Recent searches

No recent searches

Search options

Only available when logged in.
mstdn.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A general-purpose Mastodon server with a 500 character limit. All languages are welcome.

Administered by:

Server stats:

9.6K
active users

mstdn.social: AboutStatusProfiles directoryPrivacy policyTerms of service

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.1

#MultiProvider

0 posts0 participants0 posts today
Replied in thread
*
Kevin Karhan :verified:

@stman @Sempf @LaF0rge yes.

Because physical SIMs, like any "cryptographic chipcard" (i.e. @nitrokey ) did all that fancy public/private crypto on silicon and unless that was compromizeable (which AFAICT always necessistated physical access to the #SIM, espechally in pre-#OMAPI devices) the SIM wasn't 'cloneable' and the weakest link always had been the #MNO /.#MVNO issueing (may it be through #SocialHacking employees into #SimSwapping or LEAs showng up with a warrant and demanding "#LawfulInterception"):

Add to that the regression in flexibility:

Unlike a #SimCard which was designed as a vendor-independent, #MultiVendor, #MultiProvider, device agnostic unit to facilitate the the #authentification and #encryption in #GSM (and successor standards), #eSIMs act to restrict #DeviceFreedom and #ConsumerChoice, which with shit like #KYC per #IMEI (i.e. #Turkey demands it after 90 days of roaming per year) und #lMEI-based #Allowlisting (see #Australia's shitty #VoLTE + #2G & #3G shutdown!) are just acts to clamp down on #privacy and #security.

  • And with #EID being unique per #eSIM (like the #IMEI on top!) there's nothing stopping #cyberfacist regimes like "P.R." #China, #Russia, #Iran, ... from banning "#eSIMcards" (#eSIM in SIM card form factor) or entire device prefixes (i.e. all phones that are supported by @GrapheneOS ), as M(V)NOs see the EID used to deploy/activate a profile (obviously they don't want people to activate eSIMs more than once, unless explicitly allowed otherwise.

"[…] [Technologies] must always be evaluated for their ability to oppress. […]

  • Dan Olson

And now you know why I consider a #smartphone with eSIM instead of two SIM slots not as a real #DualSIM device because it restricts my ability to freely move devices.

  • And whilst German Courts reaffirmed §77 TKG (Telco Law)'s mandate to letting people choose their devices freely, (by declarong #fees for reissue of eSIMs illegal) that is only enforceable towards M(V)NOs who are in #Germany, so 'good luck' trying to enforce that against some overseas roaming provider.

Thus #Impersonation attacks in GSM-based networks are easier than ever before which in the age of more skilled than ever #Cybercriminals and #Cyberterrorists (i.e. #NSA & #Roskomnadnozr) puts espechally the average #TechIlliterate User at risk.

  • I mean, anyone else remember the #Kiddies that fucked around with #CIA director #Brennan? Those were just using their "weapons-grade #boredom", not being effective, for-profit cyber criminals!

And then think about those who don't have privilegued access to protection by their government, but rather "privilegued access" to prosecution by the state because their very existance is criminalized...

The only advantage eSIMs broight in contrast is 'logistical' convenience because it's mostly a #QRcode and that's just a way to avoid typos on a cryptic #LocalProfileAgent link.

Replied in thread
Kevin Karhan :verified:

@action_jay everything that isn't a fully #OpenSource'd #OpenStandard with #MultiVendor & #MultiProvider support.

That's why @delta (#PGP/MIME) & @monocles / @gajim (#XMPP+#OMEMO) are superior to @signalapp , because that can be easily cracked down on due to #CloudAct, whereas truly #decentralized systems have #SelfCustody so they can't be taken down effectively.

  • Bonus points if they support @torproject / #Tor, cuz that makes it harder for "state-sponsored" (or rather state-endorsed/governmental attackers) to block or sabotage it (#OnionServices are harder to take down!)
#Tor#OnionServices
Replied in thread
Kevin Karhan :verified:

@ckrypto if@signalapp@mastodon.world wasn't complying with #CloudAct, @Mer__edith would be in jail.

Not to mention even if Signal keeps their "#OpenSource" code updated - which is doubtful, NOONE can actually #verify that it's the code you actually use - regardless if #backend / #Server or #client / #App!

  • #Signal is as secure as #ANØM, otherwise it would've been shutdown ages ago.

Also if Signal was designed for #security, it would've been #decentralized as #XMPP+#OMEMO and not demand #PII like #PhoneNumbers which oftentimes cannot be obtained anonymously in many juristictions at all!

By comparison, @delta doesn't require any PII, only an #eMail account, and @monocles isn't a #VCmoneyBurningParty but sustainable due to #subscription and they don't even require any personal details for #payment: #CashByMail and #Monero are accepted.

Again: It's Signal alone who have to evidence they are trustworthy, and all I get are "#TrustMeBro!" replies, which means they are not to be trusted.

  • Not to mention, it's just not sustainable to run a #service without #revenue, even if it's run entirely by unpaid volunteers and gets all it's #hosting and #costs donated, someone has to pay for expenses due to #abuse of a service (which is an inevitability come mass adoption)...

Whereas with #XMPP I can completely setup my own server and client, even build my own if I don't trust anyone else and pay someone to audit the code.

Whereas with XMPP & PGP/MIME #eMail I can layer @torproject / #Tor over it, make it an #OnionService and keep that thing under my bed with a literal killswitch...

YouTubeSignal's Terrible MobileCoin BetrayalBy The Hated One
Replied in thread
Kevin Karhan :verified:

@delta also the whole "BuT #mEtAdAtA?" Discussion is completely blown out of proportions by #Signal fanboys.

In fact, I'm convinced someone already made a #delta #chat #server as an #OnionService over @torproject / #Tor just for the lulz.

  • The biggest Advantage for Delta Chat is that it doesn't require yet another server but instead just uses #IMAP + #SMTP and can even be integrated in #corporate communications that require #archival and #indexing by merely feeding the private keys to said #eMail archival software [i.e. #benno #MailArchiv], which makes it possible to comply with regulations like #GoBD & #HGB where applicable.

Not that this is something the average user encounters, but it is a big bonus for larger organizations!

Replied in thread
*
Kevin Karhan :verified:

@compl4xx @Layer8 @nick @kuketzblog @marcel @mspro

  • EXAKT DAS!

Meine Rede...

Oder um es einfach zu erklären: Warum gibt es #HTTP(S) & #HTML sowie #eMail ( #IMAP & #SMTP) bis heute und keiner nutzt mehr #AOL, #MSN, #ICQ?

Wenn @signalapp / #Signal wegen #CloudAct geflipped wird wie #EncroChat, #ANØM & #SkyECC dann stehen Leute alternativlos in der shice ubd die ganzen "Sicherheitsversprechen" lösen sich in "#TrustMeBro!" und #Lügen auf.

Ich nutze meinen XMPP-Account seit Ewigkeiten und habe drölfzig Clients durch. Aber Kontakte erreichen mich darüber Problemlos!

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@kuketzblog@social.tchncs.de naja, @signalapp@mastodon.world fällt auch unter #CloudAct ubd #Threema ist noch #proprietärer als #Signal. - Gibt mit #XMPP+#OMEMO eine wirklich #sichere & #dezentrale Alternative die keine #PII wie #Telefonnummern oder #Google-Dienste braucht! Ach ja, @monocles@monocles.social / #moniclesChat haben [grade](https://monocles.social/@monocles/113925173206088469) ne #Promo zum #GlobalSwitchDay und bieten deren #App kostenlos an. - Und sonst gibt's auch noch @delta@chaos.social / #deltaChat welche #PGO/MIME & #eMail als Basis nutzen! Für [beide gibt's](https://github.com/greyhat-academy/lists.d/blob/main/xmpp.servers.list.tsv) [kostenlose Anbieter](https://github.com/greyhat-academy/lists.d/blob/main/email.servers.list.tsv) und #SelfHosting ist genauso machbar wie deren *echte #E2EE* mit #SelfCustody!
Replied in thread
Kevin Karhan :verified:

@max
To quote you directly:

"[...] easy to use solutions that are at the same time private and secure. [...]"

It is easier, faster, cheaper and overall simpler to get someone setup with #XMPP + #OMEMO espechally if they don't have a #PhoneNumber and/or #ID to acquire a #SIM.

And if you go and say, "Just buy a [insert country here] [e]SIM!" and expect #TechIlliterates without a #CreditCard, #PayPal or other means of #OnlinePayment to fiddle around with some #eSIM if not having to get some #eSIMcard because they can only afford to maintain one SIM and can't spend triple-digits on a new devices then you completely missed the point!

It's not that I expect anyone to get #TechLiterate within minutes, but similar to setting up a cordless DECT phone it's something one has to do once in 5 years and just have them put the password in a safe spot to retain...

Point is that #Signal #WontFix their setup and that was evidently clear even before @Mer__edith succeeded #MoxieMarlinspike: Their entire operation has a distinct #CryptoAG stench as it's an #unsustainable #VCmoneyBurning party!

A counterexample on how this could've been done are #Tor, #eMail and other truly #OpenSource as in #MultiVendor & #MultiProvider standards.

Whereas it's trivial to get people setup on one of many XMPP servers I've personally tested!

AFAIK Signal doesn't even have an #OnionService / .onion for their Website, much less any #API enpoints to use it with!

You're free to also provide evidence and supporting data to your arguments, rather then neighsaying against proven to be more secure and reliable [by virtue of decentralization] options like XMPP+OMEMO and/or #PGP/MIME.

The proper fix is to actually assess the situation and acknowledge the risks and limitations as well as the very nature of communications, which means upgrading later is exponentially more painful, thus getting people properly setup once is way easier.

  • Just because WE [ or rather @rysiek in this case ] rather privilegued enough to not be hatecrimed in their current location doesn't mean this is the case for everyone. And having places like Signal rely on a "#CDN" is just another red flag to me because questions like this one just don't arise with monocles.chat as people can just exercise proper #SelfCustody and just use Tor!

Speaking of #monocles: That business is at least #sustainable because it's funded by users (€2 p.m.) which they can pay anonymously

gruene.socialMax L. (@max@gruene.social)@kkarhan@infosec.space Sorry but no, the correct solution is to push for easy to use solutions that are at the same time private and secure. Hiding privacy and security behind a veil of "you need to know" is discrimination of people that are not able (either mentally, physically or monetary) to gain that knowledge. The correct move here is for @signalapp@mastodon.world and any other service to fix this and for legislators to enact laws enforcing proper security and privacy by design.
Replied in thread
Kevin Karhan :verified:

@zeank @MastoDenunzianten Auch sind all.dies #Merting-#Versprechen oder auch #Lügen, denn woher soll mensch verifizieren können, dass das was #Threeema behauptet auch stimmt?

  • Die werden mich das ja nicht persönlich an deren Servern abchecken lassen.

Bei #XMPP+#OMEMO (z.B. @monocles / #monoclesChat & @gajim / #Gajim) & #PGP/MIME (z.B @delta / #DeltaChat) kann ich im Zweifelsfalle #SelfHosting mit nem #RaspberryPi im Kleiderschrank machen.

Angriffe auf dezentrale & offene, #MultiVendor & #MultiProvider-Standards funktionieren nicht skalierbar!

pwnagotchi.aiPwnagotchi - Deep Reinforcement Learning instrumenting bettercap for WiFi pwning. :: Usage
Replied in thread
Kevin Karhan :verified:

@zackwhittaker @kevincollier

Remember:

The only way we can prevent a #Cyberfacist #dystopia is to make it impossible!

Replied in thread
Kevin Karhan :verified:

@ai6yr people need to fucking learn proper #InfoSec, #OpSec, #CkmSec & #ITsec and that means learning to proper use #XMPP+#OMEMO & #PGP/MIME.

@tails_live / @tails / #Tails exists. @gajim / #Gajim exists. @monocles / #monoclesChat exists. @delta / #deltaChat exists. @thunderbird / #Thunderbird exists. @cryptoparty@mastodon.earth / @cryptoparty@chaos.social / #CryptoParties exist.
#Documentation in writing and videos exist.

#SelfHosting#multivendor#MultiProvider
Kevin Karhan :verified:

@doerk the problem is that we accept #TechIlliterates just regurgitating #MarketingLies of #NSAbook et. al.

Or does anyone believe @signalapp 's @Mer__edith would protect any user if that means she'd be in jail for the rest of her life?

  • Cuz whoever believes that really huffed too much Copium amidst #CloudAct existing and precedents existing!

1
2
3

youtu.be- YouTubeСмотрите любимые видео, слушайте любимые песни, загружайте собственные ролики и делитесь ими с друзьями, близкими и целым миром.
Replied in thread
Kevin Karhan :verified:

@delta TBH, I think that #deltaChat, alongside @monocles / #monoclesChat is one of the few real #E2EE #Chat & #Messaging solutions (which allow for full #SelfCustody of keys as well as being based on #OpenStandards for a #MultiVendor & #MultiProvider ecosystem) and even out-of-band verification and key exchange...

  • The main difference is that deltaChat implements #PGP/MIME on #IMAP+#SMTP, which may be easier to setup in some cases and also offer an easy pipeline to archival requirements in #business setups whilst #monocles chat uses #XMPP+#OMEMO first and supports PGP/MIME as a secondary option, making it a good option in individual setups...

Needless to say both support using @torproject / #Tor via #Orbot and thus connecting to an #OnionService or just anonymously connecting to the server one personally chooses...

  • So unless a provider explicitly bans Tor proactively, they'll work just fine.

The advantage of XMPP is that it also allows for calls, whereas I've to see how one can do Group Chats on deltaChat at all...

*
Kevin Karhan :verified:

@lightspill Personally, I think that depends...

Certain things are matters of taste (i.e. #vi, #vim, #neovim, #nano, #ne or #kilo as #editors) and certain things are just objectively correct things to do (i.e. #PGP/MIME encryption on #eMail, using #MutiVendor & #MultiProvider #OpenStandads instead of #proprietary #SingleVendor & #SingleProvider "solutions"...)

  • But as @tantacrul once said: "It's okay to be wrong!"

As a #Linux & #Unix-esque #Sysadmin I'd rather be disliked as #BenevolentDictator than to deliver or even maintain subpar, substandard, insecure and unmaintainable solutions, because like an #electrician, people / businesses or rather clients / employers expect me to plan and deliver solutions that are 'up to code' and by 'code' I mean the relevant laws and standards ranging from #GDPR & #BDSG to #PCIDSS & #BSI...

  • EVERYTHING ELSE is secondary!
Replied in thread
*
Kevin Karhan :verified:

@dangillmor @eff Yes, but also acknowledge obvious misguidings.

Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”
#pii#legitimateinterest#usefulidiots
Kevin Karhan :verified:

@thegibson Well, what if I told you that neither #Signal nor #Threema nor any #centralized #SingleVendor & #SingleProvider messenger will be secure.

But don't take my word for it, because just as logless VPNs don't exist so will @signalapp snitch on every user if served with a court order or forced at gunpoint by LEAs and/or facing jail for not complying with #CloudAct.

  • In fact, I'd be surprised if they haven't done so already...

If you want real #security and #privacy, then don't use any #messenger that demands #PII like #PhoneNumbers at all and choose #decentralized, #MultiVendor & #MultiProvider solutions like #XMPP+#OMEMO where you have #SelfCustody of all #Keys and thus you are in control!

Also #Telegram is exclusively being used by #Neonazis, #ConspiracyTheorists and #Disinfo groups...

Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”
TrendingLive feeds
About