@dazo @MarionDonnelly @murena @e_mydata @red_rooster @georgetakei not to mention #Apple is not only capable but willing to shove in #Govware #Backdoors.
So their claims re: #privacy and #security are "#TrustMeBro!" at best if not blatant lies.
Remember: #AllGAFAMsAreBad and #KerckhoffsPrinciple demands #transparency!
@ESETresearch @smolar_m thanks for the post and research.
And yes I refuse to call it "#SecureBoot" because it is not secure by #Microsoft's own admission - otherwise they would've relied on it on the #XboxOne and not just the #Xbox360 !
@bastibayer nein, weil #Threema ne #proprietär|e +#SingleVendor & #SingleProvider) Lösung ohne #SelfCustody der Keys ist, und damit inhärent unsicher (#KerckhoffsPrinciple)...
Meine Empfehlung ist @monocles / #monoclesChat & @gajim für #XMPP+#OMEMO, ducht gefolgt.von @delta / #deltaChat für echte #E2EE!
@rysiek also #Telegram - like @signalapp - demand and collect #PII like #PhoneNumbers which ain't possible to acquire anonymoisly in more and more juristictions.
Using #XMPP+#OMEMO by contrast is secure and adding @torproject / #Tor to tunnel it makes it even more anonymous.
Cnsider every #Messenger that doesn't #decentralize and support #Tor oit of tue box to be insecure!
@stacksmashing And the cool part of it: It's systemically unfixable!
Note: If #Microsoft doesn't even bother trying to use #BitLocker and #TPM to #CensorBoot the #XboxOne, we can safely assume it wasn't secure to begin with!
https://www.youtube.com/watch?v=U7VwtOrwceo
Remember: All Cryptogeaphy that violates #KerckhoffsPrinciple is inherently insecure and untrustworthy!
Yeah but that's just minimally less bad than going full #heads as aftermarket #firmware and requiring all executeables to be signed by the device owners' personal PGP keys...
Also I'd not trust a #blackbox like a #TPM as it violates #KerckhoffsPrinciple and thus must be considered cryptographically shit.
IMHO #TPMs and #Windows11 only act as #CensorBoot...
@md @bmi @bsi #TETRA's #Crypto is so #weak that it's trivial to crack with any modern #GPGPU, because it's #SecurityThroughObscurity makes all the #TEA versions as weak as #CSA on #DVB.
But then again noone pays me to fix it, so it's not my problem.
Spoiler: The proper fix is to abolish all #proprietary shit and demand a fully #OpenSource'd communications system, since everything else violates #KerckhoffsPrinciple and is thus inherently and unfixably insecure by design!
Hacking police radios: 30-year-old crypto flaws in the spotlight - "Three may keep a secret, if two of them are dead." https://nakedsecurity.sophos.com/2023/07/24/hacking-police-radios-30-year-old-crypto-flaws-in-the-spotlight/ #kerckhoffsprinciple #vulnerability #cryptography #blackhaty #blackhat #tetra
@artikel10ev basically worse than everthing else...
[Or maybe not. cuz #QQ and #WeChat don't bother to lie into users' faces like @protonmail and #WhatsApp do]
Remember #KerckhoffsPrinciple:
#NotYourPrivateKeys = #NotSecureEncryption!
Also all #Singlevendor and/or #SingleProvider and/or non-#FLOSS solutions are inherently & unfixably bad as well as insecure per design!
@neil @Em0nM4stodon #Signal as well isn't secure.
NO #SingleVendor / #SingleProvider solution can be secure as they all violate #KerckhoffsPrinciple.
https://en.wikipedia.org/wiki/Kerckhoffs's_principle
If you can't do #SelfCustody of the #PrivateKeys and don't have 100% control over these, then consider said #encryption to be easily #MITM'd and / or #backdoored.
A bit back in the book, but #Heinlein once more show that he has no idea about #criptografy.
Especially, like most authors, he has never heard of Kerckhoffs’ principle
The protagonist gets a message with “five-letter code groups, about fifty of them”. And “‘If they can identify the code, it is then just a matter of paying a fee, licit or illicit, to translate it.’”
https://en.wikipedia.org/wiki/Kerckhoffs%27s_principle
#cryptography #KerckhoffsPrinciple
#OspalhReads #worldasmyth #CatThruWalls
