mastodon.ie is one of the many independent Mastodon servers you can use to participate in the fediverse.
Irish Mastodon - run from Ireland, we welcome all who respect the community rules and members.

Administered by:

Server stats:

1.6K
active users

#MultiProvider

0 posts0 participants0 posts today
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.social/@stman" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>stman</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@Sempf" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Sempf</span></a></span> <span class="h-card" translate="no"><a href="https://chaos.social/@LaF0rge" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>LaF0rge</span></a></span> yes.</p><p>Because physical SIMs, like any <em>"cryptographic chipcard"</em> (i.e. <span class="h-card" translate="no"><a href="https://social.nitrokey.com/@nitrokey" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>nitrokey</span></a></span> ) did all that fancy public/private crypto on silicon and unless that was compromizeable (which AFAICT always necessistated physical access to the <a href="https://infosec.space/tags/SIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SIM</span></a>, espechally in pre-<a href="https://infosec.space/tags/OMAPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OMAPI</span></a> devices) the SIM wasn't <em>'cloneable'</em> and the weakest link always had been the <a href="https://infosec.space/tags/MNO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MNO</span></a> /.<a href="https://infosec.space/tags/MVNO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MVNO</span></a> issueing (may it be through <a href="https://infosec.space/tags/SocialHacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SocialHacking</span></a> employees into <em><a href="https://infosec.space/tags/SimSwapping" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SimSwapping</span></a></em> or LEAs showng up with a warrant and demanding <em>"<a href="https://infosec.space/tags/LawfulInterception" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LawfulInterception</span></a>"</em>):</p><ul><li>These <em>"attack vectors"</em> were known and whilst <em>unfixable</em> they could at least be mitigated by i.e. <em>NEVER</em> using a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a> for anything <em>and/or</em> using anonymously obtained <a href="https://infosec.space/tags/SIMs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SIMs</span></a>. But more and more services like <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> did <a href="https://infosec.space/tags/regression" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>regression</span></a> demanding <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> <em>and</em> more and more nations <em>criminalized</em> <a href="https://infosec.space/tags/AnonymousSimCards" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AnonymousSimCards</span></a> under utterly <a href="https://infosec.space/tags/cyberfacist" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberfacist</span></a> &amp; <a href="https://infosec.space/tags/FalsePretenses" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FalsePretenses</span></a>!</li></ul><p>Add to that the <em>regression</em> in flexibility: </p><p>Unlike a <a href="https://infosec.space/tags/SimCard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SimCard</span></a> which was designed as a <em>vendor-independent, <a href="https://infosec.space/tags/MultiVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiVendor</span></a>, <a href="https://infosec.space/tags/MultiProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiProvider</span></a>, device agnostic unit to facilitate the the <a href="https://infosec.space/tags/authentification" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>authentification</span></a> and <a href="https://infosec.space/tags/encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>encryption</span></a> in <a href="https://infosec.space/tags/GSM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GSM</span></a> (and successor standards)</em>, <a href="https://infosec.space/tags/eSIMs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIMs</span></a> act to restrict <a href="https://infosec.space/tags/DeviceFreedom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DeviceFreedom</span></a> and <a href="https://infosec.space/tags/ConsumerChoice" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ConsumerChoice</span></a>, which with shit like <a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KYC</span></a> per <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IMEI</span></a> (i.e. <a href="https://infosec.space/tags/Turkey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Turkey</span></a> demands it after 90 days of roaming per year) und <a href="https://infosec.space/tags/lMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>lMEI</span></a>-based <a href="https://infosec.space/tags/Allowlisting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Allowlisting</span></a> (see <a href="https://infosec.space/tags/Australia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Australia</span></a>'s shitty <a href="https://infosec.space/tags/VoLTE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VoLTE</span></a> + <a href="https://infosec.space/tags/2G" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2G</span></a> &amp; <a href="https://infosec.space/tags/3G" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>3G</span></a> shutdown!) are just acts to clamp down on <a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> and <a href="https://infosec.space/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a>.</p><ul><li>And with <a href="https://infosec.space/tags/EID" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EID</span></a> being unique per <a href="https://infosec.space/tags/eSIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIM</span></a> (like the <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IMEI</span></a> on top!) there's nothing stopping <a href="https://infosec.space/tags/cyberfacist" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberfacist</span></a> regimes like <em>"P.R."</em> <a href="https://infosec.space/tags/China" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>China</span></a>, <a href="https://infosec.space/tags/Russia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Russia</span></a>, <a href="https://infosec.space/tags/Iran" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Iran</span></a>, ... from banning <em>"<a href="https://infosec.space/tags/eSIMcards" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIMcards</span></a>"</em> (<a href="https://infosec.space/tags/eSIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIM</span></a> in SIM card form factor) or entire device prefixes (i.e. all phones that are supported by <span class="h-card" translate="no"><a href="https://grapheneos.social/@GrapheneOS" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>GrapheneOS</span></a></span> ), as M(V)NOs see the EID used to deploy/activate a profile (obviously they don't want people to activate eSIMs more than once, <em>unless explicitly allowed otherwise</em>.</li></ul><p>"[…] [Technologies] must <em>always</em> be evaluated for their ability to oppress. […] </p><ul><li>Dan Olson</li></ul><p>And now you know why I consider a <a href="https://infosec.space/tags/smartphone" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>smartphone</span></a> with eSIM instead of two SIM slots not as a <em>real</em> <a href="https://infosec.space/tags/DualSIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DualSIM</span></a> device because it restricts my ability to freely move devices.</p><ul><li>And whilst German Courts reaffirmed §77 TKG (Telco Law)'s mandate to letting people choose their devices freely, (by declarong <a href="https://infosec.space/tags/fees" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>fees</span></a> for reissue of eSIMs illegal) that is only <em>enforceable towards M(V)NOs who are in <a href="https://infosec.space/tags/Germany" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Germany</span></a></em>, so <em>'good luck'</em> trying to enforce that against some overseas roaming provider.</li></ul><p>Thus <a href="https://infosec.space/tags/Impersonation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Impersonation</span></a> attacks in GSM-based networks are easier than ever before which in the age of <em>more skilled than ever</em> <a href="https://infosec.space/tags/Cybercriminals" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cybercriminals</span></a> and <a href="https://infosec.space/tags/Cyberterrorists" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyberterrorists</span></a> (i.e. <a href="https://infosec.space/tags/NSA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NSA</span></a> &amp; <a href="https://infosec.space/tags/Roskomnadnozr" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Roskomnadnozr</span></a>) puts espechally the average <em><a href="https://infosec.space/tags/TechIlliterate" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechIlliterate</span></a> User</em> at risk.</p><ul><li>I mean, anyone else remember the <a href="https://infosec.space/tags/Kiddies" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Kiddies</span></a> that <em>fucked around</em> with <a href="https://infosec.space/tags/CIA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CIA</span></a> director <a href="https://infosec.space/tags/Brennan" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Brennan</span></a>? Those were just using their <em>"weapons-grade <a href="https://infosec.space/tags/boredom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>boredom</span></a>"</em>, not being effective, for-profit cyber criminals!</li></ul><p>And then think about those who don't have <em>privilegued access</em> to <em>protection</em> by their government, but rather <em>"privilegued access" to prosecution</em> by the state <em>because their very existance is criminalized...</em></p> <p>The only advantage eSIMs broight in contrast is <em>'logistical' convenience</em> because it's mostly a <a href="https://infosec.space/tags/QRcode" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>QRcode</span></a> and that's just a way to avoid typos on a cryptic <a href="https://infosec.space/tags/LocalProfileAgent" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LocalProfileAgent</span></a> link.</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mstdn.ca/@action_jay" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>action_jay</span></a></span> everything that isn't a fully <a href="https://infosec.space/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a>'d <a href="https://infosec.space/tags/OpenStandard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenStandard</span></a> with <a href="https://infosec.space/tags/MultiVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiVendor</span></a> &amp; <a href="https://infosec.space/tags/MultiProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiProvider</span></a> support.</p><p>That's why <span class="h-card" translate="no"><a href="https://chaos.social/@delta" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>delta</span></a></span> (<a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PGP</span></a>/MIME) &amp; <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>monocles</span></a></span> / <span class="h-card" translate="no"><a href="https://fosstodon.org/@gajim" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>gajim</span></a></span> (<a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OMEMO</span></a>) are superior to <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> , because that can be easily cracked down on due to <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudAct</span></a>, whereas truly <a href="https://infosec.space/tags/decentralized" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>decentralized</span></a> systems have <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfCustody</span></a> so they can't be taken down effectively.</p><ul><li>Bonus points if they support <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a>, cuz that makes it harder for <em>"state-sponsored"</em> (or rather <em>state-endorsed/governmental</em> attackers) to block or sabotage it (<a href="https://infosec.space/tags/OnionServices" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OnionServices</span></a> are harder to take down!)</li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.social/@threemaapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>threemaapp</span></a></span> don't buy <a href="https://infosec.space/tags/proprietary" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>proprietary</span></a> <a href="https://infosec.space/tags/SingleVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SingleVendor</span></a> and/or <a href="https://infosec.space/tags/SingleProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SingleProvider</span></a> either! </p><ul><li>Use only <a href="https://infosec.space/tags/secure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>secure</span></a> = <a href="https://infosec.space/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> <a href="https://infosec.space/tags/OpenStandards" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenStandards</span></a> that hare <a href="https://infosec.space/tags/MultiVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiVendor</span></a> &amp; <a href="https://infosec.space/tags/MultiProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiProvider</span></a>, like <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OMEMO</span></a> &amp; <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PGP</span></a>/MIME!</li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mstdn.io/@ckrypto" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>ckrypto</span></a></span> if@signalapp@mastodon.world wasn't complying with <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudAct</span></a>, <span class="h-card" translate="no"><a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Mer__edith</span></a></span> would be in jail.</p><p>Not to mention even <em>if</em> Signal keeps their <em>"<a href="https://infosec.space/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a>"</em> code updated - which is <a href="https://www.youtube.com/watch?v=tJoO2uWrX1M&amp;t=887s" rel="nofollow noopener" target="_blank">doubtful</a>, <em>NOONE</em> can actually <a href="https://infosec.space/tags/verify" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>verify</span></a> that it's the code you actually use - regardless if <a href="https://infosec.space/tags/backend" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>backend</span></a> / <a href="https://infosec.space/tags/Server" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Server</span></a> or <a href="https://infosec.space/tags/client" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>client</span></a> / <a href="https://infosec.space/tags/App" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>App</span></a>! </p><ul><li><a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Signal</span></a> is as secure as <a href="https://infosec.space/tags/AN%C3%98M" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ANØM</span></a>, otherwise it would've been shutdown ages ago.</li></ul><p>Also if Signal was designed for <a href="https://infosec.space/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a>, it would've been <a href="https://infosec.space/tags/decentralized" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>decentralized</span></a> as <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OMEMO</span></a> and not demand <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> like <a href="https://infosec.space/tags/PhoneNumbers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumbers</span></a> which oftentimes cannot be obtained anonymously in many juristictions <em>at all</em>!</p><ul><li>Only <a href="https://infosec.space/tags/MultiVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiVendor</span></a> &amp; <a href="https://infosec.space/tags/MultiProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiProvider</span></a> standards can be secure, regardless if OMEMO or <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PGP</span></a>/MIME. </li></ul><p>By comparison, <span class="h-card" translate="no"><a href="https://chaos.social/@delta" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>delta</span></a></span> doesn't require any PII, only an <a href="https://infosec.space/tags/eMail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eMail</span></a> account, and <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>monocles</span></a></span> isn't a <a href="https://infosec.space/tags/VCmoneyBurningParty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VCmoneyBurningParty</span></a> but sustainable due to <a href="https://infosec.space/tags/subscription" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>subscription</span></a> and they don't even require any personal details for <a href="https://infosec.space/tags/payment" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>payment</span></a>: <a href="https://infosec.space/tags/CashByMail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CashByMail</span></a> and <a href="https://infosec.space/tags/Monero" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Monero</span></a> are accepted.</p><ul><li>Not to mention neither <a href="https://infosec.space/tags/DeltaChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DeltaChat</span></a> nor <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monoclesChat</span></a> are <a href="https://www.youtube.com/watch?v=tJoO2uWrX1M&amp;t=424s" rel="nofollow noopener" target="_blank">pandering</a> <a href="https://infosec.space/tags/Shitcoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Shitcoin</span></a> <a href="https://infosec.space/tags/Scams" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Scams</span></a> like <a href="https://infosec.space/tags/MobileCoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MobileCoin</span></a> that <a href="https://www.youtube.com/watch?v=0DSGq9FQKU4" rel="nofollow noopener" target="_blank">don't work</a> even for <a href="https://infosec.space/tags/TechLiterate" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechLiterate</span></a> <a href="https://infosec.space/tags/CryptoBros" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CryptoBros</span></a>! </li></ul> <p>Again: It's Signal alone who have to evidence they are trustworthy, and all I get are <em>"<a href="https://infosec.space/tags/TrustMeBro" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TrustMeBro</span></a>!"</em> replies, which means they are not to be trusted.</p><ul><li>Not to mention, it's just not sustainable to run a <a href="https://infosec.space/tags/service" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>service</span></a> without <a href="https://infosec.space/tags/revenue" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>revenue</span></a>, even if it's run entirely by unpaid volunteers and gets all it's <a href="https://infosec.space/tags/hosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>hosting</span></a> and <a href="https://infosec.space/tags/costs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>costs</span></a> donated, someone has to pay for expenses due to <a href="https://infosec.space/tags/abuse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>abuse</span></a> of a service (which is an inevitability come mass adoption)...</li></ul><p>Whereas with <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XMPP</span></a> I can completely setup my own server and client, even build my own if I don't trust anyone else and pay someone to audit the code.</p><ul><li>Signal as a <a href="https://infosec.space/tags/centralized" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>centralized</span></a>, <a href="https://infosec.space/tags/SingleVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SingleVendor</span></a> &amp; <a href="https://infosec.space/tags/SingleProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SingleProvider</span></a> service is inevitable vulnerable to <a href="https://infosec.space/tags/RubberhoseCryptoanalysis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RubberhoseCryptoanalysis</span></a>, and <a href="https://infosec.space/tags/Meredith" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Meredith</span></a> <em>will break</em> if not doing so means <a href="https://web.archive.org/web/20210226175949/https://twitter.com/thegrugq/status/1085614812581715968" rel="nofollow noopener" target="_blank">jail for life until she does</a>!</li></ul><p>Whereas with XMPP &amp; PGP/MIME <a href="https://infosec.space/tags/eMail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eMail</span></a> I can layer <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a> over it, make it an <a href="https://infosec.space/tags/OnionService" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OnionService</span></a> and keep that thing under my bed with a <a href="https://www.youtube.com/watch?v=F59iKSrx63c&amp;list=PL2YepVFF1azEYo0c0HdYwykbp_AXchaIp" rel="nofollow noopener" target="_blank">literal killswitch</a>...</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://social.notjustbikes.com/@notjustbikes" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>notjustbikes</span></a></span> <em>precisely!</em></p><p>Only <a href="https://infosec.space/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> &amp; <a href="https://infosec.space/tags/OpenStandards" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenStandards</span></a> can yield <a href="https://infosec.space/tags/MultiVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiVendor</span></a> &amp; <a href="https://infosec.space/tags/MultiProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiProvider</span></a> systems necessary to prevent <a href="https://infosec.space/tags/monopolies" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monopolies</span></a> and <a href="https://infosec.space/tags/oligopolies" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>oligopolies</span></a> and enshure <a href="https://infosec.space/tags/ITsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITsec</span></a>, <a href="https://infosec.space/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a>, <a href="https://infosec.space/tags/OpSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpSec</span></a> &amp; <a href="https://infosec.space/tags/ComSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ComSec</span></a>, thus being able to comply with <a href="https://infosec.space/tags/NatSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NatSec</span></a> &amp; <a href="https://infosec.space/tags/IntlSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IntlSec</span></a> demands.</p><p>Guess why <a href="https://infosec.space/tags/NORAD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NORAD</span></a> runs <a href="https://infosec.space/tags/BusyBox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BusyBox</span></a> / <a href="https://infosec.space/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a>? </p><ul><li>Because they demand <em>every single line of code</em> to be <em>audited MANUALLY!</em></li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://chaos.social/@delta" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>delta</span></a></span> also the whole <em>"BuT <a href="https://infosec.space/tags/mEtAdAtA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mEtAdAtA</span></a>?"</em> Discussion is completely blown out of proportions by <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Signal</span></a> fanboys.</p><ul><li>Whereas <a href="https://infosec.space/tags/deltaChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>deltaChat</span></a> and <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OMEMO</span></a> are truly <a href="https://infosec.space/tags/decentralized" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>decentralized</span></a>, <a href="https://infosec.space/tags/MultiVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiVendor</span></a> &amp; <a href="https://infosec.space/tags/MultiProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiProvider</span></a> <a href="https://infosec.space/tags/OpenStandards" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenStandards</span></a> that allow for full <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfCustody</span></a> off all the keys and comms.</li></ul><p>In fact, I'm convinced someone already made a <a href="https://infosec.space/tags/delta" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>delta</span></a> <a href="https://infosec.space/tags/chat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>chat</span></a> <a href="https://infosec.space/tags/server" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>server</span></a> as an <a href="https://infosec.space/tags/OnionService" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OnionService</span></a> over <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a> just for the lulz.</p><ul><li>The biggest Advantage for Delta Chat is that it doesn't require <em>yet another server</em> but instead just uses <a href="https://infosec.space/tags/IMAP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IMAP</span></a> + <a href="https://infosec.space/tags/SMTP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SMTP</span></a> <em>and</em> can even be integrated in <a href="https://infosec.space/tags/corporate" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>corporate</span></a> communications that require <a href="https://infosec.space/tags/archival" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>archival</span></a> and <a href="https://infosec.space/tags/indexing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>indexing</span></a> by merely feeding the private keys to said <a href="https://infosec.space/tags/eMail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eMail</span></a> archival software [i.e. <a href="https://infosec.space/tags/benno" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>benno</span></a> <a href="https://infosec.space/tags/MailArchiv" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MailArchiv</span></a>], which makes it possible to comply with regulations like <a href="https://infosec.space/tags/GoBD" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GoBD</span></a> &amp; <a href="https://infosec.space/tags/HGB" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HGB</span></a> where applicable.</li></ul><p>Not that this is something the average user encounters, but it is a big bonus for larger organizations!</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://social.coop/@cwebber" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>cwebber</span></a></span> personally, I think it's most important to have <a href="https://infosec.space/tags/MultiVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiVendor</span></a> &amp; <a href="https://infosec.space/tags/MultiProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiProvider</span></a>, <a href="https://infosec.space/tags/OpenStandards" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenStandards</span></a> that allow for <a href="https://infosec.space/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfHosting</span></a> and a thriving ecosystem.</p><ul><li>i.e. <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OMEMO</span></a> works fine over <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a> and that means both <a href="https://infosec.space/tags/Clients" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Clients</span></a> like <span class="h-card" translate="no"><a href="https://fosstodon.org/@gajim" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>gajim</span></a></span> / <a href="https://infosec.space/tags/gajim" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gajim</span></a> &amp; <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>monocles</span></a></span> / <a href="https://infosec.space/tags/monocles" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monocles</span></a> as well as <a href="https://infosec.space/tags/Servers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Servers</span></a>...</li></ul><p>Plus it allows for <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfCustody</span></a> of all the keys!</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://chaos.social/@compl4xx" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>compl4xx</span></a></span> <span class="h-card" translate="no"><a href="https://layer8.space/@Layer8" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Layer8</span></a></span> <span class="h-card" translate="no"><a href="https://hhmx.de/@nick" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>nick</span></a></span> <span class="h-card" translate="no"><a href="https://social.tchncs.de/@kuketzblog" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>kuketzblog</span></a></span> <span class="h-card" translate="no"><a href="https://waldvogel.family/@marcel" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>marcel</span></a></span> <span class="h-card" translate="no"><a href="https://fnordon.de/@mspro" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>mspro</span></a></span></p><ul><li><em>EXAKT DAS!</em></li></ul><p><a href="https://infosec.space/@kkarhan/113938762230637543" rel="nofollow noopener" target="_blank">Meine Rede</a>...</p><p>Oder um es einfach zu erklären: Warum gibt es <a href="https://infosec.space/tags/HTTP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HTTP</span></a>(S) &amp; <a href="https://infosec.space/tags/HTML" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HTML</span></a> sowie <a href="https://infosec.space/tags/eMail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eMail</span></a> ( <a href="https://infosec.space/tags/IMAP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IMAP</span></a> &amp; <a href="https://infosec.space/tags/SMTP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SMTP</span></a>) bis heute und keiner nutzt mehr <a href="https://infosec.space/tags/AOL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AOL</span></a>, <a href="https://infosec.space/tags/MSN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MSN</span></a>, <a href="https://infosec.space/tags/ICQ" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ICQ</span></a>?</p><ul><li>Weil nur <a href="https://infosec.space/tags/OffeneStandards" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OffeneStandards</span></a> als <a href="https://infosec.space/tags/MultiVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiVendor</span></a> &amp; <a href="https://infosec.space/tags/MultiProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiProvider</span></a> - Lösung taugen und langfristig überleben können!!!</li></ul><p>Wenn <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> / <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Signal</span></a> wegen <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudAct</span></a> <em>geflipped</em> wird wie <a href="https://infosec.space/tags/EncroChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EncroChat</span></a>, <a href="https://infosec.space/tags/AN%C3%98M" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ANØM</span></a> &amp; <a href="https://infosec.space/tags/SkyECC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SkyECC</span></a> dann stehen Leute alternativlos in der shice ubd die ganzen <em>"Sicherheitsversprechen"</em> lösen sich in <em>"<a href="https://infosec.space/tags/TrustMeBro" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TrustMeBro</span></a>!"</em> und <a href="https://infosec.space/tags/L%C3%BCgen" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Lügen</span></a> auf.</p><ul><li>Wohingegen selbst wenn <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>monocles</span></a></span> nen Front wäre, es mit <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OMEMO</span></a> &amp; <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PGP</span></a>/MIME (bspw. <span class="h-card" translate="no"><a href="https://chaos.social/@delta" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>delta</span></a></span> / <a href="https://infosec.space/tags/deltaChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>deltaChat</span></a>) sie Sicherheit sank <a href="https://infosec.space/tags/SepfCustody" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SepfCustody</span></a> gewahrt und mittels <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a> zusätzliche Sicherheit implementiert werden kann!</li></ul><p>Ich nutze meinen XMPP-Account seit Ewigkeiten und habe drölfzig Clients durch. Aber Kontakte erreichen mich darüber Problemlos!</p>
Kevin Karhan :verified:USpol, Reality Check, CloudAct & Signal
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.social/@dansup" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>dansup</span></a></span> well, <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> too is <a href="https://infosec.space/tags/proprietary" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>proprietary</span></a> and <a href="https://infosec.space/tags/centralized" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>centralized</span></a> and peddles a <a href="https://infosec.space/tags/Cryptocurrency" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cryptocurrency</span></a> <a href="https://infosec.space/tags/Scamcoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Scamcoin</span></a> named <a href="https://infosec.space/tags/MobileCoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MobileCoin</span></a>:<br><a href="https://www.youtube.com/watch?v=tJoO2uWrX1M" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="">youtube.com/watch?v=tJoO2uWrX1M</span><span class="invisible"></span></a></p><p>Use <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OMEMO</span></a> (i.e. <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>monocles</span></a></span> / <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monoclesChat</span></a> &amp; <span class="h-card" translate="no"><a href="https://fosstodon.org/@gajim" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>gajim</span></a></span> / <a href="https://infosec.space/tags/gajim" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gajim</span></a>) instead!<br><a href="https://monocles.social/@monocles/113925173206088469" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">monocles.social/@monocles/1139</span><span class="invisible">25173206088469</span></a></p><ul><li><p>No <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> (like a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a>!) required...<br><a href="https://docs.monocles.eu/account/account/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">docs.monocles.eu/account/accou</span><span class="invisible">nt/</span></a></p></li><li><p>Truly <a href="https://infosec.space/tags/decentralized" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>decentralized</span></a>, <a href="https://infosec.space/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a>, <a href="https://infosec.space/tags/MultiVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiVendor</span></a> &amp; <a href="https://infosec.space/tags/MultiProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiProvider</span></a> <a href="https://github.com/greyhat-academy/lists.d/blob/main/xmpp.servers.list.tsv" rel="nofollow noopener" target="_blank">1</a> with <em>real <a href="https://infosec.space/tags/E2EE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>E2EE</span></a></em> using <em><a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfCustody</span></a> of all the keys!</em></p></li></ul><p><a href="https://infosec.space/tags/Shitcoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Shitcoin</span></a> <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Signal</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://chaos.social/@delta" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>delta</span></a></span> <em>nodds in agreement</em></p><p>Same with <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OMEMO</span></a>: </p><ul><li>Only <a href="https://infosec.space/tags/decentralized" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>decentralized</span></a>, <a href="https://infosec.space/tags/MultiVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiVendor</span></a> &amp; <a href="https://infosec.space/tags/MultiProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiProvider</span></a> solutions based off <a href="https://infosec.space/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a> and <a href="https://infosec.space/tags/OpenStandards" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenStandards</span></a>... </li></ul><p>Because only <a href="https://infosec.space/tags/decentralized" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>decentralized</span></a> solutions will survive!</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://gruene.social/@max" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>max</span></a></span> <br>To <a href="https://gruene.social/@max/113872018769294131" rel="nofollow noopener" target="_blank">quote you directly</a>:</p><blockquote><p>"[...] easy to use solutions that are at the same time private and secure. [...]"</p></blockquote><ul><li>The fact that <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> requires <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> like a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a> which more often than not <em>cannot be legally acquired anonymously</em> makes it not <a href="https://infosec.space/tags/private" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>private</span></a>. </li></ul><p>It is easier, faster, cheaper and overall simpler to get someone setup with <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XMPP</span></a> + <a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OMEMO</span></a> espechally if they don't have a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a> and/or <a href="https://infosec.space/tags/ID" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ID</span></a> to acquire a <a href="https://infosec.space/tags/SIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SIM</span></a>. </p><p>And if you go and say, <em>"Just buy a [insert country here] [e]SIM!"</em> and expect <a href="https://infosec.space/tags/TechIlliterates" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechIlliterates</span></a> without a <a href="https://infosec.space/tags/CreditCard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CreditCard</span></a>, <a href="https://infosec.space/tags/PayPal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PayPal</span></a> or other means of <a href="https://infosec.space/tags/OnlinePayment" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OnlinePayment</span></a> to fiddle around with some <a href="https://infosec.space/tags/eSIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIM</span></a> if not having to get some <a href="https://infosec.space/tags/eSIMcard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIMcard</span></a> because they can only afford to maintain one SIM and can't spend triple-digits on a new devices then you <em>completely missed the point</em>!</p><ul><li>I can much faster and easier get TechIlliterates setup show them around - either in a <span class="h-card" translate="no"><a href="https://mastodon.earth/@cryptoparty" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>cryptoparty@mastodon.earth</span></a></span> / <span class="h-card" translate="no"><a href="https://chaos.social/@cryptoparty" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>cryptoparty@chaos.social</span></a></span> / <a href="https://infosec.space/tags/CryptoParty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CryptoParty</span></a> - style <a href="https://infosec.space/tags/classroom" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>classroom</span></a> / <a href="https://infosec.space/tags/seminar" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>seminar</span></a> or 1:1 tutoring than I can <em>legally acquire and activate a new SIM in <a href="https://infosec.space/tags/Germany" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Germany</span></a></em> [since 07/2017]...</li></ul><p>It's not that I expect anyone to get <a href="https://infosec.space/tags/TechLiterate" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechLiterate</span></a> within minutes, but similar to setting up a cordless DECT phone it's something one has to do once in 5 years and just have them put the password in a safe spot to retain...</p> <p>Point is that <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Signal</span></a> <a href="https://infosec.space/tags/WontFix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WontFix</span></a> their setup and that was evidently clear even before <span class="h-card" translate="no"><a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Mer__edith</span></a></span> succeeded <a href="https://infosec.space/tags/MoxieMarlinspike" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MoxieMarlinspike</span></a>: Their entire operation has a <em>distinct <a href="https://infosec.space/tags/CryptoAG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CryptoAG</span></a> stench</em> as it's an <a href="https://infosec.space/tags/unsustainable" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>unsustainable</span></a> <a href="https://infosec.space/tags/VCmoneyBurning" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VCmoneyBurning</span></a> party!</p><ul><li><a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudAct</span></a> and the <a href="https://infosec.space/tags/NOBUS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NOBUS</span></a> <a href="https://en.wikipedia.org/wiki/NOBUS#Criticism" rel="nofollow noopener" target="_blank">hegemony</a> ain't something that just got executed now (neither was <a href="https://infosec.space/tags/GDPR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GDPR</span></a> &amp; <a href="https://infosec.space/tags/BDSG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BDSG</span></a>!)... </li></ul><p>A counterexample on how this could've been done are <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a>, <a href="https://infosec.space/tags/eMail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eMail</span></a> and other <em>truly <a href="https://infosec.space/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a></em> as in <a href="https://infosec.space/tags/MultiVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiVendor</span></a> &amp; <a href="https://infosec.space/tags/MultiProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiProvider</span></a> standards. </p><ul><li><p><em>NOTHING</em> compells Signal to <a href="https://en.wikipedia.org/wiki/Signal_(software)" rel="nofollow noopener" target="_blank">demand PII</a>, run a <a href="https://infosec.space/tags/Shitcoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Shitcoin</span></a> <a href="https://infosec.space/tags/Scam" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Scam</span></a> <a href="https://en.wikipedia.org/wiki/Signal_(software)#In-app_payments" rel="nofollow noopener" target="_blank">aka.</a> <a href="https://infosec.space/tags/MobileCoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MobileCoin</span></a> that even seasoned <a href="https://infosec.space/tags/TechLiterates" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechLiterates</span></a> and <a href="https://infosec.space/tags/CryptoBros" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CryptoBros</span></a> <a href="https://www.youtube.com/watch?v=0DSGq9FQKU4" rel="nofollow noopener" target="_blank">can't setup properly</a>, and in fact Signal using <a href="https://en.wikipedia.org/wiki/Signal_(software)#Controversial_use" rel="nofollow noopener" target="_blank">phone numbers makes it trivial to discriminate against users and easier for them to identify them</a>!</p></li><li><p>If <a href="https://infosec.space/@kkarhan/113869305765533809" rel="nofollow noopener" target="_blank">my reasoning</a> didn't resonate with you, then try helping i.e. undocumented migrants aka. <em>"<a href="https://infosec.space/tags/SansPapier" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SansPapier</span></a>|s"</em> to get setup with it without violating laws and/or ToS and/or needing an imported SIM which I'm shure most folks don't have on hand!</p></li></ul><p>Whereas it's trivial to get people setup on <a href="https://github.com/greyhat-academy/lists.d/blob/main/xmpp.servers.list.tsv" rel="nofollow noopener" target="_blank">one of many XMPP servers I've personally tested</a>!</p><ul><li>Not to mention clients like <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>monocles</span></a></span> / <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monoclesChat</span></a> and <span class="h-card" translate="no"><a href="https://fosstodon.org/@gajim" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>gajim</span></a></span> / <a href="https://infosec.space/tags/gajim" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gajim</span></a> are way more user-friendly and unlike Signal can also work perfectly fine over <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a>, including <a href="https://infosec.space/tags/OnionServices" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OnionServices</span></a> as endpoints. </li></ul><p>AFAIK Signal doesn't even have an <a href="https://infosec.space/tags/OnionService" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OnionService</span></a> / <a href="https://en.wikipedia.org/wiki/.onion" rel="nofollow noopener" target="_blank"><code>.onion</code></a> for their Website, much less any <a href="https://infosec.space/tags/API" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>API</span></a> enpoints to use it with!</p><ul><li>Them relying on <a href="https://infosec.space/tags/ClownFlare" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ClownFlare</span></a> is just something that makes them even <em>more <a href="https://infosec.space/tags/sus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sus</span></a></em> as there is <em><a href="https://en.wikipedia.org/wiki/Cloudflare#Controversies" rel="nofollow noopener" target="_blank">no legitimate reason</a></em> to use a <a href="https://infosec.space/tags/RogueISP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RogueISP</span></a> like that.</li></ul> <p>You're free to also provide evidence and supporting data to your arguments, rather then <em>neighsaying</em> against <em>proven to be more secure and reliable [by virtue of decentralization]</em> options like XMPP+OMEMO and/or <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PGP</span></a>/MIME. </p><ul><li>What gets my blood boiling is the constant <a href="https://infosec.space/tags/disinfo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>disinfo</span></a> by <a href="https://mstdn.social/@rysiek/113868777937162686" rel="nofollow noopener" target="_blank">Signal</a> <a href="https://mstdn.social/@rysiek/113869169340313254" rel="nofollow noopener" target="_blank">Fanboys</a> like <span class="h-card" translate="no"><a href="https://mstdn.social/@rysiek" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>rysiek</span></a></span> who sell it like <a href="https://infosec.space/tags/DigitalSnakeoil" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DigitalSnakeoil</span></a> akin to <a href="https://infosec.space/tags/AntivirusSoftware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>AntivirusSoftware</span></a>, because it's at best <em>"<a href="https://infosec.space/tags/TechPopulism" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechPopulism</span></a>"</em> and at worst <a href="https://infosec.space/@agturcz@circumstances.run/113868748895262202" rel="nofollow noopener" target="_blank">will mislead "TechIlliterates"</a> with a <a href="https://infosec.space/@kkarhan/113868987217053362" rel="nofollow noopener" target="_blank">false sense of security</a>, which in turn puts more users at risk.</li></ul><p>The <em>proper fix</em> is to actually <em>assess the situation</em> and acknowledge the <em>risks and limitations</em> as well as the very nature of communications, which means <em>upgrading later</em> is exponentially more painful, thus getting people <em>properly setup once</em> is way easier.</p><ul><li>Just because <em>WE</em> [ or rather <span class="h-card" translate="no"><a href="https://mstdn.social/@rysiek" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>rysiek</span></a></span> in this case ] rather <em>privilegued enough</em> to not be <em>hatecrimed in their current location</em> doesn't mean this is the case for everyone. And having places like Signal rely on a <em>"<a href="https://infosec.space/tags/CDN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CDN</span></a>"</em> is just another <em>red flag</em> to me because questions like <a href="https://circumstances.run/@agturcz/113866980398547492" rel="nofollow noopener" target="_blank">this one</a> just don't arise with <a href="http://monocles.chat" rel="nofollow noopener" target="_blank">monocles.chat</a> as people can just exercise proper <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfCustody</span></a> and just use Tor!</li></ul><p>Speaking of <a href="https://infosec.space/tags/monocles" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monocles</span></a>: That business is at least <a href="https://infosec.space/tags/sustainable" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sustainable</span></a> because it's funded by users <a href="https://store.monocles.eu/produkt/monocles-starter-account/" rel="nofollow noopener" target="_blank">(€2 p.m.)</a> which they can <a href="https://monocles.eu/more/#payment-section" rel="nofollow noopener" target="_blank">pay anonymously</a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.social/@zeank" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>zeank</span></a></span> <span class="h-card" translate="no"><a href="https://social.vivaldi.net/@MastoDenunzianten" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>MastoDenunzianten</span></a></span> Auch sind all.dies <a href="https://infosec.space/tags/Merting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Merting</span></a>-<a href="https://infosec.space/tags/Versprechen" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Versprechen</span></a> oder auch <a href="https://infosec.space/tags/L%C3%BCgen" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Lügen</span></a>, denn woher soll mensch verifizieren können, dass das was <a href="https://infosec.space/tags/Threeema" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Threeema</span></a> behauptet auch stimmt?</p><ul><li>Die werden mich das ja nicht persönlich an deren Servern abchecken lassen.</li></ul><p>Bei <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OMEMO</span></a> (z.B. <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>monocles</span></a></span> / <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monoclesChat</span></a> &amp; <span class="h-card" translate="no"><a href="https://fosstodon.org/@gajim" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>gajim</span></a></span> / <a href="https://infosec.space/tags/Gajim" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Gajim</span></a>) &amp; <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PGP</span></a>/MIME (z.B <span class="h-card" translate="no"><a href="https://chaos.social/@delta" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>delta</span></a></span> / <a href="https://infosec.space/tags/DeltaChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DeltaChat</span></a>) kann ich im Zweifelsfalle <a href="https://infosec.space/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfHosting</span></a> mit nem <a href="https://infosec.space/tags/RaspberryPi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>RaspberryPi</span></a> im Kleiderschrank machen.</p><ul><li>Egal ob <span class="h-card" translate="no"><a href="https://mastodon.social/@threemaapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>threemaapp</span></a></span> , <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> , <span class="h-card" translate="no"><a href="https://mastodon.social/@simplex" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>simplex</span></a></span> , <span class="h-card" translate="no"><a href="https://mastodon.social/@WhatsApp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>WhatsApp</span></a></span> oder <a href="https://infosec.space/tags/Pwnagotchi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pwnagotchi</span></a> <a href="https://infosec.space/tags/PwnMail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PwnMail</span></a> <a href="https://pwnagotchi.ai/usage/#pwnmail" rel="nofollow noopener" target="_blank">ja, das gibts auch</a> gibt's <a href="https://infosec.space/tags/zentralisiert" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>zentralisiert</span></a>|e <a href="https://infosec.space/tags/Server" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Server</span></a> und damit zentrale Angriffspunkte.</li></ul><p>Angriffe auf dezentrale &amp; offene, <a href="https://infosec.space/tags/MultiVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiVendor</span></a> &amp; <a href="https://infosec.space/tags/MultiProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiProvider</span></a>-Standards funktionieren nicht skalierbar!</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.social/@zackwhittaker" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>zackwhittaker</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@kevincollier" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>kevincollier</span></a></span> </p><p>Remember:</p><ul><li><p><em>"<a href="https://infosec.space/tags/LafulInterception" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LafulInterception</span></a>"</em> <em>IS</em> the <a href="https://infosec.space/tags/IllicitActivity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IllicitActivity</span></a>! </p></li><li><p><em>"<a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KYC</span></a>"</em> <em>IS</em> the <a href="https://infosec.space/tags/IllicitAction" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IllicitAction</span></a>! </p></li><li><p><a href="https://infosec.space/tags/Logging" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Logging</span></a> <em>IS</em> an act of <a href="https://infosec.space/tags/Espionage" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Espionage</span></a>! </p></li><li><p><a href="https://infosec.space/tags/DoNotTrustAnyone" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DoNotTrustAnyone</span></a> - not even me!</p></li><li><p>Only Soluti ons that allow <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfCustody</span></a> of all the Keys &amp; <a href="https://infosec.space/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfHosting</span></a> are truly <a href="https://infosec.space/tags/E2EE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>E2EE</span></a>!</p></li><li><p>Only truly <a href="https://infosec.space/tags/decentralized" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>decentralized</span></a>, <a href="https://infosec.space/tags/MultiVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiVendor</span></a> &amp; <a href="https://infosec.space/tags/MultiProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiProvider</span></a> Solutions with <em>true <a href="https://infosec.space/tags/EndToEndEncryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EndToEndEncryption</span></a></em> are secure!</p></li><li><p><a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudAct</span></a> <em>IS</em> the assault on your freedom <em>too</em>!</p></li><li><p>Use <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a> for <em>EVERYTHING!</em></p></li><li><p>Use <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OMEMO</span></a> &amp; <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PGP</span></a>/MIME for <em>all your Comms</em>!</p></li><li><p>Use <a href="https://infosec.space/tags/Monero" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Monero</span></a> instead of <a href="https://infosec.space/tags/PayPal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PayPal</span></a>! </p></li></ul><p>The only way we can prevent a <a href="https://infosec.space/tags/Cyberfacist" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyberfacist</span></a> <a href="https://infosec.space/tags/dystopia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dystopia</span></a> is to make it impossible!</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://m.ai6yr.org/@ai6yr" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>ai6yr</span></a></span> people need to fucking learn proper <a href="https://infosec.space/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a>, <a href="https://infosec.space/tags/OpSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpSec</span></a>, <a href="https://infosec.space/tags/CkmSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CkmSec</span></a> &amp; <a href="https://infosec.space/tags/ITsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITsec</span></a> and that means learning to proper use <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OMEMO</span></a> &amp; <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PGP</span></a>/MIME.</p><ul><li><a href="https://infosec.space/tags/Lazyness" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Lazyness</span></a> is not an excuse!</li></ul><p><span class="h-card" translate="no"><a href="https://venera.social/profile/tails_live" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tails_live</span></a></span> / <span class="h-card" translate="no"><a href="https://fosstodon.org/@tails" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tails</span></a></span> / <a href="https://infosec.space/tags/Tails" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tails</span></a> exists. <span class="h-card" translate="no"><a href="https://fosstodon.org/@gajim" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>gajim</span></a></span> / <a href="https://infosec.space/tags/Gajim" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Gajim</span></a> exists. <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>monocles</span></a></span> / <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monoclesChat</span></a> exists. <span class="h-card" translate="no"><a href="https://chaos.social/@delta" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>delta</span></a></span> / <a href="https://infosec.space/tags/deltaChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>deltaChat</span></a> exists. <span class="h-card" translate="no"><a href="https://mastodon.online/@thunderbird" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>thunderbird</span></a></span> / <a href="https://infosec.space/tags/Thunderbird" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Thunderbird</span></a> exists. <span class="h-card" translate="no"><a href="https://mastodon.earth/@cryptoparty" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>cryptoparty@mastodon.earth</span></a></span> / <span class="h-card" translate="no"><a href="https://chaos.social/@cryptoparty" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>cryptoparty@chaos.social</span></a></span> / <a href="https://infosec.space/tags/CryptoParties" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CryptoParties</span></a> exist.<br><a href="https://infosec.space/tags/Documentation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Documentation</span></a> in writing and videos exist.</p><ul><li><p>Only <a href="https://infosec.space/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfHosting</span></a>-capable, <a href="https://infosec.space/tags/MultiVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiVendor</span></a> &amp; <a href="https://infosec.space/tags/MultiProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiProvider</span></a> solutions that implement proper <a href="https://infosec.space/tags/E2EE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>E2EE</span></a> &amp; offer you <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfCustody</span></a> of all the keys can be considered <a href="https://infosec.space/tags/secure" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>secure</span></a>.</p></li><li><p>Everyone who demands <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> like <a href="https://infosec.space/tags/PhoneNumbers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumbers</span></a>, including <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span>, must be seen as inherently insecure by design - espechally when they are subject to <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudAct</span></a>!</p></li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://nrw.social/@doerk" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>doerk</span></a></span> the problem is that we accept <a href="https://infosec.space/tags/TechIlliterates" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechIlliterates</span></a> just regurgitating <a href="https://infosec.space/tags/MarketingLies" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MarketingLies</span></a> of <a href="https://infosec.space/tags/NSAbook" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NSAbook</span></a> et. al.</p><ul><li>Unless something is completely <a href="https://infosec.space/tags/decentralized" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>decentralized</span></a> as a <a href="https://infosec.space/tags/MultiVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiVendor</span></a> &amp; <a href="https://infosec.space/tags/MultiProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiProvider</span></a> solution like <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OMEMO</span></a> then it's trivial to force <a href="https://infosec.space/tags/Govware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Govware</span></a> inside.</li></ul><p>Or does anyone believe <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> 's <span class="h-card" translate="no"><a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Mer__edith</span></a></span> would protect any user if that means she'd be in jail for the rest of her life?</p><ul><li>Cuz whoever believes that really huffed too much Copium amidst <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudAct</span></a> existing and precedents existing!</li></ul><p><a href="https://youtu.be/QCx_G_R0UmQ" rel="nofollow noopener" target="_blank">1</a><br><a href="https://web.archive.org/web/20220112020000/https://twitter.com/thegrugq/status/1085614812581715968" rel="nofollow noopener" target="_blank">2</a><br><a href="https://www.justice.gov/opa/press-release/file/1001841/download" rel="nofollow noopener" target="_blank">3</a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://chaos.social/@delta" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>delta</span></a></span> TBH, I think that <a href="https://infosec.space/tags/deltaChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>deltaChat</span></a>, alongside <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>monocles</span></a></span> / <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monoclesChat</span></a> is one of the few real <a href="https://infosec.space/tags/E2EE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>E2EE</span></a> <a href="https://infosec.space/tags/Chat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Chat</span></a> &amp; <a href="https://infosec.space/tags/Messaging" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Messaging</span></a> solutions (which allow for full <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfCustody</span></a> of keys as well as being based on <a href="https://infosec.space/tags/OpenStandards" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenStandards</span></a> for a <a href="https://infosec.space/tags/MultiVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiVendor</span></a> &amp; <a href="https://infosec.space/tags/MultiProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiProvider</span></a> ecosystem) and even out-of-band verification and key exchange...</p><ul><li>The main difference is that deltaChat implements <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PGP</span></a>/MIME on <a href="https://infosec.space/tags/IMAP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IMAP</span></a>+<a href="https://infosec.space/tags/SMTP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SMTP</span></a>, which may be easier to setup in some cases and also offer an easy pipeline to archival requirements in <a href="https://infosec.space/tags/business" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>business</span></a> setups whilst <a href="https://infosec.space/tags/monocles" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monocles</span></a> chat uses <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OMEMO</span></a> first and supports PGP/MIME as a secondary option, making it a good option in individual setups...</li></ul><p>Needless to say both support using <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a> via <a href="https://infosec.space/tags/Orbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Orbot</span></a> and thus connecting to an <a href="https://infosec.space/tags/OnionService" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OnionService</span></a> or just anonymously connecting to the server one personally chooses...</p><ul><li>So unless a provider explicitly bans Tor proactively, they'll work just fine.</li></ul><p>The advantage of XMPP is that it also allows for calls, whereas I've to see how one can do Group Chats on deltaChat at all...</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://tailswish.industries/users/lightspill" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>lightspill</span></a></span> Personally, I think that depends...</p><p>Certain things are matters of taste (i.e. <a href="https://infosec.space/tags/vi" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vi</span></a>, <a href="https://infosec.space/tags/vim" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>vim</span></a>, <a href="https://infosec.space/tags/neovim" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>neovim</span></a>, <a href="https://infosec.space/tags/nano" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>nano</span></a>, <a href="https://infosec.space/tags/ne" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ne</span></a> or <a href="https://infosec.space/tags/kilo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>kilo</span></a> as <a href="https://infosec.space/tags/editors" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>editors</span></a>) and certain things are just objectively correct things to do (i.e. <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PGP</span></a>/MIME encryption on <a href="https://infosec.space/tags/eMail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eMail</span></a>, using <a href="https://infosec.space/tags/MutiVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MutiVendor</span></a> &amp; <a href="https://infosec.space/tags/MultiProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiProvider</span></a> <a href="https://infosec.space/tags/OpenStandads" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenStandads</span></a> instead of <a href="https://infosec.space/tags/proprietary" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>proprietary</span></a> <a href="https://infosec.space/tags/SingleVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SingleVendor</span></a> &amp; <a href="https://infosec.space/tags/SingleProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SingleProvider</span></a> <em>"solutions"</em>...)</p><ul><li>But as <span class="h-card" translate="no"><a href="https://indieweb.social/@tantacrul" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tantacrul</span></a></span> once said: <em>"It's okay to be wrong!"</em> </li></ul><p>As a <a href="https://infosec.space/tags/Linux" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Linux</span></a> &amp; <a href="https://infosec.space/tags/Unix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Unix</span></a>-esque <a href="https://infosec.space/tags/Sysadmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sysadmin</span></a> I'd rather be disliked as <a href="https://infosec.space/tags/BenevolentDictator" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BenevolentDictator</span></a> than to deliver or even maintain subpar, substandard, insecure and unmaintainable solutions, because like an <a href="https://infosec.space/tags/electrician" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>electrician</span></a>, people / businesses or rather clients / employers expect me to plan and deliver solutions that are <em>'up to code'</em> and by <em>'code'</em> I mean the relevant laws and standards ranging from <a href="https://infosec.space/tags/GDPR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GDPR</span></a> &amp; <a href="https://infosec.space/tags/BDSG" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BDSG</span></a> to <a href="https://infosec.space/tags/PCIDSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PCIDSS</span></a> &amp; <a href="https://infosec.space/tags/BSI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BSI</span></a>... </p><ul><li><em>EVERYTHING ELSE is secondary!</em></li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.social/@dangillmor" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>dangillmor</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@eff" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>eff</span></a></span> Yes, but also acknowledge obvious misguidings.</p><ul><li><p>Only if you exercise <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfCustody</span></a> of all the keys are you in control and able to exercise your right to remain silent!</p></li><li><p>Only choose fully <a href="https://infosec.space/tags/decentralized" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>decentralized</span></a>, <a href="https://infosec.space/tags/MultiVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiVendor</span></a> &amp; <a href="https://infosec.space/tags/MultiProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiProvider</span></a> solutions that - <em>if necessary</em> - can be <a href="https://infosec.space/tags/SelfHosted" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfHosted</span></a>, like <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PGP</span></a>/MIME for <a href="https://infosec.space/tags/eMail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eMail</span></a> and <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OMEMO</span></a> for <a href="https://infosec.space/tags/InstantMessaging" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InstantMessaging</span></a>.</p></li><li><p>NEVER EVER TRUST ANY PROVIDER / SERVICE, CUZ <a href="https://web.archive.org/web/20220112020000/https://twitter.com/thegrugq/status/1085614812581715968" rel="nofollow noopener" target="_blank">THEY WILL TALK IF HELD AT GUNPOINT</a> - yes that includes <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> which collect <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> like <a href="https://infosec.space/tags/PhoneNumbers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumbers</span></a> for no <em>"<a href="https://infosec.space/tags/LegitimateInterest" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LegitimateInterest</span></a>"</em> to this day, making them at best <a href="https://infosec.space/tags/UsefulIdiots" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UsefulIdiots</span></a> of the <a href="https://infosec.space/tags/EncroChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EncroChat</span></a> kind but most likely a giant <a href="https://infosec.space/tags/Honeypot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Honeypot</span></a> like <a href="https://infosec.space/tags/AN%C3%98M" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ANØM</span></a> aka. <a href="https://infosec.space/tags/OperationIronside" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OperationIronside</span></a> aka. <a href="https://infosec.space/tags/OperationTr%C3%B8janShield" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OperationTrøjanShield</span></a>. </p></li><li><p>Use <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a> &amp; <a href="https://infosec.space/tags/TorBrowser" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TorBrowser</span></a> instead of a <a href="https://infosec.space/tags/VPN" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VPN</span></a> because it's proven to be battle-tested against bad - <em>including state-sponsored</em> - actors trying to hijack Tor infrastructure!</p></li><li><p>Realize and acknowledge the abilities <em>AND</em> limitations of every method, tool, software, etc.</p></li><li><p>Do learn proper <a href="https://infosec.space/tags/ITsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITsec</span></a>, <a href="https://infosec.space/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a>, <a href="https://infosec.space/tags/OpSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpSec</span></a> &amp; <a href="https://infosec.space/tags/ComSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ComSec</span></a>!!!</p></li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://hackers.town/@thegibson" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>thegibson</span></a></span> Well, what if I told you that neither <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Signal</span></a> nor <a href="https://infosec.space/tags/Threema" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Threema</span></a> nor any <a href="https://infosec.space/tags/centralized" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>centralized</span></a> <a href="https://infosec.space/tags/SingleVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SingleVendor</span></a> &amp; <a href="https://infosec.space/tags/SingleProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SingleProvider</span></a> messenger will be secure.</p><p>But don't take my word for it, because just as <a href="https://web.archive.org/web/20210226175949/https://twitter.com/thegrugq/status/1085614812581715968" rel="nofollow noopener" target="_blank">logless VPNs don't exist</a> so will <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> snitch on every user if served with a court order or forced at gunpoint by LEAs and/or facing jail for not complying with <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudAct</span></a>. </p><ul><li>In fact, I'd be surprised if they haven't done so already...</li></ul><p>If you want real <a href="https://infosec.space/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> and <a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a>, then don't use any <a href="https://infosec.space/tags/messenger" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>messenger</span></a> that demands <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> like <a href="https://infosec.space/tags/PhoneNumbers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumbers</span></a> at all and choose <a href="https://infosec.space/tags/decentralized" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>decentralized</span></a>, <a href="https://infosec.space/tags/MultiVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiVendor</span></a> &amp; <a href="https://infosec.space/tags/MultiProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiProvider</span></a> solutions like <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OMEMO</span></a> where you have <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfCustody</span></a> of all <a href="https://infosec.space/tags/Keys" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Keys</span></a> and thus you are in control!</p><p>Also <a href="https://infosec.space/tags/Telegram" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Telegram</span></a> is exclusively being used by <a href="https://infosec.space/tags/Neonazis" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Neonazis</span></a>, <a href="https://infosec.space/tags/ConspiracyTheorists" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ConspiracyTheorists</span></a> and <a href="https://infosec.space/tags/Disinfo" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Disinfo</span></a> groups...</p>