><a href="https://grapheneos.social/@GrapheneOS" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>GrapheneOS</span></a></span> ), as M(V)NOs see the EID used to deploy/activate a profile (obviously they don't want people to activate eSIMs more than once, <em>unless explicitly allowed otherwise</em>.</li></ul><p>"[…] [Technologies] must <em>always</em> be evaluated for their ability to oppress. […] </p><ul><li>Dan Olson</li></ul><p>And now you know why I consider a <a href="https://infosec.space/tags/smartphone" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>smartphone</span></a> with eSIM instead of two SIM slots not as a <em>real</em> <a href="https://infosec.space/tags/DualSIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DualSIM</span></a> device because it restricts my ability to freely move devices.</p><ul><li>And whilst German Courts reaffirmed §77 TKG (Telco Law)'s mandate to letting people choose their devices freely, (by declarong <a href="https://infosec.space/tags/fees" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fees</span></a> for reissue of eSIMs illegal) that is only <em>enforceable towards M(V)NOs who are in <a href="https://infosec.space/tags/Germany" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Germany</span></a></em>, so <em>'good luck'</em> trying to enforce that against some overseas roaming provider.</li></ul><p>Thus <a href="https://infosec.space/tags/Impersonation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Impersonation</span></a> attacks in GSM-based networks are easier than ever before which in the age of <em>more skilled than ever</em> <a href="https://infosec.space/tags/Cybercriminals" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybercriminals</span></a> and <a href="https://infosec.space/tags/Cyberterrorists" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyberterrorists</span></a> (i.e. <a href="https://infosec.space/tags/NSA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NSA</span></a> &amp; <a href="https://infosec.space/tags/Roskomnadnozr" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Roskomnadnozr</span></a>) puts espechally the average <em><a href="https://infosec.space/tags/TechIlliterate" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechIlliterate</span></a> User</em> at risk.</p><ul><li>I mean, anyone else remember the <a href="https://infosec.space/tags/Kiddies" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kiddies</span></a> that <em>fucked around</em> with <a href="https://infosec.space/tags/CIA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CIA</span></a> director <a href="https://infosec.space/tags/Brennan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Brennan</span></a>? Those were just using their <em>"weapons-grade <a href="https://infosec.space/tags/boredom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>boredom</span></a>"</em>, not being effective, for-profit cyber criminals!</li></ul><p>And then think about those who don't have <em>privilegued access</em> to <em>protection</em> by their government, but rather <em>"privilegued access" to prosecution</em> by the state <em>because their very existance is criminalized...</em></p> <p>The only advantage eSIMs broight in contrast is <em>'logistical' convenience</em> because it's mostly a <a href="https://infosec.space/tags/QRcode" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>QRcode</span></a> and that's just a way to avoid typos on a cryptic <a href="https://infosec.space/tags/LocalProfileAgent" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LocalProfileAgent</span></a> link.</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://freeradical.zone/@generalx" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>generalx</span></a></span> <span class="h-card" translate="no"><a href="https://chaos.social/@LaF0rge" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>LaF0rge</span></a></span> yes I am aware of <span class="h-card" translate="no"><a href="https://comfy.social/@PeterCxy" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>PeterCxy</span></a></span> 's developments.</p><ul><li>I did also found <a href="https://infosec.space/@kkarhan/114799776530364582" rel="nofollow noopener" target="_blank">competing options</a> when it comes to managing <a href="https://infosec.space/tags/eSIMs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIMs</span></a> on COTS <em><a href="https://infosec.space/tags/eSimCards" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSimCards</span></a>"</em>...</li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://chaos.social/@LaF0rge" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>LaF0rge</span></a></span> yeah, that I did figure out with the whole <a href="https://infosec.space/tags/GSMA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GSMA</span></a> signing chain.</p><ul><li>The few <em>"vendor independent"</em> options I've seen were mere <em>eSIM management</em> tools at the <a href="https://github.com/EsimMoe/MiniLPA" rel="nofollow noopener" target="_blank">LPA</a> / <a href="https://github.com/creamlike1024/EasyLPAC" rel="nofollow noopener" target="_blank">LPAC</a> level and subsequent <a href="https://infosec.space/tags/Apps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Apps</span></a> from companies that sell <a href="https://infosec.space/tags/eSIMcards" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIMcards</span></a> (aka. <a href="https://infosec.space/tags/eSIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIM</span></a> in Triple-<a href="https://infosec.space/tags/SIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SIM</span></a> form factor) like <a href="https://infosec.space/tags/5ber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>5ber</span></a>, <a href="https://infosec.space/tags/EIOTCLUB" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EIOTCLUB</span></a>, <a href="https://infosec.space/tags/9e" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>9e</span></a> and others...</li></ul><p>These do in fact work and I guess having something like <a href="https://codeberg.org/lucaweiss/lpa-gtk" rel="nofollow noopener" target="_blank"><code>lpa-gtk</code></a> that can be remotely told to deploy/switch eSIMs is the closest to <a href="https://infosec.space/@kkarhan/114795901857462897" rel="nofollow noopener" target="_blank">what I'm looking for</a> that will be possible in the walled maze that GSMA forces everyone to walk through as they don't allow people to roll their own CI/CA and exercise control.</p><ul><li>Granted as you hinted in your talk the reliance on having public internet access <em>kinda</em> defeats the purpose of a WWAN connectivity like 5G/4G/3G/2G so at best it allows for dynamically (with interruption) switch between eSIMs based off the current traffic pattern (i.e. from a narrowband flatrate or no base rate pay-as-you-go to a broadband flatrate or cheaper per-traffic plan).</li></ul><p>Fortunately I don't even need like <em>legacy services</em> like Voice/SMS and a phone number so it's easy to obtain eSIMs for that which neither expire nor incure standby fees.</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.nl/@Germo" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Germo</span></a></span> The problem I have is that <a href="https://infosec.space/tags/eSIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIM</span></a> restricts my <a href="https://infosec.space/tags/FreedomOfChoice" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FreedomOfChoice</span></a> re: <a href="https://infosec.space/tags/Devices" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Devices</span></a>.</p><ul><li>Yes, I do use <em>multiple devices</em> and I want to be able to pick them freely.</li></ul><p>Same with <a href="https://infosec.space/tags/eSIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIM</span></a>: I can put that on a <a href="https://infosec.space/tags/SIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SIM</span></a> <a href="https://infosec.space/tags/Card" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Card</span></a> *but I can't swap the soldered-down <a href="https://infosec.space/tags/Chip" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Chip</span></a>!</p><ul><li><a href="https://infosec.space/tags/Fairphone" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fairphone</span></a> could've offered / included an <a href="https://infosec.space/tags/eSIMcard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIMcard</span></a> (yes, these do exist!) and thus solved the entire issue: offering <a href="https://infosec.space/tags/eSIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIM</span></a> &amp; <a href="https://infosec.space/tags/DualSIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DualSIM</span></a> without the need of a <a href="https://infosec.space/tags/TripleSIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TripleSIM</span></a>-capable <a href="https://infosec.space/tags/Baseband" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Baseband</span></a>!</li></ul><p>And yes, I routinely use <a href="https://infosec.space/tags/eSIMcards" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIMcards</span></a> because I get the <a href="https://infosec.space/tags/freedom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freedom</span></a> and <a href="https://infosec.space/tags/flexibility" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>flexibility</span></a> of choice, because it's <em>noone's business</em> which <a href="https://infosec.space/tags/device" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>device</span></a> I use Which <a href="https://infosec.space/tags/plans" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>plans</span></a> on!</p><ul><li>And whilst courts in <a href="https://infosec.space/tags/Germany" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Germany</span></a> ruled it's illegal to charge for <a href="https://infosec.space/tags/DeciceSwaps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DeciceSwaps</span></a> re: <a href="https://infosec.space/tags/eSIMs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIMs</span></a>, that is only enforceable against <a href="https://infosec.space/tags/MNO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MNO</span></a>|s &amp; <a href="https://infosec.space/tags/MVNO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MVNO</span></a>|s from <a href="https://infosec.space/tags/Germany" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Germany</span></a>! </li></ul><p>Plus many plans I want to use and/or help people to setup are <a href="https://infosec.space/tags/SIMonly" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SIMonly</span></a> and not available as <a href="https://infosec.space/tags/eSIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIM</span></a> (i.e. <a href="https://infosec.space/tags/netzclub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>netzclub</span></a>)...</p><ul><li>No, eSIM is <em>NOT</em> a <a href="https://mastodon.nl/@Germo/113906252585895220" rel="nofollow noopener" target="_blank">sufficient replacement</a> even by the sheer fact that most of my devices <em>can't even manage an eSIM Card</em> unless that would he possible just with <a href="https://infosec.space/tags/ICCDcodes" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ICCDcodes</span></a> and *"<a href="https://infosec.space/tags/SIMtoolkit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SIMtoolkit</span></a>" / embedded Firmware on the <a href="https://infosec.space/tags/SIMcard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SIMcard</span></a>! </li></ul><p>I dare you to try to deploy an <a href="https://infosec.space/tags/eSIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIM</span></a> on a <a href="https://infosec.space/tags/2Gonly" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2Gonly</span></a> <a href="https://infosec.space/tags/StupidPhone" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>StupidPhone</span></a> whereas a regular SIM can just be chugged in!</p>