@soatok @sarahjamielewis I disagree on @signalapp 's "#Privacy" claims simply because demanding a #PhoneNumber when it's not a "technical necessity" is just indefensibly bad and at best "#KYC with extra steps", thus anti-privacy.

• If #Signal did put privacy first, they'd refuse to collect any data in the first place and actively make it impossible for them to identify, single-out ot otherwise snitch on users!

To me Signal has the same stench as #ANØM aka. #OperationIronside aka. #OperationTrøjanShield and unless one can 100% #SelfHost and #decentralize it, it's claims are at best #marketing #lies amidst legislation like #CloudAct, that'll give them no choice but to snitch & d0x users to the #US government!

• Only truly #anonymous|ly useable, decentralized and self-custody #mesaging with real #E2EE is going to be secure. And Signal falls flat on it's face compared to #XMPP+#OMEMO (i.e. @gajim & @monocles / #monoclesChat) and #PGP/MIME (i.e. @delta / #deltaChat & @thunderbird )…

#SigStore / #PyPI attestations: #PGP is hard! We must invent a new signing scheme that's so much easier on users.

The tools, after I've spent hours *integrating* them into #Gentoo, and getting them working for everything before:
* Verifying google_auth-2.46.0.tar.gz ...
Provenance signed by a Google Cloud account, but no service account provided; use '--gcp-service-account'

Yeah, I'm sure that's *so much simpler* than PGP.

#security

MS Office untragbar
Kostenlose Alternativen für alle verfügbar
Mehr dazu bei https://www.heise.de/ratgeber/Warum-Microsoft-Office-fuer-Anwender-eigentlich-nicht-mehr-tragbar-ist-11069337.html
a-fsa.de/d/3Mj
Link zu dieser Seite: https://www.a-fsa.de/de/articles/9398-20260105-ms-office-untragbar.html
Link im Tor-Netzwerk: http://a6pdp5vmmw4zm5tifrc3qo2pyz7mvnk4zzimpesnckvzinubzmioddad.onion/de/articles/9398-20260105-ms-office-untragbar.html
Tags: #Windows #Microsoft #Office #Datenklau #Datenskandale #Anti-Ueberwachung #Selbstschutz #Internet #anonym #Verschluesselung #Tor #PGP #Tails #Keepassx #Truecrypt #Jitsi #virtuell #OpenSource #Privatsphäre #Schleswig-Holstein

"Despite advancements in secure messaging, PGP (Pretty Good Privacy) encryption—developed in the 1990s—remains a gold standard for privacy. Unlike modern apps reliant on centralized servers or phone numbers, PGP ensures end-to-end encryption without third-party dependencies. This article explores PGP’s enduring relevance, key management best practices, and how it compares to contemporary solutions like Signal."

Mein bisheriger Fortschritt beim #diday #didit #dutgemacht ... ein Prozess über Jahre und nicht von heute auf morgen. Aber Schritt für Schritt:

Weg von #Meta zu #Mastodon bei @digitalcourage
#Email bei #Posteo (mit #Thunderbird #PGP und #SMIME - leider kaum Behörden mit Verschlüsselung)
#Alias bei #unboxAT
#Cloud eine managed #Nextcloud
#Passwortmanager ist @keepassxc
Wo es geht #2FA mit #enteauth
#Foto geht zu @ente
Ein #ThinkPad T480 gebraucht gekauft und gleich #Linux mint drauf gemacht (aussehen wie macOS)
#Firefox nach der Anleitung von @kuketzblog
#WhatsApp gelöscht stattdessen @signalapp mit @mollyim und @threemaapp mit #ThreemaLibre
Vom #iPhone11Pro zum #fairphone5 und dort selbst #eOS @e_mydata drauf installiert.
Daheim ein #raspberrypi mit #AdGuardHome
Verschlüsselung per @cryptomator

Projekte:
#yunohost
AdGuardHome per #VPN

Zuhause noch einen iMac 27“ 5K (2017) mit macOS. Dort wird irgendwann auch Linux drauf kommen.

Bin selbst kein ITler... darum gerne offen für Tipps.

The PGP Problem (2019)

https://www.latacora.com/blog/2019/07/16/the-pgp-problem/

#HackerNews #PGP #Problem #PGP #Encryption #Cybersecurity #Privacy #Tech #News

Et si on remettait au goût du jour un Web of Trust pour différencier les contenus générés par des humains de ceux générés par IA ?

Tout contenu non signé par une clé (GPG ?) connue de notre WoT serait considéré comme suspect. Les gens s'inscrivant dans le WoT s'engageraient à ne pas utiliser (du tout) d'IA générative.

Les contrevenants se verraient exclus du WoT, et les personnes qu'ils seraient seuls à avoir cooptés partageraient leur sort.

#WoT #NoIA #PGP #GPG

The PGP Problem (2019)

https://www.latacora.com/blog/2019/07/16/the-pgp-problem/#the-answers

#HackerNews #PGP #Problem #PGP #Encryption #Cybersecurity #Privacy #TechNews

I received a pair of #PGP encrypted postcards from #39c3 and I will now complain about it.
The idea is pretty cool, although printing the message as human-readable text was sub-optimal to say the least. I didn't immediately know how to re-format the message so that GPG could parse it (because the newlines were messed up). OCR wasn't of much help either and the font made it hard to distinguish 0 and O, as well as 1 and l. In the end, I had to get the sender to send me the original message. A QR code would've been much better, although the printer at the event apparently couldn't print those.
Also, this happened:

From the annual Chaos Computer Club series: bugs in GnuPgp. Not in the math part, but in the parser and maybe elsewhere?

As someone with tons of enterprise programming exp, this would be a cool place to jump in.

https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i#t=141

#pgp #cryptography

Either I'm schitzophrenic or the Dead Internet Theory has progressed from merely an occasionally noticeable phenomenon ("theory") to a default on the bigger social media platforms?

https://en.wikipedia.org/wiki/Dead_Internet_theory

Will we have to go full #PGP and have Real Person Certified™ corners of the internet?

Also, don't look up why Eglin Air Force Base (Florida, US) was on the list of "most #Reddit addicted cities" in 2013.

#DeadInternet #DeadInternetTheory #SocialMedia

Consider hosting a CryptoParty in 2026.

Key signing parties are simple to host in person with no computers required.

A key signing party is an event where people exchange their public encryption key fingerprints, this allows participants to verify a person's identity before digitally signing their encryption key.

CryptoParty: https://wikipedia.org/wiki/CryptoParty
Key signing party: https://wikipedia.org/wiki/Key_signing_party

Website: https://cryptoparty.in

#CryptoParty #Encryption #Privacy #InfoSec #CyberSecurity #PGP #GPG

This is so beautiful. 🥹

https://gpg.fail #PGP/#GPG keeps on giving

https://media.ccc.de/v/39c3-to-sign-or-not-to-sign-practical-vulnerabilities-i

@hko

Here is a gnupg-users thread where I suggest that emitting new block modes (OCB here) is a Bad Idea™ when the schism exists:

https://marc.info/?t=170955787300002&r=1&w=2

I think it has come up less directly in my interaction with the mailing lists as well. I think that at this point it counts as a point of contention between me and the GnuPG project. There was once an instance where someone thought that my criticism meant that I supported the 9580 faction. It got awkward... :)

I am quite critical of the GnuPG project on this point in my article about the schism:

https://articles.59.ca/doku.php?id=pgpfan:schism#where_are_we_now

#Openpgp #pgp

#39C3: Diverse Lücken in #GnuPG und anderen kryptografischen Werkzeugen | c't Magazin https://www.heise.de/news/39C3-Diverse-Luecken-in-GnuPG-und-anderen-kryptografischen-Werkzeugen-11125308.html #Patchday #PGP #Verschlüsselung #encryption

@hko My understanding is that GCM is a significant point of contention in the OpenPGP standards schism. So it would be relevant here. I have not seen any evidence presented that it would be more efficient than OCB for web applications. My estimation is that it would not be. Even if it was, the sorts of things done as web apps involve short messages (email).

That signalling that you mention (the preferences in the public key) only works for asymmetrical encryption and is not reliable. I have an entire page of examples of where it has failed:

https://articles.59.ca/doku.php?id=pgpfan:noae_shame

... and that is up to now just for a single implementation. Things could get much worse. That page is a reference for this article:

https://articles.59.ca/doku.php?id=pgpfan:interop

Somewhat ironically, it can be legitimately argued that CGM is overall less secure than the existing OCFB-MDC (SEIPD) mode:

https://articles.59.ca/doku.php?id=pgpfan:seip

The relative insecurity of GCM has also come out as a factor in the schism.

#openpgp #pgp

@soatok what I don't get is why you take this opportunity to attack #pgp in general, like taking the opportunity to push for some agenda, the site is called gpg.fail, GPG not PGP, most of the problems are related to gpg or some C code implementation bug, or using gpg and others in the command line and getting tricked by some ansi printing in the terminal, how that translates to "let's kill pgp"? ex. none of the listed problems affect #DeltaChat at all

(I was present in the gpg.fail talk btw)

By the way, just a few weeks ago I posted on how you can create S/MIME certificates yourself using step-ca that can be used for email encryption and signing ;)

https://jan.wildeboer.net/2025/08/Create-SMIME-Cert-stepca/

#PGP #GPG #OpenPGP

Warum warnt mich #DeltaChat davor, dass chats über E-Mail nicht verschlüsselt werden können? Die Möglichkeit der Ende-zu-Ende-Verschlüsselung mittels #PGP ist doch einer der größten Vorteile von E-Mails. Was passiert hier?

@heiseonlineenglish More accurately, the GnuPG project has disagreed with some of the proposed fixes and are not doing them. I have not looked closely at them (The GunPG project is more knowledgeable than me). But I agreed with GnuPG in at least one case: https://news.ycombinator.com/item?id=46404589

This might be an example of the common case where the people who find the vulnerability should not be the ones to devise a fix or decide if a fix is required.

#PGP #openpgp #gnupg