photog.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A place for your photos and banter. Photog first is our motto Please refer to the site rules before posting.

Administered by:

Server stats:

264
active users

#phonenumber

0 posts0 participants0 posts today
Replied in thread

@dave_andersen @AVincentInSpace personally I consider any "#KYC" a risk-factor, and @signalapp has proven their ability and willingness to restrict functionality (i.e. their #Shitcoin-#Scam #MobileCoin) based off said #PhoneNumbers (Cuban, Russian and North Korean Numbers were excluded) which are in fact #PII (even if one doesn't have to #ID for obtaining a #SIM, they are circumstantial PII)...

  • They have neither "legitimate interest" nor legal mandate to collect said data (or to integrate a scammy Shitcoin for that matter) as the discontinuation of #ChatSecure / #TextSecure has eliminated the "technical necessity" to have those.

Either way they either have to yeet #Hegseth as client and/or stop collecting PII like PhoneNumbers - they gotta have to do something

#ITsec is a different story, but unlike #Signal these do not depend on a #PhoneNumber and work through @torproject / #Tor.

  • And I've been using Tor for almost 15 years daily now...
Replied in thread

@dzwiedziu @fj @signalapp not really, as the #Metadata #FUD cited by #Signal is mitigateable with proper measures.

  • You can't even run Signal over @torproject and even if that point is moot when you're forced to quasi-#KYC by virtue of a #PhoneNumber aka. #PII they have neither legitimate interest nor technical reason to demand in the first place!

Every claim that things like #ITsec, #InfoSec, #OpSec & #ComSec can be solved with "Just use Signal!" is "#TechPopulism" at best if not being a "#UsefulIdiot"!

Replied in thread

@pixelcode @taylan Your nonchalant "So what?" gets people publicly murdered by the state in many juristictions...

  • Which is why there is no substitute to teaching proper #TechLiteracy ffs!

If things were so easy as in "JuSt UsE sIgNaL!" then @signalapp would be shut down.

If you do think so then you should really get some professional help, cuz you seem rather lost...

  • #Signal doesn't even bother to have an #OnionService, much less to provide means to use their service without self-doxxing with a #PhoneNumber, which at best is pseudonymous and requires money to attain and maintain...

It's #centralization is an absolute nightmare and mist be deemed as criminally neglectful!

MastodonPixelcode 🇺🇦 (@pixelcode@social.tchncs.de)@kkarhan@infosec.space @taylan@feministwiki.org For every messenger there's the risk of someone finding out that you use that messenger (for example when you download the app without a proxy or when you rent a server for self-hosting). So what? Nothing and no one stops you from voluntarily using Tor to connect to Signal (Orbot, InviZible, Advanced Privacy etc.). For those oppressed by authoritarian regimes, Signal offers easy-to-use censorship-circumvention proxy support built into the app. https://support.signal.org/hc/en-us/articles/360056052052-Proxy-Support
Replied in thread

@Andromxda @pixelcode How can you claim something you can't evidence?

It makes you look like one of those folks shilling #VPN|s that ain't logless after all...

  • I don't believe in #marketing #lies and #Signal can't (and won't) be able to evidence that they don't log shit.

At least they should be honest about things and not claim bs, cuz demanding a #PhoneNumber is just #KYC with extra steps like demanding any #SSN or other #PII. Makes them look like chinese MMORPGs that demand ID card numbers for account signups, thus #paywalling the ability to use their service anonymously...

Infosec ExchangeAndromxda 🇺🇦🇵🇸🇹🇼 (@Andromxda@infosec.exchange)@kkarhan@infosec.space @pixelcode@social.tchncs.de > thus subject to Cloud Act They literally don't store anything about you, other than the phone number you used to sign up, and the timestamp of the last login. They can't fulfill any kind of subpoena, because they simply don't have the data. This was proven in court: https://signal.org/bigbrother/cd-california-grand-jury/ I don't know what your mission is, any why you're constantly spreading misinformation about a secure communications platform, trying to discourage people from using it, without naming alternatives. It's pretty suspicious at the very least.
Replied in thread

@walkinglampshade @jrredho @fj It's basic #InfoSec, really:

Thus #Signal fails at protevting #Journalists and theor sources because they do have that data and can be #subopena'd for it if they don't already provide #BulkSurveillance & #LawfulInterception #API|s to comply with #CloudAct. (Or are you guys so naive and believe @Mer__edith will risk dying of old age in jail for non-paying users?)

  • This entire "thread vector" just doesn't exist with #XMPP+#OMEMO nor #PGP/MIME!

And if you believe "this won't ne used/abused me because I'm from 'Murica!" and point at #ANØM as an example, then you really ignored all tze #Cyberfacism since 9/11…

Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”
Replied in thread

@licho @osman provide evidence the code @signalapp released is actually being deployed.

Not to mention pushing a #Shitcoin-#Scam (#MobileCoin) disqualifies #Signal per very design!
youtube.com/watch?v=tJoO2uWrX1M

  • Given the collection of #PII like #PhoneNumbers, the ability to restrict functionality based off those and the fact that #Signal is subject to #CloudAct make it inherently not trustworthy.

And don't even get me started on the fact.it's not sustainable to run it as a #VCmoneyBurningParty!

Same as identifying users: They already got a #PhoneNumber which in many juristictions one can't even obtain without #ID legally, thus making it super easy to i.e. find and locate a user. Even tze cheapest LEAs can force their local M(V)NOs to #SS7 a specific number...

  • All these are unnecessary risks, that could've been avoided, but explicitly don't even get remediated retroactively!

Again: Signal has a #Honeypot stench, and you better learn proper #E2EE, #SelfCustody and #TechLiteracy because corporations can't pull the 5th [Amendment] on your behalf!

Replied in thread

@lispi314 @dalias @lauren

Not only that, but @signalapp being.located in #Trumpist #USA means they gotta have to follow said laws and that means if flexed upon using #FOSTA & #SESTA or god forbid made-up claims to commit #TransGenocide and prosecute #Trans minors and/or their parents and/or medical professionals, THIS WILL BLOW UP IN THEIR FACES like a grenade used as ball gag and fuse pulled!

For comparison: @monocles doesn't demand #PII like a #PhoneNumber or anything at all and if you don't trust them either (which is fair - never trust anyone, neither Signal nor #monocles nor me!) you can not only choose from various providers but literally #SelfHost your own (even as an #OnionService on @torproject / #Tor) and thus have full control of all the comms.

Replied in thread

@lauren I disagree as @signalapp requires a #PhoneNumber = #PII & cost barrier and they restrict access based off #PhoneNumbers.

  • Plus it's illegal in an increasing number if juristictions to gmeven attempt to acquire a phone number or SIM anonymously.

Whereas it's so easy and fast to get #TechIlliterates setup with #XMPP+#OMEMO (which uninke #Signal doesn't demand PII!) that I'd challenge you to a #speedrun with step-by-step documentation for every #TechIlliterate to follow along to setup Signal from scratch vs. me doing #XMPP+#OMEMO on @monocles @gajim.

Also #Signal being #centralized makes it as vulnerable as any other #SingleVendor & #SingleProvider solution!

  • Whereas even if #monocles were to shutdown, one could easily switch over to any other provider or #SelfHosting.

I'd not count on the #Trump-Regime not flexing #CloudAct against anyone they deem undesireable!

Replied in thread

@Beggarmidas @Em0nM4stodon personally, I do consider #Smartphones an attack vector and recommend everyone to use @tails_live / @tails / #Tails or at least @torproject / #Tor via @guardianproject / #Orbot and ideally open, #PublicWiFi like @freifunk / #freifunk.

Fortunately, @monocles / #monoclesChat integrates Orbot Support so it's just a few taps to get everything tunned through Tor!

docs.monocles.eu/apps/torify.a

If @signalapp cared, they would've #decentralized and put their backend on Tor and not demand #PII like a #PhoneNumber.

docs.monocles.eumonocles chat - monocles Documentation
Replied in thread

@ck @sven222 @kuketzblog problem is @signalapp is a #Centralized, #Proprietary, #SingleVendor & #SingleProvider solution that falls under #CloudAct and demands #PII in the form of #PhoneNumbers.

Cuz all the #advertising of Signal is close to #TrustMeBro and I'd not trust in @Mer__edith to risk jail for users!

  • But you do you...
Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”
Replied in thread

@mortn @kyleirl @Andres@mastodon.hardcoredevs.com @spycrab @shipwreckt @Mer__edith

#FACT:

#ToldYaSo guys!

#ProTip: Use #XMPP+#OMEMO!
infosec.space/@kkarhan/1139323