@martinsteiger @KarlHeinzHasliP @cryptgoat @dalai nope, sondern Alltag!
#comsec
@Cappyjax IDGAF about "passion". All I care about is the security of users!
Requiring any #PII like a #PhoneNumber is inacceptable when it comes to #ComSec, #InfoSec & #OpSec, espechally given @signalapp is not only able but entirely willing to restrict service based off said numbers, making their "solution" insecure by design.
- There's a reason why #XMPP+#OMEMO and #PGP/MIME [both each over @torproject / #Tor] is the evidently superior and more secure approach, as being unable to "#KYC" a user is a matter of security...
Espechally since obtaining a phone number anonymously is oftentimes illegal (i.e. #Germany made it illegal starting 07/2017, so using any service that demands a phone numner is out of question)
- And even if one can get an anonymous #SIM (with a phone number) or god forbid #eSIM, (which is at best pseudonymous as tracking down users by virtue of matching ICCID, IMEI & IMSI to location and time) the chances are high that one ends up with recycled phone numbers that have already been used.
Obviously the devs of #Signal and @Mer__edith are well aware of this critical flaw, which is why I consider them to act as "useful idiots" or rather "controlled opposition" as #Signal could've been shutdown trivially by the #US Government or forced into banning users based off their #PhoneNumbers (they may call this "#sanctions #compliance" given they added a #Shitcoin - Wallet into Signal!)...
- All the "but #Metadata" #FUD turns into #MarketingLies once put under the looking glass and examined against the risk of state-sponsored / -endordsed / -supported attackers.
Whereas with @monocles / #monoclesChat, @gajim / #gajim and @delta / #deltaChat and @thunderbird / #Thunderbird respectably I can not only use Tor, but do #SelfHosting for the entire #communications infrastructure (i.e. using an #OnionService = only reachable via Tor) and get the advantages of a self-routing, self-authenticating & battle-hardened against censorship proxy network that can't be shutdown!
- And if you think this is too tinfoilhatted, then consider yourself privilegued enough of having your mere existance not being criminalized by the government under threat of public execution!
https://ilga.org/wp-content/uploads/2024/02/ILGA_World_map_sexual_orientation_laws_December2019.pdf
https://infosec.space/@kkarhan/114697690127511140
@pascal_f @kuketzblog @forthy42 @ulrichkelber
Eben! Ich betrachte es ferner als naiv angesichts #CloudAct, Anbietern proprietärer #SingleVendor / #SingleProvider-"Lösungen" wie @signalapp das vertrauen zu schenken!
- Und wenn das bedeutet dass Leute #Windows11 & Co. rausschmeißen dann ist dem so.
Gerade weil #ITsec, #InfoSec, #OpSec & #ComSec zusammenhängen und nur zusammen funktionieren...
@Em0nM4stodon except #Protin got caught snitching!
- Consider @monocles / #monoclesMail with @thunderbird on @tails_live @tails / #Tails over @torproject / #Tor and do #PGP/MIME for maximum #ComSec!
@mshelton @freedomofpress @eff I did prepare peoples' devices for that in the past.
My suggestions:
0. Never assume you'll have any #HumanRights or #CivilRights. Always assume #TSA staff is looking for a reason to jail, deport, deny entry or shoot one on the spot.
1. Do not have data on them! #CPB will seize any storage media under threat of lethal violence! Use a #ThinClient-like device without any persistent storage. Keep anything important in your head or don't keep it at all.
2. Have someone to setup a #RemoteDesktop for you post-entry and enshure you've got a #SafeWord to indicate you're acting under duress, so they can redirect stuff to a inconspicuous system.
3. Have a #decoy system ready. CPB have full, unrestricted bulk access to all data from companies that are located, do business in or have an office within the #USA as per #CloudAct. So much so that they consider it "suspicious" if one doesn't have an #NSABook account.
4. Make shure all your devices are #clean. Get yourself new throwaway devices and don't trust them if you ever let them out of sight for a second!
5. Test your setup before you travel to the #US on a different system.
6. This applies to every single device from #SimCard to #Laptop. Assume that if authorities plug anything in them, they are irredeemably compromised!
7. Practise proper #ITsec, #InfoSec, #OpSec & #ComSec. Have proper contingencies and emergency contacts in place.
Wer so'n shice programmieren kann, kann auch gefälligst ne Seite baun die ohne #JavaScript auskommt!
#NoJS #Malware #NoJavascript #Accessibility #Privacy #ITsec #InfoSec #OpSec #ComSec #Webdesign #Enshittification
I have a question for #opsec #comsec
Someone came to me and said that their phone said that a phone call they were on was recorded. They're an immigrant and was talking to their sibling who is also an immigrant. They were on cell (old android), sibling was on a land line.
It's possible they touched the wrong icon in their phone app that did the recording.
Has anyone heard of this being done by the guvmint? It makes no sense they would inform you they recorded but I have to ask.
@cdonat @dalai @ip6li also ich würde darüber garnicht erst diskutieren:
Entweder fliegt sower hochkant und ich krieg' den Job & Gehalt oder ich gehe und das #BSI zerlegt den Laden so heftig dass keiner der CxO's mehr irgendwo nen Job bekommt, noch nichtmals als Lieferfahrer*in!
https://infosec.space/@kkarhan/114621798932871398
Ich meine wo kommen wir da hin? Leute die #NanoCore unsarkastisch zur #Administration von '#WindowsServer" nutzen?
#HotTake: Wer "#KI" im #Recruiting einsetzt gehört mit #Berufsverbot wegen mangelnder #Berufsethik belegt!
#AI #AIslop #Enshittification #Datenschutz #InfoSec #OpSec #ComSec #ITsec #GAFAMs #DSGVO #BDSG #Diskriminierung #InformationelleSelbstbestimmung
@GrapheneOS IMHO this needs to be outlawed by @EUCommission and others becaise it impacts #ITsec, #InfoSec, #OpSec, #ComSec, #DataProtection and #ConsumerRights!
@t3n ja, und das Problem ist halt durch #Shitcoins und jene #PostPrivacy basierend.
- Datenlecks bei Börsen wie #Coinbase samt #KYC-Datensätze machen #Entführungen samt #Lösegeldforderungen umso einfacher und gängiger.
Anders als #Banken wo die #ITsec, #InfoSec, #OpSec & #ComSec nicht nur keine #Transparenz des Kontostandes bietet sondern welche auch explizit Pläne für solche Szenarien haben, wo Leute ggf. bedroht werden und gezwungen werden deren Konto leerzuräumen.
- Und während quasi kaum eine Bank >€5k pro Kunde und Tag ausspuckt, ist ein #Shitcoin (#Bspw. #Bitcoin oder #Ethereum) - Wallet zuhause quasi so als würde jemensch damit prahlen Geld unters Bett zu packen, nur mit dem Unterschied dass Kriminelle vorab genau wissen, wieviel dort ist und die Flüsse in Echtzeit kontrollieren können und jene Shitcoins schnell soviel wert sein können wie ne Matratze aus €5-Geldscheinen...
@anagnostes @Cheatha can we get a modern reboot of the "Designed for Linux - Windows Vista incapable" stickers?
- Ideally with hardware purposefully designed to not be able to run #Windows11?
Cuz I think it's high time we stop peddling to a shitty #Govware!
#Linux #LinuxDesktop #YearOfTheLinuxDesktop #YearOfLinuxGaming #ITsec #InfoSec #OpSec #ComSec #Privacy #DataProtection #Tech
@silhouette @richi @signalapp @torproject
1. You completely miss the points! There is no "#TechnicalNecessity" to demand #PII like a #PhoneNumber - espechally for a "#privacy"-focussed messenger!
2. & 3. #Signal is able and willing to comply with #Cyberfacism and pushing a #Shitcoin (#MobileCoin) makes it trivial to criminalize the App for "illegal & unregilated banking". If #Moxie or @Mer__edith cared they'd yeet that thing (or didn't even integrate it to begin with!) to avoid the attention. And yes Signal does restrict the App functionality when using a phone number from #Russia & #Iran (among other nations), thus affecting not only those in need of safe comms but by sending a verification code to them, earmarking them for police & intelligence. Which bings.me to the 1st agrument.
4. #Tor has a stellar record in terms of stability, integrity and censorship circumvention. DIY'ing something instead if following almost two decades of solid progress is absurd and violates "don't roll your own crypto" as a rule!
5. Only with #SelfCustody can you protect your own data. Or do you really expect Staff from Signal to not talk when facing lifetime in jail? If they have the keys, they can decrypt it, thus their #E2EE is just a "#TrustMeBro!" concept. I mean, what prevents them from being forced into backdooring all comms to @icij as per #NSL? Any "guarantee" without self-custody is worthless by virtue of being unenforceable!
Signal pushing #TechPopulism instead of teaching folks that their #ComSec is worth diddly-piss wothout.#OpSec, #InfoSec & #ITsec is dangerous!
- And yes claiming "JuSt UsE sIgNaL!" is dangerous in the era of #Trump's #cyberfacist regime acting as it does (like with the #ICC)!
Not to mention there are better options that don't do that shite (i.e. demand PII) and just work. @monocles / #monoclesChat & @delta / #deltaChat for example can adapt way better to said risks and ain't run by a #VCmoneyBurningParty!
@ip6li @bsi @bnd @bwi @itzbund
Und um eins klarzustellen: Es ist nicht so als würde ich es per-se ablehnen für @Bundesregierung zu arbeiten.
- Tatsächlich wäre ich daran sogar interessiert, vorausgesetzt es besteht ein echtes Interesse, die #NatSec qua #ITsec, #InfoSec, #OpSec & #ComSec zu verbessern und nicht einfach irgendwelches proprietäres, "#DigitalesSchlangenöl" raufzukleben!
Nur wenn ich faktisch qua #Technologiestack #Microsoft #Windows meiner #Pflicht zur #Vertraulichkeit (#MicrosoftRecall ist integrierte #Malware) nicht nachkommen kann ist dies weder mit #Berufsethik noch Berufshaftpflicht, Rechtsschutzversicherung, Amtseid oder #Verfassungstreue vereinbar!
Ob @bnd angesichts des #Trump - #Regimes und dessen Aktionen [gegen den #IStGH] und der #cyberfaschistisch|en Macht qua #CloudAct endlich Alarm schlägt was #GAFAM-Produkte oder generell #Technologie aus den #USA, besonders aber #Microsoft Produkte wie #Windows, #MicrosoftOffice & #WindowsServer angeht?
- Ich will dem @bsi und @Bundesregierung nicht zu nahe treten, aber die gegenwärtige #IT-Architektur der #Bundesrepublik #Deutschland ist mit "Die Nationale Sicherheit und Handlungsfähigkeit des Staates hängt von den #vibes von Trump ab" noch höflich umschrieben!
Und da ich nunmal #Bürger dieses Landes bin wird dies leider auch mein Problem - entgegen aller Warnungen meinerseits!
- Was hindert die #US-Regierung daran Deutschland, die #EU oder den Rest der Welt mittels entsprechender Produkte in #Geiselhaft zu nehmen?
Oder ist jene #Abhängigkeit von der Laune und dem Guten Willen aus D.C. gar politisch gewollt?
- Ernsthafte Frage… Ich erwarte keine #Antwort, sondern erwarte #Verantwortbarkeit und #Konsequenzen!
#DEpol #ITsec #InfoSec #OpSec #ComSec #NatSec #NationaleSicherheit #Tech #CyberKolonialismus #MangelndeVerantwortbarkeit #MangelndeKonsequenzen #ICC #USpol #EUpol #IntlPol #INTpol #UN
Client Info
Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst