@Julima42 @GiColani #Antivirus ist eh #DigitalSnakeoil!
https://www.youtube.com/watch?v=ZxzvHXT0NXw

Der Rest geht entweder nativ oder in #Wine / #DXVK / #Proton oder notfalls ne VM mit passthrough.

@COSAntiFascists @iris @Em0nM4stodon I'd not trust @protonprivacy in that regard because they have access to keys and have been caught snitching on #ProtonMail users without a warrant.

• Instead the proper way to do it is to learn how to use #PGP/MIME (visit your local @cryptoparty@mastodon.earth / @cryptoparty@chaos.social / #CryptoParty) which is easy in 2025 thanks to @monocles / #monoclesMail & @thunderbird as clients.

Furthermore, #monocles - and every other decent provider - won't bamboozle you with false promises they legally can't fulfill and #DigitalSnakeoil services...

• Only #SelfCustody can guarantee real #E2EE as only if you are in control of all the keys can you be shure of the #security and #integrity of the messages...

Please amp up you #ITsec, #InfoEec, #OpSec and #ComSec because naively believing a corporation to not snitch on you disqualifies you at best if not put other peoples' lives in danger!

@kubikpixel @malwaretech @tomscott nodds in agreement

• It's like the whole #DigitalSnakeoil bs. with "#Antivirus" which IMHO should be the sole responsibility of the #OS / #Distro maintainer to get done correctly.

If people don't trust a #Govware like #Windows to get that done correctly, then they should not trust 3rd party vendors that have neither sourcecode access nor ability to get someone with sourcecode access to validate and test their work!

• The whole #ITsec "cottage industry" aimed at #TechIlliterates is just disingenous and dishonest, because they dismiss proper #OpSec, #InfoSec & #ComSec as vital parts.

Mind you this isn't the basic *"on mailservers/upload servers/... run signature checks for known malware and chmod -x on all attachmebts.

• It's a systemic issue discarding basic information.

@malwaretech this reminds me of @tomscott 's classic video about the #FUD / #DigitalSnakeoil industry re: #VPN...

• Personally I just use @torproject / #Tor for everything!

@max
To quote you directly:

"[...] easy to use solutions that are at the same time private and secure. [...]"

• The fact that @signalapp requires #PII like a #PhoneNumber which more often than not cannot be legally acquired anonymously makes it not #private.

It is easier, faster, cheaper and overall simpler to get someone setup with #XMPP + #OMEMO espechally if they don't have a #PhoneNumber and/or #ID to acquire a #SIM.

And if you go and say, "Just buy a [insert country here] [e]SIM!" and expect #TechIlliterates without a #CreditCard, #PayPal or other means of #OnlinePayment to fiddle around with some #eSIM if not having to get some #eSIMcard because they can only afford to maintain one SIM and can't spend triple-digits on a new devices then you completely missed the point!

• I can much faster and easier get TechIlliterates setup show them around - either in a @cryptoparty@mastodon.earth / @cryptoparty@chaos.social / #CryptoParty - style #classroom / #seminar or 1:1 tutoring than I can legally acquire and activate a new SIM in #Germany [since 07/2017]...

It's not that I expect anyone to get #TechLiterate within minutes, but similar to setting up a cordless DECT phone it's something one has to do once in 5 years and just have them put the password in a safe spot to retain...

Point is that #Signal #WontFix their setup and that was evidently clear even before @Mer__edith succeeded #MoxieMarlinspike: Their entire operation has a distinct #CryptoAG stench as it's an #unsustainable #VCmoneyBurning party!

• #CloudAct and the #NOBUS hegemony ain't something that just got executed now (neither was #GDPR & #BDSG!)...

A counterexample on how this could've been done are #Tor, #eMail and other truly #OpenSource as in #MultiVendor & #MultiProvider standards.

• NOTHING compells Signal to demand PII, run a #Shitcoin #Scam aka. #MobileCoin that even seasoned #TechLiterates and #CryptoBros can't setup properly, and in fact Signal using phone numbers makes it trivial to discriminate against users and easier for them to identify them!

• If my reasoning didn't resonate with you, then try helping i.e. undocumented migrants aka. "#SansPapier|s" to get setup with it without violating laws and/or ToS and/or needing an imported SIM which I'm shure most folks don't have on hand!

Whereas it's trivial to get people setup on one of many XMPP servers I've personally tested!

• Not to mention clients like @monocles / #monoclesChat and @gajim / #gajim are way more user-friendly and unlike Signal can also work perfectly fine over #Tor, including #OnionServices as endpoints.

AFAIK Signal doesn't even have an #OnionService / .onion for their Website, much less any #API enpoints to use it with!

• Them relying on #ClownFlare is just something that makes them even more #sus as there is no legitimate reason to use a #RogueISP like that.

You're free to also provide evidence and supporting data to your arguments, rather then neighsaying against proven to be more secure and reliable [by virtue of decentralization] options like XMPP+OMEMO and/or #PGP/MIME.

• What gets my blood boiling is the constant #disinfo by Signal Fanboys like @rysiek who sell it like #DigitalSnakeoil akin to #AntivirusSoftware, because it's at best "#TechPopulism" and at worst will mislead "TechIlliterates" with a false sense of security, which in turn puts more users at risk.

The proper fix is to actually assess the situation and acknowledge the risks and limitations as well as the very nature of communications, which means upgrading later is exponentially more painful, thus getting people properly setup once is way easier.

• Just because WE [ or rather @rysiek in this case ] rather privilegued enough to not be hatecrimed in their current location doesn't mean this is the case for everyone. And having places like Signal rely on a "#CDN" is just another red flag to me because questions like this one just don't arise with monocles.chat as people can just exercise proper #SelfCustody and just use Tor!

Speaking of #monocles: That business is at least #sustainable because it's funded by users (€2 p.m.) which they can pay anonymously

@rysiek @agturcz that's not how you fix #TechIlliteracy, espechally since things changed for the better.

@monocles / #monoclesChat & @gajim / #gajim are quite easy, whereas @signalapp / #Signal demands #PII in the form of a #Phone number which is more often than not not legally obtainable without "#KYC" aka. "forced #SelfDoxxing" all whilst being an extremely #centralized, #SingleVendor & #SingleProvider solution that falls under #CloudAct ant thus cannot adhere to #GDPR & #BDSG!

• Sorry, but "#TechPopulism" alike "JuSt UsE sIgNaL !" won't fix #TechIlliteracy but rather provide false sense of security to #TechIlliterates when the correct solution is to teach proper #TechLiteracy like @cryptoparty@chaos.social / @cryptoparty@mastodon.earth / #CryptoParty does...

Otherwise we'd only perpetuate the #Enshittification-#Lifecycle as has happened with #AIM, #ICQ, #BBM and so many more...

• Mark my words, cuz I've been proven correct up to this point.

If #Signal and @Mer__edith actually cared, they would've setup their system truly decentralized as an #OnionService over @torproject / #Tor!

#THXBYE #EOD #ITsec #InfoSec #OpSec #ComSec #DigitalSnakeoil #FakeSec

@wravoc instead of insulting @froge how about we actually do make things better and let actual facts speak.

• If you're here to just spam my mentions, then please let me know so I can mute this conversation as I got more pressing things than virtual "circlejerking" on my agenda.

#ITsec is garbage because absolute fundamentals are disregarded by highest decisionmakers and regulators to users:

• Neither do people get taught proper #IT nor do they get taught #OpSec, #InfoSec, #ComSec and absolute *#security basics.

Not to mention the fact that we still allow #Govware that is insecure in any configuration like #Windows to not only exist but be sold and used by real public administrations and businesses which oftentimes just pour #DigitalSnakeoil on it and then do a "surprised Pikachu face" when that shit explodes in their face.

• And don't even get folks like @stman started on all the systemic security issues that are unfixable in #amd64, #arm64 et. al. cuz those - alongside the #complexity and #intransparency - are among the reasons why #Germany banned #VotingMachines for good.

https://www.youtube.com/watch?v=w3_0x6oaDmI

@Zugschlus @Cappyjax @WB2EEE @elly I disagree to some extend as Windows is in fact part of the Problem cuz on linux this would not have happened...

• OFC allowing #TechIlliterates in decisionmaker positions (regardless if regultors or corporations) is at best wrong and IMHO should he as illegal as hiring a freshly convicted (wire-)fraudster as CFO of a bank.

The entire #Scareware / #DigitalSnakeoil industry should be outlawed as the fraudulent business model it is and security should be procured from the maintainers of the OS only...

@nbloglinks @jos1264 @bsi generally you can't trust any #DigitalSnakeoil delers aka. 3rd Party #Antivirus for #Windows and #macOS!

As both OSes are proprietary, said "Antivirus" are ugly #BinaryBlob #Kernelhacks!

If you don't trust #Microsoft and #Apple.respectably to maintain their OSes and keep them secure, then DON'T USE SAID OS!

@sekka @rysiek nodds in agreement

The sad part is that most "#ITsec" busoness is a cottage industry selling #Scareware and #DigitalSnakeoil to #TechIlliterates, because comissions on #Malware aka. #Antivirus - #Resale is just so damn high...

• I refuse to do that out of principle even if it hurts me financially...

Anyone wants to spent some €12k on chinese #DigitalSnakeoil?

Yes? No??

Here ya go...

#Huawei #Networking #Gear #DDoS #AntiDDoS #NetworkFiltering #OverpricedCrap

This is peak #DigitalSnakeoil:
https://www.ebay.de/itm/135073635287

@bontchev Personally, I think that all #malware security should be part of the package of any #paid and espechally #CCSS disto / OS.

• #Antivirus on #Windows not provided by #Microsoft is basically #DigitalSnakeoil if not a form of #Ransomware / #Scareware.

• If I don't trust Microsoft in getting their shit secured [I don't!] then I won't use that stuff to begin with [ditto!]...

@jsrailton #Govware like #Pegasus isn't something that can be fixed outside of extensive #ITsec, #InfoSec, #OpSec & #ComSec workups.

In fact it's easier to bootstrap an entirely new identity than trying to uninstall such persistent shite!

That being said, #VPN providers are just the newest #DigitalSnakeoil sales reps and everything against them applies to #Antivirus as well...

So sad that @tomscott was just naively debunking them years ago...

The constant #disinfo sown by VPN and #AV providers is so rampant that I'd not be surprised if one day both would finally be made illegal for all the right reasons:

• A VPN won't save peoples asses from getting jailed !

• Any 3rd party #Kernelhack-#BinaryBlob won't make one's #backdoored with Govware OS (regardless if #Windows or #macOS) more secure, but rather less secure!

• It should be the sole responsibility of the OS/Distro maintainers to make them secure by default, espechally on #iOS and #Android where users don't have administrative / #root privilegues!

@hacks4pancakes am I the only one who thinks #MSP|s and #MSSP|s are #valueRemoving #DigitalSnakeoil dealers that do #RentSeeking all the time?

@grahamperrin and I'm entertained by the #EscalatingCommitment to garbage but then again if people were rational, there wouldn't be an entire industry selling #DigitalSnakeoil to #TechIlliterate decisionmakers...

#EOD #thxbye #next

@VolkerK @anneroth Das Problem sind nicht nur #Betonköpfe sondern die Tatsache dass #CISO|s hier nicht die Entscheidungsgewalt haben!

Dass z.B. #Windows-Maschinen überhaupt im #BOS oder gar #MILINTEL-Bereich eingesetzt werden dürfen, gar vorgeschrieben sind, ist doch schon ne bedingungslose Kapitulationserklärung gegenüber "#TechIlliterates" und "#DigitalSnakeoil"...

https://infosec.space/@kkarhan/112382918879764004
CC: @bsi @Bundesregierung

#InsecureUnderAnyCircumstances

@GossiTheDog @briankrebs and now you know why I don't trust any of these #DigitalSnakeoil vendors at all...

@mjg59 basically #ClownFlare #InANutshell...

#CloudFlare #DigitalSnakeoil

@natsume_shokogami @bingbong Eeyupp!

That's exactly my gripe with most #IT being on #Windows:

Why people accept that garbage #Govware as OS is beyond me because it's accelerating #Enshittification since #WondowsXP and espechally since #Windows7 is just unbearable...

It got so bad to the point that I can't bring myself to use that shite at all...

And I think every corporation that claims to make that tech stack more secure is at best filled with #TechIlliterates if not a #Scam operation designed to sell #DigitalSnakeoil to gullible customers...