Mathstodon

5 posts3 participants0 posts today

Kevin Karhan :verified:<a href="https://hear-me.social/@debby" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@debby</a> that assumes <a href="https://mastodon.social/@protonprivacy" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@protonprivacy</a> actually cares about <a href="https://infosec.space/tags/Privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Privacy</a>, which they <a href="https://www.youtube.com/watch?v=QCx_G_R0UmQ" rel="nofollow noopener noreferrer" target="_blank">evidently</a> <a href="https://www.youtube.com/watch?v=IeXaYR4ed9c" rel="nofollow noopener noreferrer" target="_blank">don't</a>, cuz otherwise they'd never even <a href="https://infosec.space/tags/log" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#log</a> or <a href="https://infosec.space/tags/request" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#request</a> any <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PII</a> to begin with and instead offer their Services via <a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@torproject</a> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Tor</a> as <a href="https://infosec.space/tags/OnionService" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OnionService</a>…<ul><li>Not to mention they fuck around with customers' <a href="https://infosec.space/tags/eMails" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#eMails</a>, thus having prevented people from cntributing tovthe <a href="https://infosec.space/tags/LKML" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LKML</a> in the past...</li></ul>To me <a href="https://hear-me.social/@debby/114075194499417075" rel="nofollow noopener noreferrer" target="_blank">this</a> isn't a big loss, but a conditionless surrender in favour of better competitiors like <a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@monocles</a> and even <a href="https://mstdn.social/@Stuxhost" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@Stuxhost</a> for that matter...

Kevin Karhan :verified:<a href="https://masto.ai/@lastquake" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@lastquake</a> a <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#XMPP</a>-<a href="https://infosec.space/tags/Bot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Bot</a> would be even better, as <a href="https://infosec.space/tags/Telegram" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Telegram</a> demands <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PII</a> in the form of a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PhoneNumber</a>!

Kevin Karhan :verified:<a href="https://mastodon.social/@nixCraft" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@nixCraft</a> actually this screams "<a href="https://infosec.space/tags/GDPR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GDPR</a> & <a href="https://infosec.space/tags/BDSG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BDSG</a> violation" so loudly that even demanding <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PII</a> and espechally an <a href="https://infosec.space/tags/ID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ID</a> should get them sued by <a href="https://mastodon.social/@noybeu" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@noybeu</a> and <a href="https://verbraucherzentrale.social/@Bundesverband" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@Bundesverband</a> ....<ul><li>Cuz "<a href="https://infosec.space/tags/OpenAI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpenAI</a>" has neither "legitimate interest" nor a mandate to even demand to see an ID, much less to store and process it!</li></ul>This isn't like a contractual agreement or some finance where one could argue "<a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#KYC</a>" is warranted "to combat <a href="https://infosec.space/tags/fraud" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#fraud</a>"... <ul><li>The only thing worse I've seen is some obscure company that brokers <a href="https://infosec.space/tags/bandwith" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bandwith</a> with a hidden <a href="https://infosec.space/tags/proxy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#proxy</a> feature in <a href="https://infosec.space/tags/apps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#apps</a>...</li></ul>

Kevin Karhan :verified:<a href="https://mastodon.au/@Linux" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@Linux</a> <a href="https://mastodon.world/@jeffowski" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@jeffowski</a> you need some help?Personally I'd recommend <a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@monocles</a> as they request no <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PII</a> and support anonymous payment incl. <a href="https://infosec.space/tags/CashByMail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CashByMail</a> & <a href="https://infosec.space/tags/Monero" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Monero</a>!

PrivacyDigest<a href="https://mas.to/tags/DOGE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DOGE</a> Is Just Getting Warmed Up DOGE has tapped into some of the most sensitive and valuable data in the world. Now it’s starting to put it to work. <a href="https://mas.to/tags/pii" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pii</a> <a href="https://mas.to/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#privacy</a><a href="https://www.wired.com/story/doge-is-just-getting-warmed-up-data-immigration/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.wired.com/story/doge-is-just-getting-warmed-up-data-immigration/</a>

Kzad_Bhat<a href="https://chaos.social/tags/Microsoft" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Microsoft</a> raising <a href="https://chaos.social/tags/Insecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Insecurity</a> AGAINTOTAL <a href="https://chaos.social/tags/RECALL" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RECALL</a> ^2<a href="https://arstechnica.com/security/2025/04/microsoft-is-putting-privacy-endangering-recall-back-into-windows-11/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://arstechnica.com/security/2025/04/microsoft-is-putting-privacy-endangering-recall-back-into-windows-11/</a><a href="https://chaos.social/tags/Arstechnica" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Arstechnica</a> <a href="https://chaos.social/tags/DanGoodin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DanGoodin</a> raises a good point, it is not only YOUR computer that you need worry about but anyone else who processes your <a href="https://chaos.social/tags/PII" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PII</a> or anything you send them and isnt willing or able to opt out.Its the same crap as when Whatscrapp was all the rage and no one gave a damn about it harvesting their address books.. but on a much larger and insidous scale.What a nightmare..<a href="https://chaos.social/tags/RecallRecall" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RecallRecall</a> <a href="https://chaos.social/tags/Windows" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Windows</a>

Christian Pietsch<a href="https://framapiaf.org/@marczz" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@marczz</a>Why you should use full-disk encryptionIf any of the arguments I make below apply to you, you should use full-disk encryption. I am pretty sure the first argument applies to everyone. The second argument applies at least to everyone in the EU and the US state of California. The third argument applies to everyone again.You will fail to delete drives properlyStorage media get lost. Most people do not know how to properly delete hard disk content before selling them, or they forget it. In the case of flash drives, or SSDs, standard tools like <code>shred</code> don't work. <code>hdparm</code> may do the trick, but this is not well known. If you are lucky, the manufacturer of you SSH provides a Windows app that lets you delete it securely. Your server does not run on Windows of course.The law demands it<a href="https://fedifreu.de/tags/GDPR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GDPR</a> and similar data protection and privacy laws require you to store no <a href="https://fedifreu.de/tags/PII" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PII</a> (personal data) permanently. You have to anonymize PII or delete it after a few weeks. IP addresses are PII. All servers store IP addresses by default. The GDPR also demands that you use state-of-the-art technology to protect sensitive data. Full disk encryption is the state of the art.Law enforcement makes "mistakes"I'm a board member of <a href="https://fedifreu.de/@Artikel5eV" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@Artikel5eV</a>, an organisation that runs relays on the Tor network, including exit relays. Running Tor relays is perfectly legal in Germany. Nevertheless, law enforcement agencies have raided the homes of Artikel 5 e.V. board members twice. Illegally so, as a court confirmed recently. I won't run Tor relays in my home, but there is a good chance that my home will be raided one day unless all police officers and prosecutors decide to obey the law.There is also a possibility that the rule of law might collapse in your country sooner or later. We are just witnessing it in the USA.You already mentioned that ordinary thieves can also be a problem.Encryption is available for freeSo what is your case against disk encryption? It is obvious that it alone does not solve all IT security issues, but it is an important building block. <a href="https://fedifreu.de/tags/LUKS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LUKS</a> is reliable free and open-source software for HD encryption. If you are not using Linux, check out <a href="https://fedifreu.de/tags/VeraCrypt" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#VeraCrypt</a>. The Raspberry Pi 5 comes with hardware acceleration for AES, so there no longer is a noticeable performance penalty for encryption.<a href="https://fedifreu.de/tags/storageEncryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#storageEncryption</a> <a href="https://fedifreu.de/tags/hardDiskEncryption" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hardDiskEncryption</a> <a href="https://fedifreu.de/tags/encryptAllTheThings" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#encryptAllTheThings</a>

Kevin Karhan :verified:<a href="https://infosec.exchange/@bob_zim" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@bob_zim</a> yeah. Seen it. in the writeup by <a href="https://infosec.exchange/@micahflee" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@micahflee</a> ...I just hope to find any that ain't <a href="https://infosec.space/tags/NetLock" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#NetLock</a>'d / <a href="https://infosec.space/tags/SimLock" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SimLock</a>'d to <a href="https://infosec.space/tags/Verizon" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Verizon</a> and that these support more than <a href="https://infosec.space/tags/US" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#US</a>-<a href="https://infosec.space/tags/LTE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LTE</a> bands... <ul><li>Not shure if it needs a valid <a href="https://infosec.space/tags/SIM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SIM</a> or just an <a href="https://infosec.space/tags/ICCID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ICCID</a> + <a href="https://infosec.space/tags/Ki" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ki</a> on a <a href="https://infosec.space/tags/SIM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SIM</a> to get going (cuz in <a href="https://infosec.space/tags/Germany" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Germany</a> it's hard [imported <a href="https://infosec.space/tags/SIM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SIM</a>] to illegal [domestic SIMs] to get an anonymous SIM since 07/2017.</li></ul>I just wish <a href="https://mastodon.social/@eff" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@eff</a> wouldn't expect everyone to use <a href="https://infosec.space/tags/centralized" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#centralized</a>, <a href="https://infosec.space/tags/SingleVendor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SingleVendor</a> & <a href="https://infosec.space/tags/SingleProvider" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SingleProvider</a> services like <a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@signalapp</a> in the age of <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudAct</a>, cuz neither I nor anyone I'd trust would submit <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PII</a> to them like a <a href="https://infosec.space/tags/PhoneNumer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PhoneNumer</a> <a href="https://infosec.space/@kkarhan/114234551915193036" rel="nofollow noopener noreferrer" target="_blank">as a matter of principle!</a>

AmiYears ago, before the massive increase in <a href="https://mastodon.world/tags/data" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#data</a> harvesting of <a href="https://mastodon.world/tags/PII" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PII</a> I told people they need to keep a lid on their data.I told them they don't know how it will be used in years to come, I said it could be used for profiling.This is the same reason to not get a <a href="https://mastodon.world/tags/DNA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DNA</a> testWell here it is. The worst <a href="https://mastodon.world/tags/profiling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#profiling</a> has to offer.This is <a href="https://mastodon.world/tags/minorityreport" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#minorityreport</a> level crime prediction.You can bet this will be on the <a href="https://mastodon.world/tags/police" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#police</a> internal record, "Suspected likely murderer".<a href="https://www.theguardian.com/uk-news/2025/apr/08/uk-creating-prediction-tool-to-identify-people-most-likely-to-kill" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.theguardian.com/uk-news/2025/apr/08/uk-creating-prediction-tool-to-identify-people-most-likely-to-kill</a>

Kevin Karhan :verified:<a href="https://suya.place/users/bogdan" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@bogdan</a> anything that mandates <a href="https://infosec.space/tags/2FA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#2FA</a> and doesn't provide <a href="https://infosec.space/tags/TOTP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TOTP</a> or <a href="https://infosec.space/tags/HOTP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HOTP</a> support as per <a href="https://infosec.space/tags/RFC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#RFC</a> but demand something like <a href="https://infosec.space/tags/PhoneNumbers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PhoneNumbers</a> that are <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PII</a> should be outlawed.<ul><li>I can accept <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PGP</a>-based 2FA as a compromise...</li></ul>

PrivacyDigest<a href="https://mas.to/tags/DOGE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#DOGE</a> accesses federal <a href="https://mas.to/tags/payroll" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#payroll</a> system and punishes employees who objected The system at the <a href="https://mas.to/tags/Interior" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Interior</a> Department gives DOGE "visibility into sensitive employee information, such as <a href="https://mas.to/tags/SocialSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SocialSecurity</a> numbers, and the ability to more easily hire and fire workers," <a href="https://mas.to/tags/ssn" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ssn</a> <a href="https://mas.to/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#privacy</a> <a href="https://mas.to/tags/interiordepartment" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#interiordepartment</a> <a href="https://mas.to/tags/pii" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#pii</a><a href="https://arstechnica.com/tech-policy/2025/03/doge-accesses-federal-payroll-system-and-punishes-employees-who-objected/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://arstechnica.com/tech-policy/2025/03/doge-accesses-federal-payroll-system-and-punishes-employees-who-objected/</a>

Chum1ng0 - Security Research :verified:🇪🇨 An MSPAINT malicious actor is possibly selling data from an Ecuadorian university on a hacking forum. Personal data of students, former students, and professors is being sold for 200 XMR (Monero).🔗 <a href="https://www.security-chu.com/2025/03/actor-malicioso-mspaint-vende-datos-de-una-universidad-ecuador.html" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://www.security-chu.com/2025/03/actor-malicioso-mspaint-vende-datos-de-una-universidad-ecuador.html</a> <a href="https://infosec.exchange/tags/Ecuador" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Ecuador</a> <a href="https://infosec.exchange/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a> <a href="https://infosec.exchange/tags/ciberseguridad" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ciberseguridad</a> <a href="https://infosec.exchange/tags/LATAM" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LATAM</a> <a href="https://infosec.exchange/tags/dataprotection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#dataprotection</a> <a href="https://infosec.exchange/tags/PII" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PII</a> <a href="https://infosec.exchange/tags/noticias" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#noticias</a> <a href="https://infosec.exchange/tags/news" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#news</a>

Marcus "MajorLinux" SummersWhat do you have to say, Oracle?Oracle has reportedly suffered 2 separate breaches exposing thousands of customers‘ PII <a href="https://arstechnica.com/security/2025/03/oracle-is-mum-on-reports-it-has-experienced-2-separate-data-breaches/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://arstechnica.com/security/2025/03/oracle-is-mum-on-reports-it-has-experienced-2-separate-data-breaches/</a><a href="https://toot.majorshouse.com/tags/Oracle" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Oracle</a> <a href="https://toot.majorshouse.com/tags/Breach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Breach</a> <a href="https://toot.majorshouse.com/tags/PII" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PII</a> <a href="https://toot.majorshouse.com/tags/Data" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Data</a> <a href="https://toot.majorshouse.com/tags/Security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Security</a> <a href="https://toot.majorshouse.com/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> <a href="https://toot.majorshouse.com/tags/Privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Privacy</a> <a href="https://toot.majorshouse.com/tags/Tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Tech</a>

PrivacyDigest<a href="https://mas.to/tags/Oracle" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Oracle</a> has reportedly suffered 2 separate <a href="https://mas.to/tags/breaches" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#breaches</a> exposing thousands of customers‘ <a href="https://mas.to/tags/PII" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PII</a> Oracle isn’t commenting on recent reports that it has experienced two separate data breaches that have exposed sensitive personal information belonging to thousands of its customers. <a href="https://mas.to/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#privacy</a><a href="https://arstechnica.com/security/2025/03/oracle-is-mum-on-reports-it-has-experienced-2-separate-data-breaches/" rel="nofollow noopener noreferrer" translate="no" target="_blank">https://arstechnica.com/security/2025/03/oracle-is-mum-on-reports-it-has-experienced-2-separate-data-breaches/</a>

Kevin Karhan :verified:<a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@signalapp</a> no it's not.<ul><li>Otherwise <a href="https://infosec.space/tags/OrganizedCrime" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OrganizedCrime</a> would choose <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Signal</a> so hard, you'd be shutdown within weeks by the <a href="https://infosec.space/tags/FBI" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FBI</a> and <a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@Mer__edith</a> would be forced to "pull a <a href="https://infosec.space/tags/LavaBit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LavaBit</a>" and face jailtime for obstruction of justice or snitch on users! </li></ul>Being a <a href="https://infosec.space/tags/centralized" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#centralized</a>, <a href="https://infosec.space/tags/SingleVendor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SingleVendor</a> & <a href="https://infosec.space/tags/SingleProvider" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SingleProvider</a> solution subject to <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudAct</a> makes you inherently vulnerable by your own choice and thus trivial to shutdown compared to real <a href="https://infosec.space/tags/E2EE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#E2EE</a> with <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SelfCustody</a> of all the keys and true <a href="https://infosec.space/tags/decentralization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#decentralization</a> as well as <a href="https://infosec.space/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SelfHosting</a> (i.e. <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PGP</a>/MIME [see <a href="https://chaos.social/@delta" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@delta</a> / <a href="https://infosec.space/tags/deltaChat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#deltaChat</a> et. al.] and <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#XMPP</a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OMEMO</a> [see <a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@monocles</a> / <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#monoclesChat</a> et. al.]!)<ul><li>Plus neither of those <a href="https://www.youtube.com/watch?v=0DSGq9FQKU4" rel="nofollow noopener noreferrer" target="_blank">shill</a> <a href="https://infosec.space/tags/Shitcoin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Shitcoin</a>-<a href="https://infosec.space/tags/Scams" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Scams</a> <a href="https://www.youtube.com/watch?v=tJoO2uWrX1M" rel="nofollow noopener noreferrer" target="_blank">like</a> <a href="https://infosec.space/tags/MobileCoin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MobileCoin</a>! </li></ul>And don't even get me started on you collecting <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PII</a> (espechally <a href="https://infosec.space/tags/PhoneNumbers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PhoneNumbers</a>) for no valid reason, (thus violating <a href="https://infosec.space/tags/GDPR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GDPR</a> & <a href="https://infosec.space/tags/BDSG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BDSG</a>)...<ul><li>Not to mention relying ob <a href="https://infosec.space/tags/charity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#charity</a> and being a <a href="https://infosec.space/tags/VCmoneyBurningParty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#VCmoneyBurningParty</a> isn't sustainable to begin with!</li></ul>But yeah, I'll be patient to shout "<a href="https://infosec.space/tags/ToldYaSo" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ToldYaSo</a>" to your annoying cult of fanboys!

Kevin Karhan :verified:<a href="https://mastodon.social/@dzwiedziu" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@dzwiedziu</a> <a href="https://mastodon.social/@fj" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@fj</a> <a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@signalapp</a> not really, as the <a href="https://infosec.space/tags/Metadata" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Metadata</a> <a href="https://infosec.space/tags/FUD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FUD</a> cited by <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Signal</a> is mitigateable with proper measures.<ul><li>You can't even run Signal over <a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@torproject</a> and even if that point is moot when you're forced to quasi-<a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#KYC</a> by virtue of a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PhoneNumber</a> aka. <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PII</a> they have neither legitimate interest nor technical reason to demand in the first place!</li></ul>Every claim that things like <a href="https://infosec.space/tags/ITsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ITsec</a>, <a href="https://infosec.space/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a>, <a href="https://infosec.space/tags/OpSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpSec</a> & <a href="https://infosec.space/tags/ComSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ComSec</a> can be solved with "Just use Signal!" is "<a href="https://infosec.space/tags/TechPopulism" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TechPopulism</a>" at best if not being a "<a href="https://infosec.space/tags/UsefulIdiot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#UsefulIdiot</a>"!<ul><li>All <a href="https://infosec.space/tags/centralized" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#centralized</a>, <a href="https://infosec.space/tags/SingleVendor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SingleVendor</a> & <a href="https://infosec.space/tags/SingleProbider" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SingleProbider</a> systems are inherently insecure!</li></ul><a href="https://infosec.space/tags/EOD" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#EOD</a> <a href="https://infosec.space/tags/thxbye" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#thxbye</a> <a href="https://infosec.space/tags/next" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#next</a>

Kevin Karhan :verified:<a href="https://infosec.exchange/@Andromxda" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@Andromxda</a> <a href="https://fosstodon.org/@mollyim" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@mollyim</a> no it's not bs and fanboying <a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@signalapp</a> <a href="https://www.youtube.com/watch?v=tJoO2uWrX1M" rel="nofollow noopener noreferrer" target="_blank">isn't going to change that</a>.If <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Signal</a> was secure it would be the #1 comms tool of organized crime...<ul><li>Yet I've only seen <a href="https://infosec.space/tags/TechIlliterates" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TechIlliterates</a> shill it.</li></ul>Real professionals use <a href="https://infosec.space/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SelfHosting</a> capable, fully <a href="https://infosec.space/tags/FLOSS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#FLOSS</a>'d solutions like <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PGP</a>/MIME & <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#XMPP</a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OMEMO</a>.<ul><li>Again: Demanding <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PII</a> like <a href="https://infosec.space/tags/PhoneNumbers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PhoneNumbers</a> and shilling a <a href="https://infosec.space/tags/Shitcoin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Shitcoin</a>-<a href="https://infosec.space/tags/Scam" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Scam</a> (<a href="https://infosec.space/tags/MobileCoin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#MobileCoin</a>) makes Signal literally untrustworthy and if it doesn't for you then maybe your standards are just too low... </li></ul>It's just me reading the room: Cuz <a href="https://infosec.space/tags/ComSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ComSec</a> isn't done woth "JuSt UsE sIgNaL!" and everyone who claims so without pointing out <a href="https://infosec.space/tags/OpSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#OpSec</a>, <a href="https://infosec.space/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#InfoSec</a> & <a href="https://infosec.space/tags/ITsec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ITsec</a> is BSing hard.<ul><li>The cold hard truth is that <a href="https://infosec.space/tags/TechLiteracy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#TechLiteracy</a> is irreplaceable and the only solution to it is to actually teach normies how to "get gud" with stuff like PGP.</li></ul>Fortunatelty, <a href="https://mastodon.online/@thunderbird" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@thunderbird</a> and <a href="https://venera.social/profile/tails_live" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@tails_live</a> / <a href="https://fosstodon.org/@tails" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@tails</a> / <a href="https://infosec.space/tags/Tails" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Tails</a> and many other tools make that easier than ever before.<ul><li>So rather than <a href="https://infosec.exchange/@Andromxda/114232871558517461" rel="nofollow noopener noreferrer" target="_blank">vomiting insults against my intellect in my mentions</a>, go to the next <a href="https://mastodon.earth/@cryptoparty" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@cryptoparty@mastodon.earth</a> / <a href="https://infosec.space/tags/Cryptoparty" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Cryptoparty</a> / <a href="https://chaos.social/@cryptoparty" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@cryptoparty@chaos.social</a> and lend a hand.</li></ul>

Kevin Karhan :verified:<a href="https://social.tchncs.de/@pixelcode" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@pixelcode</a> <a href="https://fedi.feministwiki.org/users/taylan" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@taylan</a> <a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@signalapp</a> the <a href="https://infosec.space/tags/centralization" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#centralization</a>, espechally without means to hide it's traffic via <a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@torproject</a> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Tor</a> makes it trivial to detect and track <a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@signalapp</a> / <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Signal</a> users.<ul><li>Add to that the fact that Signal has <a href="https://infosec.space/tags/PhoneNumbers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PhoneNumbers</a> = <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PII</a> on them and the fact they are incorporated in the <a href="https://infosec.space/tags/USA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#USA</a>, thus subject to <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CloudAct</a> and it's not a matter if they snitch on users but how many thousands if not millions got subopena'd to this day.</li></ul>And with no self-custody of keys it's trivial to <a href="https://infosec.space/tags/Room641A" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Room641A</a> the users if the devs get "motivated" under threat of spending the rest of theor lives in jail.

Kevin Karhan :verified:<a href="https://fedi.feministwiki.org/users/taylan" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@taylan</a> <a href="https://social.tchncs.de/@pixelcode" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@pixelcode</a> also add tocthe fact that <a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@signalapp</a> collects and stores <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PII</a> like <a href="https://infosec.space/tags/PhoneNumbers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PhoneNumbers</a>...

Recent searches

Search options

Administered by:

Server stats:

#pii