Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>signalapp</span></a></span> no it's not.</p><ul><li>Otherwise <a href="https://infosec.space/tags/OrganizedCrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OrganizedCrime</span></a> would choose <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Signal</span></a> so hard, you'd be shutdown within weeks by the <a href="https://infosec.space/tags/FBI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FBI</span></a> and <span class="h-card" translate="no"><a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Mer__edith</span></a></span> would be forced to <em>"pull a <a href="https://infosec.space/tags/LavaBit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LavaBit</span></a>"</em> and face jailtime for obstruction of justice or snitch on users! </li></ul><p>Being a <a href="https://infosec.space/tags/centralized" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>centralized</span></a>, <a href="https://infosec.space/tags/SingleVendor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SingleVendor</span></a> & <a href="https://infosec.space/tags/SingleProvider" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SingleProvider</span></a> solution subject to <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudAct</span></a> makes you inherently vulnerable <em>by your own choice</em> and thus trivial to shutdown compared to <em>real <a href="https://infosec.space/tags/E2EE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>E2EE</span></a></em> with <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SelfCustody</span></a> of all the keys and true <a href="https://infosec.space/tags/decentralization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>decentralization</span></a> as well as <a href="https://infosec.space/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SelfHosting</span></a> (i.e. <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGP</span></a>/MIME [see <span class="h-card" translate="no"><a href="https://chaos.social/@delta" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>delta</span></a></span> / <a href="https://infosec.space/tags/deltaChat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>deltaChat</span></a> et. al.] and <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OMEMO</span></a> [see <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>monocles</span></a></span> / <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>monoclesChat</span></a> et. al.]!)</p><ul><li>Plus neither of those <a href="https://www.youtube.com/watch?v=0DSGq9FQKU4" rel="nofollow noopener noreferrer" target="_blank">shill</a> <a href="https://infosec.space/tags/Shitcoin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Shitcoin</span></a>-<a href="https://infosec.space/tags/Scams" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Scams</span></a> <a href="https://www.youtube.com/watch?v=tJoO2uWrX1M" rel="nofollow noopener noreferrer" target="_blank">like</a> <a href="https://infosec.space/tags/MobileCoin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MobileCoin</span></a>! </li></ul><p>And don't even get me started on you collecting <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PII</span></a> (espechally <a href="https://infosec.space/tags/PhoneNumbers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PhoneNumbers</span></a>) <em>for no valid reason</em>, (thus violating <a href="https://infosec.space/tags/GDPR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GDPR</span></a> & <a href="https://infosec.space/tags/BDSG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BDSG</span></a>)...</p><ul><li>Not to mention relying ob <a href="https://infosec.space/tags/charity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>charity</span></a> and being a <a href="https://infosec.space/tags/VCmoneyBurningParty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VCmoneyBurningParty</span></a> isn't sustainable to begin with!</li></ul><p>But yeah, I'll be patient to shout <em>"<a href="https://infosec.space/tags/ToldYaSo" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ToldYaSo</span></a>"</em> to your annoying cult of fanboys!</p>
Recent searches
No recent searches
Search options
Only available when logged in.
shakedown.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A community for live music fans with roots in the jam scene. Shakedown Social is run by a team of volunteers (led by @clifff and @sethadam1) and funded by donations.
Administered by:
Server stats:
291active users
shakedown.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.4
#pgp
8 posts · 4 participants · 0 posts today
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://hachyderm.io/@janet_catcus" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>janet_catcus</span></a></span> <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGP</span></a> may be a good option if you don't want to deal with half a dozen <a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OMEMO</span></a> keys...</p>
Kevin Karhan :verified:<p>Seriously, <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Signal</span></a> fans are just <a href="https://infosec.space/tags/cultists" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cultists</span></a> who are unwilling to even consider the possibility that <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>signalapp</span></a></span> as a <a href="https://infosec.space/tags/VCmoneyBurningParty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VCmoneyBurningParty</span></a> isn't sustainable or that <span class="h-card" translate="no"><a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Mer__edith</span></a></span> and her predecessor, <a href="https://infosec.space/tags/Shitcoin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Shitcoin</span></a>-<a href="https://infosec.space/tags/Scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Scam</span></a> - shilling <a href="https://infosec.space/tags/CryptoBro" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CryptoBro</span></a> <a href="https://infosec.space/tags/Moxie" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Moxie</span></a> ain't their best friends and would happily <a href="https://web.archive.org/web/20210606070919/twitter.com/thegrugq/status/1085614812581715968" rel="nofollow noopener noreferrer" target="_blank">risk jail for them</a>.</p><ul><li>I may sound like <a href="https://de.wikipedia.org/wiki/Hans_B%C3%BChler_(Kaufmann)" rel="nofollow noopener noreferrer" target="_blank">Hans Bühler</a> at this point, but <a href="https://youtube.com/watch?v=tJoO2uWrX1M" rel="nofollow noopener noreferrer" target="_blank">Signal has a stench</a> that is very much reminiscent of <a href="https://infosec.space/tags/AN%C3%98M" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ANØM</span></a> & <a href="https://infosec.space/tags/CryptoAG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CryptoAG</span></a>!</li></ul><p>I <a href="https://infosec.space/tags/ToldYaSo" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ToldYaSo</span></a> and when the evidence is there, I do expect public apologies from every single one of you shills that <a href="https://infosec.space/@kkarhan/111968251463697943" rel="nofollow noopener noreferrer" target="_blank">live</a> on a <em>"<a href="https://infosec.space/tags/TrustMeBro" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TrustMeBro</span></a>!"</em> mentality believing every <a href="https://www.youtube.com/watch?v=G1thc5DSHwA" rel="nofollow noopener noreferrer" target="_blank">advertising lie</a>!</p><ul><li>Teach kids proper <a href="https://infosec.space/tags/TechLiteracy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechLiteracy</span></a> instead and <em>get gud</em> at it. Do a <span class="h-card" translate="no"><a href="https://mastodon.earth/@cryptoparty" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>cryptoparty@mastodon.earth</span></a></span> / <span class="h-card" translate="no"><a href="https://chaos.social/@cryptoparty" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>cryptoparty@chaos.social</span></a></span> / <a href="https://infosec.space/tags/CryptoParty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CryptoParty</span></a> and use <em>real <a href="https://infosec.space/tags/E2EE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>E2EE</span></a></em> like <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGP</span></a>/MIME & <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OMEMO</span></a> FFS!</li></ul><p>If Signal was actually secure, it would be used by <a href="https://archive.org/details/darknet_drug_lord" rel="nofollow noopener noreferrer" target="_blank">every</a> <a href="https://pastebin.com/GrV3uYh5" rel="nofollow noopener noreferrer" target="_blank">single</a> <em>"Darknet Drug Lord"</em>! </p><ul><li>But guess why they'd rather <a href="https://www.youtube.com/watch?v=vdab4T_CoN8" rel="nofollow noopener noreferrer" target="_blank">teach</a> stuff like <a href="https://infosec.space/tags/OfflinePGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OfflinePGP</span></a> method instead?</li></ul><p>Because <a href="https://infosec.space/tags/ComSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ComSec</span></a> requires <a href="https://infosec.space/tags/OpSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpSec</span></a>, <a href="https://infosec.space/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> & <a href="https://infosec.space/tags/ITsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ITsec</span></a>!</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@Andromxda" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Andromxda</span></a></span> <span class="h-card" translate="no"><a href="https://fosstodon.org/@mollyim" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>mollyim</span></a></span> no it's not bs and fanboying <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>signalapp</span></a></span> <a href="https://www.youtube.com/watch?v=tJoO2uWrX1M" rel="nofollow noopener noreferrer" target="_blank">isn't going to change that</a>.</p><p>If <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Signal</span></a> was secure it would be the #1 comms tool of organized crime...</p><ul><li>Yet I've only seen <a href="https://infosec.space/tags/TechIlliterates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechIlliterates</span></a> shill it.</li></ul><p>Real professionals use <a href="https://infosec.space/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SelfHosting</span></a> capable, fully <a href="https://infosec.space/tags/FLOSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FLOSS</span></a>'d solutions like <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGP</span></a>/MIME & <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OMEMO</span></a>.</p><ul><li>Again: Demanding <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PII</span></a> like <a href="https://infosec.space/tags/PhoneNumbers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PhoneNumbers</span></a> and shilling a <a href="https://infosec.space/tags/Shitcoin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Shitcoin</span></a>-<a href="https://infosec.space/tags/Scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Scam</span></a> (<a href="https://infosec.space/tags/MobileCoin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MobileCoin</span></a>) makes Signal literally untrustworthy and if it doesn't for you then maybe your standards are just too low... </li></ul><p>It's just me reading the room: Cuz <a href="https://infosec.space/tags/ComSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ComSec</span></a> isn't done woth <em>"JuSt UsE sIgNaL!"</em> and everyone who claims so without pointing out <a href="https://infosec.space/tags/OpSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpSec</span></a>, <a href="https://infosec.space/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> & <a href="https://infosec.space/tags/ITsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ITsec</span></a> is BSing hard.</p><ul><li>The cold hard truth is that <a href="https://infosec.space/tags/TechLiteracy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechLiteracy</span></a> is irreplaceable and the only solution to it is to actually teach normies how to <em>"get gud"</em> with stuff like PGP.</li></ul><p>Fortunatelty, <span class="h-card" translate="no"><a href="https://mastodon.online/@thunderbird" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>thunderbird</span></a></span> and <span class="h-card" translate="no"><a href="https://venera.social/profile/tails_live" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>tails_live</span></a></span> / <span class="h-card" translate="no"><a href="https://fosstodon.org/@tails" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>tails</span></a></span> / <a href="https://infosec.space/tags/Tails" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tails</span></a> and many other tools make that easier than ever before.</p><ul><li>So rather than <a href="https://infosec.exchange/@Andromxda/114232871558517461" rel="nofollow noopener noreferrer" target="_blank">vomiting insults against my intellect in my mentions</a>, go to the next <span class="h-card" translate="no"><a href="https://mastodon.earth/@cryptoparty" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>cryptoparty@mastodon.earth</span></a></span> / <a href="https://infosec.space/tags/Cryptoparty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cryptoparty</span></a> / <span class="h-card" translate="no"><a href="https://chaos.social/@cryptoparty" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>cryptoparty@chaos.social</span></a></span> and lend a hand.</li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.social/@walkinglampshade" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>walkinglampshade</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.world/@jrredho" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>jrredho</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@fj" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>fj</span></a></span> It's basic <a href="https://infosec.space/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a>, really:</p><ul><li><span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>signalapp</span></a></span> has no <em>"<a href="https://infosec.space/tags/LegitimateInterest" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LegitimateInterest</span></a>"</em> to demand <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PII</span></a> like a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PhoneNumber</span></a> and they use and abuse that to restrict functionality of their App (it doesn't matter that they merely claim <em>"comply with <a href="https://infosec.space/tags/sanctions" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sanctions</span></a>"</em> [their <a href="https://infosec.space/tags/MobileCoin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MobileCoin</span></a> <a href="https://infosec.space/tags/Shitcoin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Shitcoin</span></a> <a href="https://infosec.space/tags/Scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Scam</span></a> disqalifies them even more!] because they have the tech to distinguish and discriminate users)...</li></ul><p>Thus <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Signal</span></a> fails at protevting <a href="https://infosec.space/tags/Journalists" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Journalists</span></a> <em>and</em> theor sources because they do have that data and can be <a href="https://infosec.space/tags/subopena" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>subopena</span></a>'d for it if they don't already provide <a href="https://infosec.space/tags/BulkSurveillance" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BulkSurveillance</span></a> & <a href="https://infosec.space/tags/LawfulInterception" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LawfulInterception</span></a> <a href="https://infosec.space/tags/API" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>API</span></a>|s to comply with <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudAct</span></a>. (Or are you guys so naive and believe <span class="h-card" translate="no"><a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Mer__edith</span></a></span> will risk <a href="https://web.archive.org/web/20210606070919/twitter.com/thegrugq/status/1085614812581715968" rel="nofollow noopener noreferrer" target="_blank">dying of old age in jail for non-paying users?</a>)</p><ul><li>This entire <em>"thread vector"</em> just doesn't exist with <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OMEMO</span></a> nor <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGP</span></a>/MIME! </li></ul><p>And if you believe <em>"this won't ne used/abused me because I'm from 'Murica!"</em> and point at <a href="https://infosec.space/tags/AN%C3%98M" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ANØM</span></a> as an example, then you really ignored all tze <a href="https://infosec.space/tags/Cyberfacism" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Cyberfacism</span></a> since 9/11…</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://social.glitched.systems/@froge" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>froge</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@fj" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>fj</span></a></span> I'm not replacing <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>signalapp</span></a></span> with <em>"random tools"</em> but good options.</p><p>Like <span class="h-card" translate="no"><a href="https://chaos.social/@delta" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>delta</span></a></span> & <span class="h-card" translate="no"><a href="https://mastodon.online/@thunderbird" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>thunderbird</span></a></span> as well as <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>monocles</span></a></span> / <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>monoclesChat</span></a> & <span class="h-card" translate="no"><a href="https://fosstodon.org/@gajim" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>gajim</span></a></span> which work flawlessly over <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tor</span></a> using <span class="h-card" translate="no"><a href="https://fosstodon.org/@tails" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>tails</span></a></span> / <span class="h-card" translate="no"><a href="https://venera.social/profile/tails_live" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>tails_live</span></a></span> / <a href="https://infosec.space/tags/Tails" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tails</span></a> and <span class="h-card" translate="no"><a href="https://social.librem.one/@guardianproject" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>guardianproject</span></a></span> / <a href="https://infosec.space/tags/Orbot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Orbot</span></a> respectably.</p><ul><li>Also these allow not only <a href="https://infosec.space/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SelfHosting</span></a> but just work and I'd highly recommend <a href="https://infosec.space/tags/monocles" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>monocles</span></a> as a hoster which finances iself by users paying <em>and</em> allows <a href="https://infosec.space/tags/anonymous" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>anonymous</span></a> accoubts & payments including not just <a href="https://infosec.space/tags/Monero" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Monero</span></a> but also <a href="https://infosec.space/tags/CashByMail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CashByMail</span></a>!</li></ul><p>Considering the costs of even acquiring and upkeeping an <a href="https://infosec.space/tags/anonymous" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>anonymous</span></a> <a href="https://infosec.space/tags/SIM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SIM</span></a>, I'd rather pay €2 p.m. for <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OMEMO</span></a> and <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGP</span></a>/MIME-supported <a href="https://infosec.space/tags/eMail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>eMail</span></a> with the option of self-custody than $2,50+ p.m. just to keep a phone number.</p><ul><li>Plus I don't run around with a <a href="https://infosec.space/tags/tracking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tracking</span></a> device that could be used to <a href="https://infosec.space/tags/deanonymize" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>deanonymize</span></a> me any second...</li></ul><p>Or is anyone here expecting <span class="h-card" translate="no"><a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Mer__edith</span></a></span> to <a href="https://infosec.space/@kkarhan/114220798961806961" rel="nofollow noopener noreferrer" target="_blank">risk jail for life</a> amd not comply with <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudAct</span></a>?</p><ul><li>If <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Signal</span></a> was as secure as advertised, it would've been shutdown like <a href="https://infosec.space/tags/EncroChat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EncroChat</span></a> and <a href="https://infosec.space/tags/SkyECC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SkyECC</span></a>!</li></ul><p>It <em>stenches</em> like <a href="https://infosec.space/tags/AN%C3%98M" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ANØM</span></a>, because <em>NOTHING IS FOR FREE</em> and running a <a href="https://infosec.space/tags/VCmoneyBurningParty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VCmoneyBurningParty</span></a> is expensive...</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.social/@fj" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>fj</span></a></span> I still think <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>signalapp</span></a></span> has fundamental flaws like demanding <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PII</span></a> (<a href="https://infosec.space/tags/PhoneNumbers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PhoneNumbers</span></a> can't be obtained anonymously around the globe <em>and</em> are trivial to track down to devices and thus users), being subject to <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudAct</span></a> as an <em>unnecessary & 100% avoidable risk</em> as well as <a href="https://infosec.space/tags/Shitcoin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Shitcoin</span></a>-<a href="https://infosec.space/tags/Scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Scam</span></a> shilling (<a href="https://infosec.space/tags/MobileCoin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MobileCoin</span></a>) and it's <a href="https://infosec.space/tags/proprietary" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>proprietary</span></a>, <a href="https://infosec.space/tags/SingleVendor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SingleVendor</span></a> & <a href="https://infosec.space/tags/SingleProvider" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SingleProvider</span></a> nature that makes it inferior to <em>real <a href="https://infosec.space/tags/E2EE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>E2EE</span></a> with <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SelfCustody</span></a></em> like <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGP</span></a>/MIME & <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OMEMO</span></a>!</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://hachyderm.io/@osman" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>osman</span></a></span> If your <a href="https://infosec.space/tags/OpSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpSec</span></a>, <a href="https://infosec.space/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a>, <a href="https://infosec.space/tags/ComSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ComSec</span></a> and/or <a href="https://infosec.space/tags/ITsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ITsec</span></a> relies on <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>signalapp</span></a></span> and/or <span class="h-card" translate="no"><a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Mer__edith</span></a></span> <a href="https://web.archive.org/web/20210908180219/https://twitter.com/thegrugq/status/1085614812581715968" rel="nofollow noopener noreferrer" target="_blank">risking jail <em>or worse</em></a>, you fucked up!</p><ul><li>If <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Signal</span></a> was secure, it would've been shutdown like <a href="https://infosec.space/tags/EncroChat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EncroChat</span></a> & <a href="https://infosec.space/tags/SkyECC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SkyECC</span></a>. </li></ul><p>Seriously, to me <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Signal</span></a> stenches <a href="https://infosec.space/tags/Honeypot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Honeypot</span></a> like <a href="https://infosec.space/tags/AN%C3%98M" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ANØM</span></a> & <a href="https://infosec.space/tags/CryptoAG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CryptoAG</span></a>. </p><ul><li>All Signal fans do is <a href="https://infosec.space/tags/FUD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FUD</span></a> <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGP</span></a>/MIME and#XMPP+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OMEMO</span></a> which are truly <a href="https://infosec.space/tags/decentralized" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>decentralized</span></a> and allow real <a href="https://infosec.space/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SelfHosting</span></a> as well as <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SelfCustody</span></a> for complete control of all the data and keys...</li></ul><p>That's why I get people setup with it!</p>
Alexandre Dulaunoy<p>This is hilarious. For years, people criticized PGP for its usability and security risks. And now, after a decade of UX design, Signal introduces usernames, without any visibility into who you're adding. What could possibly go wrong?</p><p><a href="https://infosec.exchange/tags/pgp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>pgp</span></a> <a href="https://infosec.exchange/tags/ux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ux</span></a> <a href="https://infosec.exchange/tags/signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>signal</span></a></p>
Martin<span class="h-card"><a href="https://mathstodon.xyz/users/caten" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@caten@mathstodon.xyz</a></span><br>I prefer the new xeps 0373 and 0374 "OpenPGP for XMPP" (OX) over the old xep 0027, but unfortunately no mobile client supports it yet. Afaik only <a href="https://social.mdosch.de?t=gajim" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#gajim</a> and <a href="https://social.mdosch.de?t=profanity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#profanity</a> support it. <a href="https://social.mdosch.de?t=xmpp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#xmpp</a> <a href="https://social.mdosch.de?t=pgp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pgp</a><br><span class="h-card"><a href="https://mathstodon.xyz/users/caten" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@caten@mathstodon.xyz</a></span><br>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.social/@ip6li" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>ip6li</span></a></span> <span class="h-card" translate="no"><a href="https://social.heise.de/@heiseonline" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>heiseonline</span></a></span> <span class="h-card" translate="no"><a href="https://fosstodon.org/@briar" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>briar</span></a></span> und natürlich <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OMEMO</span></a> sowie <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGP</span></a>/MIME.</p><p>IMHO ist <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>signalapp</span></a></span> eh nen <a href="https://infosec.space/tags/Honeypot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Honeypot</span></a>!</p>
Martin<span class="h-card"><a href="https://mstdn.social/users/rysiek" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@rysiek@mstdn.social</a></span><br>I have long random passwords generated by <a href="https://social.mdosch.de?t=pass" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pass</a>. Those are <a href="https://social.mdosch.de?t=pgp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pgp</a> encrypted and synced via <a href="https://social.mdosch.de?t=ssh" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ssh</a> and version controlled by <a href="https://social.mdosch.de?t=git" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#git</a>.<br>I never switched to passkeys.<br>For <a href="https://social.mdosch.de?t=xmpp" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#xmpp</a> I use <a href="https://social.mdosch.de?t=fast" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#fast</a> which is sort of the same as passkey.<br><span class="h-card"><a href="https://relay.infosec.exchange/actor" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@relay@relay.infosec.exchange</a></span><br>
Charlotte Aten<p>Getting started with XMPP/Jabber and PGP for federated, encrypted messaging</p><p>This is a short thread where I explain how I started using the XMPP protocol and PGP encryption for secure messaging. I am not a security expert, but I am a mathematician and I am confortable with the Linux command line. This guide is for people who want to use PGP for secure messaging easily. You will need to be okay with typing commands into the Linux command line in order to do this, but I will tell you exactly what to enter.</p><p>Part 1: XMPP</p><p>Mastodon is like email, but for social media. You sign up for an account with a server, and then you can talk with any other accounts that are signed up on other servers, as long as your servers are getting along. (No one wants emails from the sketchy spam server, and we want to be able to choose between Yahoo, Gmail, etc.) XMPP (a.k.a. Jabber) is the same thing for text messaging.</p><p>Just like signing up for an email/Mastodon account, you need to sign up for an account. You can find a list of servers at <a href="https://list.jabber.at/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">list.jabber.at/</span><span class="invisible"></span></a> and will probably at least need to provide an email addess when making an account.</p><p>Once you have made an account, you need a client. On Linux, I've been having a good time using Dino (<a href="https://dino.im/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">dino.im/</span><span class="invisible"></span></a>). You can then enter your account name and password to log into your XMPP account and start chatting! There are both public rooms and you can also message directly with your friends.</p><p><a href="https://mathstodon.xyz/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a> <a href="https://mathstodon.xyz/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGP</span></a> <a href="https://mathstodon.xyz/tags/XMPP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>XMPP</span></a> <a href="https://mathstodon.xyz/tags/FOSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FOSS</span></a> <a href="https://mathstodon.xyz/tags/Jabber" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Jabber</span></a> <a href="https://mathstodon.xyz/tags/Dino" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Dino</span></a> <a href="https://mathstodon.xyz/tags/MonoclesChat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MonoclesChat</span></a></p><p>(1/4)</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mstdn.io/@ckrypto" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>ckrypto</span></a></span> if@signalapp@mastodon.world wasn't complying with <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudAct</span></a>, <span class="h-card" translate="no"><a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Mer__edith</span></a></span> would be in jail.</p><p>Not to mention even <em>if</em> Signal keeps their <em>"<a href="https://infosec.space/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a>"</em> code updated - which is <a href="https://www.youtube.com/watch?v=tJoO2uWrX1M&t=887s" rel="nofollow noopener noreferrer" target="_blank">doubtful</a>, <em>NOONE</em> can actually <a href="https://infosec.space/tags/verify" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>verify</span></a> that it's the code you actually use - regardless if <a href="https://infosec.space/tags/backend" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>backend</span></a> / <a href="https://infosec.space/tags/Server" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Server</span></a> or <a href="https://infosec.space/tags/client" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>client</span></a> / <a href="https://infosec.space/tags/App" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>App</span></a>! </p><ul><li><a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Signal</span></a> is as secure as <a href="https://infosec.space/tags/AN%C3%98M" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ANØM</span></a>, otherwise it would've been shutdown ages ago.</li></ul><p>Also if Signal was designed for <a href="https://infosec.space/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a>, it would've been <a href="https://infosec.space/tags/decentralized" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>decentralized</span></a> as <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OMEMO</span></a> and not demand <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PII</span></a> like <a href="https://infosec.space/tags/PhoneNumbers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PhoneNumbers</span></a> which oftentimes cannot be obtained anonymously in many juristictions <em>at all</em>!</p><ul><li>Only <a href="https://infosec.space/tags/MultiVendor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MultiVendor</span></a> & <a href="https://infosec.space/tags/MultiProvider" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MultiProvider</span></a> standards can be secure, regardless if OMEMO or <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGP</span></a>/MIME. </li></ul><p>By comparison, <span class="h-card" translate="no"><a href="https://chaos.social/@delta" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>delta</span></a></span> doesn't require any PII, only an <a href="https://infosec.space/tags/eMail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>eMail</span></a> account, and <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>monocles</span></a></span> isn't a <a href="https://infosec.space/tags/VCmoneyBurningParty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VCmoneyBurningParty</span></a> but sustainable due to <a href="https://infosec.space/tags/subscription" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>subscription</span></a> and they don't even require any personal details for <a href="https://infosec.space/tags/payment" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>payment</span></a>: <a href="https://infosec.space/tags/CashByMail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CashByMail</span></a> and <a href="https://infosec.space/tags/Monero" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Monero</span></a> are accepted.</p><ul><li>Not to mention neither <a href="https://infosec.space/tags/DeltaChat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DeltaChat</span></a> nor <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>monoclesChat</span></a> are <a href="https://www.youtube.com/watch?v=tJoO2uWrX1M&t=424s" rel="nofollow noopener noreferrer" target="_blank">pandering</a> <a href="https://infosec.space/tags/Shitcoin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Shitcoin</span></a> <a href="https://infosec.space/tags/Scams" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Scams</span></a> like <a href="https://infosec.space/tags/MobileCoin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MobileCoin</span></a> that <a href="https://www.youtube.com/watch?v=0DSGq9FQKU4" rel="nofollow noopener noreferrer" target="_blank">don't work</a> even for <a href="https://infosec.space/tags/TechLiterate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechLiterate</span></a> <a href="https://infosec.space/tags/CryptoBros" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CryptoBros</span></a>! </li></ul> <p>Again: It's Signal alone who have to evidence they are trustworthy, and all I get are <em>"<a href="https://infosec.space/tags/TrustMeBro" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TrustMeBro</span></a>!"</em> replies, which means they are not to be trusted.</p><ul><li>Not to mention, it's just not sustainable to run a <a href="https://infosec.space/tags/service" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>service</span></a> without <a href="https://infosec.space/tags/revenue" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>revenue</span></a>, even if it's run entirely by unpaid volunteers and gets all it's <a href="https://infosec.space/tags/hosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hosting</span></a> and <a href="https://infosec.space/tags/costs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>costs</span></a> donated, someone has to pay for expenses due to <a href="https://infosec.space/tags/abuse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>abuse</span></a> of a service (which is an inevitability come mass adoption)...</li></ul><p>Whereas with <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>XMPP</span></a> I can completely setup my own server and client, even build my own if I don't trust anyone else and pay someone to audit the code.</p><ul><li>Signal as a <a href="https://infosec.space/tags/centralized" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>centralized</span></a>, <a href="https://infosec.space/tags/SingleVendor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SingleVendor</span></a> & <a href="https://infosec.space/tags/SingleProvider" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SingleProvider</span></a> service is inevitable vulnerable to <a href="https://infosec.space/tags/RubberhoseCryptoanalysis" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RubberhoseCryptoanalysis</span></a>, and <a href="https://infosec.space/tags/Meredith" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Meredith</span></a> <em>will break</em> if not doing so means <a href="https://web.archive.org/web/20210226175949/https://twitter.com/thegrugq/status/1085614812581715968" rel="nofollow noopener noreferrer" target="_blank">jail for life until she does</a>!</li></ul><p>Whereas with XMPP & PGP/MIME <a href="https://infosec.space/tags/eMail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>eMail</span></a> I can layer <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tor</span></a> over it, make it an <a href="https://infosec.space/tags/OnionService" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OnionService</span></a> and keep that thing under my bed with a <a href="https://www.youtube.com/watch?v=F59iKSrx63c&list=PL2YepVFF1azEYo0c0HdYwykbp_AXchaIp" rel="nofollow noopener noreferrer" target="_blank">literal killswitch</a>...</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://social.chinwag.org/@FediThing" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>FediThing</span></a></span> <span class="h-card" translate="no"><a href="https://pouet.pas.la/@nicoco" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>nicoco</span></a></span> <span class="h-card" translate="no"><a href="https://mstdn.social/@fabiscafe" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>fabiscafe</span></a></span> <span class="h-card" translate="no"><a href="https://linuxmom.net/@vkc" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>vkc</span></a></span> <em>nodds in agreement</em></p><p><em>"Perfect"</em> would be <a href="https://infosec.space/tags/OneTimePad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OneTimePad</span></a>, but that's just not in the cards - period!</p><p><a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OMEMO</span></a> & <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGP</span></a>/MIME are the next-best options that are documented, multi-vendor & multi-provider standardsband offer <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SelfCustody</span></a> of all the keys.</p><p><a href="https://infosec.space/@kkarhan/114177752291377549" translate="no" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.space/@kkarhan/1141777</span><span class="invisible">52291377549</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.social/@Sturmflut" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Sturmflut</span></a></span> <span class="h-card" translate="no"><a href="https://mstdn.social/@fabiscafe" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>fabiscafe</span></a></span> <span class="h-card" translate="no"><a href="https://linuxmom.net/@vkc" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>vkc</span></a></span> </p><p>Or to put it more on the nose: You can be certain that i.e. <span class="h-card" translate="no"><a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Mer__edith</span></a></span> of <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>signalapp</span></a></span> will talk cuz she <a href="https://web.archive.org/web/20210908180219/https://twitter.com/thegrugq/status/1085614812581715968" rel="nofollow noopener noreferrer" target="_blank">can't <em>pull the 5th</em> on behalf of a user</a> and won't go to jail for any of them.</p><p>Whereas if i.e. <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>monocles</span></a></span> (or any <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>XMPP</span></a> provider) got sent an order (and just like <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Signal</span></a> they'd comply if done so duely through legal channels, which is way harder in <a href="https://infosec.space/tags/Germany" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Germany</span></a> than the <a href="https://infosec.space/tags/USA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>USA</span></a> cuz <a href="https://infosec.space/tags/GDPR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GDPR</span></a> & <a href="https://infosec.space/tags/BDSG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BDSG</span></a> & <a href="https://infosec.space/tags/LawfulInterception" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LawfulInterception</span></a> being way stricter than <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudAct</span></a>), if users used <a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OMEMO</span></a> or <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGP</span></a>/MIME, they (or any other provider) literally can't decrypt even when held at gunpoint, because asymetric public-private cryptography was literally designed to not be breakable unless someone managed to MITM comms from the first contact <em>and</em> any verification.</p><ul><li>Which is unlikely to impossible unless one's able to literally isolate and manipulate all comms and means to communicate of at least one party, at which point they'd already have warrants to search everything and don't even bother to try MITMing comms but instead kick in doors.</li></ul><p>But that's a totally different subject of <a href="https://infosec.space/tags/OpSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpSec</span></a> & <a href="https://infosec.space/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a>, not <a href="https://infosec.space/tags/ComSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ComSec</span></a> & <a href="https://infosec.space/tags/ITsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ITsec</span></a> on it's own...</p>
Nova<p>I'd already begun my journey into transforming my online experience: data security, supporting ethical software/services, right to repair, degoogling, federation, etc. (May make ACCESSIBLE guides?)<br>But today was a big milestone for me because I've done something that, in it's current form (possibly on purpose), is pretty frustrating and inaccessible. I'd been eyeing PGP encryption for a variety functional and philosophical reasons (eg the creator was <a href="https://techhub.social/tags/punk" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>punk</span></a> ).<br> So I finally figured out how to make encryption keys, exchanged public keys with contacts, joined an XMPP server (XMPP is a similar federated protocol to email but with an SMS/text feel), downloaded DINO, a GUI (graphical user interface for Linux that does XMPP communication AND supports PGP encryption), signed in, subscribed to my contacts so we could enable PGP-encrypted communication, and started chatting. <br>Now, I can breathe and freely communicate knowing my messages are the most secure they've ever been. </p><p><a href="https://techhub.social/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGP</span></a> <a href="https://techhub.social/tags/DINO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DINO</span></a> <a href="https://techhub.social/tags/XMPP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>XMPP</span></a> <a href="https://techhub.social/tags/encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>encryption</span></a> <a href="https://techhub.social/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://linuxmom.net/@vkc" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>vkc</span></a></span> <em>nodds in agreement</em></p><p>The only safe comms are <em>real <a href="https://infosec.space/tags/E2EE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>E2EE</span></a></em> as in <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OMEMO</span></a> or <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGP</span></a>/MIME with <em><a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SelfCustody</span></a></em> of <em>all the keys</em>!</p>
Tuta<p>🔐 If Privacy is outlawed...</p><p>Here's how you can stop them: 👉 <a href="https://t.co/8z8lI9eRDo" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="">t.co/8z8lI9eRDo</span><span class="invisible"></span></a></p><p><a href="https://mastodon.social/tags/PrivacyMatters" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PrivacyMatters</span></a> <a href="https://mastodon.social/tags/Encryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Encryption</span></a> <a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mastodon.social/tags/TurnOnPrivacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TurnOnPrivacy</span></a> <a href="https://mastodon.social/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGP</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.coffee/@htwj" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>htwj</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Mer__edith</span></a></span> yeah, traded one <a href="https://infosec.space/tags/proproetary" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>proproetary</span></a>, <a href="https://infosec.space/tags/centralized" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>centralized</span></a> <a href="https://infosec.space/tags/SingleVendor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SingleVendor</span></a> & <a href="https://infosec.space/tags/SingleProvider" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SingleProvider</span></a> solution for another.</p><ul><li>Consider <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OMEMO</span></a> (i.e. <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>monocles</span></a></span> / <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>monoclesChat</span></a>) and <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGP</span></a>/MIME (i.e. <span class="h-card" translate="no"><a href="https://chaos.social/@delta" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>delta</span></a></span> / <a href="https://infosec.space/tags/deltaChat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>deltaChat</span></a>) instead...</li></ul>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload