shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.

Administered by:

Server stats:

244
active users

#kyc

2 posts2 participants0 posts today
Else, Someone<p><span class="h-card" translate="no"><a href="https://mastodon.ar.al/@aral" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>aral</span></a></span> <a href="https://mastodon.acm.org/tags/AML" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AML</span></a> <a href="https://mastodon.acm.org/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KYC</span></a> <a href="https://mastodon.acm.org/tags/CFT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CFT</span></a></p>
adison verlice<p><span class="h-card" translate="no"><a href="https://threads.net/@liahaberman/" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>liahaberman</span></a></span> i can respect the work you've done on this. that said, i have to laugh too. you're asking a team to improve <a href="https://tweesecake.social/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> for a product that has consistantly violated privacy several times on severAl months. if you are using <a href="https://tweesecake.social/tags/facebook" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>facebook</span></a> / <a href="https://tweesecake.social/tags/meta" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>meta</span></a> you should know this is going to happen. you should *expect* this. as one of my friends <span class="h-card" translate="no"><a href="https://infosec.space/@kkarhan" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>kkarhan</span></a></span> says, <a href="https://tweesecake.social/tags/kyc" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>kyc</span></a> is the elicit activity, and facebook asks for a lot of kyc.<br>also, this is evident by the amount of <a href="https://tweesecake.social/tags/gdpr" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gdpr</span></a> violations in the <a href="https://tweesecake.social/tags/eu" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eu</span></a> meta has received. don't get me wrong, i'm absolutely not discrediting you, i'm glad you got this out. i'm just saying you're shouting at a wall. meta has consistantly violating privacy and <a href="https://tweesecake.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> in some cases, and will continue to do so.<br>so as much as i agree, meta is simply going to laugh in your face rather than do you any good</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://tweesecake.social/@adisonverlice" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>adisonverlice</span></a></span> even <em>if</em> an <a href="https://infosec.space/tags/MVNO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MVNO</span></a> isn't demanding any <a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KYC</span></a> whatsoever (i.e. <a href="https://infosec.space/tags/prepaid" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>prepaid</span></a> are offered OTC in most juristictions) it's <em>NOT</em> "<a href="https://infosec.space/tags/Anonymous" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Anonymous</span></a>" but merely <em><a href="https://infosec.space/tags/pseudonymous" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pseudonymous</span></a></em> as it's trivial for governments to utilize existing <em>and mandtory "<a href="https://infosec.space/tags/LawfulInterception" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LawfulInterception</span></a>" appliances</em> to create that <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> chain.</p><p><a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a> &lt;=&gt; <a href="https://infosec.space/tags/ICCID" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ICCID</span></a> (<a href="https://infosec.space/tags/SIMcard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SIMcard</span></a>) &lt;=&gt; <a href="https://infosec.space/tags/IMSI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IMSI</span></a> (SIM profile) &lt;=&gt; <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IMEI</span></a> (Phone/...).</p><p>So if <a href="https://infosec.space/tags/Anonymity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Anonymity</span></a> is important, <em>NONE</em> of these details have to be linked somehow even circumstantial.</p><ul><li><p>Bought/paid for the phone/SIM/ a single top-up with ec/CC/PayPal/SEPA/… = busted due to circumstantial connection.</p></li><li><p>Use the SIM in any device? Consider them <em>circumstantially connected</em> forever: <a href="https://infosec.space/tags/ICCID" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ICCID</span></a> &lt;=&gt; <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IMEI</span></a>.</p></li><li><p>Same applies to <a href="https://infosec.space/tags/eSIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIM</span></a>|s: <a href="https://infosec.space/tags/EID" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EID</span></a> &lt;=&gt; <a href="https://infosec.space/tags/ICCID" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ICCID</span></a> &lt;=&gt; <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IMEI</span></a>.</p></li></ul><p>Add to the fact that most places have <a href="https://infosec.space/tags/CCTV" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CCTV</span></a>, and assume that they'll keep recordings for the <em>maximum permissible duration</em> if not longer and oftentimes even use questionable cloud services and you get the picture.</p><ul><li>I.e. in Germany the maximum permissible storage duration is 72 hours (<em>if nothing hapoens that warrants a longer storage i.e. burglary/theft/robbery/arson/...</em>) so anonymous top-ups would necessitate paying cash at a place one's not been known at (i.e. some kiosk) and waiting at least &gt;72 hours (and checking on the purchase location) before redeeming the top-up code (i.e. dialing <code>*104*1234567890123456#</code> )...</li></ul><p>So any <a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a>-based service should <em>never ever &amp; under no circumstances</em> demand a Phone Number!</p><ul><li><p>Instead any privacy-focussed service should use <a href="https://infosec.space/tags/OnionServices" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OnionServices</span></a>, host their own <a href="https://infosec.space/tags/OnionService" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OnionService</span></a> or at least <a href="https://infosec.space/tags/DontBlockTor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DontBlockTor</span></a> and allow users to use it via <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a> to use and signup. (But don't forget circumstantial connections there either!)</p></li><li><p>Also the less details they want or store and the least traffic they generate the harder it is to correlate traffic &amp; users.</p></li></ul>
adison verlice<p>ok...so we have to talk about this.<br><a href="https://m.youtube.com/watch?v=1MoYHJaKsZE&amp;pp=0gcJCa0JAYcqIYzv" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">m.youtube.com/watch?v=1MoYHJaK</span><span class="invisible">sZE&amp;pp=0gcJCa0JAYcqIYzv</span></a><br>first off, encrypted messengers, like whatssapp, *require* <a href="https://tweesecake.social/tags/kyc" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>kyc</span></a> in order for you to sign up.<br>that is also baught by law enforcement. ayour contence, granted, are encrypted, but sometimes metadata is even more important. as <a href="https://tweesecake.social/tags/nsa" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nsa</span></a> director michael haden once said: "we kill based on metadata".<br>should tell ya something. even if some providers, such as mint mobile in the US, don't require direct identification via a government ID, it is still kyc eitherway. and as <span class="h-card" translate="no"><a href="https://infosec.space/@kkarhan" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>kkarhan</span></a></span> once said, KYC is the elicit activity.<br>second, privacy and security settings? lol don't make me laugh. you don't actually know what the client is collecting when you use it. it's offen not open source, and offen still is able to gather data on you in other ways.<br>or it could just saay off, but actually be on. <br>the only way to *truely* regane privacy would be to use <a href="https://tweesecake.social/tags/selfhosted" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>selfhosted</span></a> applications and open source apps.<br><a href="https://tweesecake.social/tags/surveillance" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>surveillance</span></a> <a href="https://tweesecake.social/tags/tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tor</span></a> <a href="https://tweesecake.social/tags/whatsapp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>whatsapp</span></a> <a href="https://tweesecake.social/tags/signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>signal</span></a> <a href="https://tweesecake.social/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> <a href="https://tweesecake.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://social.linux.pizza/@BingsPingsDings" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>BingsPingsDings</span></a></span> <span class="h-card" translate="no"><a href="https://tiggi.es/@DeltaWye" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>DeltaWye</span></a></span> <span class="h-card" translate="no"><a href="https://mapstodon.space/@abel" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>abel</span></a></span> pretty shure that already exists.</p><ul><li>Or rather a <a href="https://infosec.space/tags/bubble" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bubble</span></a> economy of <em>"<a href="https://infosec.space/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AI</span></a>" <a href="https://infosec.space/tags/NFTs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NFTs</span></a></em> on a <a href="https://infosec.space/tags/shitcoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>shitcoin</span></a> chain designed to commit <a href="https://infosec.space/tags/MoneyLaundering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MoneyLaundering</span></a> similar to <a href="https://infosec.space/tags/ArtTrade" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ArtTrade</span></a> but without a reputable auction house doing even the slightest amount of <a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KYC</span></a>…</li></ul>
adison verlice<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@troyhunt" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>troyhunt</span></a></span> Funny enough, at least 1 of the women were calling it a, whisper, network to talk about bad men. And yes I'm saying this as a man. I think a real whisper network would use <a href="https://tweesecake.social/tags/tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tor</span></a> <a href="https://tweesecake.social/tags/onion" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>onion</span></a> services And would not require you to use <a href="https://tweesecake.social/tags/kyc" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>kyc</span></a> Along with only allowing you to upload text, no images, so that everyone would maintain their <a href="https://tweesecake.social/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> .<br>This application is not sharing information An anonymous way, so it's probably not private by any means. I think there are hotlines and other anonymous sharing applications that do a much better job than T., which quite literally and unironically spilled the tea.<br>I can already tell this is going to lead to enormous amounts of doxing.</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://birdbutt.com/@aetus" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>aetus</span></a></span> <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>monocles</span></a></span> well, <a href="https://infosec.space/tags/monoclesXhat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monoclesXhat</span></a> is an <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OMEMO</span></a> <a href="https://infosec.space/tags/chat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>chat</span></a> client.<br><a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> = Personally Identifyable Information<br><a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KYC</span></a> = Know Your Customer<br><a href="https://infosec.space/tags/E2EE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>E2EE</span></a> = End-to-End - Encryption<br><a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfCustody</span></a> = You (and only you) as a user hold all the keys.</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://birdbutt.com/@aetus" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>aetus</span></a></span> so basicaly like <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>monocles</span></a></span> / <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monoclesChat</span></a> but.demanding <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> (<a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a>) for <a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KYC</span></a> and not providing actual <a href="https://infosec.space/tags/E2EE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>E2EE</span></a> with real <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfCustody</span></a> of all the keys!</p>
adison verlice<p>ok So we have something to talk about here. So I've noticed there's something called a hardware enforced no logging <a href="https://tweesecake.social/tags/vpn" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vpn</span></a> and it's located at <a href="https://vp.net" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">vp.net</span><span class="invisible"></span></a> .<br> In theory this does sound promising, but I've noticed some issues with it. And it makes it look more like a scam VPN.<br> 1st off, it uses the <a href="https://tweesecake.social/tags/intel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>intel</span></a> SGX, or Intel software guard extension as it's Real name the problem with the trusted execution environment is that it's closed source. And you can't really verify If it actually works For all we know it could be running aside Intel management engine.<br>Second. And this is probably what makes it not anonymous. It requires a fucking <a href="https://tweesecake.social/tags/kyc" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>kyc</span></a> EG credit card, stripe/link, amazon, et cetera. At least <span class="h-card" translate="no"><a href="https://mastodon.online/@mullvadnet" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>mullvadnet</span></a></span> Does not require KYC, and cannot be linked back to you because It uses randomly generated account numbers and Is even more anonymous if you pay in <a href="https://tweesecake.social/tags/monero" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monero</span></a> XMR. Even has an onion service. But this? This VPN doesn't. So if that is part of your <a href="https://tweesecake.social/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> test this VPN in particular fails it.<br>As <span class="h-card" translate="no"><a href="https://infosec.space/@kkarhan" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>kkarhan</span></a></span> puts it, KYC is the illicit activity.<br> And by the way I'm talking about the VPN mentioned earlier not MULLVAD, That passes the privacy test. Just wanted to be clear about that before I go on to my next statement.3rd, again even though Client is open Client is open source it uses Client is open source it uses proprietary components like Intel SGX. Oh and by the way I don't think this particular VPN has undergone independent <a href="https://tweesecake.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://tweesecake.social/tags/audit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>audit</span></a>. There are several red flags here and I would not use this particular VPN. If you're looking for privacy with a VPN I would use mullvad!<br><a href="https://tweesecake.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cybersecurity</span></a> <a href="https://tweesecake.social/tags/opsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opsec</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://flipboard.social/@TechDesk" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>TechDesk</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.world/@theverge" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>theverge</span></a></span> no and people should refuse that shit!</p><p>Remember: </p><ul><li><a href="https://infosec.space/tags/AgeVerfication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AgeVerfication</span></a> is <a href="https://infosec.space/tags/cyberfacist" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberfacist</span></a> bs and <a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KYC</span></a> is the illicit activty!</li></ul>

@heartshadows @JamesBaker Lets just say that #Monero not only never supported all the #NFT bullshit but actually worked against it given the abuse of "#Ordinals" aka. attempts to do that on the tx_extra field.

As for Money Laundering, existing provisions cover that well enough, cuz even #NowPayments and #ChangeNow do #KYC & #KYB their clients, and any bona-fide business does maintain records of billings and has absolute basics of accounting in place, so that makes them unattractive, espechally for any ML operations as they do cooperate on duely issued warrants and have been known for that.

  • In fact, the clamp-down on Monero did create a huge industry of middlemen that facilitate exchange of it into clean #shitcoins to the point that a whole industry of #crypto #trackers emerge that try to trace shit - like #Chainalysis & #IntegraFEC.

So even if DNDLs sit on millions if not billions in Monero, they can't cash that out because even the shadiest of #Banksters in the most shady of Bank will ask "Where da money come from?" and will likely seize any funds that have no explaination.

  • This is why even if someone had my IBAN & BIC and were to send me illicit funds, that would never show up on my account balance nor would I even get questioned about this TradFinance "dusting" attack because it would instantly get frozen by my bank, reported to FIU and unless I were to ask about it, everyone would rightfully know that I don't know cuz I'm not into that shit.

I stay on the legal side out of principle!

Replied in thread

@LucieLazerEyez

1. If they can't cite a legal reason refuse to #KYC.

2. Very, very few cases (i.e. banks, public agencies) have a right or mandate to do so.

3. You have a right to redact critical info like the ID number.

4. You have a right to demand details re: storage and processing, incuding every person and provider in between.

5. Simce it's sensitive PII, you have a right to decline said consent outside of any of the cases mentioned in 2.

#NotLegalAdvice but for #AgeVerification (i.e. #retail) they are not allowed to store or copy it, but merely look and verify that the person they verify is indeed on that ID, that the ID isn't obviously a forgery (security features!) and that the D.O.B. is above 16/18...

  • Didn't @wbs_legal makea video about when demanding IDs is allowed?