mstdn.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A general-purpose Mastodon server with a 500 character limit. All languages are welcome.

Administered by:

Server stats:

13K
active users

#trustmebro

3 posts1 participant3 posts today
Replied in thread

@Mer__edith I can't enforce your promises against @signalapp , thus they are #MarketingLies of the "#TrustMeBro!"-kind thus and worth diddly-piss!

infosec.space/@kkarhan/1146959

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@derekmorr@mastodon.social > Let it go, already. No one uses MobileCoin. You can’t even find an exchange to buy it. Then why does @signalapp@mastodon.world still have that shit in it? @Mer__edith@mastodon.world could've pulled that #Shitcoin yet refuses to do do! > The Cloud Act is a non-issue. Signal doesn’t have data on users, so they can’t be forced to disclose it. That's literally wrong! - #Signal not only collects #PII in the form of a #PhoneNumher but explicitly is *able and willing* to use that to dsicriminate against users and restrict app functionality based off their presumed juristiction. There is no *"legitimate interest"* for.doing so nor any legal mandate to do so (unless we excuse the ehole #MobileCoin-#Scam!) > It’s been 30 years, and no one uses xmpp. Let it go. Wrong again. Otherwise there wouldn't be thriving ecosystems and Apps to this day. It's just that corporate shills refuse to acknowledge that Signal - like all centralized, proprietary, #SingleVendor and/or #SingleProvider kessengers before and after - will inevitably die as their business model is not sustainable. Sake with #ICQ really. The only exceptions are those that abolish #privacy for #profit, integrate *actually working payments* or sellout to a #cyberfacist #government (all those apply to #WeChat!) > It’s shocking that people who claim to care about security and privacy push niche apps with terrible UX and no PFS like Delta or XMPP instead of the only private messenger with any real market share, Signal. You know what's shocking to me: People who are unable or rather unwilling.to acknowledge that Signal is garbage and it's requirement for a #PhoneNumber kills any #privacy benefits it may have on paper by virtue of being at best pseudonymous (assuming the userd don't live in a juristiction that demands *"#KYC"* for even prepaid #SIM cards (ime. #Germany) or god forbid even #IMEI|s (i.e. #Turkey has a literal allowlist that'll kick any device off it's MNOs after 90 days within 365 days. - The #UScentric approach to #privacy and #threats makes Signal absolutely useless in many cases, and I do speak here from experience. I'd rather help people onboard #XMPP+#OMEMO like @monocles@monocles.social and/or @gajim@fosstodon.org or #PGP/MIME like @delta@chaos.social & @thunderbird@mastodon.online (incl. setting them up with #Orbot / #TorBrowserBundle / @tails_live@venera.social so their traffic gets through @torproject@mastodon.social and doesn't provide any useable IP addresses. - *I've literally been there and done that!* As for #Sustainability, providers like https://monocles.eu finance themselves by subscriptions (starting at €2 p.m.) which people can pay *fully anonymous* using #CashByMail and #Monero on top of common payment methods (i.e. SEPA wire transfer)... - So even if you think *"#monocles is a #honeypot"* that is mitigateable ciz unlike with Signal you can *choose your own client, choose a different provider & exervise self-custody of all tue keys!*
Replied in thread

@renardboy @derekmorr depends...

Did you have to remotely onboard someone onto a secure communication stack whilst they are on the run from the authorities and blood relatives due to "living while trans" with a literal "dead or alive" bounty on their head whilst stuck in a besieged city that's being shelled?

  • Cuz I did...

@signalapp is evidently a solution appealing to #TechIlliterates with dangerous 'semi-knowledge' who are willing to accept a "#TrustMeBro!" by @Mer__edith and #MoxieMarlinspike before her.

  • Using #Signal would've gotten said person tracked down and killed by the de-facto aithorities for merely having their phone # linked to that shite!
Replied in thread

@silhouette @richi @signalapp @torproject

1. You completely miss the points! There is no "#TechnicalNecessity" to demand #PII like a #PhoneNumber - espechally for a "#privacy"-focussed messenger!

2. & 3. #Signal is able and willing to comply with #Cyberfacism and pushing a #Shitcoin (#MobileCoin) makes it trivial to criminalize the App for "illegal & unregilated banking". If #Moxie or @Mer__edith cared they'd yeet that thing (or didn't even integrate it to begin with!) to avoid the attention. And yes Signal does restrict the App functionality when using a phone number from #Russia & #Iran (among other nations), thus affecting not only those in need of safe comms but by sending a verification code to them, earmarking them for police & intelligence. Which bings.me to the 1st agrument.

4. #Tor has a stellar record in terms of stability, integrity and censorship circumvention. DIY'ing something instead if following almost two decades of solid progress is absurd and violates "don't roll your own crypto" as a rule!

5. Only with #SelfCustody can you protect your own data. Or do you really expect Staff from Signal to not talk when facing lifetime in jail? If they have the keys, they can decrypt it, thus their #E2EE is just a "#TrustMeBro!" concept. I mean, what prevents them from being forced into backdooring all comms to @icij as per #NSL? Any "guarantee" without self-custody is worthless by virtue of being unenforceable!

Signal pushing #TechPopulism instead of teaching folks that their #ComSec is worth diddly-piss wothout.#OpSec, #InfoSec & #ITsec is dangerous!

  • And yes claiming "JuSt UsE sIgNaL!" is dangerous in the era of #Trump's #cyberfacist regime acting as it does (like with the #ICC)!

Not to mention there are better options that don't do that shite (i.e. demand PII) and just work. @monocles / #monoclesChat & @delta / #deltaChat for example can adapt way better to said risks and ain't run by a #VCmoneyBurningParty!

Avatar for silhouette
dumbfuckingweb.sitePost by sleepy silhouette, @silhouette@dumbfuckingweb.site@kkarhan@infosec.space @richi@vmst.io @signalapp@mastodon.world @torproject@mastodon.social >PII afaik the only info is that you have registered to Signal and the last time you've connected. Other services do this too, for technical reasons. >USA irrelevant given the guarantees of their E2...
Replied in thread

@Catwoman69y2k @dragonfriend most importantly:

Only with #SelfCustody of all the keys, #SelfHosting of the entire infrastructure and everything being #OpenSource, one can assure (and [let it be] audit[ed] independently) that the #advertised #promises are in fact true.

Cuz not expecting @Mer__edith to break is the same level of "#TrustMeBro!" assurances as #ANØM, #EncroChat, #SkyECC, #WhatsApp etc. do in their #advetising #lies!

  • Remember: Corporations/Foundations/non-profits/... don't have a right to be silent , only individuals, and even then there are certain juristictions that have #KeyEscrow laws (i.e. #France, #Russia, #KSA, #China, #India, #UK , ...) in the books!
Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”
Replied in thread

@ckrypto if@signalapp@mastodon.world wasn't complying with #CloudAct, @Mer__edith would be in jail.

Not to mention even if Signal keeps their "#OpenSource" code updated - which is doubtful, NOONE can actually #verify that it's the code you actually use - regardless if #backend / #Server or #client / #App!

  • #Signal is as secure as #ANØM, otherwise it would've been shutdown ages ago.

Also if Signal was designed for #security, it would've been #decentralized as #XMPP+#OMEMO and not demand #PII like #PhoneNumbers which oftentimes cannot be obtained anonymously in many juristictions at all!

By comparison, @delta doesn't require any PII, only an #eMail account, and @monocles isn't a #VCmoneyBurningParty but sustainable due to #subscription and they don't even require any personal details for #payment: #CashByMail and #Monero are accepted.

Again: It's Signal alone who have to evidence they are trustworthy, and all I get are "#TrustMeBro!" replies, which means they are not to be trusted.

  • Not to mention, it's just not sustainable to run a #service without #revenue, even if it's run entirely by unpaid volunteers and gets all it's #hosting and #costs donated, someone has to pay for expenses due to #abuse of a service (which is an inevitability come mass adoption)...

Whereas with #XMPP I can completely setup my own server and client, even build my own if I don't trust anyone else and pay someone to audit the code.

Whereas with XMPP & PGP/MIME #eMail I can layer @torproject / #Tor over it, make it an #OnionService and keep that thing under my bed with a literal killswitch...

another day another $50 million crypto theft involving a stablecoin even i have never heard of called #0xinfini.

will it be #NorthKorea this time? (it's usually North Korea, an inside job, or a "highly profitable trading strategy")

the project devs have tweeted to assure their users that everything will be fine bc "trust me bro", but only from their personal accounts. there is no acknowledgement of the theft on the official 0xInfini X account.

somewhat hilariously the "project" tweeted a self congratulations about reaching $50 million in deposits just yesterday. 100% of that is gone now.
x.com/officer_cia/status/18938

Replied in thread

@compl4xx @Layer8 @nick @kuketzblog @marcel @mspro

  • EXAKT DAS!

Meine Rede...

Oder um es einfach zu erklären: Warum gibt es #HTTP(S) & #HTML sowie #eMail ( #IMAP & #SMTP) bis heute und keiner nutzt mehr #AOL, #MSN, #ICQ?

Wenn @signalapp / #Signal wegen #CloudAct geflipped wird wie #EncroChat, #ANØM & #SkyECC dann stehen Leute alternativlos in der shice ubd die ganzen "Sicherheitsversprechen" lösen sich in "#TrustMeBro!" und #Lügen auf.

Ich nutze meinen XMPP-Account seit Ewigkeiten und habe drölfzig Clients durch. Aber Kontakte erreichen mich darüber Problemlos!

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@kuketzblog@social.tchncs.de naja, @signalapp@mastodon.world fällt auch unter #CloudAct ubd #Threema ist noch #proprietärer als #Signal. - Gibt mit #XMPP+#OMEMO eine wirklich #sichere & #dezentrale Alternative die keine #PII wie #Telefonnummern oder #Google-Dienste braucht! Ach ja, @monocles@monocles.social / #moniclesChat haben [grade](https://monocles.social/@monocles/113925173206088469) ne #Promo zum #GlobalSwitchDay und bieten deren #App kostenlos an. - Und sonst gibt's auch noch @delta@chaos.social / #deltaChat welche #PGO/MIME & #eMail als Basis nutzen! Für [beide gibt's](https://github.com/greyhat-academy/lists.d/blob/main/xmpp.servers.list.tsv) [kostenlose Anbieter](https://github.com/greyhat-academy/lists.d/blob/main/email.servers.list.tsv) und #SelfHosting ist genauso machbar wie deren *echte #E2EE* mit #SelfCustody!
Replied in thread

@ck @lk108 @kuketzblog Ich halte die #Sicherheitsversprechen von #Signal für "#TrustMeBro"-#Werbelügen alla #WhatsApp!

  • Kannst natürlich dies leugnen, aber das ändert nicht die Realität dass #Tepefonnummern #PersonenbezogeneDaten sind und es gem. TKG illegal ist eine [deutsche] Rufnummer ohne verifizierte Anschlussinhaberdaten zu aktivieren bzw. dauerhaft zuzuteilen.

Wer Leuten eine anonym registrierte (e)SIM [aus dem Ausland] beschaffen kann, kann Leuten auch nen @monocles / #MonoclesStarter - Account für €2 p.m. aufsetzen und betreiben: Ne ALDI TALK -#SIM aktiviert halten kostet mehr!

Replied in thread

@ck @sven222 @kuketzblog problem is @signalapp is a #Centralized, #Proprietary, #SingleVendor & #SingleProvider solution that falls under #CloudAct and demands #PII in the form of #PhoneNumbers.

Cuz all the #advertising of Signal is close to #TrustMeBro and I'd not trust in @Mer__edith to risk jail for users!

  • But you do you...
Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”