photog.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A place for your photos and banter. Photog first is our motto Please refer to the site rules before posting.

Administered by:

Server stats:

241
active users

#skyecc

0 posts0 participants0 posts today
Replied to Kevin Karhan :verified:

@kkarhan

#Signal was as secure as claimed, it would've been shut down like #EncroChat, #SkyECC & others...

Just stop the BS. EncroChat was specifically built and marketed for criminals. It wasn't shut down by law enforcement, it was hacked by the French police, after which they decided to shut the service down themselves.

Signal is open source (and the issue regarding reproducible builds is known, but it doesn't impact the security of the app. It is caused by a navigation library that causes some race condition during the build process, the result of which is dependent on CPU speed. They are aware of the issue, and are working to fix it. It is tracked here: github.com/signalapp/Signal-An). If you don't trust the official build, you can compile it yourself. There are also forks like Signal-FOSS or @mollyim available if you prefer that.

The server is also open source (of course you can't verify if they are actually running that code, but that's gonna be the case for every application with a client/server architecture. Your point regarding Signal being "proprietary SaaS" is, again, total BS.

GitHubReproducible Builds are broken · Issue #13565 · signalapp/Signal-AndroidBy obfusk
Replied in thread

@signalapp It's not #disinfo when one points out that you demand #PII aka. #PhoneNumbers from Users and that is literally a architectural vulnerability, alongside your #proprietary & #Centralized #Infrastructure.

Not to mention the lack of @torproject / #Tor support with an #OnionService or the willingness to fulfill #cyberfacist "Embargoes" or shilling a #Shitcoin #Scam named #MobileCoin!

  • #KYC is the illicit activity!!!

And don't get me started on the #cyberfacism that is #CloudAct.

  • If you were secure, criminals would've used your platform so hard, it would've been shutdown like #EncroChat and #SkyECC.

I may nit have allvthe.evidence yet, but #Signal stenches like #ANØM: #Honeypot-esque!

Replied in thread

@froge @fj I'm not replacing @signalapp with "random tools" but good options.

Like @delta & @thunderbird as well as @monocles / #monoclesChat & @gajim which work flawlessly over @torproject / #Tor using @tails / @tails_live / #Tails and @guardianproject / #Orbot respectably.

Considering the costs of even acquiring and upkeeping an #anonymous #SIM, I'd rather pay €2 p.m. for #XMPP+#OMEMO and #PGP/MIME-supported #eMail with the option of self-custody than $2,50+ p.m. just to keep a phone number.

Or is anyone here expecting @Mer__edith to risk jail for life amd not comply with #CloudAct?

It stenches like #ANØM, because NOTHING IS FOR FREE and running a #VCmoneyBurningParty is expensive...

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@osman@hachyderm.io If your #OpSec, #InfoSec, #ComSec and/or #ITsec relies on @signalapp@mastodon.world and/or @Mer__edith@mastodon.world [risking jail *or worse*](https://web.archive.org/web/20210908180219/https://twitter.com/thegrugq/status/1085614812581715968), you fucked up! - If #Signal was secure, it would've been shutdown like #EncroChat & #SkyECC. Seriously, to me #Signal stenches #Honeypot like #ANØM & #CryptoAG. - All Signal fans do is #FUD #PGP/MIME and#XMPP+#OMEMO which are truly #decentralized and allow real #SelfHosting as well as #SelfCustody for complete control of all the data and keys... That's why I get people setup with it!

@osman If your #OpSec, #InfoSec, #ComSec and/or #ITsec relies on @signalapp and/or @Mer__edith risking jail or worse, you fucked up!

Seriously, to me #Signal stenches #Honeypot like #ANØM & #CryptoAG.

That's why I get people setup with it!

Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”
Replied in thread

@Catwoman69y2k @dragonfriend most importantly:

Only with #SelfCustody of all the keys, #SelfHosting of the entire infrastructure and everything being #OpenSource, one can assure (and [let it be] audit[ed] independently) that the #advertised #promises are in fact true.

Cuz not expecting @Mer__edith to break is the same level of "#TrustMeBro!" assurances as #ANØM, #EncroChat, #SkyECC, #WhatsApp etc. do in their #advetising #lies!

  • Remember: Corporations/Foundations/non-profits/... don't have a right to be silent , only individuals, and even then there are certain juristictions that have #KeyEscrow laws (i.e. #France, #Russia, #KSA, #China, #India, #UK , ...) in the books!
Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”

@erebion @inaruck genau das ist der Falsche Ansatz, da Threat Models sich ständig verschieben und nicht ausgegangen werden kann, dass es dabei bleibt.

Keine*r deloyed drölfzig Messenger oder migriert bedarfsweise User*innen umher.

Replied in thread

@dalias @lauren
@pixelschubsi

Also the blatant dismissal of absolitely basic #OpSec & #ComSec is just flabberghasting.

Only #decentralized, #OpenSource & #OpenStandards can actuall survive long-term and remain #secure.

It's the same reasons we use #PGPG/MIME & #SSH and not #X400 & #X25!

IOW: Think "How can you weaponize Signal?" and see what you csn do just holding key people in contempt...

The less #info a provider has, the less they can be forced to snitch upon customers.

"#JustUseSgnal!" is a form of dangerous "#TechPopulism" aimed at bamboozling #TechIlliterates who don't know better, abusing information asymetry to pull rank instead of investing the time and effort to *explain "how" and "why" this is indeed a good or bad idea.

The only ones that have a chance to beat that are @delta / #deltaChat but that's just #PGP/MIME #eMail in a nice UI...

  • You may now laugh at me and think my "#TinfoilHat sits too tight" but I'm shure sooner or later I'll be evidenced as correct...
Hachyderm.ioCassandrich (@dalias@hachyderm.io)@kkarhan@infosec.space @signalapp@mastodon.world @monocles@monocles.social @lauren@mastodon.laurenweinstein.org Very few systems promoted as Signal alternatives match the cryptographic privacy properties (see: ratcheting, etc.) of Signal. The claims about "located in the USA" and "Cloud Act" are all nonsense because the only threat to Signal users from this is availability (seizure and shutdown of the server infrastructure), not undetected breakage of privacy properties. There are presently no systems with superior privacy properties to Signal *and* level of functionality on par with what general public expects. There are a lot (like the XMPP stuff, *sigh*, and Matrix) that are worse in both regards. If you're happy with reduced functionality, Cwtch (and possibly some other similar Tor-based systems) or VeilidChat are stronger, but it's gonna be a while before you convince normies to use them, and in the mean time they're still going to be on insecure shit like WhatsApp, FB Messenger, Telegram, etc...
Replied in thread

@compl4xx @Layer8 @nick @kuketzblog @marcel @mspro

  • EXAKT DAS!

Meine Rede...

Oder um es einfach zu erklären: Warum gibt es #HTTP(S) & #HTML sowie #eMail ( #IMAP & #SMTP) bis heute und keiner nutzt mehr #AOL, #MSN, #ICQ?

Wenn @signalapp / #Signal wegen #CloudAct geflipped wird wie #EncroChat, #ANØM & #SkyECC dann stehen Leute alternativlos in der shice ubd die ganzen "Sicherheitsversprechen" lösen sich in "#TrustMeBro!" und #Lügen auf.

Ich nutze meinen XMPP-Account seit Ewigkeiten und habe drölfzig Clients durch. Aber Kontakte erreichen mich darüber Problemlos!

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@kuketzblog@social.tchncs.de naja, @signalapp@mastodon.world fällt auch unter #CloudAct ubd #Threema ist noch #proprietärer als #Signal. - Gibt mit #XMPP+#OMEMO eine wirklich #sichere & #dezentrale Alternative die keine #PII wie #Telefonnummern oder #Google-Dienste braucht! Ach ja, @monocles@monocles.social / #moniclesChat haben [grade](https://monocles.social/@monocles/113925173206088469) ne #Promo zum #GlobalSwitchDay und bieten deren #App kostenlos an. - Und sonst gibt's auch noch @delta@chaos.social / #deltaChat welche #PGO/MIME & #eMail als Basis nutzen! Für [beide gibt's](https://github.com/greyhat-academy/lists.d/blob/main/xmpp.servers.list.tsv) [kostenlose Anbieter](https://github.com/greyhat-academy/lists.d/blob/main/email.servers.list.tsv) und #SelfHosting ist genauso machbar wie deren *echte #E2EE* mit #SelfCustody!
Replied in thread

@mortn @kyleirl @Andres@mastodon.hardcoredevs.com @spycrab @shipwreckt @Mer__edith

#FACT:

#ToldYaSo guys!

#ProTip: Use #XMPP+#OMEMO!
infosec.space/@kkarhan/1139323

Replied in thread

@sylv_a personally, I'd recommend #XMPP+#OMEMO (and #PGP/MIME - encrypted #eMail) for real #E2EE with #SelfCustody of Keys as well as actual #decentralization.

Cuz I noone's gonna risk jailtime for (non-paying!) users - it at all…

In fact I'd call U.S. MIL/INTEL as "criminally incompetent" if they didn't manage to plant multiple people inside @signalapp / #Signal or any other single-vendor / single-provider messenger.

Personally, solutions like Signal & #Threema have a stench like #CryptoAG / #MINERVA / #Rubikon and #ANØM / #OperationIronside / #OperationTrøjanShield.

By contrast: #OpenStandards like XMPP+OMEMO & PGP/MIME are independently verifyable and not dependent on on a single individual/organization for maintenance/survival/implementation/development.

Personally I'd still recommend @monocles / #monocles with #monoclesChat & #gajim...

Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”

War es wieder der Geheimdienst der Gendarmerie?
Nach #SkyECC und #EncroChat haben Frankreich und Niederlande mit #Matrix wieder verschlüsselten Messenger gehackt, bieten abgehörtes Material europaweit für Ermittlungen an:
europol.europa.eu/media-press/
#Exclu #Ghost
(Edit: Weil es Missverständnisse gab: es geht nicht um das föderierte Matrix-Protokoll das staatlich gehackt wurde, sondern ein gleichnamiger Crypto-Messenger.)

EuropolInternational operation takes down another encrypted messaging service used by criminals – It is not the first time and will not be the last time that authorities are able to read criminals’ messages in real time | EuropolBlack glove holding phone