Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.social/@Cappyjax" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Cappyjax</span></a></span> IDGAF about <em>"passion"</em>. <a href="https://infosec.space/@kkarhan/114697690127511140" rel="nofollow noopener noreferrer" target="_blank">All I care about is the security of users!</a></p><p>Requiring <em>any</em> <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PII</span></a> like a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PhoneNumber</span></a> is inacceptable when it comes to <a href="https://infosec.space/tags/ComSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ComSec</span></a>, <a href="https://infosec.space/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> & <a href="https://infosec.space/tags/OpSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpSec</span></a>, espechally given <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>signalapp</span></a></span> is not only able but entirely willing to restrict service based off said numbers, making their "solution" insecure by design.</p><ul><li>There's a reason why <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OMEMO</span></a> and <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGP</span></a>/MIME [both each over <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tor</span></a>] is the <em>evidently superior and more secure approach</em>, as being unable to <em>"<a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KYC</span></a>"</em> a user is a matter of security...</li></ul><p>Espechally since obtaining a phone number anonymously is oftentimes illegal (i.e. <a href="https://infosec.space/tags/Germany" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Germany</span></a> made it illegal starting 07/2017, so using any service that demands a phone numner is out of question)</p><ul><li>And even <em>if</em> one can get an anonymous <a href="https://infosec.space/tags/SIM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SIM</span></a> (with a phone number) or god forbid <a href="https://infosec.space/tags/eSIM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>eSIM</span></a>, (which is at best pseudonymous as tracking down users by virtue of matching ICCID, IMEI & IMSI to location and time) the chances are high that one ends up with recycled phone numbers that have already been used.</li></ul><p>Obviously the devs of <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Signal</span></a> and <span class="h-card" translate="no"><a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Mer__edith</span></a></span> are well aware of this critical flaw, which is why I consider them to act as <a href="https://en.wikipedia.org/wiki/Useful_idiot" rel="nofollow noopener noreferrer" target="_blank"><em>"useful idiots"</em></a> or rather <a href="https://en.wikipedia.org/wiki/Opposition_(politics)#Controlled_opposition" rel="nofollow noopener noreferrer" target="_blank"><em>"controlled opposition"</em></a> as <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Signal</span></a> could've been shutdown trivially by the <a href="https://infosec.space/tags/US" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>US</span></a> Government or forced into banning users based off their <a href="https://infosec.space/tags/PhoneNumbers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PhoneNumbers</span></a> (they may call this <em>"<a href="https://infosec.space/tags/sanctions" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sanctions</span></a> <a href="https://infosec.space/tags/compliance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>compliance</span></a>"</em> given they added a <a href="https://infosec.space/tags/Shitcoin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Shitcoin</span></a> - Wallet into Signal!)...</p><ul><li>All the <em>"but <a href="https://infosec.space/tags/Metadata" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Metadata</span></a>"</em> <a href="https://infosec.space/tags/FUD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FUD</span></a> turns into <a href="https://infosec.space/tags/MarketingLies" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MarketingLies</span></a> once put under the looking glass and examined against the risk of state-sponsored / -endordsed / -supported attackers.</li></ul><p>Whereas with <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>monocles</span></a></span> / <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>monoclesChat</span></a>, <span class="h-card" translate="no"><a href="https://fosstodon.org/@gajim" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>gajim</span></a></span> / <a href="https://infosec.space/tags/gajim" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>gajim</span></a> and <span class="h-card" translate="no"><a href="https://chaos.social/@delta" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>delta</span></a></span> / <a href="https://infosec.space/tags/deltaChat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>deltaChat</span></a> and <span class="h-card" translate="no"><a href="https://mastodon.online/@thunderbird" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>thunderbird</span></a></span> / <a href="https://infosec.space/tags/Thunderbird" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Thunderbird</span></a> respectably I can not only use Tor, but do <a href="https://infosec.space/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SelfHosting</span></a> for the entire <a href="https://infosec.space/tags/communications" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>communications</span></a> infrastructure (i.e. using an <a href="https://infosec.space/tags/OnionService" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OnionService</span></a> = only reachable via Tor) and get the advantages of a self-routing, self-authenticating & battle-hardened against censorship proxy network that can't be shutdown!</p><ul><li>And if you think this is too tinfoilhatted, then consider yourself privilegued enough of having your mere existance not being <a href="https://ilga.org/news/state-sponsored-homophobia-december-2019-decade-update/" rel="nofollow noopener noreferrer" target="_blank">criminalized by the government under threat of public execution!</a></li></ul><p><a href="https://ilga.org/wp-content/uploads/2024/02/ILGA_World_map_sexual_orientation_laws_December2019.pdf" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">ilga.org/wp-content/uploads/20</span><span class="invisible">24/02/ILGA_World_map_sexual_orientation_laws_December2019.pdf</span></a><br><a href="https://infosec.space/@kkarhan/114697690127511140" translate="no" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.space/@kkarhan/1146976</span><span class="invisible">90127511140</span></a></p>