Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
mstdn.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
A general-purpose Mastodon server with a 500 character limit. All languages are welcome.

Administered by:

Server stats:

13K
active users

mstdn.social: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.8

#trustmebro

3 posts1 participant3 posts today
Replied in thread
Public
Kevin Karhan :verified:

@Mer__edith I can't enforce your promises against @signalapp , thus they are #MarketingLies of the "#TrustMeBro!"-kind thus and worth diddly-piss!

infosec.space/@kkarhan/1146959

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@derekmorr@mastodon.social > Let it go, already. No one uses MobileCoin. You can’t even find an exchange to buy it. Then why does @signalapp@mastodon.world still have that shit in it? @Mer__edith@mastodon.world could've pulled that #Shitcoin yet refuses to do do! > The Cloud Act is a non-issue. Signal doesn’t have data on users, so they can’t be forced to disclose it. That's literally wrong! - #Signal not only collects #PII in the form of a #PhoneNumher but explicitly is *able and willing* to use that to dsicriminate against users and restrict app functionality based off their presumed juristiction. There is no *"legitimate interest"* for.doing so nor any legal mandate to do so (unless we excuse the ehole #MobileCoin-#Scam!) > It’s been 30 years, and no one uses xmpp. Let it go. Wrong again. Otherwise there wouldn't be thriving ecosystems and Apps to this day. It's just that corporate shills refuse to acknowledge that Signal - like all centralized, proprietary, #SingleVendor and/or #SingleProvider kessengers before and after - will inevitably die as their business model is not sustainable. Sake with #ICQ really. The only exceptions are those that abolish #privacy for #profit, integrate *actually working payments* or sellout to a #cyberfacist #government (all those apply to #WeChat!) > It’s shocking that people who claim to care about security and privacy push niche apps with terrible UX and no PFS like Delta or XMPP instead of the only private messenger with any real market share, Signal. You know what's shocking to me: People who are unable or rather unwilling.to acknowledge that Signal is garbage and it's requirement for a #PhoneNumber kills any #privacy benefits it may have on paper by virtue of being at best pseudonymous (assuming the userd don't live in a juristiction that demands *"#KYC"* for even prepaid #SIM cards (ime. #Germany) or god forbid even #IMEI|s (i.e. #Turkey has a literal allowlist that'll kick any device off it's MNOs after 90 days within 365 days. - The #UScentric approach to #privacy and #threats makes Signal absolutely useless in many cases, and I do speak here from experience. I'd rather help people onboard #XMPP+#OMEMO like @monocles@monocles.social and/or @gajim@fosstodon.org or #PGP/MIME like @delta@chaos.social & @thunderbird@mastodon.online (incl. setting them up with #Orbot / #TorBrowserBundle / @tails_live@venera.social so their traffic gets through @torproject@mastodon.social and doesn't provide any useable IP addresses. - *I've literally been there and done that!* As for #Sustainability, providers like https://monocles.eu finance themselves by subscriptions (starting at €2 p.m.) which people can pay *fully anonymous* using #CashByMail and #Monero on top of common payment methods (i.e. SEPA wire transfer)... - So even if you think *"#monocles is a #honeypot"* that is mitigateable ciz unlike with Signal you can *choose your own client, choose a different provider & exervise self-custody of all tue keys!*
Replied in thread
Public
Kevin Karhan :verified:

@renardboy @derekmorr depends...

Did you have to remotely onboard someone onto a secure communication stack whilst they are on the run from the authorities and blood relatives due to "living while trans" with a literal "dead or alive" bounty on their head whilst stuck in a besieged city that's being shelled?

  • Cuz I did...

@signalapp is evidently a solution appealing to #TechIlliterates with dangerous 'semi-knowledge' who are willing to accept a "#TrustMeBro!" by @Mer__edith and #MoxieMarlinspike before her.

  • Using #Signal would've gotten said person tracked down and killed by the de-facto aithorities for merely having their phone # linked to that shite!
#Signal
Replied in thread
Public *
Kevin Karhan :verified:

@derekmorr

Parroting the same #propaganda doesn't make it any less wrong.

Once you've calmed down you can come back and apologize.

  • Cuz you've disproven nor evidenced any of your claims whatsoever!

Meanwhile @signalapp's @Mer__edith can blast all the #Advertising #lies they want, that doesn't make their #Security better than the "#TrustMeBro!" claims of #NSAbook's #WhatsApp!

youtube.com/watch?v=8PW3O2mqTn8

  • You may laugh at this, but my instincts and insights have kept me alive so far without failing so obviously it's kinda hard to consider some #copaganda and random dude splaining as valid arguments!

Consider the #timeout an olive branch.

MastodonDerek Morr (@derekmorr@mastodon.social)@kkarhan@infosec.space @signalapp@mastodon.world @Mer__edith@mastodon.world Let it go, already. No one uses MobileCoin. You can’t even find an exchange to buy it. The Cloud Act is a non-issue. Signal doesn’t have data on users, so they can’t be forced to disclose it. It’s been 30 years, and no one uses xmpp. Let it go. It’s shocking that people who claim to care about security and privacy push niche apps with terrible UX and no PFS like Delta or XMPP instead of the only private messenger with any real market share, Signal.
#thxbye#next#EOD
Replied in thread
Public *
Kevin Karhan :verified:

@silhouette @richi @signalapp @torproject

1. You completely miss the points! There is no "#TechnicalNecessity" to demand #PII like a #PhoneNumber - espechally for a "#privacy"-focussed messenger!

2. & 3. #Signal is able and willing to comply with #Cyberfacism and pushing a #Shitcoin (#MobileCoin) makes it trivial to criminalize the App for "illegal & unregilated banking". If #Moxie or @Mer__edith cared they'd yeet that thing (or didn't even integrate it to begin with!) to avoid the attention. And yes Signal does restrict the App functionality when using a phone number from #Russia & #Iran (among other nations), thus affecting not only those in need of safe comms but by sending a verification code to them, earmarking them for police & intelligence. Which bings.me to the 1st agrument.

4. #Tor has a stellar record in terms of stability, integrity and censorship circumvention. DIY'ing something instead if following almost two decades of solid progress is absurd and violates "don't roll your own crypto" as a rule!

5. Only with #SelfCustody can you protect your own data. Or do you really expect Staff from Signal to not talk when facing lifetime in jail? If they have the keys, they can decrypt it, thus their #E2EE is just a "#TrustMeBro!" concept. I mean, what prevents them from being forced into backdooring all comms to @icij as per #NSL? Any "guarantee" without self-custody is worthless by virtue of being unenforceable!

Signal pushing #TechPopulism instead of teaching folks that their #ComSec is worth diddly-piss wothout.#OpSec, #InfoSec & #ITsec is dangerous!

  • And yes claiming "JuSt UsE sIgNaL!" is dangerous in the era of #Trump's #cyberfacist regime acting as it does (like with the #ICC)!

Not to mention there are better options that don't do that shite (i.e. demand PII) and just work. @monocles / #monoclesChat & @delta / #deltaChat for example can adapt way better to said risks and ain't run by a #VCmoneyBurningParty!

Avatar for silhouette
dumbfuckingweb.sitePost by sleepy silhouette, @silhouette@dumbfuckingweb.site@kkarhan@infosec.space @richi@vmst.io @signalapp@mastodon.world @torproject@mastodon.social >PII afaik the only info is that you have registered to Signal and the last time you've connected. Other services do this too, for technical reasons. >USA irrelevant given the guarantees of their E2...
Replied in thread
Public *
Kevin Karhan :verified:

@pixelcode @taylan that is simply not true.

@signalapp is #centralized and there's no way one can verify the code released for the servers is what they actually run.

Unlike your replies my criticisms ain't founded based off "#TrustMeBro!" but systemic issues I highlight which #Signal refuses to address or take seriously!

MastodonPixelcode 🇺🇦 (@pixelcode@social.tchncs.de)@kkarhan@infosec.space @taylan@feministwiki.org You could have simply clicked on the link to find out that Signal have published the source code of all their apps and of their server, instead of making false claims out of thin air. There's literally an entire manual on reproducing builds: https://github.com/signalapp/Signal-Android/blob/main/reproducible-builds%2FREADME.md Also, nothing and no one stops you from self-hosting the Signal server.
#trustmebro
Replied in thread
Public
Kevin Karhan :verified:

@Catwoman69y2k @dragonfriend most importantly:

Only with #SelfCustody of all the keys, #SelfHosting of the entire infrastructure and everything being #OpenSource, one can assure (and [let it be] audit[ed] independently) that the #advertised #promises are in fact true.

Cuz not expecting @Mer__edith to break is the same level of "#TrustMeBro!" assurances as #ANØM, #EncroChat, #SkyECC, #WhatsApp etc. do in their #advetising #lies!

  • Remember: Corporations/Foundations/non-profits/... don't have a right to be silent , only individuals, and even then there are certain juristictions that have #KeyEscrow laws (i.e. #France, #Russia, #KSA, #China, #India, #UK , ...) in the books!
Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”
#keyescrow#France#Russia
Replied in thread
Public
Kevin Karhan :verified:

@ckrypto if@signalapp@mastodon.world wasn't complying with #CloudAct, @Mer__edith would be in jail.

Not to mention even if Signal keeps their "#OpenSource" code updated - which is doubtful, NOONE can actually #verify that it's the code you actually use - regardless if #backend / #Server or #client / #App!

  • #Signal is as secure as #ANØM, otherwise it would've been shutdown ages ago.

Also if Signal was designed for #security, it would've been #decentralized as #XMPP+#OMEMO and not demand #PII like #PhoneNumbers which oftentimes cannot be obtained anonymously in many juristictions at all!

By comparison, @delta doesn't require any PII, only an #eMail account, and @monocles isn't a #VCmoneyBurningParty but sustainable due to #subscription and they don't even require any personal details for #payment: #CashByMail and #Monero are accepted.

Again: It's Signal alone who have to evidence they are trustworthy, and all I get are "#TrustMeBro!" replies, which means they are not to be trusted.

  • Not to mention, it's just not sustainable to run a #service without #revenue, even if it's run entirely by unpaid volunteers and gets all it's #hosting and #costs donated, someone has to pay for expenses due to #abuse of a service (which is an inevitability come mass adoption)...

Whereas with #XMPP I can completely setup my own server and client, even build my own if I don't trust anyone else and pay someone to audit the code.

Whereas with XMPP & PGP/MIME #eMail I can layer @torproject / #Tor over it, make it an #OnionService and keep that thing under my bed with a literal killswitch...

YouTubeSignal's Terrible MobileCoin BetrayalBy The Hated One
Public *
⚯ Michel de Cryptadamus ⚯

another day another $50 million crypto theft involving a stablecoin even i have never heard of called #0xinfini.

will it be #NorthKorea this time? (it's usually North Korea, an inside job, or a "highly profitable trading strategy")

the project devs have tweeted to assure their users that everything will be fine bc "trust me bro", but only from their personal accounts. there is no acknowledgement of the theft on the official 0xInfini X account.

somewhat hilariously the "project" tweeted a self congratulations about reaching $50 million in deposits just yesterday. 100% of that is gone now.
x.com/officer_cia/status/18938

.‘ Viadimir S. | Officer's Notes & B (52 B ) There are suspicious transfers of funds from unverified contracts happening on Ethereum right now: Ox9A79f4105A4e1A050B20b42F25351D394FATEIDC The receiver: 0x3ac96134fb0e42a52d33045aee50h89790f05ed0 took ~$49.5M and is swapping them for DAL Looks like an attack! 1122 PM - Feb 23, 2025 - 2,901 Views w©
Tweet from 0xinfini dev "Still sorting out and trqacking the details. Withdrawals are normal, in worst case there will be full compensation, so you can rest assured"
@officer_cia The @0xinfini contract was attacked and approximately $50 million in funds was stolen.
#trustmebro#crypto#stablecoin
Replied in thread
Public *
Kevin Karhan :verified:

@compl4xx @Layer8 @nick @kuketzblog @marcel @mspro

  • EXAKT DAS!

Meine Rede...

Oder um es einfach zu erklären: Warum gibt es #HTTP(S) & #HTML sowie #eMail ( #IMAP & #SMTP) bis heute und keiner nutzt mehr #AOL, #MSN, #ICQ?

Wenn @signalapp / #Signal wegen #CloudAct geflipped wird wie #EncroChat, #ANØM & #SkyECC dann stehen Leute alternativlos in der shice ubd die ganzen "Sicherheitsversprechen" lösen sich in "#TrustMeBro!" und #Lügen auf.

Ich nutze meinen XMPP-Account seit Ewigkeiten und habe drölfzig Clients durch. Aber Kontakte erreichen mich darüber Problemlos!

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@kuketzblog@social.tchncs.de naja, @signalapp@mastodon.world fällt auch unter #CloudAct ubd #Threema ist noch #proprietärer als #Signal. - Gibt mit #XMPP+#OMEMO eine wirklich #sichere & #dezentrale Alternative die keine #PII wie #Telefonnummern oder #Google-Dienste braucht! Ach ja, @monocles@monocles.social / #moniclesChat haben [grade](https://monocles.social/@monocles/113925173206088469) ne #Promo zum #GlobalSwitchDay und bieten deren #App kostenlos an. - Und sonst gibt's auch noch @delta@chaos.social / #deltaChat welche #PGO/MIME & #eMail als Basis nutzen! Für [beide gibt's](https://github.com/greyhat-academy/lists.d/blob/main/xmpp.servers.list.tsv) [kostenlose Anbieter](https://github.com/greyhat-academy/lists.d/blob/main/email.servers.list.tsv) und #SelfHosting ist genauso machbar wie deren *echte #E2EE* mit #SelfCustody!
Replied in thread
Public *
Kevin Karhan :verified:

@silvan @nakal @kuketzblog #Threema hat dieselben Probleme wie #EncroChat, #SkyECC & #ANØM:

infosec.space/@kkarhan/1139387

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@kuketzblog@social.tchncs.de naja, @signalapp@mastodon.world fällt auch unter #CloudAct ubd #Threema ist noch #proprietärer als #Signal. - Gibt mit #XMPP+#OMEMO eine wirklich #sichere & #dezentrale Alternative die keine #PII wie #Telefonnummern oder #Google-Dienste braucht! Ach ja, @monocles@monocles.social / #moniclesChat haben [grade](https://monocles.social/@monocles/113925173206088469) ne #Promo zum #GlobalSwitchDay und bieten deren #App kostenlos an. - Und sonst gibt's auch noch @delta@chaos.social / #deltaChat welche #PGO/MIME & #eMail als Basis nutzen! Für [beide gibt's](https://github.com/greyhat-academy/lists.d/blob/main/xmpp.servers.list.tsv) [kostenlose Anbieter](https://github.com/greyhat-academy/lists.d/blob/main/email.servers.list.tsv) und #SelfHosting ist genauso machbar wie deren *echte #E2EE* mit #SelfCustody!
Replied in thread
Public *
Kevin Karhan :verified:

@ck @lk108 @kuketzblog Ich halte die #Sicherheitsversprechen von #Signal für "#TrustMeBro"-#Werbelügen alla #WhatsApp!

  • Kannst natürlich dies leugnen, aber das ändert nicht die Realität dass #Tepefonnummern #PersonenbezogeneDaten sind und es gem. TKG illegal ist eine [deutsche] Rufnummer ohne verifizierte Anschlussinhaberdaten zu aktivieren bzw. dauerhaft zuzuteilen.

Wer Leuten eine anonym registrierte (e)SIM [aus dem Ausland] beschaffen kann, kann Leuten auch nen @monocles / #MonoclesStarter - Account für €2 p.m. aufsetzen und betreiben: Ne ALDI TALK -#SIM aktiviert halten kostet mehr!

YouTubeWhatsApp Ende-zu-Ende-VerschlüsselungBy WhatsApp
Replied in thread
Public
Kevin Karhan :verified:

@ck @sven222 @kuketzblog problem is @signalapp is a #Centralized, #Proprietary, #SingleVendor & #SingleProvider solution that falls under #CloudAct and demands #PII in the form of #PhoneNumbers.

Cuz all the #advertising of Signal is close to #TrustMeBro and I'd not trust in @Mer__edith to risk jail for users!

  • But you do you...
Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”
#ITsec#InfoSec#OpSec
ExploreLive feeds
About