The eupolicy.social admin @admin

0 posts0 participants0 posts today

Replied in thread

**Kevin Karhan** @kkarhan@infosec.space · Feb 14

Feb 14

Kevin Karhan @kkarhan@infosec.space

@dalias @lauren
@pixelschubsi

Also the blatant dismissal of absolitely basic #OpSec & #ComSec is just flabberghasting.

It's inherently wrong to put all eggs in one basket and #Signal being not shut down like #SkyECC & #EncroChat makes it just as sus as #ANØM / #OperationIronside / #OperatioTrøjanShield and #CryptoAG / #MINERVA / #RUBIKON.

Only #decentralized, #OpenSource & #OpenStandards can actuall survive long-term and remain #secure.

Otherwise we'd all gaslight ourselves into ignoring the hard lessions we learned that bought us to the #Fediverse and why we ain't on #Shitter or #tumblr or #BrownSky or #NSAbook (any more)!

It's the same reasons we use #PGPG/MIME & #SSH and not #X400 & #X25!

Unlike with @signalapp one doesn't has to trust the provider or app. #XMPP+#OMEMO works regardless if you use @monocles or @gajim or do #SelfHosting and only trust code you wrote yourself...

IOW: Think "How can you weaponize Signal?" and see what you csn do just holding key people in contempt...

And I'm not even talkibg about #Govware - #Backdoors and #MassSurveillance alike #Room651A, but just duely submitted warrants that @Mer__edith will comply with...

The less #info a provider has, the less they can be forced to snitch upon customers.

So even if you don't give a shit that #CloudAct makes this a "#CantUse & #WintUse" (out of US-centrist privilegue to not comply #GDPR & #BDSG) for many, it's still dishonest.

"#JustUseSgnal!" is a form of dangerous "#TechPopulism" aimed at bamboozling #TechIlliterates who don't know better, abusing information asymetry to pull rank instead of investing the time and effort to *explain "how" and "why" this is indeed a good or bad idea.

There's a reason why @tails_live / @tails / #Tails doesn't include #Signal and why I'll say it again that XMPP+OMEMO over @torproject / #Tor is the gold standard in terms of #privacy and #security when it comes to #ComSec that isn't #airgapped aka. "Airgapped PGP".

The only ones that have a chance to beat that are @delta / #deltaChat but that's just #PGP/MIME #eMail in a nice UI...

You may now laugh at me and think my "#TinfoilHat sits too tight" but I'm shure sooner or later I'll be evidenced as correct...

Hachyderm.ioCassandrich (@dalias@hachyderm.io)@kkarhan@infosec.space @signalapp@mastodon.world @monocles@monocles.social @lauren@mastodon.laurenweinstein.org Very few systems promoted as Signal alternatives match the cryptographic privacy properties (see: ratcheting, etc.) of Signal. The claims about "located in the USA" and "Cloud Act" are all nonsense because the only threat to Signal users from this is availability (seizure and shutdown of the server infrastructure), not undetected breakage of privacy properties. There are presently no systems with superior privacy properties to Signal *and* level of functionality on par with what general public expects. There are a lot (like the XMPP stuff, *sigh*, and Matrix) that are worse in both regards. If you're happy with reduced functionality, Cwtch (and possibly some other similar Tor-based systems) or VeilidChat are stronger, but it's gonna be a while before you convince normies to use them, and in the mean time they're still going to be on insecure shit like WhatsApp, FB Messenger, Telegram, etc...

#tinfoilhat

Replied in thread

**Kevin Karhan** @kkarhan@infosec.space · Nov 17, 2024 *

Nov 17, 2024 *

Kevin Karhan @kkarhan@infosec.space

@HonkHase @GrapheneOS +1

Indeed I've to dive deeper into #GrapheneOS's security geatures.

Pretty shure you also have a "decoy mode" password implemented that wipes all tue keys if not go as far as to show a fake unlocked android.

Kinda like "#ArcaneOS" (a botched @LineageOS fork) but without #Govware #Backdoors...

YouTubeThis Phone Was Designed By The FBI To Catch Criminals - Anom Phone Hands OnBy Hugh Jeffreys

#ANØM #OperationIronside #OperationTrøjanShield

Replied in thread

**Kevin Karhan** @kkarhan@infosec.space · Nov 3, 2024 *

Nov 3, 2024 *

Kevin Karhan @kkarhan@infosec.space

You use XMPP+OMEMO because you think it's neat.

I use XMPP+OMEMO because all centralized, single-vendor and/or single-provider messengers are inherently garbage, collect PII like phone numbers for no "legitimate reason" and don't offer proper End-to-End - Encryption with self-custody of all the keys, making them either honeypots or prime targets for warrants.

We are not the same!

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@evacide@hachyderm.io NO, YOU CANNOT USE @signalapp@mastodon.world WITHOUT A PHONE NUMBER!!! * They still require a phone number as they still do restrict the functionality of their App based off the phone number given! Also we've all seen that #centralized, #SingleVendor & #SingleProvider solutions are inherently bad - so why should anyone use #Signal over #XMPP+#OMEMO or XMPP+#PGP/MIME ??? #Signal, like every provider in the #USA, is subject to #CloudAct ** and will obviously hand over the #metadata they collected without legitimate interest if told to do so. *** After all, clients like @monocles@monocles.social ' #monoclesChat **** make XMPP w/ OMEMO and PGP/MIME extremely user-friendly... Im many juristictions, you cannot legally obtain an anonymous prepaid SIM legally! ***** - - - Sources: * https://social.tchncs.de/@kuketzblog/111968247576555678 ** https://en.wikipedia.org/wiki/CLOUD_Act *** https://web.archive.org/web/20220112020000/https://twitter.com/thegrugq/status/1085614812581715968 **** https://f-droid.org/en/packages/de.monocles.chat/ ***** https://infosec.space/@kkarhan/111968383793566135

#XMPP #OMEMO #WeAreNotTheSame

Replied in thread

**Kevin Karhan** @kkarhan@infosec.space · Oct 22, 2024

Oct 22, 2024

Kevin Karhan @kkarhan@infosec.space

@ditol @samueljohn @linuzifer

THIS is where I disagree...

You may think it's elitist, but if people are too lazy to learn even fundamentals like how to use #Tails then maybe they should just not do #tech at all?

Like: We expect people to show at the every least theoretical proficiency in terms of #TrafficCode and #VehicleSafety in +every juristiction I'm aware of* and literally mandated #DrivingLicense|s for that reason.

I'll gladly teach #TechIlliterates but I won't waste my time on people that spread disinfo...

It's 2024: @tails_live / @tails has been out for over a decade and there are a shitload of guides ranging from written documentation to Zoomer-friendly TikTok-Style shorts on how to get started.

I don't expect people to do #airgapped pffline-PGP but with @thunderbird including #Enigmail and not requiring any external dependencies like the god-awful #GPG4Win stuff's easier than ever.
Same with #mobile: #Appls like @monocles / #monoclesChat are so easy, I've been able to onboard literal tech-illiterates remotely with few steps and simple instructions.

FOR THE LAST TIME:

*STOP MAKING EXCUSES TO JUSTIFY ESCALATING COMMITMENT TO EVIDENTLY BAD SOLUTIONS!"

Cuz when push comes to shove @Mer__edith herself would introduce a #Govware #backdoor into @signalapp when faced with indefinite jailtime...

Whereas with #SelfCustody of all the keys as well as #ReproduceableBuilds and real #decentralization, this would be evidently impossible even if all the devs wanted to comply honestly and not just because they could be held at gunpoint.

#Signal is not your friend. It's merely a tax-exempt "non-profit" corporation, and corporations are explicitly nobodys friend - espechally when they demand #PII like phone numbers for useage.

Compare that to #monocles where you do pay like €2 p.m. but in return get #standard #protocols like #IMAP, #SMTP & #XMPP and can pay anonymously and not have to provide any PII whatsoever!

And unlike #Signal they ain't dependent on #VC funding and #grant money to keep the lights on.

Make of that what you will, but just like allowing flatearthers to roam freely without caretaker supervision doesn't make the world less round, so won't the facts change about #ITsec, #InfoSec, #OpSec & #ComSec.

The only reason Signal is still online and not #pwned like #EncroChat is because it's either a Sting op like #ANØM aka. #OperationIronside aka. #OperationTrøjanShield or they have already backdoored their #backend so hard that all their #marketing is just #lies like #Apple...

Because all #centralized, #SingleVendor & #SingleProvider solutions are bad, and if they don't even allow for #SelfCustody then they are just a #grift to #scam tech-illiterates that don't know and/or don't care!

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)Attached: 1 image @Catweazle@vivaldi.net @baeuchle@chaos.social @Linux@kitty.social @torproject@mastodon.social @Vivaldi@vivaldi.net Claiming that ["[...] Mullvad is as private as Tor [...]"]( https://social.vivaldi.net/@Catweazle/113344664983833218 ) disqualified your for any future discussion. - If you can't distinguish between a #VPN and #Tor then you are either *criminally incompetent* or *acting as a #UsefulIdiot* by *spreading #FUD and known #disinfo*, which *can get people killed* who believe this bs! I'll set you some timeout, so you can think about it and apologize in due time! #thxbye #EOD #next

#thxbye #EOD

Replied in thread

**Kevin Karhan** @kkarhan@infosec.space · Aug 29, 2024

Aug 29, 2024

Kevin Karhan @kkarhan@infosec.space

@GrapheneOS I think both apps are shit as *both #Telegram and @signalapp demand #PII in the form of #PhoneNumbers.

#Signal at least has their #client's source code published so similar to like #Tarsnap it's more trustworthy by virtue of better #transparency...

OFC Telegram is (by my personal observation) almost exclusively being used by #Scammers and other #TechIlliterate criminals.

Trusting Telegram is like trusting #EncroChat or #ANØM aka. #OperationIronside aka. #OperationTrøjanShield: It literally has #Govware #Backdoors because the #UAE of all plaves would've swatted their "HQ" if not forved #Durov at gunpoint to integrate it into it if it wasn't there...

#encrochat #Anom #operationironside

Replied in thread

**Kevin Karhan** @kkarhan@infosec.space · Jun 19, 2024 *

Jun 19, 2024 *

Kevin Karhan @kkarhan@infosec.space

@jakob @AussenMa @gajim @monocles

Und obwohl @signalapp & @Mer__edith durch "#Chatkontrolle" zur integration von #Govware - #Backdoors gezwungen werden könnten - falls #Signal nicht bereits ein #HoneyPot alla #ANØM / #operationIronside / #OperationTrøjanShield ist - so wird keine #Prohibition die #Realität ändern oder #sichere (also #dezentrale, auf Basis von #MultiVendor & #MultiProvide - Standards umgesetzte) #Kommunikation unterbinden können...

Genausowenig wie #EUgunban die Entwicklung des #FGC9 verhindert hat...

Das einzige was #CyberfaschistischeKackshice wie jene #AnlassloseMassenüberwachung tun wird, ist Menschen #kriminalisieren - und wenn das zuviele sind dann könnte es passieren dass jene Menschen mit dem Staat brechen und sich sagen 'Shice drauf!' und dann erst richtig kriminell werden weil es für diese dann keinen Unterschied mehr macht...

Recent searches

Search options

Administered by:

Server stats:

#OperationIronside