Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
techhub.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A hub primarily for passionate technologists, but everyone is welcome

Administered by:

Server stats:

5.4K
active users

techhub.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.6

#TechIlliterates

2 posts2 participants0 posts today
Replied in thread
Public *
Kevin Karhan :verified:

@Andromxda @mollyim no it's not bs and fanboying @signalapp isn't going to change that.

If #Signal was secure it would be the #1 comms tool of organized crime...

Real professionals use #SelfHosting capable, fully #FLOSS'd solutions like #PGP/MIME & #XMPP+#OMEMO.

It's just me reading the room: Cuz #ComSec isn't done woth "JuSt UsE sIgNaL!" and everyone who claims so without pointing out #OpSec, #InfoSec & #ITsec is BSing hard.

  • The cold hard truth is that #TechLiteracy is irreplaceable and the only solution to it is to actually teach normies how to "get gud" with stuff like PGP.

Fortunatelty, @thunderbird and @tails_live / @tails / #Tails and many other tools make that easier than ever before.

YouTubeSignal's Terrible MobileCoin BetrayalBy The Hated One
#cryptoparty
Replied in thread
Public
Kevin Karhan :verified:

@f @ai6yr @briankrebs I think it's less of a "#political" question but an act of #SelfDefense and #MutualDefense at this point.

Re: #TechIlliterates that are unwilling to learn, act like a "#BenevolentDictator" and enshure they can't harm themselves in the sense that they don't get #sudo or other administrative privilegues and can't do any #persistent #changes.

  • And if that means they get forced to use #Tails then that's a "necessary evil"...

After all, societies almost everywhere ban people from driving motor vehicles faster than 6 km/h by people who actively refuse to even take basic exams and classes for a #DrivingLicense.

  • And I'm convinced one can do more damage as #TechIlliterate with a #PC than a single-cylinger two-stroke engine driven motorcycle...
#techilliterate#pc
Replied in thread
Public
Kevin Karhan :verified:

@ai6yr @briankrebs OFC this targets #TechIlliterates and the only effective means here are:

  1. Teach #TechLiteracy instead of consumerism.
  2. Mandate #confirmation & #notification - #PopUp|s for every use of #Clipboard (similar to #webcam use by websites)...
  3. Ban #JavaScript - seriously!
  4. Ban #Windows, because it's a #Govware, espechally since #Windows10 and even more so on #Windows11 that is *insecure in every configuration!
  5. Put #TechIlliterates before a system they can't feck up. I.e. @tails_live @tails / #Tails for that reason alone (can't run such commands if they neither got #root nor any #persistent #storage to target).
  6. Normalize the use of @torproject #TorBrowser!
  7. #Teach #tech #literacy instead of #consumerism!
  8. Ban #GAFAMs and their shitty products!
  9. Migrate every #TechIlliterate to #Linux and don't give them administrative privilegues.
  10. Teach tech literacy instead of consumerism!
#techliteracy#confirmation#notification
Public *
Kevin Karhan :verified:

@erebion @inaruck doch, hab' ich.

Threat Models die ich betreut habe:

  • Person die vor staatlicher Verfolgung fliehen muss
  • Person mit Kopfgeld auf deren Ermordung durch Angehörige
  • Schutzsuchende in einem gänzlich feindlich gesinntem Staat

Ich werde nicht entsprechende personen d0xxen nur um #TechIlliterates zu überzeugen und ne Diskussion zu gewinnen!

Verbindung getrennt

Replied in thread
Public
Kevin Karhan :verified:

@dalias @lauren
@pixelschubsi

Also the blatant dismissal of absolitely basic #OpSec & #ComSec is just flabberghasting.

Only #decentralized, #OpenSource & #OpenStandards can actuall survive long-term and remain #secure.

It's the same reasons we use #PGPG/MIME & #SSH and not #X400 & #X25!

IOW: Think "How can you weaponize Signal?" and see what you csn do just holding key people in contempt...

The less #info a provider has, the less they can be forced to snitch upon customers.

"#JustUseSgnal!" is a form of dangerous "#TechPopulism" aimed at bamboozling #TechIlliterates who don't know better, abusing information asymetry to pull rank instead of investing the time and effort to *explain "how" and "why" this is indeed a good or bad idea.

The only ones that have a chance to beat that are @delta / #deltaChat but that's just #PGP/MIME #eMail in a nice UI...

  • You may now laugh at me and think my "#TinfoilHat sits too tight" but I'm shure sooner or later I'll be evidenced as correct...
Hachyderm.ioCassandrich (@dalias@hachyderm.io)@kkarhan@infosec.space @signalapp@mastodon.world @monocles@monocles.social @lauren@mastodon.laurenweinstein.org Very few systems promoted as Signal alternatives match the cryptographic privacy properties (see: ratcheting, etc.) of Signal. The claims about "located in the USA" and "Cloud Act" are all nonsense because the only threat to Signal users from this is availability (seizure and shutdown of the server infrastructure), not undetected breakage of privacy properties. There are presently no systems with superior privacy properties to Signal *and* level of functionality on par with what general public expects. There are a lot (like the XMPP stuff, *sigh*, and Matrix) that are worse in both regards. If you're happy with reduced functionality, Cwtch (and possibly some other similar Tor-based systems) or VeilidChat are stronger, but it's gonna be a while before you convince normies to use them, and in the mean time they're still going to be on insecure shit like WhatsApp, FB Messenger, Telegram, etc...
#tinfoilhat
Replied in thread
Public
Kevin Karhan :verified:

@lauren I disagree as @signalapp requires a #PhoneNumber = #PII & cost barrier and they restrict access based off #PhoneNumbers.

  • Plus it's illegal in an increasing number if juristictions to gmeven attempt to acquire a phone number or SIM anonymously.

Whereas it's so easy and fast to get #TechIlliterates setup with #XMPP+#OMEMO (which uninke #Signal doesn't demand PII!) that I'd challenge you to a #speedrun with step-by-step documentation for every #TechIlliterate to follow along to setup Signal from scratch vs. me doing #XMPP+#OMEMO on @monocles @gajim.

Also #Signal being #centralized makes it as vulnerable as any other #SingleVendor & #SingleProvider solution!

  • Whereas even if #monocles were to shutdown, one could easily switch over to any other provider or #SelfHosting.

I'd not count on the #Trump-Regime not flexing #CloudAct against anyone they deem undesireable!

Public
Kevin Karhan :verified:

@kubikpixel @malwaretech @tomscott nodds in agreement

If people don't trust a #Govware like #Windows to get that done correctly, then they should not trust 3rd party vendors that have neither sourcecode access nor ability to get someone with sourcecode access to validate and test their work!

Mind you this isn't the basic *"on mailservers/upload servers/... run signature checks for known malware and chmod -x on all attachmebts.

  • It's a systemic issue discarding basic information.
Replied in thread
Public
Kevin Karhan :verified:

@silvan @nakal @kuketzblog jain.

#XMPP+#OMEMO & #PGP/MIME sind allein wegen #SelfCustody und #Offenheit inkl. #SelfHosting-Möglichkeit zu bevorzugen!

MastodonMike Kuketz 🛡 (@kuketzblog@social.tchncs.de)@kkarhan@infosec.space Jedes Mal, wenn jemand Signal oder Threema vorschlägt, taucht jemand mit XMPP, Matrix oder DeltaChat auf. Doch das Ziel ist, Leute von WhatsApp wegzubekommen – nicht sie abzuschrecken. Jeder Messenger hat seine Daseinsberechtigung, aber nicht alle sind für Umsteiger geeignet.
#messenger#pii#rufnummern
Replied in thread
Public *
Kevin Karhan :verified:

@tauon Also what goid is an encryption like @signalapp is you don't have #SelfCustody of all the keys?

  • Shure you could disable encryption but @monocles shows you when it's active and when not and comes with sensible defaults like having #OMEMO active per default...

I can setup over a dozen #TechIlliterates 1:1 with #XMPP accounts and #monoclesChat & @gajim / #gajim in the time it takes me to get a #nonKYC #eSIM from overseas with a phone number as mandated by @signalapp and maintaining that number for #Signal will easily cost like $2,50 p.m. at minimum.

  • Whereas a Data-only eSIM is way faster and cheaper to get and maintain.

In fact even legitimately acquiring and registering a #Prepaid #SIM in-store in #Germany takes longer than setting up #Fdroid & monocles chat & a XMPP account whilst on throttled #EDGEland speeds...

possum.city/notes/a3rt4nzbn11z

Possum City🌸 lily 🏳️‍⚧️ :flag_pansexual: :flag_ace: θΔ ⋐ & ∞ (@tauon)@kkarhan@infosec.space > centralised tbh i agree, i don't like that signal is centralised, but that isn't insecure, it's just an anti-feature > proprietary no it isn't, every element of signal is open source > subject to cloud act what is that? are you talking about subpoenaing of information? they legally have to do that anyway, and can't give anything except for the account creation date and the date that the account was last accessed > collects pii like phone numbers i'm pretty sure they don't signal is more secure than anything you've mentioned because on signal, encryption is not optional. any service where encryption is optional is not secure. RE: @tauon@possum.city no, it is not because it is a #Centralized, #proprietary, #SingleVendor & #SingleProvider solution subject to #CloudAct that collects #PII like #PhoneNumbers, which makes it inherently less secure, as they are able and willing to restrict access as they please. RE: ...
ExploreLive feeds
About