Replied in thread
@leyrer +9001%
#TechIlliterates im #Management sind ne absolute Plage und gehören echt verboten!
Ich hab' kein Bock mehr auf #BuzzwordBingo!
Recent searches
Search options
#TechIlliterates
2 posts1 participant0 posts today
Replied in thread
@fristi it is only shit when we allow #TechIlliterates to make decisions...
Replied in thread
@GossiTheDog @ajsadauskas OFC, we groomed generations of #TechIlliterates (#Users and #Admins) to use that garbage and everyone who didn't lick the boots got yeeted.
- It's called #BrainDrain!
Replied in thread
@kinetix @delta @anthropy I am aware of #DeltaChat.
- As for #XMPP+#OMEMO clients, I can recommend @gajim / #gajim & @monocles / #monoclesChat hands-down, as both are super-easy to setup and get even abdolute #TechIlliterates rollin'...
Replied in thread
@mike no, this is intentional, just like any other #DarkPattern use designed to nudge #TechIlliterates into #Office365 and ither #subscriptions!
Replied in thread
@pixelschubsi @erebion @inaruck so oder so sind alle aktuellen #XMPP-Clients, besonders @monocles / #monoclesChat & @gajim / #gajim warnen ganz eindeutig gegen unverschlüsselte kommunikation!
- Außerdem kann ich schneller #TechIlliterates auf #XMPP+#OMEMO onboarden als irgendwer eine anonyme #SIM oder #eSIM mit #Rufnummer besorgen kann.
Zumal auch das nen Kostenfaktor ist, wohingegen es drölfzig Optionen gibt was XMPP angeht!
Replied in thread
@erebion @inaruck doch, hab' ich.
Threat Models die ich betreut habe:
- Person die vor staatlicher Verfolgung fliehen muss
- Person mit Kopfgeld auf deren Ermordung durch Angehörige
- Schutzsuchende in einem gänzlich feindlich gesinntem Staat
Ich werde nicht entsprechende personen d0xxen nur um #TechIlliterates zu überzeugen und ne Diskussion zu gewinnen!
Verbindung getrennt
Replied in thread
Also the blatant dismissal of absolitely basic #OpSec & #ComSec is just flabberghasting.
- It's inherently wrong to put all eggs in one basket and #Signal being not shut down like #SkyECC & #EncroChat makes it just as sus as #ANØM / #OperationIronside / #OperatioTrøjanShield and #CryptoAG / #MINERVA / #RUBIKON.
Only #decentralized, #OpenSource & #OpenStandards can actuall survive long-term and remain #secure.
- Otherwise we'd all gaslight ourselves into ignoring the hard lessions we learned that bought us to the #Fediverse and why we ain't on #Shitter or #tumblr or #BrownSky or #NSAbook (any more)!
It's the same reasons we use #PGPG/MIME & #SSH and not #X400 & #X25!
- Unlike with @signalapp one doesn't has to trust the provider or app. #XMPP+#OMEMO works regardless if you use @monocles or @gajim or do #SelfHosting and only trust code you wrote yourself...
IOW: Think "How can you weaponize Signal?" and see what you csn do just holding key people in contempt...
- And I'm not even talkibg about #Govware - #Backdoors and #MassSurveillance alike #Room651A, but just duely submitted warrants that @Mer__edith will comply with...
The less #info a provider has, the less they can be forced to snitch upon customers.
- So even if you don't give a shit that #CloudAct makes this a "#CantUse & #WintUse" (out of US-centrist privilegue to not comply #GDPR & #BDSG) for many, it's still dishonest.
"#JustUseSgnal!" is a form of dangerous "#TechPopulism" aimed at bamboozling #TechIlliterates who don't know better, abusing information asymetry to pull rank instead of investing the time and effort to *explain "how" and "why" this is indeed a good or bad idea.
- There's a reason why @tails_live / @tails / #Tails doesn't include #Signal and why I'll say it again that XMPP+OMEMO over @torproject / #Tor is the gold standard in terms of #privacy and #security when it comes to #ComSec that isn't #airgapped aka. "Airgapped PGP".
The only ones that have a chance to beat that are @delta / #deltaChat but that's just #PGP/MIME #eMail in a nice UI...
- You may now laugh at me and think my "#TinfoilHat sits too tight" but I'm shure sooner or later I'll be evidenced as correct...
Hachyderm.ioCassandrich (@dalias@hachyderm.io)@kkarhan@infosec.space @signalapp@mastodon.world @monocles@monocles.social @lauren@mastodon.laurenweinstein.org Very few systems promoted as Signal alternatives match the cryptographic privacy properties (see: ratcheting, etc.) of Signal.
The claims about "located in the USA" and "Cloud Act" are all nonsense because the only threat to Signal users from this is availability (seizure and shutdown of the server infrastructure), not undetected breakage of privacy properties.
There are presently no systems with superior privacy properties to Signal *and* level of functionality on par with what general public expects. There are a lot (like the XMPP stuff, *sigh*, and Matrix) that are worse in both regards. If you're happy with reduced functionality, Cwtch (and possibly some other similar Tor-based systems) or VeilidChat are stronger, but it's gonna be a while before you convince normies to use them, and in the mean time they're still going to be on insecure shit like WhatsApp, FB Messenger, Telegram, etc...
Replied in thread
@lauren I disagree as @signalapp requires a #PhoneNumber = #PII & cost barrier and they restrict access based off #PhoneNumbers.
- Plus it's illegal in an increasing number if juristictions to gmeven attempt to acquire a phone number or SIM anonymously.
Whereas it's so easy and fast to get #TechIlliterates setup with #XMPP+#OMEMO (which uninke #Signal doesn't demand PII!) that I'd challenge you to a #speedrun with step-by-step documentation for every #TechIlliterate to follow along to setup Signal from scratch vs. me doing #XMPP+#OMEMO on @monocles @gajim.
- Cuz I did that on @cryptoparty / #CryptoParty / #CryptoParties quite often.
Also #Signal being #centralized makes it as vulnerable as any other #SingleVendor & #SingleProvider solution!
- Whereas even if #monocles were to shutdown, one could easily switch over to any other provider or #SelfHosting.
I'd not count on the #Trump-Regime not flexing #CloudAct against anyone they deem undesireable!
Replied in thread
@kubikpixel @malwaretech @tomscott nodds in agreement
- It's like the whole #DigitalSnakeoil bs. with "#Antivirus" which IMHO should be the sole responsibility of the #OS / #Distro maintainer to get done correctly.
If people don't trust a #Govware like #Windows to get that done correctly, then they should not trust 3rd party vendors that have neither sourcecode access nor ability to get someone with sourcecode access to validate and test their work!
- The whole #ITsec "cottage industry" aimed at #TechIlliterates is just disingenous and dishonest, because they dismiss proper #OpSec, #InfoSec & #ComSec as vital parts.
Mind you this isn't the basic *"on mailservers/upload servers/... run signature checks for known malware and chmod -x on all attachmebts.
- It's a systemic issue discarding basic information.
Replied in thread
@silvan @nakal @kuketzblog jain.
- "#Gratismentalität" von "#TechIlliterates" ist durchaus ein massives Problem denn damit wurde #Datenhehlerei der #GAFAMs zum #Geschäftsmodell!
#XMPP+#OMEMO & #PGP/MIME sind allein wegen #SelfCustody und #Offenheit inkl. #SelfHosting-Möglichkeit zu bevorzugen!
- Alle #Messenger die #PII wie #Rufnummern verlangen sind allein deshalb IMHO durchgefallen!
MastodonMike Kuketz 🛡 (@kuketzblog@social.tchncs.de)@kkarhan@infosec.space Jedes Mal, wenn jemand Signal oder Threema vorschlägt, taucht jemand mit XMPP, Matrix oder DeltaChat auf. Doch das Ziel ist, Leute von WhatsApp wegzubekommen – nicht sie abzuschrecken. Jeder Messenger hat seine Daseinsberechtigung, aber nicht alle sind für Umsteiger geeignet.
Replied in thread
@tauon Also what goid is an encryption like @signalapp is you don't have #SelfCustody of all the keys?
- Shure you could disable encryption but @monocles shows you when it's active and when not and comes with sensible defaults like having #OMEMO active per default...
I can setup over a dozen #TechIlliterates 1:1 with #XMPP accounts and #monoclesChat & @gajim / #gajim in the time it takes me to get a #nonKYC #eSIM from overseas with a phone number as mandated by @signalapp and maintaining that number for #Signal will easily cost like $2,50 p.m. at minimum.
- Whereas a Data-only eSIM is way faster and cheaper to get and maintain.
In fact even legitimately acquiring and registering a #Prepaid #SIM in-store in #Germany takes longer than setting up #Fdroid & monocles chat & a XMPP account whilst on throttled #EDGEland speeds...
- Plus unlike Signal, I can just push #XMPP through @torproject / #Tor and/or any #VPN & #Proxy...
Possum City🌸 lily 🏳️⚧️ :flag_pansexual: :flag_ace: θΔ ⋐ & ∞ (@tauon)@kkarhan@infosec.space
> centralised
tbh i agree, i don't like that signal is centralised, but that isn't insecure, it's just an anti-feature
> proprietary
no it isn't, every element of signal is open source
> subject to cloud act
what is that? are you talking about subpoenaing of information? they legally have to do that anyway, and can't give anything except for the account creation date and the date that the account was last accessed
> collects pii like phone numbers
i'm pretty sure they don't
signal is more secure than anything you've mentioned because on signal, encryption is not optional. any service where encryption is optional is not secure.
RE: @tauon@possum.city no, it is not because it is a #Centralized, #proprietary, #SingleVendor & #SingleProvider solution subject to #CloudAct that collects #PII like #PhoneNumbers, which makes it inherently less secure, as they are able and willing to restrict access as they please.
RE: ...
Replied in thread
My old ass getting #TechIlliterates migrated to #XMPP+#OMEMO using @monocles / #monoclesChat:
https://www.youtube.com/watch?v=Q0_LTDTCQUY&t=5
Replied in thread
@topher #Antivirus is for the most part #Scareware aimed at scamming #TechIlliterates which at best only works against kniwn threats and at worst is literal #Malware in and of itself selling user data to bad actors.
- There are commercial AV options for major distros, like #ESET offers for all 3 big Desktop ones: @RedHat, #SUSE & #UbuntuLTS...
As for the rest one can just scan #Fileservers regularly and do so on #Mailservers, but existing tools to enforce quick and early updates on those distros already do most of the heavy lifting re: #ITsec...
www.eset.comAntivirus and Internet Security SolutionsBest IT security solutions for your home and business devices. Try ESET antivirus and internet security solutions for Windows, Android, Mac or Linux OS.
Replied in thread
@wmd @miqokin @torproject @guardianproject @micahflee also it's not as if I'm #shitposting, cuz I mean this serious.
- I've ~ 18 years of IT skills at my fingertips, > 15 just with getting "#TechIlliterates" setup when it comes to #ITsec, #InfoSec, #OpSec & #ComSec.
And I'm not talking just about helping some kiddies spread the news, but criticsl comms that literally saved lives.
- I wish I could go into details but alas my confidentiality was requested and I'm nit gonna violate an NDA and put a life at risk just to win an argument on the Internet.
Replied in thread
@wmd @miqokin #VPN|s are - for the most part and with the exception of circumventing #Geoblocking - a #Scam catering towards #TechIlliterates.
https://web.archive.org/web/20220112020000/https://twitter.com/thegrugq/status/1085614812581715968
- Use @torproject or GTFO!
Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo
https://t.co/Q2aOQJkG4g”
Replied in thread
@verge lmao!
As if anyone but #rich #TechIlliterates were to go there...
Replied in thread
"[...] easy to use solutions that are at the same time private and secure. [...]"
- The fact that @signalapp requires #PII like a #PhoneNumber which more often than not cannot be legally acquired anonymously makes it not #private.
It is easier, faster, cheaper and overall simpler to get someone setup with #XMPP + #OMEMO espechally if they don't have a #PhoneNumber and/or #ID to acquire a #SIM.
And if you go and say, "Just buy a [insert country here] [e]SIM!" and expect #TechIlliterates without a #CreditCard, #PayPal or other means of #OnlinePayment to fiddle around with some #eSIM if not having to get some #eSIMcard because they can only afford to maintain one SIM and can't spend triple-digits on a new devices then you completely missed the point!
- I can much faster and easier get TechIlliterates setup show them around - either in a @cryptoparty@mastodon.earth / @cryptoparty@chaos.social / #CryptoParty - style #classroom / #seminar or 1:1 tutoring than I can legally acquire and activate a new SIM in #Germany [since 07/2017]...
It's not that I expect anyone to get #TechLiterate within minutes, but similar to setting up a cordless DECT phone it's something one has to do once in 5 years and just have them put the password in a safe spot to retain...
Point is that #Signal #WontFix their setup and that was evidently clear even before @Mer__edith succeeded #MoxieMarlinspike: Their entire operation has a distinct #CryptoAG stench as it's an #unsustainable #VCmoneyBurning party!
- #CloudAct and the #NOBUS hegemony ain't something that just got executed now (neither was #GDPR & #BDSG!)...
A counterexample on how this could've been done are #Tor, #eMail and other truly #OpenSource as in #MultiVendor & #MultiProvider standards.
NOTHING compells Signal to demand PII, run a #Shitcoin #Scam aka. #MobileCoin that even seasoned #TechLiterates and #CryptoBros can't setup properly, and in fact Signal using phone numbers makes it trivial to discriminate against users and easier for them to identify them!
If my reasoning didn't resonate with you, then try helping i.e. undocumented migrants aka. "#SansPapier|s" to get setup with it without violating laws and/or ToS and/or needing an imported SIM which I'm shure most folks don't have on hand!
Whereas it's trivial to get people setup on one of many XMPP servers I've personally tested!
- Not to mention clients like @monocles / #monoclesChat and @gajim / #gajim are way more user-friendly and unlike Signal can also work perfectly fine over #Tor, including #OnionServices as endpoints.
AFAIK Signal doesn't even have an #OnionService / .onion for their Website, much less any #API enpoints to use it with!
- Them relying on #ClownFlare is just something that makes them even more #sus as there is no legitimate reason to use a #RogueISP like that.
You're free to also provide evidence and supporting data to your arguments, rather then neighsaying against proven to be more secure and reliable [by virtue of decentralization] options like XMPP+OMEMO and/or #PGP/MIME.
- What gets my blood boiling is the constant #disinfo by Signal Fanboys like @rysiek who sell it like #DigitalSnakeoil akin to #AntivirusSoftware, because it's at best "#TechPopulism" and at worst will mislead "TechIlliterates" with a false sense of security, which in turn puts more users at risk.
The proper fix is to actually assess the situation and acknowledge the risks and limitations as well as the very nature of communications, which means upgrading later is exponentially more painful, thus getting people properly setup once is way easier.
- Just because WE [ or rather @rysiek in this case ] rather privilegued enough to not be hatecrimed in their current location doesn't mean this is the case for everyone. And having places like Signal rely on a "#CDN" is just another red flag to me because questions like this one just don't arise with monocles.chat as people can just exercise proper #SelfCustody and just use Tor!
Speaking of #monocles: That business is at least #sustainable because it's funded by users (€2 p.m.) which they can pay anonymously
gruene.socialMax L. (@max@gruene.social)@kkarhan@infosec.space Sorry but no, the correct solution is to push for easy to use solutions that are at the same time private and secure. Hiding privacy and security behind a veil of "you need to know" is discrimination of people that are not able (either mentally, physically or monetary) to gain that knowledge.
The correct move here is for @signalapp@mastodon.world and any other service to fix this and for legislators to enact laws enforcing proper security and privacy by design.
Replied in thread
@rysiek @agturcz that's not how you fix #TechIlliteracy, espechally since things changed for the better.
@monocles / #monoclesChat & @gajim / #gajim are quite easy, whereas @signalapp / #Signal demands #PII in the form of a #Phone number which is more often than not not legally obtainable without "#KYC" aka. "forced #SelfDoxxing" all whilst being an extremely #centralized, #SingleVendor & #SingleProvider solution that falls under #CloudAct ant thus cannot adhere to #GDPR & #BDSG!
- Sorry, but "#TechPopulism" alike
"JuSt UsE sIgNaL !"won't fix #TechIlliteracy but rather provide false sense of security to #TechIlliterates when the correct solution is to teach proper #TechLiteracy like @cryptoparty@chaos.social / @cryptoparty@mastodon.earth / #CryptoParty does...
Otherwise we'd only perpetuate the #Enshittification-#Lifecycle as has happened with #AIM, #ICQ, #BBM and so many more...
- Mark my words, cuz I've been proven correct up to this point.
If #Signal and @Mer__edith actually cared, they would've setup their system truly decentralized as an #OnionService over @torproject / #Tor!
Mastodon 🐘Michał "rysiek" Woźniak · 🇺🇦 (@rysiek@mstdn.social)@kkarhan@infosec.space I ran and hosted a bunch of XMPP servers a while back. It was a pain to use, and it was easy for users to make mistakes and accidentally send messages in the clear.
You are making people les safe. Last time: please stop doing this in my mentions and replies.
@agturcz@circumstances.run @torproject@mastodon.social
Replied in thread
@anelki the only ones that believe in "#SecureEmail" after #DNMX, #SkyECC, #EncroChat, #ANØM aka. #OperationIronside aka. #OperationTrøjanShield are #TechIlliterates!
Use #OfflinePGP-Method or @tails_live / @tails / #Tails or don't even bother!!!
www.youtube.com- YouTubeEnjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.