Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mstdn.io/@ckrypto" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>ckrypto</span></a></span> if@signalapp@mastodon.world wasn't complying with <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudAct</span></a>, <span class="h-card" translate="no"><a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Mer__edith</span></a></span> would be in jail.</p><p>Not to mention even <em>if</em> Signal keeps their <em>"<a href="https://infosec.space/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a>"</em> code updated - which is <a href="https://www.youtube.com/watch?v=tJoO2uWrX1M&t=887s" rel="nofollow noopener noreferrer" target="_blank">doubtful</a>, <em>NOONE</em> can actually <a href="https://infosec.space/tags/verify" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>verify</span></a> that it's the code you actually use - regardless if <a href="https://infosec.space/tags/backend" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>backend</span></a> / <a href="https://infosec.space/tags/Server" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Server</span></a> or <a href="https://infosec.space/tags/client" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>client</span></a> / <a href="https://infosec.space/tags/App" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>App</span></a>! </p><ul><li><a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Signal</span></a> is as secure as <a href="https://infosec.space/tags/AN%C3%98M" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ANØM</span></a>, otherwise it would've been shutdown ages ago.</li></ul><p>Also if Signal was designed for <a href="https://infosec.space/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>security</span></a>, it would've been <a href="https://infosec.space/tags/decentralized" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>decentralized</span></a> as <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OMEMO</span></a> and not demand <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PII</span></a> like <a href="https://infosec.space/tags/PhoneNumbers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PhoneNumbers</span></a> which oftentimes cannot be obtained anonymously in many juristictions <em>at all</em>!</p><ul><li>Only <a href="https://infosec.space/tags/MultiVendor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MultiVendor</span></a> & <a href="https://infosec.space/tags/MultiProvider" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MultiProvider</span></a> standards can be secure, regardless if OMEMO or <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGP</span></a>/MIME. </li></ul><p>By comparison, <span class="h-card" translate="no"><a href="https://chaos.social/@delta" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>delta</span></a></span> doesn't require any PII, only an <a href="https://infosec.space/tags/eMail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>eMail</span></a> account, and <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>monocles</span></a></span> isn't a <a href="https://infosec.space/tags/VCmoneyBurningParty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VCmoneyBurningParty</span></a> but sustainable due to <a href="https://infosec.space/tags/subscription" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>subscription</span></a> and they don't even require any personal details for <a href="https://infosec.space/tags/payment" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>payment</span></a>: <a href="https://infosec.space/tags/CashByMail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CashByMail</span></a> and <a href="https://infosec.space/tags/Monero" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Monero</span></a> are accepted.</p><ul><li>Not to mention neither <a href="https://infosec.space/tags/DeltaChat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DeltaChat</span></a> nor <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>monoclesChat</span></a> are <a href="https://www.youtube.com/watch?v=tJoO2uWrX1M&t=424s" rel="nofollow noopener noreferrer" target="_blank">pandering</a> <a href="https://infosec.space/tags/Shitcoin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Shitcoin</span></a> <a href="https://infosec.space/tags/Scams" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Scams</span></a> like <a href="https://infosec.space/tags/MobileCoin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MobileCoin</span></a> that <a href="https://www.youtube.com/watch?v=0DSGq9FQKU4" rel="nofollow noopener noreferrer" target="_blank">don't work</a> even for <a href="https://infosec.space/tags/TechLiterate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechLiterate</span></a> <a href="https://infosec.space/tags/CryptoBros" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CryptoBros</span></a>! </li></ul> <p>Again: It's Signal alone who have to evidence they are trustworthy, and all I get are <em>"<a href="https://infosec.space/tags/TrustMeBro" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TrustMeBro</span></a>!"</em> replies, which means they are not to be trusted.</p><ul><li>Not to mention, it's just not sustainable to run a <a href="https://infosec.space/tags/service" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>service</span></a> without <a href="https://infosec.space/tags/revenue" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>revenue</span></a>, even if it's run entirely by unpaid volunteers and gets all it's <a href="https://infosec.space/tags/hosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hosting</span></a> and <a href="https://infosec.space/tags/costs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>costs</span></a> donated, someone has to pay for expenses due to <a href="https://infosec.space/tags/abuse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>abuse</span></a> of a service (which is an inevitability come mass adoption)...</li></ul><p>Whereas with <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>XMPP</span></a> I can completely setup my own server and client, even build my own if I don't trust anyone else and pay someone to audit the code.</p><ul><li>Signal as a <a href="https://infosec.space/tags/centralized" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>centralized</span></a>, <a href="https://infosec.space/tags/SingleVendor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SingleVendor</span></a> & <a href="https://infosec.space/tags/SingleProvider" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SingleProvider</span></a> service is inevitable vulnerable to <a href="https://infosec.space/tags/RubberhoseCryptoanalysis" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RubberhoseCryptoanalysis</span></a>, and <a href="https://infosec.space/tags/Meredith" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Meredith</span></a> <em>will break</em> if not doing so means <a href="https://web.archive.org/web/20210226175949/https://twitter.com/thegrugq/status/1085614812581715968" rel="nofollow noopener noreferrer" target="_blank">jail for life until she does</a>!</li></ul><p>Whereas with XMPP & PGP/MIME <a href="https://infosec.space/tags/eMail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>eMail</span></a> I can layer <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tor</span></a> over it, make it an <a href="https://infosec.space/tags/OnionService" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OnionService</span></a> and keep that thing under my bed with a <a href="https://www.youtube.com/watch?v=F59iKSrx63c&list=PL2YepVFF1azEYo0c0HdYwykbp_AXchaIp" rel="nofollow noopener noreferrer" target="_blank">literal killswitch</a>...</p>
Recent searches
No recent searches
Search options
Only available when logged in.
techhub.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A hub primarily for passionate technologists, but everyone is welcome
Administered by:
Server stats:
5.4Kactive users
techhub.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.3.6
#techliterate
0 posts · 0 participants · 0 posts today
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://gruene.social/@max" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>max</span></a></span> <br>To <a href="https://gruene.social/@max/113872018769294131" rel="nofollow noopener noreferrer" target="_blank">quote you directly</a>:</p><blockquote><p>"[...] easy to use solutions that are at the same time private and secure. [...]"</p></blockquote><ul><li>The fact that <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>signalapp</span></a></span> requires <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PII</span></a> like a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PhoneNumber</span></a> which more often than not <em>cannot be legally acquired anonymously</em> makes it not <a href="https://infosec.space/tags/private" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>private</span></a>. </li></ul><p>It is easier, faster, cheaper and overall simpler to get someone setup with <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>XMPP</span></a> + <a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OMEMO</span></a> espechally if they don't have a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PhoneNumber</span></a> and/or <a href="https://infosec.space/tags/ID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ID</span></a> to acquire a <a href="https://infosec.space/tags/SIM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SIM</span></a>. </p><p>And if you go and say, <em>"Just buy a [insert country here] [e]SIM!"</em> and expect <a href="https://infosec.space/tags/TechIlliterates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechIlliterates</span></a> without a <a href="https://infosec.space/tags/CreditCard" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CreditCard</span></a>, <a href="https://infosec.space/tags/PayPal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PayPal</span></a> or other means of <a href="https://infosec.space/tags/OnlinePayment" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OnlinePayment</span></a> to fiddle around with some <a href="https://infosec.space/tags/eSIM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>eSIM</span></a> if not having to get some <a href="https://infosec.space/tags/eSIMcard" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>eSIMcard</span></a> because they can only afford to maintain one SIM and can't spend triple-digits on a new devices then you <em>completely missed the point</em>!</p><ul><li>I can much faster and easier get TechIlliterates setup show them around - either in a <span class="h-card" translate="no"><a href="https://mastodon.earth/@cryptoparty" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>cryptoparty@mastodon.earth</span></a></span> / <span class="h-card" translate="no"><a href="https://chaos.social/@cryptoparty" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>cryptoparty@chaos.social</span></a></span> / <a href="https://infosec.space/tags/CryptoParty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CryptoParty</span></a> - style <a href="https://infosec.space/tags/classroom" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>classroom</span></a> / <a href="https://infosec.space/tags/seminar" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>seminar</span></a> or 1:1 tutoring than I can <em>legally acquire and activate a new SIM in <a href="https://infosec.space/tags/Germany" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Germany</span></a></em> [since 07/2017]...</li></ul><p>It's not that I expect anyone to get <a href="https://infosec.space/tags/TechLiterate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechLiterate</span></a> within minutes, but similar to setting up a cordless DECT phone it's something one has to do once in 5 years and just have them put the password in a safe spot to retain...</p> <p>Point is that <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Signal</span></a> <a href="https://infosec.space/tags/WontFix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WontFix</span></a> their setup and that was evidently clear even before <span class="h-card" translate="no"><a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Mer__edith</span></a></span> succeeded <a href="https://infosec.space/tags/MoxieMarlinspike" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MoxieMarlinspike</span></a>: Their entire operation has a <em>distinct <a href="https://infosec.space/tags/CryptoAG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CryptoAG</span></a> stench</em> as it's an <a href="https://infosec.space/tags/unsustainable" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>unsustainable</span></a> <a href="https://infosec.space/tags/VCmoneyBurning" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VCmoneyBurning</span></a> party!</p><ul><li><a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudAct</span></a> and the <a href="https://infosec.space/tags/NOBUS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NOBUS</span></a> <a href="https://en.wikipedia.org/wiki/NOBUS#Criticism" rel="nofollow noopener noreferrer" target="_blank">hegemony</a> ain't something that just got executed now (neither was <a href="https://infosec.space/tags/GDPR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GDPR</span></a> & <a href="https://infosec.space/tags/BDSG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BDSG</span></a>!)... </li></ul><p>A counterexample on how this could've been done are <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tor</span></a>, <a href="https://infosec.space/tags/eMail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>eMail</span></a> and other <em>truly <a href="https://infosec.space/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a></em> as in <a href="https://infosec.space/tags/MultiVendor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MultiVendor</span></a> & <a href="https://infosec.space/tags/MultiProvider" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MultiProvider</span></a> standards. </p><ul><li><p><em>NOTHING</em> compells Signal to <a href="https://en.wikipedia.org/wiki/Signal_(software)" rel="nofollow noopener noreferrer" target="_blank">demand PII</a>, run a <a href="https://infosec.space/tags/Shitcoin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Shitcoin</span></a> <a href="https://infosec.space/tags/Scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Scam</span></a> <a href="https://en.wikipedia.org/wiki/Signal_(software)#In-app_payments" rel="nofollow noopener noreferrer" target="_blank">aka.</a> <a href="https://infosec.space/tags/MobileCoin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MobileCoin</span></a> that even seasoned <a href="https://infosec.space/tags/TechLiterates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechLiterates</span></a> and <a href="https://infosec.space/tags/CryptoBros" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CryptoBros</span></a> <a href="https://www.youtube.com/watch?v=0DSGq9FQKU4" rel="nofollow noopener noreferrer" target="_blank">can't setup properly</a>, and in fact Signal using <a href="https://en.wikipedia.org/wiki/Signal_(software)#Controversial_use" rel="nofollow noopener noreferrer" target="_blank">phone numbers makes it trivial to discriminate against users and easier for them to identify them</a>!</p></li><li><p>If <a href="https://infosec.space/@kkarhan/113869305765533809" rel="nofollow noopener noreferrer" target="_blank">my reasoning</a> didn't resonate with you, then try helping i.e. undocumented migrants aka. <em>"<a href="https://infosec.space/tags/SansPapier" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SansPapier</span></a>|s"</em> to get setup with it without violating laws and/or ToS and/or needing an imported SIM which I'm shure most folks don't have on hand!</p></li></ul><p>Whereas it's trivial to get people setup on <a href="https://github.com/greyhat-academy/lists.d/blob/main/xmpp.servers.list.tsv" rel="nofollow noopener noreferrer" target="_blank">one of many XMPP servers I've personally tested</a>!</p><ul><li>Not to mention clients like <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>monocles</span></a></span> / <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>monoclesChat</span></a> and <span class="h-card" translate="no"><a href="https://fosstodon.org/@gajim" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>gajim</span></a></span> / <a href="https://infosec.space/tags/gajim" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>gajim</span></a> are way more user-friendly and unlike Signal can also work perfectly fine over <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tor</span></a>, including <a href="https://infosec.space/tags/OnionServices" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OnionServices</span></a> as endpoints. </li></ul><p>AFAIK Signal doesn't even have an <a href="https://infosec.space/tags/OnionService" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OnionService</span></a> / <a href="https://en.wikipedia.org/wiki/.onion" rel="nofollow noopener noreferrer" target="_blank"><code>.onion</code></a> for their Website, much less any <a href="https://infosec.space/tags/API" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>API</span></a> enpoints to use it with!</p><ul><li>Them relying on <a href="https://infosec.space/tags/ClownFlare" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ClownFlare</span></a> is just something that makes them even <em>more <a href="https://infosec.space/tags/sus" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sus</span></a></em> as there is <em><a href="https://en.wikipedia.org/wiki/Cloudflare#Controversies" rel="nofollow noopener noreferrer" target="_blank">no legitimate reason</a></em> to use a <a href="https://infosec.space/tags/RogueISP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RogueISP</span></a> like that.</li></ul> <p>You're free to also provide evidence and supporting data to your arguments, rather then <em>neighsaying</em> against <em>proven to be more secure and reliable [by virtue of decentralization]</em> options like XMPP+OMEMO and/or <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGP</span></a>/MIME. </p><ul><li>What gets my blood boiling is the constant <a href="https://infosec.space/tags/disinfo" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>disinfo</span></a> by <a href="https://mstdn.social/@rysiek/113868777937162686" rel="nofollow noopener noreferrer" target="_blank">Signal</a> <a href="https://mstdn.social/@rysiek/113869169340313254" rel="nofollow noopener noreferrer" target="_blank">Fanboys</a> like <span class="h-card" translate="no"><a href="https://mstdn.social/@rysiek" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>rysiek</span></a></span> who sell it like <a href="https://infosec.space/tags/DigitalSnakeoil" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DigitalSnakeoil</span></a> akin to <a href="https://infosec.space/tags/AntivirusSoftware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AntivirusSoftware</span></a>, because it's at best <em>"<a href="https://infosec.space/tags/TechPopulism" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechPopulism</span></a>"</em> and at worst <a href="https://infosec.space/@agturcz@circumstances.run/113868748895262202" rel="nofollow noopener noreferrer" target="_blank">will mislead "TechIlliterates"</a> with a <a href="https://infosec.space/@kkarhan/113868987217053362" rel="nofollow noopener noreferrer" target="_blank">false sense of security</a>, which in turn puts more users at risk.</li></ul><p>The <em>proper fix</em> is to actually <em>assess the situation</em> and acknowledge the <em>risks and limitations</em> as well as the very nature of communications, which means <em>upgrading later</em> is exponentially more painful, thus getting people <em>properly setup once</em> is way easier.</p><ul><li>Just because <em>WE</em> [ or rather <span class="h-card" translate="no"><a href="https://mstdn.social/@rysiek" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>rysiek</span></a></span> in this case ] rather <em>privilegued enough</em> to not be <em>hatecrimed in their current location</em> doesn't mean this is the case for everyone. And having places like Signal rely on a <em>"<a href="https://infosec.space/tags/CDN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CDN</span></a>"</em> is just another <em>red flag</em> to me because questions like <a href="https://circumstances.run/@agturcz/113866980398547492" rel="nofollow noopener noreferrer" target="_blank">this one</a> just don't arise with <a href="http://monocles.chat" rel="nofollow noopener noreferrer" target="_blank">monocles.chat</a> as people can just exercise proper <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SelfCustody</span></a> and just use Tor!</li></ul><p>Speaking of <a href="https://infosec.space/tags/monocles" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>monocles</span></a>: That business is at least <a href="https://infosec.space/tags/sustainable" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sustainable</span></a> because it's funded by users <a href="https://store.monocles.eu/produkt/monocles-starter-account/" rel="nofollow noopener noreferrer" target="_blank">(€2 p.m.)</a> which they can <a href="https://monocles.eu/more/#payment-section" rel="nofollow noopener noreferrer" target="_blank">pay anonymously</a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@douglevin" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>douglevin</span></a></span> see, <a href="https://infosec.exchange/@douglevin/113266385222353147" rel="nofollow noopener noreferrer" target="_blank"><em>this exact scenario</em></a> is why I act as <em>"<a href="https://infosec.space/tags/BenevolentDictator" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BenevolentDictator</span></a>"</em> and literally lockdown stuff so hard <a href="https://infosec.space/tags/TechIlliterates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechIlliterates</span></a> cant fuck up!</p><ul><li>Unless you put that option on the table as a.fellot <a href="https://infosec.space/tags/TechLiterate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechLiterate</span></a>, you won't be able to survive this game.</li></ul><p>I wasted 15+ years of my life trying to make <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows</span></a> somewhat secure to come to terms with the fact that ut's an <a href="https://infosec.space/tags/unfixable" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>unfixable</span></a> <a href="https://infosec.space/tags/Givware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Givware</span></a> that is <a href="https://infosec.space/tags/UnsafeAtAnyConfiguration" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UnsafeAtAnyConfiguration</span></a> / <a href="https://infosec.space/tags/InsecureAtAnyConfiguration" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InsecureAtAnyConfiguration</span></a>.</p><ul><li>Believe me when I'd tell you that <em>"<a href="https://infosec.space/tags/Users" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Users</span></a>"</em> like her don't give a shit about what Hardware/OS they get: Just set her up once with a good config (i.e. <a href="https://infosec.space/tags/UbuntuLTS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UbuntuLTS</span></a> if you're lazy like me), backup all the important stuff, setup regular backups, remove <a href="https://infosec.space/tags/sudo" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sudo</span></a> privilegues and then you'd only need to check in once a year at most if not have a system that just runs for the next 2-5 years without intervention.</li></ul><p>On the flipside I've seen cases where <a href="https://infosec.space/tags/Scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Scam</span></a>|my Sales Reps were able to upsell some 5-digit 21,5" gaming monster to a photographer that uses ACDSee to do minimalist editing of their JPEGs.</p><ul><li>So ideally also do their <a href="https://infosec.space/tags/procurement" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>procurement</span></a>. </li></ul><p>At least I <em>won't</em> deal with <a href="https://infosec.space/tags/Windows11" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Windows11</span></a> or any of that shite because <em>noone</em> is gonna pay me enough to loose my sanity over such a garbage software!</p> <p>And yes, <em>WE, THE "TECH LITERATES" ARE TO BLAME FOR THIS</em> because we didn't demand <a href="https://infosec.space/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Security</span></a> and <a href="https://infosec.space/tags/Simplicity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Simplicity</span></a> before <a href="https://infosec.space/tags/Convenience" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Convenience</span></a>!!!</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mas.to/@libreleah" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>libreleah</span></a></span> the only advantage of fancy <a href="https://infosec.space/tags/GUI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GUI</span></a>'s is that they allow <a href="https://infosec.space/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>tech</span></a> to be mire <a href="https://infosec.space/tags/accessible" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>accessible</span></a> espechally for those that re <em>"<a href="https://infosec.space/tags/TechIlliterates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechIlliterates</span></a>"</em> and don't know basics around the terminal.</p><ul><li><p>That's not to say either is right or wrong, but the <a href="https://infosec.space/tags/PC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PC</span></a> took off when it became accessible to the average person and not just the rich <a href="https://infosec.space/tags/TechLiterate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechLiterate</span></a> electronics enthusiast or academic with high amounts of disposable income who are able and willing to solder, code and compile themselves... </p></li><li><p>I consider mainstream distros like <a href="https://infosec.space/tags/UbuntuLTS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>UbuntuLTS</span></a> a good <em>"compromise"</em> as they offer an easy to use GUI which requires few mins to get started and don't prevent one from getting under the hood in a terminal.</p></li><li><p>OFC I want to build more <a href="https://infosec.space/tags/TUI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TUI</span></a>'s in like <span class="h-card" translate="no"><a href="https://infosec.space/@OS1337" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>OS1337</span></a></span> because I want to make something as brutally utilitarian as a <a href="https://infosec.space/tags/Balisong" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Balisong</span></a> that can run on any MDA shitscreen or 80x25 serial terminal @ 9600/8/N/1 if need be... Even if it's just to partition stuff with <code>cfdisk</code> and <code>curl | dd</code> an OS image onto a <code>headless</code> system or SSH into some other system...</p></li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://grapheneos.social/@GrapheneOS" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>GrapheneOS</span></a></span> *pressing X for doubt re: <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Signal</span></a> and <a href="https://infosec.space/tags/SimpleX" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SimpleX</span></a> to some degree.</p><ul><li>They may just have said files encrypted on their servers but can't distinguish or decryot them * if* actual self-custody of keys is the case.</li></ul><p>Personally I'd always recommend people to <em>never ever</em> trust any <a href="https://infosec.space/tags/SingleVendor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SingleVendor</span></a> and/or <a href="https://infosec.space/tags/SingleProvider" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SingleProvider</span></a> solution even if that means they've to actually get <a href="https://infosec.space/tags/TechLiterate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechLiterate</span></a> or at least do some more steps...</p><ul><li>But with <a href="https://infosec.space/tags/Telegram" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Telegram</span></a>, the <em>"Security" level</em> was and still is <em>"<a href="https://infosec.space/tags/TrustMeBro" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TrustMeBro</span></a>!"</em>...</li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.social/@protonprivacy" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>protonprivacy</span></a></span> <span class="h-card" translate="no"><a href="https://transfem.social/@puppygirlhornypost" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>puppygirlhornypost</span></a></span> <span class="h-card" translate="no"><a href="https://social.tchncs.de/@vfrmedia" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>vfrmedia</span></a></span> </p><p><em>pressing X for doubt</em> Good <a href="https://infosec.space/tags/OpSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpSec</span></a> dictates to <em>never ever</em> rely on any provder to cover one's ass...</p><ul><li>So whether or not you have any <a href="https://infosec.space/tags/Govware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Govware</span></a> <a href="https://infosec.space/tags/backdoors" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>backdoors</span></a> or not is a moot argument because <a href="https://web.archive.org/web/20210226175949/https://twitter.com/thegrugq/status/1085614812581715968" rel="nofollow noopener noreferrer" target="_blank">we all know you will comply with duely submitted warrants</a> like anyone else...</li></ul><p>I just think that you overstate your <a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a> claims like all those <a href="https://infosec.space/tags/VPN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VPN</span></a> companies do to bamboozle <a href="https://infosec.space/tags/TechIlliterates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechIlliterates</span></a> and I find that insulting to me personally, because I'd rather have honest providers like cock.li and <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>monocles</span></a></span> that will <a href="https://docs.monocles.eu/services/mail.service/#stating_the_obvious" rel="nofollow noopener noreferrer" target="_blank">not lie into the face of customers</a>.</p><ul><li>Because at best that's stupid marketing attracting abusive & [non[!!!] paying) customers that cause more trouble than they make up for in <a href="https://infosec.space/tags/subscription" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>subscription</span></a> revenue and in some juristictions may be even a felony <a href="https://www.gesetze-im-internet.de/stgb/__140.html" rel="nofollow noopener noreferrer" target="_blank">i.e. encouraging or rewarding criminal activity</a>...</li></ul><p>But that's <a href="https://infosec.space/tags/NotLegalAdvice" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NotLegalAdvice</span></a>... </p> <p>I just think that being <a href="https://www.youtube.com/watch?v=WVDQEoe6ZWY" rel="nofollow noopener noreferrer" target="_blank">honest</a> like <span class="h-card" translate="no"><a href="https://mastodon.social/@tomscott" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>tomscott</span></a></span> is way better long-term and <a href="https://www.youtube.com/watch?v=G1thc5DSHwA" rel="nofollow noopener noreferrer" target="_blank">more beneficial to one's personal</a> <a href="https://infosec.space/tags/reputation" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>reputation</span></a>, but that's just me as a <a href="https://infosec.space/tags/consumer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>consumer</span></a> and <a href="https://infosec.space/tags/TechLiterate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechLiterate</span></a>. </p><ul><li>I'm shure as a <a href="https://infosec.space/tags/PublicCompany" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PublicCompany</span></a> (not traded publicly on exchanges !!!) you do have an obligation to maximize profit and share value for your <a href="https://infosec.space/tags/shareholders" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>shareholders</span></a> - <em><a href="https://infosec.space/tags/Switzerland" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Switzerland</span></a> isn't that different in that regard compared to <a href="https://infosec.space/tags/Germany" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Germany</span></a></em> - so OFC that may not roll with your board of directors.</li></ul><p>It's just that <a href="https://mstdn.social/@kkarhan/111347299882491508" rel="nofollow noopener noreferrer" target="_blank">previous blunders left a sour taste</a> as like a <a href="https://infosec.space/tags/postal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>postal</span></a> service or <a href="https://infosec.space/tags/telco" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>telco</span></a> what people communicate and with whom is <em>none of your business</em> unless you're forced to do so for <em>"legitimate reasons"</em> like <a href="https://infosec.space/tags/ITsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ITsec</span></a> or to comply with duely submitted court orders...</p><ul><li>Otherwise we'll soon have <a href="https://infosec.space/tags/regulators" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>regulators</span></a> and <a href="https://infosec.space/tags/ConsumerProtection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ConsumerProtection</span></a> forcing hard advertisement regulation on the entire industry with big ass disclaimers being tagged on because <em>someone made too outrageous claims re: privacy and security</em>...</li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://chaos.social/@quincy" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>quincy</span></a></span> <span class="h-card" translate="no"><a href="https://chaos.social/@andre_meister" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>andre_meister</span></a></span> immerhin ist nicht de ganze Welt so <a href="https://infosec.space/tags/cyberfaschistisch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cyberfaschistisch</span></a> und Deutschland kein <a href="https://infosec.space/tags/Inselnetz" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Inselnetz</span></a> alla <a href="https://infosec.space/tags/Nordkorea" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Nordkorea</span></a>, was damit auch jene <a href="https://infosec.space/tags/L%C3%BCgen" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Lügen</span></a> wegen <em>"<a href="https://infosec.space/tags/Terrorismusbek%C3%A4mpfung" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Terrorismusbekämpfung</span></a>"</em> als solche entlarvt...</p><ul><li>Langsam betrachte ich diese ganze shice als persönliche Beleidiging gegen den Intellekt jeder halbweg <em>"<a href="https://infosec.space/tags/TechLiterate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechLiterate</span></a>|n"</em> Person...</li></ul><p><a href="https://infosec.space/tags/Zensursula" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Zensursula</span></a> hat sich bis heute nicht für ihre <a href="https://infosec.space/tags/L%C3%BCge" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Lüge</span></a> und <a href="https://infosec.space/tags/Beleidigung" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Beleidigung</span></a> aller die mehr <em>"<a href="https://infosec.space/tags/TechLiteracy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechLiteracy</span></a>"</em> als Sie selbst verfügen ( "[…] z.T. <a href="https://infosec.space/tags/SchwerP%C3%A4dokriminell" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SchwerPädokriminell</span></a> […]" ) bis heute nicht entschuldigt!</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://social.treehouse.systems/@ariadne" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>ariadne</span></a></span> <span class="h-card" translate="no"><a href="https://hachyderm.io/@dalias" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>dalias</span></a></span> as like with everyone I know and consider <em>"<a href="https://infosec.space/tags/TechLiterate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechLiterate</span></a>"</em> in that regard.</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://social.panic.com/@cabel" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>cabel</span></a></span> Eeyupp...</p><p>I hate <a href="https://mstdn.social/tags/Bots" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Bots</span></a> doing <a href="https://mstdn.social/tags/TechSupport" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechSupport</span></a> even before <a href="https://mstdn.social/tags/MansplainingAsAService" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MansplainingAsAService</span></a> in the form of <a href="https://mstdn.social/tags/ChatGPT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ChatGPT</span></a> was even envisioned.</p><p>Because when I have a problem, I just want to cut the bullshit and get some <a href="https://mstdn.social/tags/TechLiterate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechLiterate</span></a> on the phone which does care and doesn't belittle me by saying "Have you tried to turn it off and back on again?"...</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://todon.eu/@ljrk" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>ljrk</span></a></span> <span class="h-card" translate="no"><a href="https://wetdry.world/@lexd0g" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>lexd0g</span></a></span> And yes, I know that <a href="https://mstdn.social/tags/passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>passwords</span></a> are bad but besides <a href="https://mstdn.social/tags/SSH" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSH</span></a> & <a href="https://mstdn.social/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGP</span></a> <a href="https://mstdn.social/tags/Pubkeys" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Pubkeys</span></a> there is no good way to authenticate that isn't like a <a href="https://mstdn.social/tags/TOTP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TOTP</span></a> / <a href="https://mstdn.social/tags/HOTP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HOTP</span></a> - like <a href="https://mstdn.social/tags/2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>2FA</span></a> or some confirmation message... </p><p><a href="https://mstdn.social/tags/Passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkey</span></a> don't make people more <a href="https://mstdn.social/tags/TechLiterate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechLiterate</span></a> and actually learn how to use a <a href="https://mstdn.social/tags/PasswordManager" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PasswordManager</span></a>|s or exercise <a href="https://mstdn.social/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SelfCustody</span></a> of Keys...</p><p>Nor do they save the problem that platforms / logins don't do basic behaviour-based protection against just spamming credentials or irregular patterns.</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://todon.eu/@ljrk" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>ljrk</span></a></span> <span class="h-card" translate="no"><a href="https://wetdry.world/@lexd0g" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>lexd0g</span></a></span> It's worse because <a href="https://mstdn.social/tags/Passkey" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Passkey</span></a> brick a lot of workflows and systems as an addon-layer instead of fixing the core problem.<br>And the core problem is that <a href="https://mstdn.social/tags/ITsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ITsec</span></a>, <a href="https://mstdn.social/tags/OpSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpSec</span></a>, <a href="https://mstdn.social/tags/ComSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ComSec</span></a> and <a href="https://mstdn.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> are just "Afterthoughts" at best for all but the most <a href="https://mstdn.social/tags/TechLiterate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechLiterate</span></a>. </p><p>Using i.e. <a href="https://mstdn.social/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGP</span></a> encryption and login on everything [and not as a "password replacement"] would be a way better fix.<br>Just like <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>torproject</span></a></span> does a self-signing namespace on <a href="https://mstdn.social/tags/OnionServices" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OnionServices</span></a>. </p><p>Again, not perfect but better than <a href="https://mstdn.social/tags/SSL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SSL</span></a>!</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://eupolicy.social/@ilumium" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>ilumium</span></a></span> <span class="h-card" translate="no"><a href="https://eupolicy.social/@edri" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>edri</span></a></span> doesn't mean <span class="h-card" translate="no"><a href="https://social.network.europa.eu/@EU_Commission" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>EU_Commission</span></a></span> isn't breaking the laws nor that it's anti-democratic and evil.<br><a href="https://mstdn.social/tags/NotLegalAdvice" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NotLegalAdvice</span></a> OFC.</p><p>Also can we please stop that <a href="https://mstdn.social/tags/cyberfacist" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cyberfacist</span></a> <a href="https://mstdn.social/tags/figleaf" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>figleaf</span></a>|ing? </p><p><span class="h-card" translate="no"><a href="https://mastodon.social/@MOGiS" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>MOGiS</span></a></span> already wiped the floor with <a href="https://mstdn.social/tags/Zensursula" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Zensursula</span></a> almost two decades ago, and she still owes everyone who can change <a href="https://mstdn.social/tags/DNS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DNS</span></a> settings an apology for claiming everyone more <a href="https://mstdn.social/tags/TechLiterate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechLiterate</span></a> than her is a "hardened pedo-criminal"... </p><p>I want my <a href="https://mstdn.social/tags/HumanRights" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>HumanRights</span></a> and <a href="https://mstdn.social/tags/CivilRights" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CivilRights</span></a> back - all of them since 1949 - WITH INTEREST!</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://social.tchncs.de/@case2tv" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>case2tv</span></a></span> I chose <a href="https://mstdn.social/tags/Enpass" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Enpass</span></a> since it literally runs on everything* - espechally <a href="https://mstdn.social/tags/Android" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Android</span></a> and <a href="https://mstdn.social/tags/Linux" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Linux</span></a> and doesn'r equire some subscription or charges people for the "privilegue" of self-hosting, like <a href="https://mstdn.social/tags/BitWarden" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BitWarden</span></a>.<br>It's also <a href="https://mstdn.social/tags/TechIlliterate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechIlliterate</span></a>-friendly.</p><p>*Okay it doesn't run on <a href="https://mstdn.social/tags/BSDs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BSDs</span></a> and <a href="https://mstdn.social/tags/Unix" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Unix</span></a> except macOS & iOS, but then again:<br>People who daily drive <a href="https://mstdn.social/tags/OpenBSD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenBSD</span></a>, <a href="https://mstdn.social/tags/FreeBSD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FreeBSD</span></a> or <a href="https://mstdn.social/tags/NetBSD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NetBSD</span></a> are usually <a href="https://mstdn.social/tags/TechLiterate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechLiterate</span></a> enough to basically setup their own <a href="https://mstdn.social/tags/password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>password</span></a> storage system from scratch & sync and backup stuff.</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mstdn.social/@kobayashi90" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>kobayashi90</span></a></span> I mean, we gotta have to inform the <a href="https://mstdn.social/tags/TechIlliterates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechIlliterates</span></a> that may stumble upon this thread and they too need to be informed on ~why~ claims made by <span class="h-card" translate="no"><a href="https://mastodon.social/@protonmail" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>protonmail</span></a></span>, <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>signalapp</span></a></span> and other <a href="https://mstdn.social/tags/centralized" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>centralized</span></a> <a href="https://mstdn.social/tags/SingleVendor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SingleVendor</span></a> & <a href="https://mstdn.social/tags/SingleProvider" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SingleProvider</span></a> solutions are inherently wrong!</p><p>We can't complain about people being #'TechIlliterate without doing our part in reducing <a href="https://mstdn.social/tags/TechIlliteracy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechIlliteracy</span></a> and making people more <a href="https://mstdn.social/tags/TechLiterate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechLiterate</span></a>...</p>
Kevin Karhan :verified:<p><span class="h-card"><a href="https://mastodon.social/@damngoodtech" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>damngoodtech</span></a></span> In the end it's a consumer's choice.</p><p>People need to be <a href="https://mstdn.social/tags/TechLiterate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechLiterate</span></a> enough to value <a href="https://mstdn.social/tags/repairability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>repairability</span></a> (and <a href="https://mstdn.social/tags/upgradeability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>upgradeability</span></a>) over making tue thinnest devices possible.</p><p>Now granted, both <span class="h-card"><a href="https://fosstodon.org/@frameworkcomputer" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>frameworkcomputer</span></a></span> amd <span class="h-card"><a href="https://social.weho.st/@Fairphone" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>Fairphone</span></a></span> did manage to design <a href="https://mstdn.social/tags/thinn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>thinn</span></a> yet repairable devices, proving that all the <a href="https://mstdn.social/tags/AntiRepair" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>AntiRepair</span></a>-Arguments are corporate propaganda lies!</p><p>Personally I'd accept even <a href="https://mstdn.social/tags/thicc" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>thicc</span></a>'er devices if that means they'd use more <a href="https://mstdn.social/tags/COTS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>COTS</span></a> and less <a href="https://mstdn.social/tags/custom" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>custom</span></a> parts...</p>
Kevin Karhan :verified:<p><span class="h-card"><a href="https://hachyderm.io/@evacide" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>evacide</span></a></span> <a href="https://mstdn.social/tags/Stalkerware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Stalkerware</span></a> & <a href="https://mstdn.social/tags/Govware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Govware</span></a> producers are ALWAYS legitimate targets.</p><p>They are unethical per concept and have no legitimate reasons to exist!</p><p>Also I do assume they are shitty because they all assume everyone else is "less <a href="https://mstdn.social/tags/TechLiterate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechLiterate</span></a>" than them...</p>
Kevin Karhan :verified:<p><span class="h-card"><a href="https://mstdn.social/@fosserytech" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>fosserytech</span></a></span> Worse in this case is that it's not politicans but <a href="https://mstdn.social/tags/DGSI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DGSI</span></a> field agents...</p><p>You know, <a href="https://mstdn.social/tags/french" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>french</span></a> <a href="https://mstdn.social/tags/interior" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>interior</span></a> <a href="https://mstdn.social/tags/intelligence" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>intelligence</span></a>. <br><a href="https://en.wikipedia.org/wiki/General_Directorate_for_Internal_Security" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">en.wikipedia.org/wiki/General_</span><span class="invisible">Directorate_for_Internal_Security</span></a></p><p>If these guys get spooked by people being more <a href="https://mstdn.social/tags/TechLiterate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechLiterate</span></a> then themselves, maybe said agency is more risk than benefit for the <a href="https://mstdn.social/tags/NatSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NatSec</span></a> of <a href="https://mstdn.social/tags/France" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>France</span></a>...</p>
Kevin Karhan :verified:<p>And yes the core problem is that people are not <a href="https://mstdn.social/tags/TechLiterate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechLiterate</span></a> and that they get groomed into stupid consoomers and only educated far enough to maximize the profit as exploitable wageworkers!</p><p><a href="https://youtu.be/u-sNSjS8cq0?t=5207" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="">youtu.be/u-sNSjS8cq0?t=5207</span><span class="invisible"></span></a></p>
Kevin Karhan :verified:<p><span class="h-card"><a href="https://calckey.social/@xyhhx" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>xyhhx</span></a></span> <span class="h-card"><a href="https://social.treehouse.systems/@marcan" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>marcan</span></a></span> also yes, it's up to the <a href="https://mstdn.social/tags/TechLiterate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechLiterate</span></a> to protect the <a href="https://mstdn.social/tags/TechIlliterates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechIlliterates</span></a> even if that means one needs to put them into well-padded sandboxes where they can't hurt themseles or others...<br><a href="https://mstdn.social/@kkarhan/110068272345669332" rel="nofollow noopener noreferrer" target="_blank"><span class="invisible">https://</span><span class="ellipsis">mstdn.social/@kkarhan/11006827</span><span class="invisible">2345669332</span></a></p>
Kevin Karhan :verified:<p><span class="h-card"><a href="https://tech.lgbt/@rvedotrc" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>rvedotrc</span></a></span> I hate such shitty questionnaires, as they completely suck at the professional nuancy to the point that I refuse to use / fill-out these as they insult the intellect of every <a href="https://mstdn.social/tags/TechLiterate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TechLiterate</span></a> I know of...</p>
ExploreLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload