Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
nerdculture.de is one of the many independent Mastodon servers you can use to participate in the fediverse.
Be excellent to each other, live humanism, no nazis, no hate speech. Not only for nerds, but the domain is somewhat cool. ;) No bots in general. Languages: DE, EN, FR, NL, ES, IT

Administered by:

Server stats:

1.2K
active users

nerdculture.de: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

#selfcustody

2 posts2 participants0 posts today
Replied in thread
Public *
Kevin Karhan :verified:

@pixelcode @phreaknerd @melsdung @nocci das bzgl. #Signal halte ich bestenfalls für ne #Werbelüge, weil nicht evidenzierbar!

Und wer #monocles oder anderen Anbietern nicht vertraut kann #XMPP selbst.hosten und hat bei #OMEMO ohnehim doe Kontrolle über die Schlüssel.

Alles andere ist naiver Glauben dass @Mer__edith für Nutzer*innen Knast riskieren würde…
infosec.space/@kkarhan/1142345

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)Content warning: Rant re: Signal Shills being dangerous Tech Illiterates
Replied in thread
Public
Kevin Karhan :verified:

@signalapp no it's not.

Being a #centralized, #SingleVendor & #SingleProvider solution subject to #CloudAct makes you inherently vulnerable by your own choice and thus trivial to shutdown compared to real #E2EE with #SelfCustody of all the keys and true #decentralization as well as #SelfHosting (i.e. #PGP/MIME [see @delta / #deltaChat et. al.] and #XMPP+#OMEMO [see @monocles / #monoclesChat et. al.]!)

And don't even get me started on you collecting #PII (espechally #PhoneNumbers) for no valid reason, (thus violating #GDPR & #BDSG)...

But yeah, I'll be patient to shout "#ToldYaSo" to your annoying cult of fanboys!

YouTubeWe Tried Signal's MobileCoin So You Never Have To...By Techlore
#toldyaso
Replied in thread
Public
Kevin Karhan :verified:

@ueeu I think crucial parts is looking at it's components, dependencies, size and for apps permissions.

#ReproduceableBuilds for example are important, so the actually released source code is what people actually get served as basis.

Plus in terms of #security, choose *real #E2EE with #SelfCustody of all the #Keys!

Replied in thread
Public
Kevin Karhan :verified:

@bdf2121cc3334b35b6ecda66e471 @froge @fj maybe but it's better than a #proprietary, #SingleBendor & #SingleProvider solutiom as it just works even on #throttled, sub-#2G speeds over #Tor...

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@froge@social.glitched.systems @fj@mastodon.social I'm not replacing @signalapp@mastodon.world with *"random tools"* but good options. Like @delta@chaos.social & @thunderbird@mastodon.online as well as @monocles@monocles.social / #monoclesChat & @gajim@fosstodon.org which owrk flawlessly over @torproject@mastodon.social / #Tor using @tails@fosstodon.org / @tails_live@venera.social / #Tails and @guardianproject@librem.one / #Orbot respectably. - Also these allow not only #SelfHosting but just work and I'd highly recommend #monocles as a hoster which finances iself by users paying *and* allows #anonymois accoubts & payments including not just #Monero but also #CashByMail! Considering the costs of even acquiring and upkeeping an #anonymous #SIM, I'd rather pay €2 p.m. for #XMPP+#OMEMO and #PGP/MIME-supported #eMail with thr option of self-custody than $2,50+ p.m. just to keep a phone number. - Plus I don't run around with a #tracking device that could be used to #deanonymize me any second...
#e2ee#selfcustody
Replied in thread
Public
Kevin Karhan :verified:

@fj I still think @signalapp has fundamental flaws like demanding #PII (#PhoneNumbers can't be obtained anonymously around the globe and are trivial to track down to devices and thus users), being subject to #CloudAct as an unnecessary & 100% avoidable risk as well as #Shitcoin-#Scam shilling (#MobileCoin) and it's #proprietary, #SingleVendor & #SingleProvider nature that makes it inferior to real #E2EE with #SelfCustody like #PGP/MIME & #XMPP+#OMEMO!

#e2ee#selfcustody
Replied in thread
Public *
Kevin Karhan :verified:

@licho @osman provide evidence the code @signalapp released is actually being deployed.

Not to mention pushing a #Shitcoin-#Scam (#MobileCoin) disqualifies #Signal per very design!
youtube.com/watch?v=tJoO2uWrX1M

  • Given the collection of #PII like #PhoneNumbers, the ability to restrict functionality based off those and the fact that #Signal is subject to #CloudAct make it inherently not trustworthy.

And don't even get me started on the fact.it's not sustainable to run it as a #VCmoneyBurningParty!

Same as identifying users: They already got a #PhoneNumber which in many juristictions one can't even obtain without #ID legally, thus making it super easy to i.e. find and locate a user. Even tze cheapest LEAs can force their local M(V)NOs to #SS7 a specific number...

  • All these are unnecessary risks, that could've been avoided, but explicitly don't even get remediated retroactively!

Again: Signal has a #Honeypot stench, and you better learn proper #E2EE, #SelfCustody and #TechLiteracy because corporations can't pull the 5th [Amendment] on your behalf!

YouTubeSignal's Terrible MobileCoin BetrayalBy The Hated One
Public
Kevin Karhan :verified:

@osman If your #OpSec, #InfoSec, #ComSec and/or #ITsec relies on @signalapp and/or @Mer__edith risking jail or worse, you fucked up!

Seriously, to me #Signal stenches #Honeypot like #ANØM & #CryptoAG.

That's why I get people setup with it!

Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”
Replied in thread
Public
Kevin Karhan :verified:

@Catwoman69y2k @dragonfriend most importantly:

Only with #SelfCustody of all the keys, #SelfHosting of the entire infrastructure and everything being #OpenSource, one can assure (and [let it be] audit[ed] independently) that the #advertised #promises are in fact true.

Cuz not expecting @Mer__edith to break is the same level of "#TrustMeBro!" assurances as #ANØM, #EncroChat, #SkyECC, #WhatsApp etc. do in their #advetising #lies!

  • Remember: Corporations/Foundations/non-profits/... don't have a right to be silent , only individuals, and even then there are certain juristictions that have #KeyEscrow laws (i.e. #France, #Russia, #KSA, #China, #India, #UK , ...) in the books!
Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”
#keyescrow#france#russia
Replied in thread
Public
Kevin Karhan :verified:

@FediThing @nicoco @fabiscafe @vkc nodds in agreement

"Perfect" would be #OneTimePad, but that's just not in the cards - period!

#XMPP+#OMEMO & #PGP/MIME are the next-best options that are documented, multi-vendor & multi-provider standardsband offer #SelfCustody of all the keys.

infosec.space/@kkarhan/1141777

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@torf@c.im @helma@mastodon.social @nicoco@pouet.pas.la @fabiscafe@mstdn.social @vkc@linuxmom.net not to mention [foring people to unlock devices](https://infosec.space/@kkarhan/114177741657495022) isn't unique to #Russia. The #USA's #ICE & #CBP [*routinely* rejects entry](https://infosec.space/@kkarhan/114174061058209538) if people refuse to decrypt storage and/or hand over logins... - In some cases literally making up cases solely off #NSAboon / #StasiBook DMs as they have *bulk access* w/o warrant!
ExploreLive feeds
About