eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.

Server stats:

216
active users

#omapi

0 posts0 participants0 posts today
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.social/@stman" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>stman</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@Sempf" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Sempf</span></a></span> <span class="h-card" translate="no"><a href="https://chaos.social/@LaF0rge" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>LaF0rge</span></a></span> yes.</p><p>Because physical SIMs, like any <em>"cryptographic chipcard"</em> (i.e. <span class="h-card" translate="no"><a href="https://social.nitrokey.com/@nitrokey" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>nitrokey</span></a></span> ) did all that fancy public/private crypto on silicon and unless that was compromizeable (which AFAICT always necessistated physical access to the <a href="https://infosec.space/tags/SIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SIM</span></a>, espechally in pre-<a href="https://infosec.space/tags/OMAPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OMAPI</span></a> devices) the SIM wasn't <em>'cloneable'</em> and the weakest link always had been the <a href="https://infosec.space/tags/MNO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MNO</span></a> /.<a href="https://infosec.space/tags/MVNO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MVNO</span></a> issueing (may it be through <a href="https://infosec.space/tags/SocialHacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SocialHacking</span></a> employees into <em><a href="https://infosec.space/tags/SimSwapping" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SimSwapping</span></a></em> or LEAs showng up with a warrant and demanding <em>"<a href="https://infosec.space/tags/LawfulInterception" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LawfulInterception</span></a>"</em>):</p><ul><li>These <em>"attack vectors"</em> were known and whilst <em>unfixable</em> they could at least be mitigated by i.e. <em>NEVER</em> using a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a> for anything <em>and/or</em> using anonymously obtained <a href="https://infosec.space/tags/SIMs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SIMs</span></a>. But more and more services like <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> did <a href="https://infosec.space/tags/regression" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>regression</span></a> demanding <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> <em>and</em> more and more nations <em>criminalized</em> <a href="https://infosec.space/tags/AnonymousSimCards" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AnonymousSimCards</span></a> under utterly <a href="https://infosec.space/tags/cyberfacist" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberfacist</span></a> &amp; <a href="https://infosec.space/tags/FalsePretenses" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FalsePretenses</span></a>!</li></ul><p>Add to that the <em>regression</em> in flexibility: </p><p>Unlike a <a href="https://infosec.space/tags/SimCard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SimCard</span></a> which was designed as a <em>vendor-independent, <a href="https://infosec.space/tags/MultiVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiVendor</span></a>, <a href="https://infosec.space/tags/MultiProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiProvider</span></a>, device agnostic unit to facilitate the the <a href="https://infosec.space/tags/authentification" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentification</span></a> and <a href="https://infosec.space/tags/encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>encryption</span></a> in <a href="https://infosec.space/tags/GSM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GSM</span></a> (and successor standards)</em>, <a href="https://infosec.space/tags/eSIMs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIMs</span></a> act to restrict <a href="https://infosec.space/tags/DeviceFreedom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DeviceFreedom</span></a> and <a href="https://infosec.space/tags/ConsumerChoice" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ConsumerChoice</span></a>, which with shit like <a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KYC</span></a> per <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IMEI</span></a> (i.e. <a href="https://infosec.space/tags/Turkey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Turkey</span></a> demands it after 90 days of roaming per year) und <a href="https://infosec.space/tags/lMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>lMEI</span></a>-based <a href="https://infosec.space/tags/Allowlisting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Allowlisting</span></a> (see <a href="https://infosec.space/tags/Australia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Australia</span></a>'s shitty <a href="https://infosec.space/tags/VoLTE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VoLTE</span></a> + <a href="https://infosec.space/tags/2G" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2G</span></a> &amp; <a href="https://infosec.space/tags/3G" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>3G</span></a> shutdown!) are just acts to clamp down on <a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> and <a href="https://infosec.space/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a>.</p><ul><li>And with <a href="https://infosec.space/tags/EID" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EID</span></a> being unique per <a href="https://infosec.space/tags/eSIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIM</span></a> (like the <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IMEI</span></a> on top!) there's nothing stopping <a href="https://infosec.space/tags/cyberfacist" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberfacist</span></a> regimes like <em>"P.R."</em> <a href="https://infosec.space/tags/China" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>China</span></a>, <a href="https://infosec.space/tags/Russia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Russia</span></a>, <a href="https://infosec.space/tags/Iran" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Iran</span></a>, ... from banning <em>"<a href="https://infosec.space/tags/eSIMcards" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIMcards</span></a>"</em> (<a href="https://infosec.space/tags/eSIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIM</span></a> in SIM card form factor) or entire device prefixes (i.e. all phones that are supported by <span class="h-card" translate="no"><a href="https://grapheneos.social/@GrapheneOS" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>GrapheneOS</span></a></span> ), as M(V)NOs see the EID used to deploy/activate a profile (obviously they don't want people to activate eSIMs more than once, <em>unless explicitly allowed otherwise</em>.</li></ul><p>"[…] [Technologies] must <em>always</em> be evaluated for their ability to oppress. […] </p><ul><li>Dan Olson</li></ul><p>And now you know why I consider a <a href="https://infosec.space/tags/smartphone" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>smartphone</span></a> with eSIM instead of two SIM slots not as a <em>real</em> <a href="https://infosec.space/tags/DualSIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DualSIM</span></a> device because it restricts my ability to freely move devices.</p><ul><li>And whilst German Courts reaffirmed §77 TKG (Telco Law)'s mandate to letting people choose their devices freely, (by declarong <a href="https://infosec.space/tags/fees" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fees</span></a> for reissue of eSIMs illegal) that is only <em>enforceable towards M(V)NOs who are in <a href="https://infosec.space/tags/Germany" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Germany</span></a></em>, so <em>'good luck'</em> trying to enforce that against some overseas roaming provider.</li></ul><p>Thus <a href="https://infosec.space/tags/Impersonation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Impersonation</span></a> attacks in GSM-based networks are easier than ever before which in the age of <em>more skilled than ever</em> <a href="https://infosec.space/tags/Cybercriminals" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybercriminals</span></a> and <a href="https://infosec.space/tags/Cyberterrorists" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyberterrorists</span></a> (i.e. <a href="https://infosec.space/tags/NSA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NSA</span></a> &amp; <a href="https://infosec.space/tags/Roskomnadnozr" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Roskomnadnozr</span></a>) puts espechally the average <em><a href="https://infosec.space/tags/TechIlliterate" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechIlliterate</span></a> User</em> at risk.</p><ul><li>I mean, anyone else remember the <a href="https://infosec.space/tags/Kiddies" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kiddies</span></a> that <em>fucked around</em> with <a href="https://infosec.space/tags/CIA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CIA</span></a> director <a href="https://infosec.space/tags/Brennan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Brennan</span></a>? Those were just using their <em>"weapons-grade <a href="https://infosec.space/tags/boredom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>boredom</span></a>"</em>, not being effective, for-profit cyber criminals!</li></ul><p>And then think about those who don't have <em>privilegued access</em> to <em>protection</em> by their government, but rather <em>"privilegued access" to prosecution</em> by the state <em>because their very existance is criminalized...</em></p> <p>The only advantage eSIMs broight in contrast is <em>'logistical' convenience</em> because it's mostly a <a href="https://infosec.space/tags/QRcode" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>QRcode</span></a> and that's just a way to avoid typos on a cryptic <a href="https://infosec.space/tags/LocalProfileAgent" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LocalProfileAgent</span></a> link.</p>
Kevin Karhan :verified:<p>[<a href="https://infosec.space/tags/TLDR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TLDR</span></a>: JUST TELL ME <em>IF</em> YOUR TABLET CAN DO <a href="https://infosec.space/tags/CALLS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CALLS</span></a>!]</p><p><a href="https://infosec.space/tags/DearVendors" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DearVendors</span></a> of <a href="https://infosec.space/tags/Android" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Android</span></a>-<a href="https://infosec.space/tags/Tablets" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tablets</span></a>:</p><p>Off all the <a href="https://infosec.space/tags/Functions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Functions</span></a> you can put into a <a href="https://infosec.space/tags/Specifications" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Specifications</span></a> Sheet of your Devices there's one you should <em>ALWAYS answer clearly</em> on your <a href="https://infosec.space/tags/Website" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Website</span></a>:</p><p><em>DOES YOUR TABLET [with <a href="https://infosec.space/tags/4G" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>4G</span></a> / <a href="https://infosec.space/tags/5G" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>5G</span></a> / …) SUPPORT MAKE PHONE CALLS?</em></p><ul><li><p><em>NOT</em> "It can run <a href="https://infosec.space/tags/WhatsApp" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WhatsApp</span></a>" (or <em>whatever shitty <a href="https://infosec.space/tags/CCSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CCSS</span></a> for <a href="https://infosec.space/tags/VoIP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VoIP</span></a></em> you think of)...</p></li><li><p><em>NOT</em> "It can do <a href="https://infosec.space/tags/CSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CSD</span></a> / <a href="https://infosec.space/tags/HSCSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HSCSD</span></a> / <a href="https://infosec.space/tags/2G" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2G</span></a> / <a href="https://infosec.space/tags/3G" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>3G</span></a> /...</p></li><li><p><em>But</em> DOES IT SUPPORT <a href="https://infosec.space/tags/GSM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GSM</span></a>-<a href="https://infosec.space/tags/Calls" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Calls</span></a> (and/or <a href="https://infosec.space/tags/VoLTE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VoLTE</span></a>)??</p></li></ul><p>Like: <em>IS IT TOO MUCH TO ASK TO HAVE THAT INFO IN THE SPECSHEETS?</em></p><p>You're obviously able to list all the <a href="https://infosec.space/tags/Codecs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Codecs</span></a> natively supported and the user-available storage as well as supported Frequency Bands, WWAN modes, WiFi channel width and the Display Glass vs. Panel dimensions including DPI of the latter and whether or not it has a hall effect sensor to detect your overpriced 1st party tablet covers!</p><p>Now some folks may ask: <em>"WHY does this matter?"</em> or outright dismiss this as a problem.</p><p>Listen: <br>Not everyone is able or willing to carry <em>two</em> devices when 1 <em>SHOULD BE ENOUGH</em> and also some places (i.e. <a href="https://infosec.space/tags/Turkey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Turkey</span></a>) have <a href="https://infosec.space/tags/ImportRestrictions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ImportRestrictions</span></a> re: <a href="https://infosec.space/tags/MobileDevices" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MobileDevices</span></a>, so having more than 1 <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IMEI</span></a> is already a <em>"NOPE!"</em> by the authorities.</p><ul><li>Also this isn't something one can <em>"fix"</em> post-purchase like installing <a href="https://infosec.space/tags/VLC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VLC</span></a> to decode some obscure file format in Software: Either <em>the <a href="https://infosec.space/tags/Baseband" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Baseband</span></a> and <a href="https://infosec.space/tags/ROM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ROM</span></a> support <a href="https://infosec.space/tags/PhoneCalls" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneCalls</span></a> or they don't!</em></li></ul><p>So why do <em>NONE</em> of the <a href="https://infosec.space/tags/Tablet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tablet</span></a> manufacturers allow to <a href="https://infosec.space/tags/search" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>search</span></a> or <a href="https://infosec.space/tags/filter" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>filter</span></a> for that???</p><ul><li>Bonus points if you have lazy fucks like <a href="https://infosec.space/tags/HMD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HMD</span></a> (aka. <a href="https://infosec.space/tags/Nokia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Nokia</span></a>) who literally copy the <a href="https://infosec.space/tags/Safety" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Safety</span></a> &amp; <a href="https://infosec.space/tags/Useage" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Useage</span></a> information for all <a href="https://infosec.space/tags/Smartphones" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Smartphones</span></a> and <a href="https://infosec.space/tags/Tablets" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tablets</span></a> and don't even bother to change <em>"Mobile Phone"</em> for <em>"Tablet"</em>.</li></ul><p><em>NO</em>, instead one has to download an <em>obscenely huge <a href="https://infosec.space/tags/PDF" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PDF</span></a></em> just to then <a href="https://downloadcenter.samsung.com/content/UM/202410/20241010132004137/SM-X11X_X21X_UM_Open_UU_Ger_Rev.1.2_240925.pdf" rel="nofollow noopener" target="_blank">read on page 34</a> that for any <em>"<a href="https://infosec.space/tags/telephony" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>telephony</span></a>"</em> function you <em>NEED YET ANOTHER DEVICE FROM THE SAME MANUFACTURER AND HAVE TO SIGNUP WITH AN ACCOUNT</em> and even that level of <a href="https://infosec.space/tags/abuse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>abuse</span></a> WON'T GUARANTEE THAT IT WORKS...</p><ul><li>I mean, come on, this <em>ain't</em> some <em>obscure functionality</em> like <a href="https://infosec.space/tags/OMAPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OMAPI</span></a> to do some <em>"evil sourcery"</em> like <em>managing an <a href="https://infosec.space/tags/eSIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIM</span></a> that is in a <a href="https://infosec.space/tags/SIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SIM</span></a>-Card form factor</em>!</li></ul><p>Pretty shure <em>A LOT</em> of other folks have the same question and ain't willing to get <em>yet another device &amp; <a href="https://infosec.space/tags/SIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SIM</span></a></em> just to recieve <em>the occasional call</em> because <a href="https://infosec.space/tags/TechIlliterates" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechIlliterates</span></a> can't be assed to send an <a href="https://infosec.space/tags/eMail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eMail</span></a> or learn <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OMEMO</span></a> to message one...</p><ul><li>Obviously they same manufacturers are <em>able and willing</em> to specify <em>f-stops</em> of the built-in cameras and list <em>EVERY SINGLE <a href="https://infosec.space/tags/WEARABLE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WEARABLE</span></a></em> they made and certify as <em>'compatible'</em> with, as if <em>anyone</em> is gonna take their non-<a href="https://infosec.space/tags/waterproof" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>waterproof</span></a> <a href="https://infosec.space/tags/Tablet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tablet</span></a> for a marathon or god forbid triathlon...</li></ul><p><a href="https://infosec.space/tags/Rant" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Rant</span></a> <a href="https://infosec.space/tags/TechSupport" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechSupport</span></a> <a href="https://infosec.space/tags/Technology" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Technology</span></a> <a href="https://infosec.space/tags/Support" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Support</span></a> <a href="https://infosec.space/tags/Sysadmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sysadmin</span></a> <a href="https://infosec.space/tags/Procurement" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Procurement</span></a> <a href="https://infosec.space/tags/IT" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IT</span></a> <a href="https://infosec.space/tags/SpecSheet" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SpecSheet</span></a> <a href="https://infosec.space/tags/Tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tech</span></a></p>