@mailbox_org oder einfach brauchbare #ITsec #InfoSec, #OpSec & #ComSec.

• Jede*r 08/15-Zahlungsdienstleister in Deutschland hat mehr Schutzmechanismen und Redundanzen eingeplant!?, weil @BaFin denen dazu in den Nacken atmet!

@wiggwigg or you could just learn to use multiple, seperate identities and practise #OpEec, #ComSec, #InfoSec & #ITsec…

@tazgetroete was lernen wir daraus: Härtere #OpSec, #InfoSec, #ComSec und auch #ITsec.

@hcf @dans_root @earthnewstech @monocles You don't get #SelfCustody of all the keys on their platforms, to the point that #ProtonMail bricks #LKML useage!

• If you had actual Self-Custody, then it would be real #E2EE and not a mere "#TrustMeBro!"-Security…

Please go to a #CryptoParty and learn abdolute fundamentals re: #Cryptography, #InfoSec, #OpSec & #ComSec.

• Cuz if you were actually concerned re #Security you'd exercise #OfflinePGP¹ and not act as a shill for #ProtonMail which have some serious #CryptoAG - vibes…

https://www.youtube.com/watch?v=pOkNrvB63pc

@hcf that's just wrong and you know that.

• If this was the case they'd not facilitate any #eMail whatsoever!
  • They do it to facilitate a #toxic #LockIn to their #Apps and #WebMail at the cost of #interoperability, #Accessibility and #Privacy !

For example, if "#Security" was a real issue, they'd host their #IMAP+#SMTP access exclusively over @torproject / #Tor because #OnionServices are using fully-encrypted connections in a self-authenticating adress spaces.

• They don't because that isn't the issue, and I'm not talking about the Server-to-Server - Connectivity, which is INHERENTLY AND UNFIXABLE INSECURE WITH EVERY EMAIL PROVIDER unless they don't allow actual cross-provider eMails (or restrict it to very few, selected competitiors with spechally negotiated connectivity [i.e. #VPN|s], which to my knowledge NONE of the commercial providers do)…

I brought up @monocles because they at least don't lie to customers and are honest about security & privacy!

• If your "#security" relies on someone else risking jailtime, then you should IMHO get additional time for being "criminally incompetent" and "putting others at risk'…

@case2tv @dans_root @earthnewstech

#sarcasm #commentary #ITsec #InfoSec #OpSec #ComSec

@hcf @dans_root @earthnewstech if you don't understand the concept of "#Self-Custody" of Keys then you ain't in the position to be angry.

I merely hinted at the fact that @monocles isn't making false security promises and instead encourages proper #OpSec, #InfoSec, #ComSec & #ITsec practises…

Family of development devices with DSI & SPI displays. These will do codec2 and opus PTT and can be tailored to various networks and security requirements. When you require something out of dogma.
#comsec #opsec #dfir #preparedness #soverignty

Communication platforms evolving. Been tailoring my PTT codebase for various use cases. #OPSEC #COMSEC #Resilience #dfir #embedded

@Minionflo @gintoxicating @CyReVolt see the #hetznered tag…

Needless to say they also can't be assed to wipe their VPSes / delete virtual drives when they provision new customers, so one has to manually shred the contents!

• I literally wrote my own script just I didn't have to sit there all day when I helped with a #CloudExit!

  • Booted into the "Rescue-Linux" and ran wget https://raw.githubusercontent.com/kkarhan/misc-scripts/refs/heads/master/bash/wiper.sh && chmod +x ./wiper.sh && sudo ./wiper.sh on said machines.

#Hetzner #InfoSec #ComSec #OpSec #ITsec

accessibility/rehabilitation services security are lacking https://blindsoft.net/blog/ssn.html #cybersecurity #accessibility #comsec

"We Care about your Privacy"

No you don't, you fucking assholes!

• If you did care about #privacy, you'd not want to force 247 trackers down my throat, you lying pieces if shit!
  • If you cared about my privacy, you'd not even try to force a single #tracker on me and awould only use a #LoginCookie at most!

This shite really makes my blood boil because it's insulting the intellect of every person!

#privacy #StackExchange #InfoSec #OpSec #ComSec #ITsec #tracking #cookies #PopUps #JavaScript #Ensittification #Consent #InformedConsent #IT

@lackthereof no, it's not because unlike #Phones and #PhoneNumbers, #eMail is not necessarily traceable by circumstances.

• Because a Phone "Line" (regardless of whether it's POTS, ISDN, VoIP, GSM, VoLTE, …) and #telephony in general are designed for realtime communication, they inherently necessitate an active, ongoing connection.
  • Even if it's just some App/PBX/… to connect to the provider and constantly state "I am on the network and able to recieve calls!" (with PSTN networks, there a physical line that gets assumed to have a phone connected)…

Whereas with eMail (and any #asynchronous #communication) you don't have that requirement.

• So unless the provider is being taken over or otherwise "cooperative" there's no means for a sender to know where, when and how a message was retrieved unless the recipient wants the sender to know of it!
  • Besides, even if you don't have an eMail provider like cock.li which natively supports @torproject / #Tor useage with an #OnionService, unless said provider explicitly prevents you from doing so, you can use not just Tor but also other techniques to make it extremely hard (not necessarily impossible, but at least unfeasible at scale!) to get tracked down.
  • In fact, you could even use #Sneakernet - Style distribution through "#MeatProxies" and #DeadDrops (aka. #dr0p) to further twart tracing attempts.

Or to put it simple:

• You can ring up someone and thus circumstantially verify the chain of #PhoneNumber -> #IMSI -> #ICCID -> #SIM -> #IMEI -> Device -> Location -> Owner quite quickly.
  • Whereas you can't positively verify whether an eMail address and/or #XMPP+#OMEMO account belongs to me unless I want you to know that it does!

So either way a phone number is just a horrible means of doing that.

• And don't even get me started on the fact that legally speaking noone truly owns their number.
  • Because even if you got some spechal case number (like UPT was) you still depend on neither regulators nor telcos to not block or otherwise interfere with it. Which is in contrast to say an OnionService which can only be shutdown effectively by sabotage aka. (more or less figurately) "unplugging" it.

I mean, it's not as if I didn't gave @signalapp a fair chance.

• I wanted #Signal to be good - honestly...
  • But I'm old enough that things rarely are that simple as #TechPopulism & #Propaganda claim it to be.
  • Just like 5th grade #SexEd is not a substitute for Endocrinology, Gynecology and Andrology and actually licensed, medical professionals.

So any #Messenger service that requires a #Phone Number for signup and/or useage is truly not a real replacement and inherently makes PROVEN WRONG assumptions [i.e. that it is legal and possible to obtain a phone number anonymously at someone's juristiction] about it's customers' ability to shield their privacy…

• Cuz all the "#Metadata" claims of Signal are complete #MarketingLies by virtue of them storing a Phone Number and not just being (as per admission by @Mer__edith) 'hard locked-in' with #aws but also subject to #CloudAct.
• They certainly are not deploying real #E2EE cuz you neither get #SelfCustody nor #SelfHosting and have to blindly trust them (aka. "#TrustMeBro!") that what they release as #SourceCode is actually what they deploy.
  • It's like all those "#VPN" shillings which one cannot verify to be true or false!

THIS is why I am going fucking ballistic on #TechPopulism aiming at #TechIlliterates because it's spreading a "false sense of #security" whilst completely disregarding absolute fundamentals when it comes to the underlying systems.

• And I don't mean shit like #Govware of the #SS7 kind, but absolute basics in #ITsec, #InfoSec, #OpSec & #ComSec that every @cryptoparty@chaos.social / @cryptoparty@mastodon.earth / #CryptoParty worth it's name touches on.
  • Signal can't and won't save peoples' asses and the sooner we realize that "complex problems are hard to fix" the less we waste Resources on #HoneyPots that stench like #CrytpoAG & #ANØM!

@kaschmir @WinFuture Merke: Anbieter wie @Tutanota und @protonprivacy@mastodon.social retten einem nicht den Arsch!

• Saubere, echte #E2EE (mit #SelfCustody aller Keys!) und konsequente Nutzung von @torproject / #Tor sowie #Monero dagegen schon!
  • Ehrliche Anbieter wie @monocles weisen darauf auch explizit hin!

Die Leute müssen endlich lernen, was #ITsec, #InfoSec, #OpSec & #ComSec ist!

@kkarhan @GrapheneOS @tails_live @torproject @signalapp

"GrapheneOS chose their requirements and they can happily design their own platform instead."

There's no need to reinvent the wheel. AOSP is a secure, open-source platform that has been around for almost 20 years. I don't want to debate rumors that Google wants to make AOSP proprietary because there is no evidence to support this, especially since it would not benefit them in any way.

"I just think that their stubbornness"

It's not stubborness and I explained why.

"They are the antithesis to #Tails when it comes to #UserFriendly-ness and approachability for #Normies and #TechIlliterates

It's probably the first time I've seen “Tails” and “Normie” in the same sentence, It's not that Tails is difficult to use, but I'm really not sure that many “normies” use it or even know it exists. The user experience on GrapheneOS is almost identical to Pixel OS, the standard operating system for Google Pixel devices, so using GrapheneOS is likely to seem much simpler and familiar to normies, as they will already be used to it.

"Espechally since the problems woth #MobilePhones and the underlying technology ain't fixable with an #AndroidROM

GrapheneOS is not a ROM, Pixel OS is not a ROM, and LineageOS is not a ROM either, theses operating systems are not ROMs.

"Instead we need to foster a #SecurityCulture and proper #ITsec, #InfoSec, #OpSec & #comsec

Indeed, and what GrapheneOS does about security is completely appropriate, including informing people and giving them good advice.

"Otherwise we'll see them fail the same way @signalapp did, which is eitger getting shut down (#EncroChat-style) or being uncovered as a controlled opposition / honeypot (like #ANØM aka. #OperationIronside aka. #OperationTrøjanShield)…"

Signal did not fail, and mentioning Encrochat, ANON, and honeypots in the same sentence is irrelevant. These things have absolutely nothing in common with Signal, you seem to be believing made-up stories.

@Xtreix well, @GrapheneOS chose their requirements and they can happily design their own platform instead.

• I just think that their stubbornness makes them look like Stallmanist extremists to the point of being unbearable cringe and completely loosing the plot.
  • They are the antithesis to #Tails when it comes to #UserFriendly-ness and approachability for #Normies and #TechIlliterates.

To the point that it's cheaper to go black/red and teach that to people, even at the risk of inconvenience.

• I mean, in many juristictions one will have to do so anyway, but that's not tue point here…

I think #GrapheneOS prefer to "die on their hill" of "moral superiority" than fave the reality that 99% of people can't and won't blow $500 - $1000+ on a phone when any half-decent Netbook with @tails_live , @torproject and #4G or #5G modem can do the same.

• Espechally since the problems woth #MobilePhones and the underlying technology ain't fixable with an #Android-ROM.
  • Instead we need to foster a #SecurityCulture and proper #ITsec, #InfoSec, #OpSec & #ComSec.

Otherwise we'll see them fail the same way @signalapp did, which is eitger getting shut down (#EncroChat-style) or being uncovered as a controlled opposition / honeypot (like #ANØM aka. #OperationIronside aka. #OperationTrøjanShield)…

Interessanterweise hat @bnd auf deren "Kontaktseite" keinen Pubkey oder eMail-Adresse gelistet.

• Andere "Partnerdienste" kriegen es hin mindestens nen #OnionService auf @torproject / #Tor aufzusetzen oder gleich nen @securedrop - Setup zum hosten.
  • Leute, das geht besser… Gerade bei #NatSec!

#plzfix #InfoSec #OpSec #ComSec #ITsec #BND

@humanhorseshoes IDK Russian but I'd not be surprised if #Roskomnadzor is putting out something like it but trying to get parents to snitch on #LGBTQIA* #children!

• Pretty shure #KSA does advertise #Torture aka. "#ConversionTherapy" that way but I don't speak or write Arabic so I can't confirm.

As for #Russia, they don't give a fuck as long as the #victims are from #overseas (see #CONTI) and the perpertrators ain't behind on their Protection Money (see #rEvil)...

• #Cybercrime is the only industry consistently growing in Russia since the late 1980s.
  • And #Putin certainly won't change that.

Still the #UK isn't new to such shite...
https://infosec.space/@kkarhan/115307350634955042

#RUpol #Hacking #Copaganda #Propaganda #CyberFascism #ITsec #InfoSec #OpSec #ComSec

Friendly reminder that #NCA really enshured to #FUD #kids intro not trusting their parents by reminding them that "#LooseLipsSinkShips!"

• This is the worst #Copaganda campaign I've seen to this day!

https://www.youtube.com/watch?v=UIoGmA4VwEk

#UKpol #Propaganda #Cyberfascism #CyberCrime #Snitching #Parents #ITsec #InfoSec #OpSec #ComSec

#AdBlockers are a necessary #ITsecurity measure because #Malvertising is a huge problem!

• Espechally targeting #TechIlliterates and vulnerable people...
  • Thus it's imperative to not just normalize #AdBlocking but also blocking #Malware like #JavaScript which is used to commit these acts alongside #CryptoJacking and even abuse visitors' browsers for #DDoS attacks!

Because by observation I can claim with confidence that most #JS is unnecessary #bloatware if not #malicious as it's #WastefulComputing and used to #track and #deanonymize users without setting #Cookies!

#ITsec #InfoSec #OpSec #ComSec #Advertising #Cryptocurrency #DriveBymining #CyberCrime #Crime #Internet #Enshittification

@makepkg Reminds me of the @kalilinux ["detached LUKS header"]https://linuxconfig.org/how-to-use-luks-with-a-detached-headerhttps://linuxconfig.org/how-to-use-luks-with-a-detached-header and "LUKS-nuke-Password"...

#LUKS #Encryption #Linux #FullDiskencryption #FDE #ITsec #InfoSec #OpSec #ComSec