techhub.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A hub primarily for passionate technologists, but everyone is welcome

Administered by:

Server stats:

4.7K
active users

#SingleProvider

0 posts0 participants0 posts today
Replied in thread

@artfulmodder last time I checked @signalapp still demanded #PII in.the form of a #PhoneNumber, still peddled the #MobileCoin #Shitcoin #Scam and didn't move out of the #Cyberfacist #USA despite #CloudAct being nothing new!

  • Not to mention #Signal is both able and willing to discriminate against users based off said PII. Just because they do it for "#Sanctions #Compliance" diesn't mean they ain't gonna change that nor that @Mer__edith (or anyone else at Signal) could be bribed or threatened to do so.

They are #centralized #SingleVendor & #SingleProvider and are thus a #SinglePointOfFailure per design!

IMHO "memory tagging" is the least of Signal's problems. To me they stench "#ControlledOpposition" just as hard as #ANØM and incompetence as hard as #EncroChat!

Replied in thread

@mit_scharf the problem with "threat scenarios" is that they tend to change quickly, non-consensual and without warning.

  • Demanding any #PII [even by virtue of being correlateable through circumstances] to be able to use a service is inherently bad, espechally since there is no "legitimate interest" for that.

"#KYC" is the illicit activity! and #Signal acts as a controlled opposition by virtue of being a #proprietary, #centralized, #SingleVendor & #SingleProvider "solution" that subjects itself to a juristiction that has 0 #privacy laws and only #cyberfacism (see #CloudAct ) to boot...

  • I find it more fatiguing and also expensive to try to workaround shite than to migrate folks to secure standards because that's a one-time investment that I'm willing to take vs. having to jump through hoops and paywalls to acquire a working #SIM (or #eSIM) anonymously and maintaining it.

It's just not in the cards TBH!

en.wikipedia.orgOpposition (politics) - Wikipedia

@martinsteiger Welche?

Weil ich sehe nur #PGP & #OMEMO in Benutzung...

Aber vielleicht sind jene Personen naiv genug #proprietär|en #SingleVendor & #SingleProvider - Lösungen auf den Leim zu gehen?

infosec.space/@kkarhan/1147013
infosec.space/@kkarhan/114697690127511140

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@Cappyjax@mastodon.social IDGAF about *"passion"*. [All I care about is the security of users!](https://infosec.space/@kkarhan/114697690127511140 ) Requiring *any* #PII like a #PhoneNumber is inacceptable when it comes to #ComSec, #InfoSec & #OpSec, espechally given @signalapp@mastodon.world is not only able but entirely willing to restrict service based off said numbers, making their "solution" insecure by design. - There's a reason why #XMPP+#OMEMO and #PGP/MIME [both each over @torproject@mastodon.social / #Tor] is the *evidently superior and more secure approach*, as being unable to *"#KYC"* a user is a matter of security... Espechally since obtaining a phone number anonymously is oftentimes illegal (i.e. #Germany made it illegal starting 07/2017, so using any service that demands a phone numner is out of question) - And even *if* one can get an anonymous #SIM (with a phone number) or god forbid #eSIM, (which is at best pseudonymous as tracking down users by virtue of matching ICCID, IMEI & IMSI to location and time) the chances are high that one ends up with recycled phone numbers that have already been used. Obviously the devs of #Signal and @Mer__edith@mastodon.world are well aware of this critical flaw, which is why I consider them to act as [*"useful idiots"*](https://en.wikipedia.org/wiki/Useful_idiot) or rather [*"controlled opposition"*](https://en.wikipedia.org/wiki/Opposition_(politics)#Controlled_opposition) as #Signal could've been shutdown trivially by the #US Government or forced into banning users based off their #PhoneNumbers (they may call this *"#sanctions #compliance"* given they added a #Shitcoin - Wallet into Signal!)... - All the *"but #Metadata"* #FUD turns into #MarketingLies once put under the looking glass and examined against the risk of state-sponsored / -endordsed / -supported attackers. Whereas with @monocles@monocles.social / #monoclesChat, @gajim@fosstodon.org / #gajim and @delta@chaos.social / #deltaChat and @thunderbird@mastodon.online / #Thunderbird respectably I can not only use Tor, but do #SelfHosting for the entire #communications infrastructure (i.e. using an #OnionService = only reachable via Tor) and get the advantages of a self-routing, self-authenticating & battle-hardened against censorship proxy network that can't be shutdown! - And if you think this is too tinfoilhatted, then consider yourself privilegued enough of having your mere existance not being [criminalized by the government under threat of public execution!]( https://ilga.org/news/state-sponsored-homophobia-december-2019-decade-update/) https://ilga.org/wp-content/uploads/2024/02/ILGA_World_map_sexual_orientation_laws_December2019.pdf https://infosec.space/@kkarhan/114697690127511140
Replied in thread

@derekmorr

Let it go, already. No one uses MobileCoin. You can’t even find an exchange to buy it.

Then why does @signalapp still have that shit in it? @Mer__edith could've pulled that #Shitcoin yet refuses to do do!

The Cloud Act is a non-issue. Signal doesn’t have data on users, so they can’t be forced to disclose it.

That's literally wrong!

  • #Signal not only collects #PII in the form of a #PhoneNumher but explicitly is able and willing to use that to dsicriminate against users and restrict app functionality based off their presumed juristiction. There is no "legitimate interest" for.doing so nor any legal mandate to do so (unless we excuse the ehole #MobileCoin-#Scam!)

It’s been 30 years, and no one uses xmpp. Let it go.

Wrong again. Otherwise there wouldn't be thriving ecosystems and Apps to this day. It's just that corporate shills refuse to acknowledge that Signal - like all centralized, proprietary, #SingleVendor and/or #SingleProvider kessengers before and after - will inevitably die as their business model is not sustainable. Sake with #ICQ really. The only exceptions are those that abolish #privacy for #profit, integrate actually working payments or sellout to a #cyberfacist #government (all those apply to #WeChat!)

It’s shocking that people who claim to care about security and privacy push niche apps with terrible UX and no PFS like Delta or XMPP instead of the only private messenger with any real market share, Signal.

You know what's shocking to me: People who are unable or rather unwilling.to acknowledge that Signal is garbage and it's requirement for a #PhoneNumber kills any #privacy benefits it may have on paper by virtue of being at best pseudonymous (assuming the userd don't live in a juristiction that demands "#KYC" for even prepaid #SIM cards (ime. #Germany) or god forbid even #IMEI|s (i.e. #Turkey has a literal allowlist that'll kick any device off it's MNOs after 90 days within 365 days.

  • The #UScentric approach to #privacy and #threats makes Signal absolutely useless in many cases, and I do speak here from experience.

I'd rather help people onboard #XMPP+#OMEMO like @monocles and/or @gajim or #PGP/MIME like @delta & @thunderbird (incl. setting them up with #Orbot / #TorBrowserBundle / @tails_live so their traffic gets through @torproject and doesn't provide any useable IP addresses.

  • I've literally been there and done that!

As for #Sustainability, providers like monocles.eu finance themselves by subscriptions (starting at €2 p.m.) which people can pay fully anonymous using #CashByMail and #Monero on top of common payment methods (i.e. SEPA wire transfer)...

  • So even if you think "#monocles is a #honeypot" that is mitigateable ciz unlike with Signal you can choose your own client, choose a different provider & exervise self-custody of all tue keys!
monocles.eumonocles searchmonocles search, powered by searx
Replied in thread

@sodiboo @tauon @puppygirlhornypost2 @silly I don't think it's much of a "#freedom" on #iOS but rather that the few devices and OS versions in circulation, alongside everyone from #jailbreaker to #malware (espechally #govware #developers) want to crack it open result in way more personnel and money behind it.

  • OFC the fact that the #Android experience is worse from that POV is the lack of #regulation re: #repairability and #openness that would make shit work. Most cheap #phones are done with even cheaper #SoC's by manufacturers who can't be assed (or frankly don't give a shit at all!) when it comes to #Linux #mainline support. (I mean, you've seen the video where @SexyCyborg demanded a vendor to give her the sourcecode as per #GPLv2 for her device?)

Granted @GrapheneOS does limit their support to devices that can comply with their #security standards.

  • The issues are mostly caused by hostile app developers that specifically decided to knee-jerk their users / customers for no good reason.

I do wish for both vendors like #Fairphone to up their game and regulators like @EUCommission to actually push for more #transparency, #openness and #LongTermSupport of #Smartphones, because #ManufacturedEwaste like #SOYES, #WiKo, #Unihertz and others that ship #outdated #AndroidDevices and never even a single update are a major problem!

  • I don't blame projects like @LineageOS that they can't cover every device & SoC even tho they propably have the widest compatibility, I just think that there needs to be pressure that manufacturers don't just vomit stuff on the market and let customers frustratingly figure out the rest.

I do have to give #Apple credit where it is due, and that is that #iOS does have consistency and accessibility nailed down very well. Something that they obviously are able being the "#BenevolentDictator" of a #SingleVendor & #SingleProvider - platform.

  • Obviously since they are the #vendor for #hardware and the sole ["legitimate" / official] #distributor for any #Apps they do OFC cross-finance their relatively long #support with their 15-30% cut from #App #sales & #InAppPurchase|s they charge, which is why #AndroidPhones suffer the "#3DO syndrome": Needing to charge more since they only get to make money once with hardware sales and not after that, so there's no incentive for them to give a shit beyond "brand value" to care. #Google, #Samsing, #Fairphone and very few others do, but most don't as they close the books on the product once launched and sold out (angrily stares at Unihertz)...

Maybe one day the folks at @frameworkcomputer acquire Fairphone and decide to bring the same modularity to #Smartphones and get something done that makes it easy to maintain long-term and that even #GrapheneOS are willing to support.

Replied in thread

@kuketzblog da widerspreche ich vehement.

Es gibt #proprietär|e #Silos welche qua #SingleVendor & #SingleProvider-Aufbau als #InformationBlackhole agieren (u.a. #WhatsApp, #Signal, #Threema, #Session, #Telegram, #discord, …)

und es gibt #OffeneStandards die #Wahlfreiheit zwischen #Clients, #Plattformen, #Servern und #Providern ermöglichen (u.a. #IRC, #Zulip, #RocketChat, ...) und echte #E2EE mit #SelfCustody aller Schlüssel ermöglichen (u.a. #XMPP+#OMEMO & #PGP/MIME)...

Natürlich steht es Menschen frei irgendeinen großen, zentralisierten Anbieter zu nutzen, nur wird dieser am ehesten zur #Enshittification neigen und mit #PII wie #Telefonnummern entsprechende Begierlichkeiten wecken!

Replied in thread

@adisonverlice I think that's dangerous disinfo as @torproject actively works against attempts to fingerprint and track #Tor users.

  • I do consider Tor more private than any #VPN simply becaise they can neither ban users nor identify them.

In fact, Tor has been designed with the explicit goal to circumvent #Firewalls and #InternetCensorship methods like #DeepApcketInspection.

As a matter of principle I'd never vouch for any #centralized, #SingleVendor and/or #SingleProvider solution of any kind, including #Session.

  • Tor is sufficiently decentralized in that it is not only completely #OpenSource but has proven to not have SPOFs in the form of maintainers and is able to yeet proplematic folks (unlike #WikiLeaks!)…
Replied in thread

@adisonverlice it's not just re: #Governments (tho #Project2025 explicitly endorses unsactioned comms to twart attempts at #FIOA or any #accountability for that matter), but individuals or any organization:

And if #EncroChat got pwned, who's gonna guarantee @signalapp won't if it's actually secure or isn't an #InsideJob like #ANØM.

After all, both #Signal's Organization and key people like @Mer__edith are known to the authorities by more than just their legal name.

  • What's gonna prevent #Trump from doing a "bag&drag" on her or getting his goons to put a gun on,the developers' heads and force them to,#d0x all users and #backdoor everything (if they didn't already got forced to have some "#LafwulInterception" gear in a closet like #Room641A...

After all, Signal can't pull the 5th and refuse to comply!

Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”
Replied in thread

@bob_zim yeah. Seen it. in the writeup by @micahflee ...

I just hope to find any that ain't #NetLock'd / #SimLock'd to #Verizon and that these support more than #US-#LTE bands...

  • Not shure if it needs a valid #SIM or just an #ICCID + #Ki on a #SIM to get going (cuz in #Germany it's hard [imported #SIM] to illegal [domestic SIMs] to get an anonymous SIM since 07/2017.

I just wish @eff wouldn't expect everyone to use #centralized, #SingleVendor & #SingleProvider services like @signalapp in the age of #CloudAct, cuz neither I nor anyone I'd trust would submit #PII to them like a #PhoneNumer as a matter of principle!

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)Content warning: Rant re: Signal Shills being dangerous Tech Illiterates
Replied in thread

@signalapp no it's not.

Being a #centralized, #SingleVendor & #SingleProvider solution subject to #CloudAct makes you inherently vulnerable by your own choice and thus trivial to shutdown compared to real #E2EE with #SelfCustody of all the keys and true #decentralization as well as #SelfHosting (i.e. #PGP/MIME [see @delta / #deltaChat et. al.] and #XMPP+#OMEMO [see @monocles / #monoclesChat et. al.]!)

And don't even get me started on you collecting #PII (espechally #PhoneNumbers) for no valid reason, (thus violating #GDPR & #BDSG)...

But yeah, I'll be patient to shout "#ToldYaSo" to your annoying cult of fanboys!

Replied in thread

@signalapp It's not #disinfo when one points out that you demand #PII aka. #PhoneNumbers from Users and that is literally a architectural vulnerability, alongside your #proprietary & #Centralized #Infrastructure.

Not to mention the lack of @torproject / #Tor support with an #OnionService or the willingness to fulfill #cyberfacist "Embargoes" or shilling a #Shitcoin #Scam named #MobileCoin!

  • #KYC is the illicit activity!!!

And don't get me started on the #cyberfacism that is #CloudAct.

  • If you were secure, criminals would've used your platform so hard, it would've been shutdown like #EncroChat and #SkyECC.

I may nit have allvthe.evidence yet, but #Signal stenches like #ANØM: #Honeypot-esque!

Replied in thread

@ueeu I think crucial parts is looking at it's components, dependencies, size and for apps permissions.

#ReproduceableBuilds for example are important, so the actually released source code is what people actually get served as basis.

Plus in terms of #security, choose *real #E2EE with #SelfCustody of all the #Keys!