@walkinglampshade @jrredho @fj It's basic #InfoSec, really:

• @signalapp has no "#LegitimateInterest" to demand #PII like a #PhoneNumber and they use and abuse that to restrict functionality of their App (it doesn't matter that they merely claim "comply with #sanctions" [their #MobileCoin #Shitcoin #Scam disqalifies them even more!] because they have the tech to distinguish and discriminate users)...

Thus #Signal fails at protevting #Journalists and theor sources because they do have that data and can be #subopena'd for it if they don't already provide #BulkSurveillance & #LawfulInterception #API|s to comply with #CloudAct. (Or are you guys so naive and believe @Mer__edith will risk dying of old age in jail for non-paying users?)

• This entire "thread vector" just doesn't exist with #XMPP+#OMEMO nor #PGP/MIME!

And if you believe "this won't ne used/abused me because I'm from 'Murica!" and point at #ANØM as an example, then you really ignored all tze #Cyberfacism since 9/11…

@kubikpixel yeah, for that money they can propably bribe half the security team at #Telegram and integrate custom #Govware #Backdoors or at least get the #API keys they have for #UAE's #Telco compliance to enable automatic "#LawfulInterception"...

@Sturmflut @fabiscafe @vkc

Or to put it more on the nose: You can be certain that i.e. @Mer__edith of @signalapp will talk cuz she can't pull the 5th on behalf of a user and won't go to jail for any of them.

Whereas if i.e. @monocles (or any #XMPP provider) got sent an order (and just like #Signal they'd comply if done so duely through legal channels, which is way harder in #Germany than the #USA cuz #GDPR & #BDSG & #LawfulInterception being way stricter than #CloudAct), if users used #OMEMO or #PGP/MIME, they (or any other provider) literally can't decrypt even when held at gunpoint, because asymetric public-private cryptography was literally designed to not be breakable unless someone managed to MITM comms from the first contact and any verification.

• Which is unlikely to impossible unless one's able to literally isolate and manipulate all comms and means to communicate of at least one party, at which point they'd already have warrants to search everything and don't even bother to try MITMing comms but instead kick in doors.

But that's a totally different subject of #OpSec & #InfoSec, not #ComSec & #ITsec on it's own...

@kubikpixel @malwaretech @tomscott or to put it into perspective:

I worked at a telco, and whilst clients were above-average in terns of bahaviour, one does get a high single digit or low double-digit amount of LEA requests per day per x million customers.

Now imagine the average #VPN has similar utilization as a #CGNAT, so easily they'll have #LawfulInterception going on 24/7 because logless VPNs are a lie and besides circumventing #Geoblocking they don't do anything else...

• In fact I'd argue it'll be more privacy friendly to self-host a VPN on-demand with flexible hoster or just having a fixed IP at home, simply because those usually have a higher bar for getting surveillance approved.

TLDR: Just get @torproject @tails_live @tails / #Tails and good.

@mattround same with any #Services and #Companies having an office in the #USA or being registered there or having a U.S. owner.

• #CloudAct will come after @signalapp and just like with "logless VPNs" I guarantee you @Mer__edith personally will rather implement #Givware #Backdoors (if they weren't there "for #compliance" re: "#LawfulInterception" and "#Sanctions" already), before spending a single day in jail!

Migrate to #XMPP+#OMEMO right now!

@ginaintheburg the sheer fact that #Chrome has that #functionality is #evidence for #Govware-Style #malware inside it.

• Whether that's just due to "#GAFAM doing #PRISM shite" or "#CloudAct / #LawfulInterception compliance" is irrelevant for that assessment!

SHITE LIKE THIS is why I use @torproject / #TorBrowser as my Default #Browser!

@AmbianceAsunder @cyberresearch nodds in agreement

"#LawfulInterception" IS the #IllicitActivity!

@deilann +9001%

Use actually secure comms instead that are #decentralized, #SelfHosting-capable, auditable and provide actual #SelfCustody of all the #Keys, so you can enforce your 5th Amendment!

• AFAICT #XMPP+#OMEMO it is, followered by #PGP/MIME #eMails. For both there are excellent clients like @monocles / #monoclesChat & @gajim (XMPP+OMEMO) and @delta / @thunderbird (PGP/MIME)...

• Use @torproject / #Tor and not #VPN as the latter one will snitch since #loglessVPN|s are basically illegal (every juristiction I know demands #LawfulInterception and #logging by #Telcos)!

@HackyScientress @zl2tod @fj

Remember:

• #Wiretapping is the illicit activity!

And yes, AFAICT this applies to all #Telcos which have to provide "#LawfulInterception" #Backdoors if not put #Govware in their core systems.

• And yes, speaking as an insider, this can happen in.any juristiction where said #API|s and systems are mandatory.

So like all #EU / #EFTA & #G20 members!

• I've yet to hear of any nation that doesn't demand such tech to be installed capable of both targeted and/or #BulkSurveillance.

-Just because laws demand a #judge to sign a #warrant doesn't mean said judge is actually in control or able to prevent someone from using it without permission!

#LawfulInterception is a #backdoor! 😠

China hacked Verizon, AT&T and Lumen using the #FBI's backdoor

"State-affiliated Chinese hackers penetrated AT&T, Verizon, Lumen and others; they entered their networks and spent months intercepting US traffic – from individuals, firms, government officials, etc – and they did it all without having to exploit any code vulnerabilities. Instead, they used the back door that the FBI requires every carrier to furnish"
https://pluralistic.net/2024/10/07/foreseeable-outcomes/

@oleschri
Wenn wir Huawei in unsere Netze lassen, überwachen uns die Chinesen!!11 Und dann war's doch wieder Cisco, die hundertdreiundvierzigste … 🙄

#cisco #lawfulInterception #SaltTyphoon

Wer Hintertüren für die #Strafverfolgungsbehörden haben möchte, bekommt kompromittierte #Hintertüren. 🔥

Fatal für Wirtschaft und Bürgerinnen. 😠

Digitale Souveränität kann so nicht erreicht werden. 😒

#Geheimdienste sind die Pest! ☝️

Security: China-Hacker angeblich in #TKÜ-Systeme der USA eingedrungen

"Es wäre ein schwerer Schlag für die US-Sicherheitsbehörden. Die #Abhörsysteme mehrerer #Telekomprovider sollen gehackt worden sein."

#LawfulInterception #Backdoor
https://www.golem.de/news/security-china-hacker-angeblich-in-tkue-systeme-der-usa-eingedrungen-2410-189539.html

"BÜPF/VÜPF
Kommentar zum Bundesgesetz und zur Verordnung über die Überwachung des Post- und Fernmeldeverkehrs" by Thomas Hansjakob

#20books
#20books20days
#books
#bookstodon
#lawfulinterception #Recht

@HolgerTDittmann und ja, das können die bereits...

• Anonyme #SIM-Karten wurden ja rückwirkend kriminalisiert und der Rest geht per #LawfulInterception!

@Mr_Teatime @kc3yqi @signalapp I only agree with the latter sentence tho.

Besides @monocles / #monoclesChat & @gajim / #Gajim for #XMPP+#OMEMO there's also @delta / #deltaChat which does #IMAP+#SMTP with #PGP/MIME encryption.

Either way, I'd only.use systems that do use #SelfCustody of all the #Keys, are truly #decentralized and use #OpenStandards to that they don't have any feasibility to integrate #GovwareBackdoors nor be forceable to clomply.with #cyberdacist bs like "#LawfulInterception" or #CloudAct at all and never collect, store, demand or require #PII like #PhoneNumbers and #billing info.

@echo_pbreyer All #Govware - including anything labled "#LawfulInterception" should be criminalized.

Because at the end all those #Backdoors are inherently irredeemable and bad.

In the meantime, refuse to use anything where #vendors and/or #providers could be held in contempt or forced to integrate such #Malware by switching to #OpenSource & #OpenStandars like #XMPP+#OMEMO and #PGP/MIME for #eMail!

@Laberpferd @molly0xfff @ben @dangillmor personally I do shun them not only because #PhoneNumbers are #PII they should not be allowed to request (just like I think no telco should ne allowed to request an ID for a prepaid SIM, where unlike prostpaid there is no "legitimate interest" in KYC'ing someone to prevent fraudsters from generating debt against someone else).

• #Bridging would also undermine #decentralized and #federated solutions like #XMPP in terms of #privacy and #DataProtection!

• But also just won't happen because it goes against their interest of having a strict Vendor- & Provider-#LockIn...

In fact, if #Signal / @signalapp wasn't a #HoneyPot like #ANØM aka. #OperationIronside aka. #OperationTrøjanShield it would've been #hacked like #EncroChat and banned for refusing to integrate #GovwareBackdoors, #LawfulInterception and violating #Sanctions on top of #CloudAct-noncompliance and I assure you noone there gets paid to take that risk - just like with "logless VPNs"...

• So instead of pitting people into a false sense of security and weakening #decentralization via #bridges and #gateways, we should rather tech proper #TechLiteracy.

"Microsoft explained that the problem is more legal than technical (except on encryption). As an illustration, Microsoft referred to the technical work already conducted to develop #LawfulInterception in #realtime capabilities of for #Skype calls or #Teams services."
https://home-affairs.ec.europa.eu/document/download/1bb75432-ba0d-45f7-a068-d54a5574f5c0_en?filename=HLG%20meeting%20on%2010%20April%202024-request%20for%20input_en.pdf

@glynmoody +9001%

I want this kind of #Cyberfacism to be criminalized as the #CrimeAgainstHumanity it is, and any organization that demands #LawfulInterception, or #Backdoors or #Govware to be banned as the #terrorists they are!

Because #Privacy is an inalienable and non-negotiable #HumanRight!

@jsrailton @maldr0id IMHO such #Govware and any "#LawfulInterception" should be illegal with no exceptions!