clifff @clifff

Else, Someone<a href="https://mastodon.ar.al/@aral" class="u-url mention" rel="nofollow noopener" target="_blank">@aral</a> <a href="https://mastodon.acm.org/tags/AML" class="mention hashtag" rel="nofollow noopener" target="_blank">#AML</a> <a href="https://mastodon.acm.org/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#KYC</a> <a href="https://mastodon.acm.org/tags/CFT" class="mention hashtag" rel="nofollow noopener" target="_blank">#CFT</a>

adison verlice<a href="https://threads.net/@liahaberman/" class="u-url mention" rel="nofollow noopener" target="_blank">@liahaberman</a> i can respect the work you've done on this. that said, i have to laugh too. you're asking a team to improve <a href="https://tweesecake.social/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#privacy</a> for a product that has consistantly violated privacy several times on severAl months. if you are using <a href="https://tweesecake.social/tags/facebook" class="mention hashtag" rel="nofollow noopener" target="_blank">#facebook</a> / <a href="https://tweesecake.social/tags/meta" class="mention hashtag" rel="nofollow noopener" target="_blank">#meta</a> you should know this is going to happen. you should *expect* this. as one of my friends <a href="https://infosec.space/@kkarhan" class="u-url mention" rel="nofollow noopener" target="_blank">@kkarhan</a> says, <a href="https://tweesecake.social/tags/kyc" class="mention hashtag" rel="nofollow noopener" target="_blank">#kyc</a> is the elicit activity, and facebook asks for a lot of kyc. also, this is evident by the amount of <a href="https://tweesecake.social/tags/gdpr" class="mention hashtag" rel="nofollow noopener" target="_blank">#gdpr</a> violations in the <a href="https://tweesecake.social/tags/eu" class="mention hashtag" rel="nofollow noopener" target="_blank">#eu</a> meta has received. don't get me wrong, i'm absolutely not discrediting you, i'm glad you got this out. i'm just saying you're shouting at a wall. meta has consistantly violating privacy and <a href="https://tweesecake.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> in some cases, and will continue to do so. so as much as i agree, meta is simply going to laugh in your face rather than do you any good

Kevin Karhan :verified:<a href="https://tweesecake.social/@adisonverlice" class="u-url mention" rel="nofollow noopener" target="_blank">@adisonverlice</a> even if an <a href="https://infosec.space/tags/MVNO" class="mention hashtag" rel="nofollow noopener" target="_blank">#MVNO</a> isn't demanding any <a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#KYC</a> whatsoever (i.e. <a href="https://infosec.space/tags/prepaid" class="mention hashtag" rel="nofollow noopener" target="_blank">#prepaid</a> are offered OTC in most juristictions) it's NOT "<a href="https://infosec.space/tags/Anonymous" class="mention hashtag" rel="nofollow noopener" target="_blank">#Anonymous</a>" but merely <a href="https://infosec.space/tags/pseudonymous" class="mention hashtag" rel="nofollow noopener" target="_blank">#pseudonymous</a> as it's trivial for governments to utilize existing and mandtory "<a href="https://infosec.space/tags/LawfulInterception" class="mention hashtag" rel="nofollow noopener" target="_blank">#LawfulInterception</a>" appliances to create that <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#PII</a> chain.<a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#PhoneNumber</a> <=> <a href="https://infosec.space/tags/ICCID" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICCID</a> (<a href="https://infosec.space/tags/SIMcard" class="mention hashtag" rel="nofollow noopener" target="_blank">#SIMcard</a>) <=> <a href="https://infosec.space/tags/IMSI" class="mention hashtag" rel="nofollow noopener" target="_blank">#IMSI</a> (SIM profile) <=> <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#IMEI</a> (Phone/...).So if <a href="https://infosec.space/tags/Anonymity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Anonymity</a> is important, NONE of these details have to be linked somehow even circumstantial.<ul><li>Bought/paid for the phone/SIM/ a single top-up with ec/CC/PayPal/SEPA/… = busted due to circumstantial connection.</li><li>Use the SIM in any device? Consider them circumstantially connected forever: <a href="https://infosec.space/tags/ICCID" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICCID</a> <=> <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#IMEI</a>.</li><li>Same applies to <a href="https://infosec.space/tags/eSIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#eSIM</a>|s: <a href="https://infosec.space/tags/EID" class="mention hashtag" rel="nofollow noopener" target="_blank">#EID</a> <=> <a href="https://infosec.space/tags/ICCID" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICCID</a> <=> <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#IMEI</a>.</li></ul>Add to the fact that most places have <a href="https://infosec.space/tags/CCTV" class="mention hashtag" rel="nofollow noopener" target="_blank">#CCTV</a>, and assume that they'll keep recordings for the maximum permissible duration if not longer and oftentimes even use questionable cloud services and you get the picture.<ul><li>I.e. in Germany the maximum permissible storage duration is 72 hours (if nothing hapoens that warrants a longer storage i.e. burglary/theft/robbery/arson/...) so anonymous top-ups would necessitate paying cash at a place one's not been known at (i.e. some kiosk) and waiting at least >72 hours (and checking on the purchase location) before redeeming the top-up code (i.e. dialing <code>*104*1234567890123456#</code> )...</li></ul>So any <a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#privacy</a>-based service should never ever & under no circumstances demand a Phone Number!<ul><li>Instead any privacy-focussed service should use <a href="https://infosec.space/tags/OnionServices" class="mention hashtag" rel="nofollow noopener" target="_blank">#OnionServices</a>, host their own <a href="https://infosec.space/tags/OnionService" class="mention hashtag" rel="nofollow noopener" target="_blank">#OnionService</a> or at least <a href="https://infosec.space/tags/DontBlockTor" class="mention hashtag" rel="nofollow noopener" target="_blank">#DontBlockTor</a> and allow users to use it via <a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@torproject</a> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tor</a> to use and signup. (But don't forget circumstantial connections there either!)</li><li>Also the less details they want or store and the least traffic they generate the harder it is to correlate traffic & users.</li></ul>

adison verliceok...so we have to talk about this. <a href="https://m.youtube.com/watch?v=1MoYHJaKsZE&pp=0gcJCa0JAYcqIYzv" rel="nofollow noopener" translate="no" target="_blank">https://m.youtube.com/watch?v=1MoYHJaKsZE&pp=0gcJCa0JAYcqIYzv</a> first off, encrypted messengers, like whatssapp, *require* <a href="https://tweesecake.social/tags/kyc" class="mention hashtag" rel="nofollow noopener" target="_blank">#kyc</a> in order for you to sign up. that is also baught by law enforcement. ayour contence, granted, are encrypted, but sometimes metadata is even more important. as <a href="https://tweesecake.social/tags/nsa" class="mention hashtag" rel="nofollow noopener" target="_blank">#nsa</a> director michael haden once said: "we kill based on metadata". should tell ya something. even if some providers, such as mint mobile in the US, don't require direct identification via a government ID, it is still kyc eitherway. and as <a href="https://infosec.space/@kkarhan" class="u-url mention" rel="nofollow noopener" target="_blank">@kkarhan</a> once said, KYC is the elicit activity. second, privacy and security settings? lol don't make me laugh. you don't actually know what the client is collecting when you use it. it's offen not open source, and offen still is able to gather data on you in other ways. or it could just saay off, but actually be on. the only way to *truely* regane privacy would be to use <a href="https://tweesecake.social/tags/selfhosted" class="mention hashtag" rel="nofollow noopener" target="_blank">#selfhosted</a> applications and open source apps. <a href="https://tweesecake.social/tags/surveillance" class="mention hashtag" rel="nofollow noopener" target="_blank">#surveillance</a> <a href="https://tweesecake.social/tags/tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#tor</a> <a href="https://tweesecake.social/tags/whatsapp" class="mention hashtag" rel="nofollow noopener" target="_blank">#whatsapp</a> <a href="https://tweesecake.social/tags/signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#signal</a> <a href="https://tweesecake.social/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#privacy</a> <a href="https://tweesecake.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a>

Kevin Karhan :verified:<a href="https://social.linux.pizza/@BingsPingsDings" class="u-url mention" rel="nofollow noopener" target="_blank">@BingsPingsDings</a> <a href="https://tiggi.es/@DeltaWye" class="u-url mention" rel="nofollow noopener" target="_blank">@DeltaWye</a> <a href="https://mapstodon.space/@abel" class="u-url mention" rel="nofollow noopener" target="_blank">@abel</a> pretty shure that already exists.<ul><li>Or rather a <a href="https://infosec.space/tags/bubble" class="mention hashtag" rel="nofollow noopener" target="_blank">#bubble</a> economy of "<a href="https://infosec.space/tags/AI" class="mention hashtag" rel="nofollow noopener" target="_blank">#AI</a>" <a href="https://infosec.space/tags/NFTs" class="mention hashtag" rel="nofollow noopener" target="_blank">#NFTs</a> on a <a href="https://infosec.space/tags/shitcoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#shitcoin</a> chain designed to commit <a href="https://infosec.space/tags/MoneyLaundering" class="mention hashtag" rel="nofollow noopener" target="_blank">#MoneyLaundering</a> similar to <a href="https://infosec.space/tags/ArtTrade" class="mention hashtag" rel="nofollow noopener" target="_blank">#ArtTrade</a> but without a reputable auction house doing even the slightest amount of <a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#KYC</a>…</li></ul>

adison verlice<a href="https://infosec.exchange/@troyhunt" class="u-url mention" rel="nofollow noopener" target="_blank">@troyhunt</a> Funny enough, at least 1 of the women were calling it a, whisper, network to talk about bad men. And yes I'm saying this as a man. I think a real whisper network would use <a href="https://tweesecake.social/tags/tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#tor</a> <a href="https://tweesecake.social/tags/onion" class="mention hashtag" rel="nofollow noopener" target="_blank">#onion</a> services And would not require you to use <a href="https://tweesecake.social/tags/kyc" class="mention hashtag" rel="nofollow noopener" target="_blank">#kyc</a> Along with only allowing you to upload text, no images, so that everyone would maintain their <a href="https://tweesecake.social/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#privacy</a> . This application is not sharing information An anonymous way, so it's probably not private by any means. I think there are hotlines and other anonymous sharing applications that do a much better job than T., which quite literally and unironically spilled the tea. I can already tell this is going to lead to enormous amounts of doxing.

Kevin Karhan :verified:<a href="https://birdbutt.com/@aetus" class="u-url mention" rel="nofollow noopener" target="_blank">@aetus</a> <a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@monocles</a> well, <a href="https://infosec.space/tags/monoclesXhat" class="mention hashtag" rel="nofollow noopener" target="_blank">#monoclesXhat</a> is an <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#XMPP</a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#OMEMO</a> <a href="https://infosec.space/tags/chat" class="mention hashtag" rel="nofollow noopener" target="_blank">#chat</a> client. <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#PII</a> = Personally Identifyable Information <a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#KYC</a> = Know Your Customer <a href="https://infosec.space/tags/E2EE" class="mention hashtag" rel="nofollow noopener" target="_blank">#E2EE</a> = End-to-End - Encryption <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener" target="_blank">#SelfCustody</a> = You (and only you) as a user hold all the keys.

Kevin Karhan :verified:<a href="https://birdbutt.com/@aetus" class="u-url mention" rel="nofollow noopener" target="_blank">@aetus</a> so basicaly like <a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@monocles</a> / <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#monoclesChat</a> but.demanding <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#PII</a> (<a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#PhoneNumber</a>) for <a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#KYC</a> and not providing actual <a href="https://infosec.space/tags/E2EE" class="mention hashtag" rel="nofollow noopener" target="_blank">#E2EE</a> with real <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener" target="_blank">#SelfCustody</a> of all the keys!

adison verliceok So we have something to talk about here. So I've noticed there's something called a hardware enforced no logging <a href="https://tweesecake.social/tags/vpn" class="mention hashtag" rel="nofollow noopener" target="_blank">#vpn</a> and it's located at <a href="https://vp.net" rel="nofollow noopener" translate="no" target="_blank">https://vp.net</a> . In theory this does sound promising, but I've noticed some issues with it. And it makes it look more like a scam VPN. 1st off, it uses the <a href="https://tweesecake.social/tags/intel" class="mention hashtag" rel="nofollow noopener" target="_blank">#intel</a> SGX, or Intel software guard extension as it's Real name the problem with the trusted execution environment is that it's closed source. And you can't really verify If it actually works For all we know it could be running aside Intel management engine. Second. And this is probably what makes it not anonymous. It requires a fucking <a href="https://tweesecake.social/tags/kyc" class="mention hashtag" rel="nofollow noopener" target="_blank">#kyc</a> EG credit card, stripe/link, amazon, et cetera. At least <a href="https://mastodon.online/@mullvadnet" class="u-url mention" rel="nofollow noopener" target="_blank">@mullvadnet</a> Does not require KYC, and cannot be linked back to you because It uses randomly generated account numbers and Is even more anonymous if you pay in <a href="https://tweesecake.social/tags/monero" class="mention hashtag" rel="nofollow noopener" target="_blank">#monero</a> XMR. Even has an onion service. But this? This VPN doesn't. So if that is part of your <a href="https://tweesecake.social/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#privacy</a> test this VPN in particular fails it. As <a href="https://infosec.space/@kkarhan" class="u-url mention" rel="nofollow noopener" target="_blank">@kkarhan</a> puts it, KYC is the illicit activity. And by the way I'm talking about the VPN mentioned earlier not MULLVAD, That passes the privacy test. Just wanted to be clear about that before I go on to my next statement.3rd, again even though Client is open Client is open source it uses Client is open source it uses proprietary components like Intel SGX. Oh and by the way I don't think this particular VPN has undergone independent <a href="https://tweesecake.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> <a href="https://tweesecake.social/tags/audit" class="mention hashtag" rel="nofollow noopener" target="_blank">#audit</a>. There are several red flags here and I would not use this particular VPN. If you're looking for privacy with a VPN I would use mullvad! <a href="https://tweesecake.social/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://tweesecake.social/tags/opsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#opsec</a>

Kevin Karhan :verified:<a href="https://flipboard.social/@TechDesk" class="u-url mention" rel="nofollow noopener" target="_blank">@TechDesk</a> <a href="https://mastodon.world/@theverge" class="u-url mention" rel="nofollow noopener" target="_blank">@theverge</a> no and people should refuse that shit!Remember: <ul><li><a href="https://infosec.space/tags/AgeVerfication" class="mention hashtag" rel="nofollow noopener" target="_blank">#AgeVerfication</a> is <a href="https://infosec.space/tags/cyberfacist" class="mention hashtag" rel="nofollow noopener" target="_blank">#cyberfacist</a> bs and <a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#KYC</a> is the illicit activty!</li></ul>

Replied in thread

**Kevin Karhan** @kkarhan@infosec.space · Jul 30 *

Jul 30 *

Kevin Karhan @kkarhan@infosec.space

@CorvidCrone @dartigen @harmonycorrupted actually there's an #AgeVerification function with #CreditCards, and a specific #AVS option on any "#KYC'd" real credit card using the CC number...

It's absent on #debit cards so if you live in a juristiction like #Germany where basically noone has a "real" credit card then you're fucked!

#debit #Germany

Replied in thread

**Kevin Karhan** @kkarhan@infosec.space · Jul 30

Jul 30

Kevin Karhan @kkarhan@infosec.space

@harmonycorrupted seriously, this #cyberfacist bs needs to be outlawed!

#ACAB includes #AgeVerification!
#KYC is the #IllicitActivity!
#Privacy is a #HumanRight!
Believing minors can't circumvent this bs is an insult to their intellect!

#acab #ageverification #kyc

Replied to adison verlice

**Kevin Karhan** @kkarhan@infosec.space · Jul 29

Jul 29

Kevin Karhan @kkarhan@infosec.space

@adisonverlice @signalapp again: #KYC is the illicit activity and demanding #PII and/or sending confirmation #SMS is inherently bad.

Compared to i.e. @delta / #deltaChat or @monocles / #monoclesChat it's already a no-go to demand a #PhoneNumber, and the latter one is actually #sustainable.because it's paid for by users and not a #VCmoneyBurningParty!

**Kevin Karhan** @kkarhan@infosec.space · Jul 29 *

Jul 29 *

Kevin Karhan @kkarhan@infosec.space

@alecm Remember:

#KYC IS the #iIllicitActivity!

I do recommend people to learn how to use @torproject / #Tor to give #Cyberfacism the finger…

Or consider getting a "Photo ID" from @digitalcourage …

https://digitalcourage.de/digitale-selbstverteidigung/der-lichtbildausweis-mit-wunschdaten

digitalcourage.deDer Lichtbildausweis mit Wunschdaten | DigitalcourageEin nichtamtlicher Ausweis hilft, die eigene Identität zu schützen, wenn wissbegierige Behörden, Geschäfte oder Dienstleister ungerechtfertigt nach

Replied in thread

**Kevin Karhan** @kkarhan@infosec.space · Jul 25

Jul 25

Kevin Karhan @kkarhan@infosec.space

@Lazarou or rather: THIS is why #KYC IS the #IllicitActivity!…

#kyc #illicitactivity

**Kevin Karhan** @kkarhan@infosec.space · Jul 24 *

Jul 24 *

Kevin Karhan @kkarhan@infosec.space

@heartshadows @JamesBaker basically anything > €1k will trigger #KYC / #KYB & #AML checks within the "Eurosystem" banks (aka. all Banks in #EU + #EFTA / #SEPA region) regardless of type.

Same with #Cryptocurrencies like #shitcoins, with #Aistria being the 'most lenient' at €250 max. for pseudonymous #Bitcoin (necessitating a lokal mobile number!)…

https://bitcoinbon.at

Replied in thread

**Kevin Karhan** @kkarhan@infosec.space · Jul 24 *

Jul 24 *

Kevin Karhan @kkarhan@infosec.space

@Mandrake Remember: "#KYC IS the #IllicitActivity!" and demanding such for anything without a legal mandate is a gross violation of #GDPR & #BDSG!

But then again the #UK doesn't eben recognize the right to not sepf-incriminate when it comes to data…

#UK

**Kevin Karhan** @kkarhan@infosec.space · Jul 24 *

Jul 24 *

Kevin Karhan @kkarhan@infosec.space

@heartshadows @JamesBaker Lets just say that #Monero not only never supported all the #NFT bullshit but actually worked against it given the abuse of "#Ordinals" aka. attempts to do that on the tx_extra field.

As for Money Laundering, existing provisions cover that well enough, cuz even #NowPayments and #ChangeNow do #KYC & #KYB their clients, and any bona-fide business does maintain records of billings and has absolute basics of accounting in place, so that makes them unattractive, espechally for any ML operations as they do cooperate on duely issued warrants and have been known for that.

In fact, the clamp-down on Monero did create a huge industry of middlemen that facilitate exchange of it into clean #shitcoins to the point that a whole industry of #crypto #trackers emerge that try to trace shit - like #Chainalysis & #IntegraFEC.

So even if DNDLs sit on millions if not billions in Monero, they can't cash that out because even the shadiest of #Banksters in the most shady of Bank will ask "Where da money come from?" and will likely seize any funds that have no explaination.

This is why even if someone had my IBAN & BIC and were to send me illicit funds, that would never show up on my account balance nor would I even get questioned about this TradFinance "dusting" attack because it would instantly get frozen by my bank, reported to FIU and unless I were to ask about it, everyone would rightfully know that I don't know cuz I'm not into that shit.

I stay on the legal side out of principle!

YouTubeThe Rise of Money Launderers on Snapchat and Instagram | CrimewaveBy VICE

Replied in thread

**Kevin Karhan** @kkarhan@infosec.space · Jul 22 *

Jul 22 *

Kevin Karhan @kkarhan@infosec.space

@LucieLazerEyez

1. If they can't cite a legal reason refuse to #KYC.

2. Very, very few cases (i.e. banks, public agencies) have a right or mandate to do so.

3. You have a right to redact critical info like the ID number.

4. You have a right to demand details re: storage and processing, incuding every person and provider in between.

5. Simce it's sensitive PII, you have a right to decline said consent outside of any of the cases mentioned in 2.

#NotLegalAdvice but for #AgeVerification (i.e. #retail) they are not allowed to store or copy it, but merely look and verify that the person they verify is indeed on that ID, that the ID isn't obviously a forgery (security features!) and that the D.O.B. is above 16/18...

Didn't @wbs_legal makea video about when demanding IDs is allowed?

Replied in thread

**Kevin Karhan** @kkarhan@infosec.space · Jul 17

Jul 17

Kevin Karhan @kkarhan@infosec.space

@simsus IMHO ist #KYC mit Vorwänden wie #Jugendschutz inhärent falsch und gehört verboten, weil es das Recht auf #Privatsphäre verletzt!

Recent searches

Search options

Administered by:

Server stats:

#kyc