Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://social.treehouse.systems/@PallasRiot" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>PallasRiot</span></a></span> NONE!</p><ul><li>Use <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a> with <span class="h-card" translate="no"><a href="https://social.librem.one/@guardianproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>guardianproject</span></a></span> <a href="https://infosec.space/tags/Orbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Orbot</span></a> and <span class="h-card" translate="no"><a href="https://venera.social/profile/tails_live" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tails_live</span></a></span> / <span class="h-card" translate="no"><a href="https://fosstodon.org/@tails" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tails</span></a></span> / <a href="https://infosec.space/tags/Tails" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tails</span></a> or don't even try!</li></ul><p>Because *ALL <a href="https://infosec.space/tags/VPN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VPN</span></a>|s <a href="https://web.archive.org/web/20210226175949/https://twitter.com/thegrugq/status/1085614812581715968" rel="nofollow noopener" target="_blank">WILL SNITCH*!</a></p>
shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.
Administered by:
Server stats:
244active users
shakedown.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.4.3
#orbot
0 posts · 0 participants · 0 posts today
Kevin Karhan :verified:<p>Having chatted with <span class="h-card" translate="no"><a href="https://tweesecake.social/@adisonverlice" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>adisonverlice</span></a></span> for quite some time I can really see a lot of <a href="https://infosec.space/tags/pain" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pain</span></a> and <a href="https://infosec.space/tags/frustration" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>frustration</span></a> when it comes to <a href="https://infosec.space/tags/accessibility" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>accessibility</span></a> of <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a> as well as <span class="h-card" translate="no"><a href="https://social.librem.one/@guardianproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>guardianproject</span></a></span> / <a href="https://infosec.space/tags/Orbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Orbot</span></a>.</p><ul><li>I.e. <a href="https://infosec.space/tags/Captchas" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Captchas</span></a> with no alternatives for <a href="https://infosec.space/tags/blind" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>blind</span></a> users.</li></ul><p>This seems like something <a href="https://infosec.space/tags/TorProject" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TorProject</span></a> and <a href="https://infosec.space/tags/GuardianProject" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GuardianProject</span></a> need to really work on, cuz <a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> should not be limited to people being able-bodied...</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mstdn.social/@BrodieOnLinux" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>BrodieOnLinux</span></a></span> I am pretty shure <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/TorBrowser" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TorBrowser</span></a> and any <a href="https://infosec.space/tags/App" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>App</span></a> that does <a href="https://infosec.space/tags/Proxy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Proxy</span></a> through <span class="h-card" translate="no"><a href="https://social.librem.one/@guardianproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>guardianproject</span></a></span> / <a href="https://infosec.space/tags/Orbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Orbot</span></a> for <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a> access is not affected but I do encourage both <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a> and Orbot devs to test against <a href="https://infosec.space/tags/LocalhostTracking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LocalhostTracking</span></a>!</p><p><a href="https://infosec.space/tags/Spyware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Spyware</span></a> <a href="https://infosec.space/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> <a href="https://infosec.space/tags/ComSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ComSec</span></a> <a href="https://infosec.space/tags/ITsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITsec</span></a> <a href="https://infosec.space/tags/OpSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpSec</span></a> <a href="https://infosec.space/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Malware</span></a> <a href="https://infosec.space/tags/LocalhostTracking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LocalhostTracking</span></a> <a href="https://infosec.space/tags/Govware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Govware</span></a> <a href="https://infosec.space/tags/StasiBook" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>StasiBook</span></a> <a href="https://infosec.space/tags/Facebook" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Facebook</span></a> <a href="https://infosec.space/tags/Meta" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Meta</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.social/@derekmorr" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>derekmorr</span></a></span> </p><blockquote><p>Let it go, already. No one uses MobileCoin. You can’t even find an exchange to buy it.</p></blockquote><p>Then why does <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> still have that shit in it? <span class="h-card" translate="no"><a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Mer__edith</span></a></span> could've pulled that <a href="https://infosec.space/tags/Shitcoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Shitcoin</span></a> yet refuses to do do!</p><blockquote><p>The Cloud Act is a non-issue. Signal doesn’t have data on users, so they can’t be forced to disclose it.</p></blockquote><p>That's literally wrong!</p><ul><li><a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Signal</span></a> not only collects <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> in the form of a <a href="https://infosec.space/tags/PhoneNumher" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumher</span></a> but explicitly is <em>able and willing</em> to use that to dsicriminate against users and restrict app functionality based off their presumed juristiction. There is no <em>"legitimate interest"</em> for.doing so nor any legal mandate to do so (unless we excuse the ehole <a href="https://infosec.space/tags/MobileCoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MobileCoin</span></a>-<a href="https://infosec.space/tags/Scam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Scam</span></a>!)</li></ul><blockquote><p>It’s been 30 years, and no one uses xmpp. Let it go.</p></blockquote><p>Wrong again. Otherwise there wouldn't be thriving ecosystems and Apps to this day. It's just that corporate shills refuse to acknowledge that Signal - like all centralized, proprietary, <a href="https://infosec.space/tags/SingleVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SingleVendor</span></a> and/or <a href="https://infosec.space/tags/SingleProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SingleProvider</span></a> kessengers before and after - will inevitably die as their business model is not sustainable. Sake with <a href="https://infosec.space/tags/ICQ" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ICQ</span></a> really. The only exceptions are those that abolish <a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> for <a href="https://infosec.space/tags/profit" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>profit</span></a>, integrate <em>actually working payments</em> or sellout to a <a href="https://infosec.space/tags/cyberfacist" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberfacist</span></a> <a href="https://infosec.space/tags/government" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>government</span></a> (all those apply to <a href="https://infosec.space/tags/WeChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WeChat</span></a>!)</p><blockquote><p>It’s shocking that people who claim to care about security and privacy push niche apps with terrible UX and no PFS like Delta or XMPP instead of the only private messenger with any real market share, Signal.</p></blockquote><p>You know what's shocking to me: People who are unable or rather unwilling.to acknowledge that Signal is garbage and it's requirement for a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a> kills any <a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> benefits it may have on paper by virtue of being at best pseudonymous (assuming the userd don't live in a juristiction that demands <em>"<a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KYC</span></a>"</em> for even prepaid <a href="https://infosec.space/tags/SIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SIM</span></a> cards (ime. <a href="https://infosec.space/tags/Germany" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Germany</span></a>) or god forbid even <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IMEI</span></a>|s (i.e. <a href="https://infosec.space/tags/Turkey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Turkey</span></a> has a literal allowlist that'll kick any device off it's MNOs after 90 days within 365 days.</p><ul><li>The <a href="https://infosec.space/tags/UScentric" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UScentric</span></a> approach to <a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> and <a href="https://infosec.space/tags/threats" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>threats</span></a> makes Signal absolutely useless in many cases, and I do speak here from experience. </li></ul><p>I'd rather help people onboard <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OMEMO</span></a> like <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>monocles</span></a></span> and/or <span class="h-card" translate="no"><a href="https://fosstodon.org/@gajim" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>gajim</span></a></span> or <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PGP</span></a>/MIME like <span class="h-card" translate="no"><a href="https://chaos.social/@delta" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>delta</span></a></span> & <span class="h-card" translate="no"><a href="https://mastodon.online/@thunderbird" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>thunderbird</span></a></span> (incl. setting them up with <a href="https://infosec.space/tags/Orbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Orbot</span></a> / <a href="https://infosec.space/tags/TorBrowserBundle" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TorBrowserBundle</span></a> / <span class="h-card" translate="no"><a href="https://venera.social/profile/tails_live" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tails_live</span></a></span> so their traffic gets through <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> and doesn't provide any useable IP addresses. </p><ul><li><em>I've literally been there and done that!</em></li></ul><p>As for <a href="https://infosec.space/tags/Sustainability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sustainability</span></a>, providers like <a href="https://monocles.eu" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="">monocles.eu</span><span class="invisible"></span></a> finance themselves by subscriptions (starting at €2 p.m.) which people can pay <em>fully anonymous</em> using <a href="https://infosec.space/tags/CashByMail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CashByMail</span></a> and <a href="https://infosec.space/tags/Monero" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Monero</span></a> on top of common payment methods (i.e. SEPA wire transfer)...</p><ul><li>So even if you think <em>"<a href="https://infosec.space/tags/monocles" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monocles</span></a> is a <a href="https://infosec.space/tags/honeypot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>honeypot</span></a>"</em> that is mitigateable ciz unlike with Signal you can <em>choose your own client, choose a different provider & exervise self-custody of all tue keys!</em></li></ul>
nemo™ 🇺🇦<p>Make ANY <a href="https://mas.to/tags/Messaging" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Messaging</span></a> Service <a href="https://mas.to/tags/E2E" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>E2E</span></a> <a href="https://mas.to/tags/Encrypted" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Encrypted</span></a> With <a href="https://mas.to/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PGP</span></a> by Mental Outlaw</p><p><a href="https://www.youtube.com/watch?v=mu2TVYJE5Gc" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">youtube.com/watch?v=mu2TVYJE5G</span><span class="invisible">c</span></a></p><p>Signal bro signal :D a PGP is also fine tho<br>Signal on steroids => <a href="https://mas.to/tags/Molly" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Molly</span></a>-FOSS with <a href="https://mas.to/tags/Orbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Orbot</span></a> via <a href="https://mas.to/tags/tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tor</span></a> 💡<a href="https://mas.to/tags/metadatamatters" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>metadatamatters</span></a> <a href="https://mas.to/tags/privacymatters" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacymatters</span></a> <a href="https://mas.to/tags/sidechannelsmatter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sidechannelsmatter</span></a><br>One could also send PGP messages via Signal/Molly 🤣 💡</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://social.glitched.systems/@froge" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>froge</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@fj" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>fj</span></a></span> I'm not replacing <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> with <em>"random tools"</em> but good options.</p><p>Like <span class="h-card" translate="no"><a href="https://chaos.social/@delta" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>delta</span></a></span> & <span class="h-card" translate="no"><a href="https://mastodon.online/@thunderbird" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>thunderbird</span></a></span> as well as <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>monocles</span></a></span> / <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monoclesChat</span></a> & <span class="h-card" translate="no"><a href="https://fosstodon.org/@gajim" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>gajim</span></a></span> which work flawlessly over <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a> using <span class="h-card" translate="no"><a href="https://fosstodon.org/@tails" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tails</span></a></span> / <span class="h-card" translate="no"><a href="https://venera.social/profile/tails_live" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tails_live</span></a></span> / <a href="https://infosec.space/tags/Tails" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tails</span></a> and <span class="h-card" translate="no"><a href="https://social.librem.one/@guardianproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>guardianproject</span></a></span> / <a href="https://infosec.space/tags/Orbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Orbot</span></a> respectably.</p><ul><li>Also these allow not only <a href="https://infosec.space/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfHosting</span></a> but just work and I'd highly recommend <a href="https://infosec.space/tags/monocles" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monocles</span></a> as a hoster which finances iself by users paying <em>and</em> allows <a href="https://infosec.space/tags/anonymous" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>anonymous</span></a> accoubts & payments including not just <a href="https://infosec.space/tags/Monero" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Monero</span></a> but also <a href="https://infosec.space/tags/CashByMail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CashByMail</span></a>!</li></ul><p>Considering the costs of even acquiring and upkeeping an <a href="https://infosec.space/tags/anonymous" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>anonymous</span></a> <a href="https://infosec.space/tags/SIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SIM</span></a>, I'd rather pay €2 p.m. for <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OMEMO</span></a> and <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PGP</span></a>/MIME-supported <a href="https://infosec.space/tags/eMail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eMail</span></a> with the option of self-custody than $2,50+ p.m. just to keep a phone number.</p><ul><li>Plus I don't run around with a <a href="https://infosec.space/tags/tracking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tracking</span></a> device that could be used to <a href="https://infosec.space/tags/deanonymize" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>deanonymize</span></a> me any second...</li></ul><p>Or is anyone here expecting <span class="h-card" translate="no"><a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Mer__edith</span></a></span> to <a href="https://infosec.space/@kkarhan/114220798961806961" rel="nofollow noopener" target="_blank">risk jail for life</a> amd not comply with <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudAct</span></a>?</p><ul><li>If <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Signal</span></a> was as secure as advertised, it would've been shutdown like <a href="https://infosec.space/tags/EncroChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EncroChat</span></a> and <a href="https://infosec.space/tags/SkyECC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SkyECC</span></a>!</li></ul><p>It <em>stenches</em> like <a href="https://infosec.space/tags/AN%C3%98M" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ANØM</span></a>, because <em>NOTHING IS FOR FREE</em> and running a <a href="https://infosec.space/tags/VCmoneyBurningParty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VCmoneyBurningParty</span></a> is expensive...</p>
Lazy beardude<p>Snowflake proxy update 6</p><p>Uptime: 7d 08:27<br>Total download bandwidth donated: ~1.07 TiB (1.18 TB)<br>Total upload bandwidth donated: ~1.12 TiB (1.23 TB)</p><p>Finally, a week has passed... I dunno. It just feels really awesome to do this for free.</p><p><a href="https://mastodon.social/tags/torproject" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>torproject</span></a> <a href="https://mastodon.social/tags/snowflake" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>snowflake</span></a> <a href="https://mastodon.social/tags/tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tor</span></a> <a href="https://mastodon.social/tags/onion" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>onion</span></a> <a href="https://mastodon.social/tags/snowflakeproxy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>snowflakeproxy</span></a> <a href="https://mastodon.social/tags/proxmox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>proxmox</span></a> <a href="https://mastodon.social/tags/gnu" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gnu</span></a> <a href="https://mastodon.social/tags/freesoftware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freesoftware</span></a> <a href="https://mastodon.social/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>opensource</span></a> <a href="https://mastodon.social/tags/foss" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>foss</span></a> <a href="https://mastodon.social/tags/tails" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tails</span></a> <a href="https://mastodon.social/tags/tailsos" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tailsos</span></a> <a href="https://mastodon.social/tags/linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>linux</span></a> <a href="https://mastodon.social/tags/torbrowser" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>torbrowser</span></a> <a href="https://mastodon.social/tags/orbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>orbot</span></a> <a href="https://mastodon.social/tags/censorship" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>censorship</span></a> <a href="https://mastodon.social/tags/anticensor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>anticensor</span></a> <a href="https://mastodon.social/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> <a href="https://mastodon.social/tags/anonymity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>anonymity</span></a> <a href="https://mastodon.social/tags/deepweb" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>deepweb</span></a> <a href="https://mastodon.social/tags/darkweb" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>darkweb</span></a> <a href="https://mastodon.social/tags/debian" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>debian</span></a> <a href="https://mastodon.social/tags/fedora" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fedora</span></a> <a href="https://mastodon.social/tags/fedoralinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fedoralinux</span></a> <a href="https://mastodon.social/tags/golang" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>golang</span></a> <a href="https://mastodon.social/tags/javascript" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>javascript</span></a></p>
Kevin Karhan :verified:<p><a href="https://infosec.space/tags/WhatsMissing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WhatsMissing</span></a>: A tool to check if <a href="https://infosec.space/tags/TorBridges" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TorBridges</span></a> are still available/online/reachable that one can use either <a href="https://infosec.space/tags/standalone" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>standalone</span></a> (with <a href="https://infosec.space/tags/TorBrowser" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TorBrowser</span></a> and/or <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a> Expert Bundle) or on <span class="h-card" translate="no"><a href="https://venera.social/profile/tails_live" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tails_live</span></a></span> / <span class="h-card" translate="no"><a href="https://fosstodon.org/@tails" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tails</span></a></span> / <a href="https://infosec.space/tags/Tails" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tails</span></a>. </p><ul><li>Cuz I do run into issues and kinda want to sort <a href="https://infosec.space/tags/Bridges" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Bridges</span></a> by availability so I don't waste time on a <a href="https://infosec.space/tags/TorBridge" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TorBridge</span></a> that is down and also thin-out the list of bridges that ain't online anymore.</li></ul><p>Whilst I do acknowledge that <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> do disrecommend having a huge list of Tor Bridges on hand, I do regularly need them for contacts who are behind a <a href="https://infosec.space/tags/GreatFirewall" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GreatFirewall</span></a> and can't <a href="https://infosec.space/tags/SSH" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SSH</span></a>-Tunnel out of it.</p><ul><li>Sadly <a href="https://infosec.space/tags/BridgeDB" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BridgeDB</span></a> <a href="https://bridges.torproject.org" rel="nofollow noopener" target="_blank">doesn't offer</a> good <a href="https://infosec.space/tags/filtering" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>filtering</span></a> options so one can't just query types effectively like <em>"I need <a href="https://infosec.space/tags/webtunnel" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>webtunnel</span></a> on <a href="https://infosec.space/tags/IPv4" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IPv4</span></a>"</em> or <em>"I can only use Ports 80 & 443 on <a href="https://infosec.space/tags/IPv6" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IPv6</span></a>"</em> which may work.</li></ul><p>Espechally being able to filter for <a href="https://infosec.space/tags/IPv4only" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IPv4only</span></a> and not just <a href="https://infosec.space/tags/IPv6only" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IPv6only</span></a> is something I miss, alongside the filter for <a href="https://infosec.space/tags/PluggableTransports" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PluggableTransports</span></a> type as <span class="h-card" translate="no"><a href="https://social.librem.one/@guardianproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>guardianproject</span></a></span> <a href="https://infosec.space/tags/Orbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Orbot</span></a> seems to only handle <a href="https://infosec.space/tags/obfs4" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>obfs4</span></a> and not webtunnel or <a href="https://infosec.space/tags/meek" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>meek</span></a> at all...</p><ul><li>I'm pretty certain that merely pinging a bridge at it's port isn't working as a shure-fire way to check for it's availability.</li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.social/@truls46" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>truls46</span></a></span> <em><a href="https://infosec.space/tags/facehoof" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>facehoof</span></a></em></p><ul><li>Deshalb schaut mensch vorher sich um.</li></ul><p>Ich <a href="https://github.com/greyhat-academy/lists.d/blob/main/xmpp.servers.list.tsv" rel="nofollow noopener" target="_blank">empfehle nur Server die ich selbst getestet habe</a>, außerdem hilft <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a> & <span class="h-card" translate="no"><a href="https://social.librem.one/@guardianproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>guardianproject</span></a></span> / <a href="https://infosec.space/tags/Orbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Orbot</span></a> dabei, diese idealerweise als <a href="https://infosec.space/tags/OnionService" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OnionService</span></a> zu erreichen.</p><ul><li>Wo keine <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> wie <a href="https://infosec.space/tags/Telefonnummer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Telefonnummer</span></a> oder <a href="https://infosec.space/tags/IPs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IPs</span></a> verlangt, abgefragt, übermittelt oder gespeichert werden, können diese auch nicht ausgehändigt werden.</li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.social/@Beggarmidas" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Beggarmidas</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@Em0nM4stodon" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Em0nM4stodon</span></a></span> personally, I do consider <a href="https://infosec.space/tags/Smartphones" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Smartphones</span></a> an attack vector and recommend everyone to use <span class="h-card" translate="no"><a href="https://venera.social/profile/tails_live" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tails_live</span></a></span> / <span class="h-card" translate="no"><a href="https://fosstodon.org/@tails" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tails</span></a></span> / <a href="https://infosec.space/tags/Tails" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tails</span></a> or at least <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a> via <span class="h-card" translate="no"><a href="https://social.librem.one/@guardianproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>guardianproject</span></a></span> / <a href="https://infosec.space/tags/Orbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Orbot</span></a> and ideally open, <a href="https://infosec.space/tags/PublicWiFi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PublicWiFi</span></a> like <span class="h-card" translate="no"><a href="https://social.freifunk.net/@freifunk" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>freifunk</span></a></span> / <a href="https://infosec.space/tags/freifunk" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>freifunk</span></a>.</p><p>Fortunately, <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>monocles</span></a></span> / <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monoclesChat</span></a> integrates Orbot Support so it's just a few taps to get <a href="https://docs.monocles.eu/apps/chat.app/#use_with_tor" rel="nofollow noopener" target="_blank">everything tunned through Tor</a>!</p><p><a href="https://docs.monocles.eu/apps/torify.app/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">docs.monocles.eu/apps/torify.a</span><span class="invisible">pp/</span></a></p><p>If <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> cared, they would've <a href="https://infosec.space/tags/decentralized" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>decentralized</span></a> <em>and</em> put their backend on Tor and not demand <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> like a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a>.</p>
Kevin Karhan :verified:<p>Addendum: Funzt wieder. Danke an <span class="h-card" translate="no"><a href="https://chaos.social/@Natanox" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Natanox</span></a></span> !</p> <p>Weiß irgendwer warum der <a href="https://infosec.space/tags/Jabber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Jabber</span></a> / <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XMPP</span></a>-<a href="https://infosec.space/tags/Server" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Server</span></a> vom <a href="https://infosec.space/tags/CCC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CCC</span></a> / <span class="h-card" translate="no"><a href="https://social.bau-ha.us/@CCC" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>CCC</span></a></span> nicht unter dessen <code>.onion</code> - Domain via <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a> erreichbar ist?<br><a href="https://infosec.space/@kkarhan/113974956128605484" translate="no" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.space/@kkarhan/1139749</span><span class="invisible">56128605484</span></a></p><p>Ist das nen <a href="https://infosec.space/tags/Bug" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Bug</span></a> von <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>monocles</span></a></span> / <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monoclesChat</span></a>, <span class="h-card" translate="no"><a href="https://social.librem.one/@guardianproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>guardianproject</span></a></span> <a href="https://infosec.space/tags/Orbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Orbot</span></a> oder warum 404'd das?</p><p><a href="https://infosec.space/tags/FollowerPower" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FollowerPower</span></a>: :boost_ok: </p><p><a href="https://infosec.space/tags/OnionService" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OnionService</span></a> <a href="https://infosec.space/tags/Debug" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Debug</span></a> <a href="https://infosec.space/tags/Debugging" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Debugging</span></a></p>
Kevin Karhan :verified:<p>Issues aside it's now 15 years since I started using <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a> / <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> & <span class="h-card" translate="no"><a href="https://social.librem.one/@guardianproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>guardianproject</span></a></span> / <a href="https://infosec.space/tags/Orbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Orbot</span></a> on <a href="https://infosec.space/tags/Android" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Android</span></a> full-time.</p><ul><li>Not just for <a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a>, but because it acts as a <a href="https://infosec.space/tags/PerformanceProxy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PerformanceProxy</span></a> on <a href="https://infosec.space/tags/throttled" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>throttled</span></a> <a href="https://infosec.space/tags/German" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>German</span></a> mobile networks!</li></ul><p>Because in <a href="https://infosec.space/tags/EDGEland" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EDGEland</span></a> they yeet users to 64kBit/s if not even lower to 16kBit/s past paid bandwith and instead of properly renegotiating the bandwith, they trottle connections by reducing the packet rate / dropping packets, making it as <a href="https://infosec.space/tags/laggy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>laggy</span></a> as a <a href="https://infosec.space/tags/GSO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GSO</span></a>-based <a href="https://infosec.space/tags/SATCOM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SATCOM</span></a> connection! </p><ul><li>On top of that, almost all <a href="https://infosec.space/tags/MNO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MNO</span></a>|s & <a href="https://infosec.space/tags/MVNO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MVNO</span></a>|s illegally use RFC1918 Address space, *espechally <code>10.0.0.0/8</code> for <a href="https://infosec.space/tags/CGNAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CGNAT</span></a>, thus bricking <a href="https://infosec.space/tags/VPN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VPN</span></a>|s and sadly <span class="h-card" translate="no"><a href="https://social.bund.de/@BNetzA" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>BNetzA</span></a></span> doesn't really give a damn!</li></ul>
Kevin Karhan :verified:<p>Also friendly reminder for <a href="https://infosec.space/tags/developers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>developers</span></a> of <a href="https://infosec.space/tags/Apps" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Apps</span></a> using <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a> and/or accessing <a href="https://infosec.space/tags/OnionServices" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OnionServices</span></a> using <span class="h-card" translate="no"><a href="https://social.librem.one/@guardianproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>guardianproject</span></a></span> / <a href="https://infosec.space/tags/Orbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Orbot</span></a>:</p><ul><li>Set <a href="https://infosec.space/tags/DNS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DNS</span></a> to <code>localhost:5400</code> unless you want it to <a href="https://infosec.space/tags/leak" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>leak</span></a> the use of Tor.</li></ul><p>You may trust <span class="h-card" translate="no"><a href="https://mastodon.online/@mullvadnet" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>mullvadnet</span></a></span> but even they can't resolve <code>…onion</code> (and likely wouldn't <em>even if it was that simple</em>) because <a href="https://en.m.wikipedia.org/wiki/.onion" rel="nofollow noopener" target="_blank"><em>that's how it works!</em></a></p>
Preston Maness ☭<p><span class="h-card" translate="no"><a href="https://social.mcwhirter.io/@craige" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>craige</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@jwz" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>jwz</span></a></span> <span class="h-card" translate="no"><a href="https://darmstadt.social/@claudius" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>claudius</span></a></span> <span class="h-card" translate="no"><a href="https://xoxo.zone/@mathowie" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>mathowie</span></a></span> I've played with <a href="https://tenforward.social/tags/SimpleX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SimpleX</span></a> chat before. I don't know if it's ready for primetime yet, but I'd definitely keep an eye on it. As it stands, I'd love to recommend <a href="https://tenforward.social/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Signal</span></a> <a href="https://tenforward.social/tags/SignalMessenger" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SignalMessenger</span></a>, because I think it has better UX (and less metadata via sealed sender) than <a href="https://tenforward.social/tags/Matrix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Matrix</span></a> with its <a href="https://tenforward.social/tags/Element" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Element</span></a> client. But Matrix does not require phone numbers. So, my current recommendation to anybody organizing vulnerable people is to use Matrix rather than Signal, and to ensure that users run it over <a href="https://tenforward.social/tags/tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tor</span></a> via the <a href="https://tenforward.social/tags/orbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>orbot</span></a> app.</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://chaos.social/@wmd" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>wmd</span></a></span> <span class="h-card" translate="no"><a href="https://denden.world/@miqokin" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>miqokin</span></a></span> also the <a href="https://chaos.social/@wmd/113899197317600561" rel="nofollow noopener" target="_blank">same Issues</a> are by my own experience are better solved via <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a>, <span class="h-card" translate="no"><a href="https://social.librem.one/@guardianproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>guardianproject</span></a></span> 's <a href="https://infosec.space/tags/Orbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Orbot</span></a> & <span class="h-card" translate="no"><a href="https://infosec.exchange/@micahflee" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>micahflee</span></a></span> 's <a href="https://infosec.space/tags/OnionShare" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OnionShare</span></a> just to name a few.</p><ul><li>Not to mention most <a href="https://infosec.space/tags/MobileNetworks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MobileNetworks</span></a> <em>illegally</em> use <a href="https://infosec.space/tags/RFC1918" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RFC1918</span></a> space like 10.0.0.0/8 for <a href="https://infosec.space/tags/CGNAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CGNAT</span></a>, <em>intentionally bricking</em> <a href="https://infosec.space/tags/VPN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VPN</span></a>|s in order to force <a href="https://infosec.space/tags/progessionals" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>progessionals</span></a> and <a href="https://infosec.space/tags/businesses" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>businesses</span></a> in way more expensive contracts as they need a <em>"real" VPN</em> for work...</li></ul>
Preston Maness ☭<p><span class="h-card" translate="no"><a href="https://social.wildeboer.net/@jwildeboer" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>jwildeboer</span></a></span> Additional recommendations for hardening your <a href="https://tenforward.social/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Signal</span></a> <a href="https://tenforward.social/tags/SignalMessenger" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SignalMessenger</span></a> application:</p><p>* Also install <a href="https://tenforward.social/tags/Orbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Orbot</span></a>, and have all Signal traffic routed through it.<br>* Configure Orbot to *not* use reduced padding.<br>* Configure Orbot to use different routes for all hosts, ports, and clients.<br>* Configure the Orbot VPN to be always-on (Android VPN settings).<br>* Configure Signal to allow sealed sender from anybody.<br>* Configure Signal to require PIN for re-registration.<br>* Configure Signal's chat defaults to erase after a certain period of time.</p><p>Signal is a big juicy target with tons of metadata about who is talking to who going over the wire at any given time. The contents of the communication are encrypted, but the metadata is not. And remember: "we kill people based on metadata" (<a href="https://abcnews.go.com/blogs/headlines/2014/05/ex-nsa-chief-we-kill-people-based-on-metadata" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">abcnews.go.com/blogs/headlines</span><span class="invisible">/2014/05/ex-nsa-chief-we-kill-people-based-on-metadata</span></a>). If the fascists are willing to kill people based off of metadata, then they're certainly willing to surveil, harass, arrest, and imprison people based off of metadata.</p><p>These hardening efforts make building up a social graph from metadata more difficult. Unfortunately, you have to do it yourself, as Signal has made it clear on multiple occasions that it does not view network-layer anonymity as within its scope:</p><p>>Signal instantly dismissed my report, saying it wasn't their responsibility and it was up to users to hide their identity: "Signal has never attempted to fully replicate the set of network-layer anonymity features that projects like Wireguard, Tor, and other open-source VPN software can provide".<br>><br>><a href="https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">gist.github.com/hackermondev/4</span><span class="invisible">5a3cdfa52246f1d1201c1e8cdef6117</span></a></p><p><span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span></p>
Preston Maness ☭<p><span class="h-card" translate="no"><a href="https://tech.lgbt/@Schnur" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Schnur</span></a></span> All <a href="https://tenforward.social/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Signal</span></a> <a href="https://tenforward.social/tags/SignalMessenger" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SignalMessenger</span></a> traffic goes through <a href="https://tenforward.social/tags/Orbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Orbot</span></a> VPN. So I use <a href="https://tenforward.social/tags/tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tor</span></a> every day. <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.online/@zdl" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>zdl</span></a></span> <span class="h-card" translate="no"><a href="https://hachyderm.io/@evacide" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>evacide</span></a></span> that any the fact that <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> is incorportated in the <a href="https://infosec.space/tags/USA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>USA</span></a>, making them susceptible to <a href="https://infosec.space/tags/GDPR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GDPR</span></a> & <a href="https://infosec.space/tags/BDSG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BDSG</span></a>-incompatible <a href="https://infosec.space/tags/cyberfacist" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberfacist</span></a> bs like <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudAct</span></a>.</p><ul><li>If <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Signal</span></a> cared, they'd completely <a href="https://infosec.space/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> <a href="https://infosec.space/tags/backend" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>backend</span></a> and <a href="https://infosec.space/tags/frontend" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>frontend</span></a> as well as <a href="https://infosec.space/tags/decentralize" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>decentralize</span></a> and refuse to collect any <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> (like <a href="https://infosec.space/tags/PhoneNumers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumers</span></a>) <em>at all</em>!</li></ul><p>Remember: <a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KYC</span></a> <em>IS</em> THE ILLICIT ACTIVITY when it comes to <a href="https://infosec.space/tags/Communication" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Communication</span></a>!</p><ul><li>To me Signal has a stench like <a href="https://infosec.space/tags/CryptoAG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CryptoAG</span></a> (aka. <a href="https://infosec.space/tags/MINERVA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MINERVA</span></a> / <a href="https://infosec.space/tags/RUBIKON" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RUBIKON</span></a>), <a href="https://infosec.space/tags/EncroChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EncroChat</span></a> and espechally <a href="https://infosec.space/tags/AN%C3%98M" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ANØM</span></a> (aka. <a href="https://infosec.space/tags/OperationIronside" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OperationIronside</span></a> / <a href="https://infosec.space/tags/OperationTr%C3%B8janShield" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OperationTrøjanShield</span></a>)...</li></ul><p>Compare that to <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>monocles</span></a></span> / <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monoclesChat</span></a> which don't demand any PII or KYC and allow people to pay for their services with <a href="https://infosec.space/tags/Monero" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Monero</span></a> and <a href="https://infosec.space/tags/CashByMail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CashByMail</span></a> besides <a href="https://infosec.space/tags/SEPA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SEPA</span></a> <a href="https://infosec.space/tags/WireTransfer" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WireTransfer</span></a>, <a href="https://infosec.space/tags/Stripe" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Stripe</span></a> & <a href="https://infosec.space/tags/PayPal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PayPal</span></a> whilst supporting both decentralization (<a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XMPP</span></a> is not a <a href="https://infosec.space/tags/SingleVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SingleVendor</span></a> / <a href="https://infosec.space/tags/SingleProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SingleProvider</span></a> solution!), implementing real <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfCustody</span></a> (<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OMEMO</span></a>, <a href="https://infosec.space/tags/OTR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OTR</span></a> & <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PGP</span></a> is supported out of the box) for all the keys, and proper <a href="https://infosec.space/tags/Anonymitiy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Anonymitiy</span></a> (using <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a> & <span class="h-card" translate="no"><a href="https://social.librem.one/@guardianproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>guardianproject</span></a></span> <a href="https://infosec.space/tags/Orbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Orbot</span></a> for <a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a>), so in case they ever get a <em>duely sumitted warrant</em> by a court they'd have to comply with, they'll most likely have no data whatsoever on clients that could allow identification.</p><ul><li>And that <em>is</em> a good thing, because whilst <em>very unlikely</em>, one cannot exclude the non-zero chance of i.e. <a href="https://infosec.space/tags/MLAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MLAT</span></a>|s being filed with knowingly false information by 3rd countries.</li></ul><p>Also having no PII is a matter of reducing <a href="https://infosec.space/tags/liability" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>liability</span></a> in the sense of <a href="https://infosec.space/tags/DataProtection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DataProtection</span></a>: All data requested and by <a href="https://infosec.space/tags/monocles" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monocles</span></a> is the bare minimum mandated for <a href="https://infosec.space/tags/accounting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>accounting</span></a> (i.e. only linking a payment like a <a href="https://infosec.space/tags/TxID" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TxID</span></a> / Transaction-ID to an account and then adding up validity/activation period).</p><ul><li>And since running a <a href="https://infosec.space/tags/Service" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Service</span></a> <em>costs money</em>, the low <a href="https://infosec.space/tags/subscription" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>subscription</span></a> to their <a href="https://infosec.space/tags/Services" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Services</span></a> makes them independent from <a href="https://infosec.space/tags/ads" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ads</span></a>, <a href="https://infosec.space/tags/crawling" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>crawling</span></a> / <a href="https://infosec.space/tags/espionage" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>espionage</span></a> against <a href="https://infosec.space/tags/customers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>customers</span></a> and depending on <a href="https://infosec.space/tags/grants" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>grants</span></a> and <a href="https://infosec.space/tags/donations" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>donations</span></a> to keep the lights on, making it a <a href="https://infosec.space/tags/sustainable" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sustainable</span></a> <a href="https://infosec.space/tags/business" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>business</span></a>...</li></ul>
Kevin Karhan :verified:LGBTQ discrimination, USPol, the future of social media
Dawn Tåke 🌙 :sparkletrans:<p>Posted a thing on VPNs! Just my experiences with them,</p><p><a href="https://paper.wf/tourma/sticking-it-to-the-man" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">paper.wf/tourma/sticking-it-to</span><span class="invisible">-the-man</span></a></p><p><a href="https://tech.lgbt/tags/TourmaLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TourmaLinux</span></a> <a href="https://tech.lgbt/tags/MullVad" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MullVad</span></a> <a href="https://tech.lgbt/tags/ProtonMail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ProtonMail</span></a> <a href="https://tech.lgbt/tags/DuckDuckGo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DuckDuckGo</span></a> <a href="https://tech.lgbt/tags/DDG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DDG</span></a> <a href="https://tech.lgbt/tags/OrBot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OrBot</span></a> <a href="https://tech.lgbt/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a></p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload