Sigmoid Social

Kevin Karhan :verified:<a href="https://tweesecake.social/@adisonverlice" class="u-url mention" rel="nofollow noopener" target="_blank">@adisonverlice</a> even if an <a href="https://infosec.space/tags/MVNO" class="mention hashtag" rel="nofollow noopener" target="_blank">#MVNO</a> isn't demanding any <a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#KYC</a> whatsoever (i.e. <a href="https://infosec.space/tags/prepaid" class="mention hashtag" rel="nofollow noopener" target="_blank">#prepaid</a> are offered OTC in most juristictions) it's NOT "<a href="https://infosec.space/tags/Anonymous" class="mention hashtag" rel="nofollow noopener" target="_blank">#Anonymous</a>" but merely <a href="https://infosec.space/tags/pseudonymous" class="mention hashtag" rel="nofollow noopener" target="_blank">#pseudonymous</a> as it's trivial for governments to utilize existing and mandtory "<a href="https://infosec.space/tags/LawfulInterception" class="mention hashtag" rel="nofollow noopener" target="_blank">#LawfulInterception</a>" appliances to create that <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#PII</a> chain.<a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#PhoneNumber</a> <=> <a href="https://infosec.space/tags/ICCID" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICCID</a> (<a href="https://infosec.space/tags/SIMcard" class="mention hashtag" rel="nofollow noopener" target="_blank">#SIMcard</a>) <=> <a href="https://infosec.space/tags/IMSI" class="mention hashtag" rel="nofollow noopener" target="_blank">#IMSI</a> (SIM profile) <=> <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#IMEI</a> (Phone/...).So if <a href="https://infosec.space/tags/Anonymity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Anonymity</a> is important, NONE of these details have to be linked somehow even circumstantial.<ul><li>Bought/paid for the phone/SIM/ a single top-up with ec/CC/PayPal/SEPA/… = busted due to circumstantial connection.</li><li>Use the SIM in any device? Consider them circumstantially connected forever: <a href="https://infosec.space/tags/ICCID" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICCID</a> <=> <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#IMEI</a>.</li><li>Same applies to <a href="https://infosec.space/tags/eSIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#eSIM</a>|s: <a href="https://infosec.space/tags/EID" class="mention hashtag" rel="nofollow noopener" target="_blank">#EID</a> <=> <a href="https://infosec.space/tags/ICCID" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICCID</a> <=> <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#IMEI</a>.</li></ul>Add to the fact that most places have <a href="https://infosec.space/tags/CCTV" class="mention hashtag" rel="nofollow noopener" target="_blank">#CCTV</a>, and assume that they'll keep recordings for the maximum permissible duration if not longer and oftentimes even use questionable cloud services and you get the picture.<ul><li>I.e. in Germany the maximum permissible storage duration is 72 hours (if nothing hapoens that warrants a longer storage i.e. burglary/theft/robbery/arson/...) so anonymous top-ups would necessitate paying cash at a place one's not been known at (i.e. some kiosk) and waiting at least >72 hours (and checking on the purchase location) before redeeming the top-up code (i.e. dialing <code>*104*1234567890123456#</code> )...</li></ul>So any <a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#privacy</a>-based service should never ever & under no circumstances demand a Phone Number!<ul><li>Instead any privacy-focussed service should use <a href="https://infosec.space/tags/OnionServices" class="mention hashtag" rel="nofollow noopener" target="_blank">#OnionServices</a>, host their own <a href="https://infosec.space/tags/OnionService" class="mention hashtag" rel="nofollow noopener" target="_blank">#OnionService</a> or at least <a href="https://infosec.space/tags/DontBlockTor" class="mention hashtag" rel="nofollow noopener" target="_blank">#DontBlockTor</a> and allow users to use it via <a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@torproject</a> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tor</a> to use and signup. (But don't forget circumstantial connections there either!)</li><li>Also the less details they want or store and the least traffic they generate the harder it is to correlate traffic & users.</li></ul>

Kevin Karhan :verified:<a href="https://cloudisland.nz/@xssfox" class="u-url mention" rel="nofollow noopener" target="_blank">@xssfox</a> <a href="https://hachyderm.io/@SnoopJ" class="u-url mention" rel="nofollow noopener" target="_blank">@SnoopJ</a> <a href="https://cloudisland.nz/@pjf" class="u-url mention" rel="nofollow noopener" target="_blank">@pjf</a> really?Is <a href="https://infosec.space/tags/Australia" class="mention hashtag" rel="nofollow noopener" target="_blank">#Australia</a> that cyberfacist?<ul><li>Like I know one's not supposed to have stuff or rather is not allowed to use it for obvious reasons but criminalizing mere possession is just absurd.</li><li>But then again <a href="https://infosec.space/tags/Australia" class="mention hashtag" rel="nofollow noopener" target="_blank">#Australia</a> also <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#IMEI</a>-<a href="https://www.youtube.com/watch?v=zIJavqEzEIw" rel="nofollow noopener" target="_blank">banned</a> devices due to <a href="https://infosec.space/tags/VoLTE" class="mention hashtag" rel="nofollow noopener" target="_blank">#VoLTE</a> mandate and <a href="https://www.youtube.com/watch?v=r2h3iSA-Vac" rel="nofollow noopener" target="_blank">banned</a> <a href="https://www.youtube.com/watch?v=1OwUphqTBSw" rel="nofollow noopener" target="_blank">encrypted devices</a>…</li></ul>

Kevin Karhan :verified:<a href="https://mastodon.social/@stman" class="u-url mention" rel="nofollow noopener" target="_blank">@stman</a> <a href="https://infosec.exchange/@Sempf" class="u-url mention" rel="nofollow noopener" target="_blank">@Sempf</a> <a href="https://chaos.social/@LaF0rge" class="u-url mention" rel="nofollow noopener" target="_blank">@LaF0rge</a> yes.Because physical SIMs, like any "cryptographic chipcard" (i.e. <a href="https://social.nitrokey.com/@nitrokey" class="u-url mention" rel="nofollow noopener" target="_blank">@nitrokey</a> ) did all that fancy public/private crypto on silicon and unless that was compromizeable (which AFAICT always necessistated physical access to the <a href="https://infosec.space/tags/SIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#SIM</a>, espechally in pre-<a href="https://infosec.space/tags/OMAPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#OMAPI</a> devices) the SIM wasn't 'cloneable' and the weakest link always had been the <a href="https://infosec.space/tags/MNO" class="mention hashtag" rel="nofollow noopener" target="_blank">#MNO</a> /.<a href="https://infosec.space/tags/MVNO" class="mention hashtag" rel="nofollow noopener" target="_blank">#MVNO</a> issueing (may it be through <a href="https://infosec.space/tags/SocialHacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#SocialHacking</a> employees into <a href="https://infosec.space/tags/SimSwapping" class="mention hashtag" rel="nofollow noopener" target="_blank">#SimSwapping</a> or LEAs showng up with a warrant and demanding "<a href="https://infosec.space/tags/LawfulInterception" class="mention hashtag" rel="nofollow noopener" target="_blank">#LawfulInterception</a>"):<ul><li>These "attack vectors" were known and whilst unfixable they could at least be mitigated by i.e. NEVER using a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#PhoneNumber</a> for anything and/or using anonymously obtained <a href="https://infosec.space/tags/SIMs" class="mention hashtag" rel="nofollow noopener" target="_blank">#SIMs</a>. But more and more services like <a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@signalapp</a> did <a href="https://infosec.space/tags/regression" class="mention hashtag" rel="nofollow noopener" target="_blank">#regression</a> demanding <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#PII</a> and more and more nations criminalized <a href="https://infosec.space/tags/AnonymousSimCards" class="mention hashtag" rel="nofollow noopener" target="_blank">#AnonymousSimCards</a> under utterly <a href="https://infosec.space/tags/cyberfacist" class="mention hashtag" rel="nofollow noopener" target="_blank">#cyberfacist</a> & <a href="https://infosec.space/tags/FalsePretenses" class="mention hashtag" rel="nofollow noopener" target="_blank">#FalsePretenses</a>!</li></ul>Add to that the regression in flexibility: Unlike a <a href="https://infosec.space/tags/SimCard" class="mention hashtag" rel="nofollow noopener" target="_blank">#SimCard</a> which was designed as a vendor-independent, <a href="https://infosec.space/tags/MultiVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#MultiVendor</a>, <a href="https://infosec.space/tags/MultiProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#MultiProvider</a>, device agnostic unit to facilitate the the <a href="https://infosec.space/tags/authentification" class="mention hashtag" rel="nofollow noopener" target="_blank">#authentification</a> and <a href="https://infosec.space/tags/encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#encryption</a> in <a href="https://infosec.space/tags/GSM" class="mention hashtag" rel="nofollow noopener" target="_blank">#GSM</a> (and successor standards), <a href="https://infosec.space/tags/eSIMs" class="mention hashtag" rel="nofollow noopener" target="_blank">#eSIMs</a> act to restrict <a href="https://infosec.space/tags/DeviceFreedom" class="mention hashtag" rel="nofollow noopener" target="_blank">#DeviceFreedom</a> and <a href="https://infosec.space/tags/ConsumerChoice" class="mention hashtag" rel="nofollow noopener" target="_blank">#ConsumerChoice</a>, which with shit like <a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#KYC</a> per <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#IMEI</a> (i.e. <a href="https://infosec.space/tags/Turkey" class="mention hashtag" rel="nofollow noopener" target="_blank">#Turkey</a> demands it after 90 days of roaming per year) und <a href="https://infosec.space/tags/lMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#lMEI</a>-based <a href="https://infosec.space/tags/Allowlisting" class="mention hashtag" rel="nofollow noopener" target="_blank">#Allowlisting</a> (see <a href="https://infosec.space/tags/Australia" class="mention hashtag" rel="nofollow noopener" target="_blank">#Australia</a>'s shitty <a href="https://infosec.space/tags/VoLTE" class="mention hashtag" rel="nofollow noopener" target="_blank">#VoLTE</a> + <a href="https://infosec.space/tags/2G" class="mention hashtag" rel="nofollow noopener" target="_blank">#2G</a> & <a href="https://infosec.space/tags/3G" class="mention hashtag" rel="nofollow noopener" target="_blank">#3G</a> shutdown!) are just acts to clamp down on <a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#privacy</a> and <a href="https://infosec.space/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a>.<ul><li>And with <a href="https://infosec.space/tags/EID" class="mention hashtag" rel="nofollow noopener" target="_blank">#EID</a> being unique per <a href="https://infosec.space/tags/eSIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#eSIM</a> (like the <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#IMEI</a> on top!) there's nothing stopping <a href="https://infosec.space/tags/cyberfacist" class="mention hashtag" rel="nofollow noopener" target="_blank">#cyberfacist</a> regimes like "P.R." <a href="https://infosec.space/tags/China" class="mention hashtag" rel="nofollow noopener" target="_blank">#China</a>, <a href="https://infosec.space/tags/Russia" class="mention hashtag" rel="nofollow noopener" target="_blank">#Russia</a>, <a href="https://infosec.space/tags/Iran" class="mention hashtag" rel="nofollow noopener" target="_blank">#Iran</a>, ... from banning "<a href="https://infosec.space/tags/eSIMcards" class="mention hashtag" rel="nofollow noopener" target="_blank">#eSIMcards</a>" (<a href="https://infosec.space/tags/eSIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#eSIM</a> in SIM card form factor) or entire device prefixes (i.e. all phones that are supported by <a href="https://grapheneos.social/@GrapheneOS" class="u-url mention" rel="nofollow noopener" target="_blank">@GrapheneOS</a> ), as M(V)NOs see the EID used to deploy/activate a profile (obviously they don't want people to activate eSIMs more than once, unless explicitly allowed otherwise.</li></ul>"[…] [Technologies] must always be evaluated for their ability to oppress. […] <ul><li>Dan Olson</li></ul>And now you know why I consider a <a href="https://infosec.space/tags/smartphone" class="mention hashtag" rel="nofollow noopener" target="_blank">#smartphone</a> with eSIM instead of two SIM slots not as a real <a href="https://infosec.space/tags/DualSIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#DualSIM</a> device because it restricts my ability to freely move devices.<ul><li>And whilst German Courts reaffirmed §77 TKG (Telco Law)'s mandate to letting people choose their devices freely, (by declarong <a href="https://infosec.space/tags/fees" class="mention hashtag" rel="nofollow noopener" target="_blank">#fees</a> for reissue of eSIMs illegal) that is only enforceable towards M(V)NOs who are in <a href="https://infosec.space/tags/Germany" class="mention hashtag" rel="nofollow noopener" target="_blank">#Germany</a>, so 'good luck' trying to enforce that against some overseas roaming provider.</li></ul>Thus <a href="https://infosec.space/tags/Impersonation" class="mention hashtag" rel="nofollow noopener" target="_blank">#Impersonation</a> attacks in GSM-based networks are easier than ever before which in the age of more skilled than ever <a href="https://infosec.space/tags/Cybercriminals" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cybercriminals</a> and <a href="https://infosec.space/tags/Cyberterrorists" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cyberterrorists</a> (i.e. <a href="https://infosec.space/tags/NSA" class="mention hashtag" rel="nofollow noopener" target="_blank">#NSA</a> & <a href="https://infosec.space/tags/Roskomnadnozr" class="mention hashtag" rel="nofollow noopener" target="_blank">#Roskomnadnozr</a>) puts espechally the average <a href="https://infosec.space/tags/TechIlliterate" class="mention hashtag" rel="nofollow noopener" target="_blank">#TechIlliterate</a> User at risk.<ul><li>I mean, anyone else remember the <a href="https://infosec.space/tags/Kiddies" class="mention hashtag" rel="nofollow noopener" target="_blank">#Kiddies</a> that fucked around with <a href="https://infosec.space/tags/CIA" class="mention hashtag" rel="nofollow noopener" target="_blank">#CIA</a> director <a href="https://infosec.space/tags/Brennan" class="mention hashtag" rel="nofollow noopener" target="_blank">#Brennan</a>? Those were just using their "weapons-grade <a href="https://infosec.space/tags/boredom" class="mention hashtag" rel="nofollow noopener" target="_blank">#boredom</a>", not being effective, for-profit cyber criminals!</li></ul>And then think about those who don't have privilegued access to protection by their government, but rather "privilegued access" to prosecution by the state because their very existance is criminalized... The only advantage eSIMs broight in contrast is 'logistical' convenience because it's mostly a <a href="https://infosec.space/tags/QRcode" class="mention hashtag" rel="nofollow noopener" target="_blank">#QRcode</a> and that's just a way to avoid typos on a cryptic <a href="https://infosec.space/tags/LocalProfileAgent" class="mention hashtag" rel="nofollow noopener" target="_blank">#LocalProfileAgent</a> link.

Kevin Karhan :verified:<a href="https://chaos.social/@LaF0rge" class="u-url mention" rel="nofollow noopener" target="_blank">@LaF0rge</a> <a href="https://mastodon.social/@sysmocom" class="u-url mention" rel="nofollow noopener" target="_blank">@sysmocom</a> I do agree on that one.The main problem with some mandate in that regard is that such regulations then get flexed against consumers.Notable examples are the:<ul><li><a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#IMEI</a>-Blocking in <a href="https://infosec.space/tags/Turkey" class="mention hashtag" rel="nofollow noopener" target="_blank">#Turkey</a> after 90 days and subsequent demand for <a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#KYC</a> even for <a href="https://infosec.space/tags/Roaming" class="mention hashtag" rel="nofollow noopener" target="_blank">#Roaming</a> devices.</li><li><a href="https://infosec.space/tags/Australia" class="mention hashtag" rel="nofollow noopener" target="_blank">#Australia</a>'s IMEI-Firewall because some morons decided they wanted to axe <a href="https://infosec.space/tags/2G" class="mention hashtag" rel="nofollow noopener" target="_blank">#2G</a> & <a href="https://infosec.space/tags/3G" class="mention hashtag" rel="nofollow noopener" target="_blank">#3G</a> despite millions of devices that can't do <a href="https://infosec.space/tags/VoLTE" class="mention hashtag" rel="nofollow noopener" target="_blank">#VoLTE</a> still being in use.</li></ul>Now granted anyone who can manipulate the IMEI can circumvent that but that means 99,9% of all users aka. "<a href="https://infosec.space/tags/TechIlliterates" class="mention hashtag" rel="nofollow noopener" target="_blank">#TechIlliterates</a>" can't.

Kevin Karhan :verified:<a href="https://grapheneos.social/@GrapheneOS" class="u-url mention" rel="nofollow noopener" target="_blank">@GrapheneOS</a> <a href="https://fedi.omada.cafe/@fluffery" class="u-url mention" rel="nofollow noopener" target="_blank">@fluffery</a> <a href="https://chaos.social/@maumau" class="u-url mention" rel="nofollow noopener" target="_blank">@maumau</a> <a href="https://social.tchncs.de/@BryanGreyson" class="u-url mention" rel="nofollow noopener" target="_blank">@BryanGreyson</a> <a href="https://mas.to/@fairphone" class="u-url mention" rel="nofollow noopener" target="_blank">@fairphone</a> I.e. <a href="https://mstdn.social/@BrodieOnLinux" class="u-url mention" rel="nofollow noopener" target="_blank">@BrodieOnLinux</a> could not use any of those because they don't support <a href="https://infosec.space/tags/VoLTE" class="mention hashtag" rel="nofollow noopener" target="_blank">#VoLTE</a> (not just in <a href="https://infosec.space/tags/Australia" class="mention hashtag" rel="nofollow noopener" target="_blank">#Australia</a>) and thus would be blocked by the <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#IMEI</a>-<a href="https://infosec.space/tags/Firewall" class="mention hashtag" rel="nofollow noopener" target="_blank">#Firewall</a>! <a href="https://www.youtube.com/watch?v=zIJavqEzEIw" rel="nofollow noopener" translate="no" target="_blank">https://www.youtube.com/watch?v=zIJavqEzEIw</a>

Kevin Karhan :verified:<a href="https://fedifreu.de/@cryptgoat" class="u-url mention" rel="nofollow noopener" target="_blank">@cryptgoat</a> ja, nur ist es quasi illegal <a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@signalapp</a> / <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#Signal</a> <a href="https://infosec.space/tags/anonym" class="mention hashtag" rel="nofollow noopener" target="_blank">#anonym</a> (also faktisch nur <a href="https://infosec.space/tags/pseudonym" class="mention hashtag" rel="nofollow noopener" target="_blank">#pseudonym</a>, weil stets korrelierbar qua <a href="https://infosec.space/tags/Rufnummer" class="mention hashtag" rel="nofollow noopener" target="_blank">#Rufnummer</a> -> <a href="https://infosec.space/tags/ICCID" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICCID</a> -> <a href="https://infosec.space/tags/IMSI" class="mention hashtag" rel="nofollow noopener" target="_blank">#IMSI</a> -> <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#IMEI</a> -> <a href="https://infosec.space/tags/Location" class="mention hashtag" rel="nofollow noopener" target="_blank">#Location</a>) zu nutzen.<ul><li>Seit 07/2017 sind anonyme <a href="https://infosec.space/tags/SIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#SIM</a>-Karten faktisch illegal und ne SIM mir Rufnummer ist ne <a href="https://infosec.space/tags/Paywall" class="mention hashtag" rel="nofollow noopener" target="_blank">#Paywall</a> die faktisch teurer ist als nen <a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@monocles</a> - Abo.</li></ul>Allein die notwendigen <a href="https://infosec.space/tags/Workarounds" class="mention hashtag" rel="nofollow noopener" target="_blank">#Workarounds</a> sind so heftig paywalled dass es eher sinn macht 1h Hands-on - Training zu investieren...<ul><li>Von den <a href="https://infosec.space/@kkarhan/114234551915193036" rel="nofollow noopener" target="_blank">Problemen die Signal hat</a> ganz zu schweigen...</li></ul><a href="https://fedifreu.de/@cryptgoat/114705198216850106" rel="nofollow noopener" translate="no" target="_blank">https://fedifreu.de/@cryptgoat/114705198216850106</a>

Kevin Karhan :verified:<a href="https://mastodon.social/@derekmorr" class="u-url mention" rel="nofollow noopener" target="_blank">@derekmorr</a> <blockquote>Let it go, already. No one uses MobileCoin. You can’t even find an exchange to buy it.</blockquote>Then why does <a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@signalapp</a> still have that shit in it? <a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener" target="_blank">@Mer__edith</a> could've pulled that <a href="https://infosec.space/tags/Shitcoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#Shitcoin</a> yet refuses to do do!<blockquote>The Cloud Act is a non-issue. Signal doesn’t have data on users, so they can’t be forced to disclose it.</blockquote>That's literally wrong!<ul><li><a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#Signal</a> not only collects <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#PII</a> in the form of a <a href="https://infosec.space/tags/PhoneNumher" class="mention hashtag" rel="nofollow noopener" target="_blank">#PhoneNumher</a> but explicitly is able and willing to use that to dsicriminate against users and restrict app functionality based off their presumed juristiction. There is no "legitimate interest" for.doing so nor any legal mandate to do so (unless we excuse the ehole <a href="https://infosec.space/tags/MobileCoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#MobileCoin</a>-<a href="https://infosec.space/tags/Scam" class="mention hashtag" rel="nofollow noopener" target="_blank">#Scam</a>!)</li></ul><blockquote>It’s been 30 years, and no one uses xmpp. Let it go.</blockquote>Wrong again. Otherwise there wouldn't be thriving ecosystems and Apps to this day. It's just that corporate shills refuse to acknowledge that Signal - like all centralized, proprietary, <a href="https://infosec.space/tags/SingleVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#SingleVendor</a> and/or <a href="https://infosec.space/tags/SingleProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#SingleProvider</a> kessengers before and after - will inevitably die as their business model is not sustainable. Sake with <a href="https://infosec.space/tags/ICQ" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICQ</a> really. The only exceptions are those that abolish <a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#privacy</a> for <a href="https://infosec.space/tags/profit" class="mention hashtag" rel="nofollow noopener" target="_blank">#profit</a>, integrate actually working payments or sellout to a <a href="https://infosec.space/tags/cyberfacist" class="mention hashtag" rel="nofollow noopener" target="_blank">#cyberfacist</a> <a href="https://infosec.space/tags/government" class="mention hashtag" rel="nofollow noopener" target="_blank">#government</a> (all those apply to <a href="https://infosec.space/tags/WeChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#WeChat</a>!)<blockquote>It’s shocking that people who claim to care about security and privacy push niche apps with terrible UX and no PFS like Delta or XMPP instead of the only private messenger with any real market share, Signal.</blockquote>You know what's shocking to me: People who are unable or rather unwilling.to acknowledge that Signal is garbage and it's requirement for a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#PhoneNumber</a> kills any <a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#privacy</a> benefits it may have on paper by virtue of being at best pseudonymous (assuming the userd don't live in a juristiction that demands "<a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#KYC</a>" for even prepaid <a href="https://infosec.space/tags/SIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#SIM</a> cards (ime. <a href="https://infosec.space/tags/Germany" class="mention hashtag" rel="nofollow noopener" target="_blank">#Germany</a>) or god forbid even <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#IMEI</a>|s (i.e. <a href="https://infosec.space/tags/Turkey" class="mention hashtag" rel="nofollow noopener" target="_blank">#Turkey</a> has a literal allowlist that'll kick any device off it's MNOs after 90 days within 365 days.<ul><li>The <a href="https://infosec.space/tags/UScentric" class="mention hashtag" rel="nofollow noopener" target="_blank">#UScentric</a> approach to <a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#privacy</a> and <a href="https://infosec.space/tags/threats" class="mention hashtag" rel="nofollow noopener" target="_blank">#threats</a> makes Signal absolutely useless in many cases, and I do speak here from experience. </li></ul>I'd rather help people onboard <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#XMPP</a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#OMEMO</a> like <a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@monocles</a> and/or <a href="https://fosstodon.org/@gajim" class="u-url mention" rel="nofollow noopener" target="_blank">@gajim</a> or <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#PGP</a>/MIME like <a href="https://chaos.social/@delta" class="u-url mention" rel="nofollow noopener" target="_blank">@delta</a> & <a href="https://mastodon.online/@thunderbird" class="u-url mention" rel="nofollow noopener" target="_blank">@thunderbird</a> (incl. setting them up with <a href="https://infosec.space/tags/Orbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#Orbot</a> / <a href="https://infosec.space/tags/TorBrowserBundle" class="mention hashtag" rel="nofollow noopener" target="_blank">#TorBrowserBundle</a> / <a href="https://venera.social/profile/tails_live" class="u-url mention" rel="nofollow noopener" target="_blank">@tails_live</a> so their traffic gets through <a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@torproject</a> and doesn't provide any useable IP addresses. <ul><li>I've literally been there and done that!</li></ul>As for <a href="https://infosec.space/tags/Sustainability" class="mention hashtag" rel="nofollow noopener" target="_blank">#Sustainability</a>, providers like <a href="https://monocles.eu" rel="nofollow noopener" translate="no" target="_blank">https://monocles.eu</a> finance themselves by subscriptions (starting at €2 p.m.) which people can pay fully anonymous using <a href="https://infosec.space/tags/CashByMail" class="mention hashtag" rel="nofollow noopener" target="_blank">#CashByMail</a> and <a href="https://infosec.space/tags/Monero" class="mention hashtag" rel="nofollow noopener" target="_blank">#Monero</a> on top of common payment methods (i.e. SEPA wire transfer)...<ul><li>So even if you think "<a href="https://infosec.space/tags/monocles" class="mention hashtag" rel="nofollow noopener" target="_blank">#monocles</a> is a <a href="https://infosec.space/tags/honeypot" class="mention hashtag" rel="nofollow noopener" target="_blank">#honeypot</a>" that is mitigateable ciz unlike with Signal you can choose your own client, choose a different provider & exervise self-custody of all tue keys!</li></ul>

Kevin Karhan :verified:<a href="https://infosec.exchange/@n_dimension" class="u-url mention" rel="nofollow noopener" target="_blank">@n_dimension</a> <a href="https://mastodon.social/@shaknais" class="u-url mention" rel="nofollow noopener" target="_blank">@shaknais</a> <a href="https://beige.party/@maxleibman" class="u-url mention" rel="nofollow noopener" target="_blank">@maxleibman</a> what kind of facist policestate has it become?<ul><li>Oh nevermind, having an encrypted phone or using secure communications is also illegal, I guess... [1 - 5]</li></ul>And to enshure "criminals" can't just order something on ShitExpress, they now have an <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#IMEI</a>-<a href="https://infosec.space/tags/Allowlisting" class="mention hashtag" rel="nofollow noopener" target="_blank">#Allowlisting</a> / <a href="https://infosec.space/tags/Firewall" class="mention hashtag" rel="nofollow noopener" target="_blank">#Firewall</a> <a href="https://www.youtube.com/watch?v=zIJavqEzEIw" rel="nofollow noopener" target="_blank">in place</a> that makes the <a href="https://infosec.space/tags/Turkish" class="mention hashtag" rel="nofollow noopener" target="_blank">#Turkish</a> Registration Demands look chill in comparison, [6 - 10] cuz they only yeet devices after 90 days and not preemtively block them from any network!<ul><li>This wouldn't be such a proplem if Australia was like Germany where the furthest doctor away is 1hr by bike and the worst one could get is a bite from a rabid fox and having to get some post-exposure shots. So yeah tourists are not gonna be able to call for help in down under... </li></ul>Seriously, whoever came up with these ideas needs to touch grass, preferablzyin the outback on foot!<a href="https://www.wired.com/story/australia-encryption-law-global-impact/" rel="nofollow noopener" target="_blank">1</a> <a href="https://www.aljazeera.com/news/2022/4/5/australias-dangerous-encryption-law-in-works-in-2015-document" rel="nofollow noopener" target="_blank">2</a> <a href="https://astorlegal.com.au/are-cipher-phones-illegal-in-australia/" rel="nofollow noopener" target="_blank">3</a> <a href="https://www.kingstonfox.com.au/articles/what-are-dedicated-encrypted-criminal-communication-device-prohibition-orders" rel="nofollow noopener" target="_blank">4</a> <a href="https://www.homeaffairs.gov.au/about-us/our-portfolios/national-security/lawful-access-telecommunications/data-encryption" rel="nofollow noopener" target="_blank">5</a> <a href="https://istanbul.tips/detailed-manual-on-how-to-unlock-imei-in-turkey/" rel="nofollow noopener" target="_blank">6</a> <a href="https://www.mcks.gov.tr/en/registration-and-matching" rel="nofollow noopener" target="_blank">7</a> <a href="https://ico.ku.edu.tr/resources/registering-mobile-phones/" rel="nofollow noopener" target="_blank">8</a> <a href="https://expatguideturkey.com/how-can-foreigners-register-imei-in-turkey/" rel="nofollow noopener" target="_blank">9</a> <a href="https://www.vartur.com/avoid-penalties-register-your-mobile-phone-in-turkey" rel="nofollow noopener" target="_blank">10</a>

Kevin Karhan :verified:<a href="https://mstdn.jp/@landley" class="u-url mention" rel="nofollow noopener" target="_blank">@landley</a> <a href="https://mstdn.social/@jschauma" class="u-url mention" rel="nofollow noopener" target="_blank">@jschauma</a> <a href="https://infosec.exchange/@ryanc" class="u-url mention" rel="nofollow noopener" target="_blank">@ryanc</a> <a href="https://infosec.exchange/@0xabad1dea" class="u-url mention" rel="nofollow noopener" target="_blank">@0xabad1dea</a> yeah, the exhaustion problem would've been shoved back with a <a href="https://infosec.space/tags/64bit" class="mention hashtag" rel="nofollow noopener" target="_blank">#64bit</a> or sufficiently delayed by a 40bit number.Unless we also hate <a href="https://infosec.space/tags/NAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#NAT</a> and expect every device to have a unique static <a href="https://infosec.space/tags/IP" class="mention hashtag" rel="nofollow noopener" target="_blank">#IP</a> (which is a <a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#privacy</a> nightmare at best that "<a href="https://infosec.space/tags/PrivacyExtensions" class="mention hashtag" rel="nofollow noopener" target="_blank">#PrivacyExtensions</a>" barely fixed.) <ul><li>I mean they could've also gone the <a href="https://infosec.space/tags/DECnet" class="mention hashtag" rel="nofollow noopener" target="_blank">#DECnet</a> approach and use the <a href="https://infosec.space/tags/EUI48" class="mention hashtag" rel="nofollow noopener" target="_blank">#EUI48</a> / <a href="https://infosec.space/tags/MAC" class="mention hashtag" rel="nofollow noopener" target="_blank">#MAC</a>-Address (or <a href="https://infosec.space/tags/EUI64" class="mention hashtag" rel="nofollow noopener" target="_blank">#EUI64</a>) as static addressing system, but that would've made <a href="https://infosec.space/tags/vendors" class="mention hashtag" rel="nofollow noopener" target="_blank">#vendors</a> and not <a href="https://infosec.space/tags/ISPs" class="mention hashtag" rel="nofollow noopener" target="_blank">#ISPs</a> the powerful forces of allocation. (Similar to how technically the <a href="https://infosec.space/tags/ICCID" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICCID</a> dictates <a href="https://infosec.space/tags/GSM" class="mention hashtag" rel="nofollow noopener" target="_blank">#GSM</a> / <a href="https://infosec.space/tags/4G" class="mention hashtag" rel="nofollow noopener" target="_blank">#4G</a> / <a href="https://infosec.space/tags/5G" class="mention hashtag" rel="nofollow noopener" target="_blank">#5G</a> access and not the <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#IMEI</a> unless places like Australia ban imported devices.</li></ul> I guess using a <a href="https://infosec.space/tags/128bit" class="mention hashtag" rel="nofollow noopener" target="_blank">#128bit</a> address space was inspired by <a href="https://infosec.space/tags/ZFS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ZFS</a> doing the same before, as the folks who designed both wanted to design a solution that clearly will outlive them (way harder than COBOL has outlived Grace Hopper)...<ul><li>Personally I've only had headaches with <a href="https://infosec.space/tags/IPv6" class="mention hashtag" rel="nofollow noopener" target="_blank">#IPv6</a> because not only do I only have <a href="https://infosec.space/tags/IPv4only" class="mention hashtag" rel="nofollow noopener" target="_blank">#IPv4only</a> <a href="https://infosec.space/tags/Internet" class="mention hashtag" rel="nofollow noopener" target="_blank">#Internet</a> but my <a href="https://infosec.space/tags/ISP" class="mention hashtag" rel="nofollow noopener" target="_blank">#ISP</a> refuses to allocate even a singe /64 to me (but has no problem throwing in a free /29 of <a href="https://infosec.space/tags/IPv4" class="mention hashtag" rel="nofollow noopener" target="_blank">#IPv4</a>'s in with my contract!)and stuff like <a href="https://infosec.space/tags/HurricaneElectric" class="mention hashtag" rel="nofollow noopener" target="_blank">#HurricaneElectric</a> / <a href="https://infosec.space/tags/HEnet" class="mention hashtag" rel="nofollow noopener" target="_blank">#HEnet</a>'s <a href="https://infosec.space/tags/Tunnelbroker" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tunnelbroker</a> fail face first due to <a href="https://infosec.space/tags/Geoblocking" class="mention hashtag" rel="nofollow noopener" target="_blank">#Geoblocking</a> and the fact that <a href="https://infosec.space/tags/ASNs" class="mention hashtag" rel="nofollow noopener" target="_blank">#ASNs</a> get geolocated, not their <a href="https://infosec.space/tags/PoPs" class="mention hashtag" rel="nofollow noopener" target="_blank">#PoPs</a>... </li></ul>If I was <a href="https://social.bund.de/@BNetzA" class="u-url mention" rel="nofollow noopener" target="_blank">@BNetzA</a> I would've mandated <a href="https://infosec.space/tags/DualStack" class="mention hashtag" rel="nofollow noopener" target="_blank">#DualStack</a> and banned <a href="https://infosec.space/tags/CGNAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#CGNAT</a> (or at least the use of CGNAT in <a href="https://infosec.space/tags/RFC1918" class="mention hashtag" rel="nofollow noopener" target="_blank">#RFC1918</a> address spaces) as well as <a href="https://infosec.space/tags/DualStackLite" class="mention hashtag" rel="nofollow noopener" target="_blank">#DualStackLite</a>!

Kevin Karhan :verified:<a href="https://infosec.exchange/@bob_zim" class="u-url mention" rel="nofollow noopener" target="_blank">@bob_zim</a> <a href="https://infosec.exchange/@micahflee" class="u-url mention" rel="nofollow noopener" target="_blank">@micahflee</a> <a href="https://social.heise.de/@heiseonline" class="u-url mention" rel="nofollow noopener" target="_blank">@heiseonline</a> <a href="https://squeet.me/profile/golem" class="u-url mention" rel="nofollow noopener" target="_blank">@golem</a> Makes sense.<ul><li>After all, the whole <a href="https://infosec.space/tags/IMSIcatcher" class="mention hashtag" rel="nofollow noopener" target="_blank">#IMSIcatcher</a> system can be detected by passive <a href="https://infosec.space/tags/SIGINT" class="mention hashtag" rel="nofollow noopener" target="_blank">#SIGINT</a> as it's an active attack on mobile networks.</li></ul>I wounder if I can get a compatible device in <a href="https://infosec.space/tags/Germany" class="mention hashtag" rel="nofollow noopener" target="_blank">#Germany</a> as well...<ul><li>Bonis points if that device has a freely reprogrammable <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#IMEI</a> to allow hiding it's <a href="https://github.com/greyhat-academy/lists.d/blob/main/imei.devices.list.tsv" rel="nofollow noopener" target="_blank">identity</a>.</li></ul>

Kevin Karhan :verified:<a href="https://mastodon.nz/@phlogiston" class="u-url mention" rel="nofollow noopener" target="_blank">@phlogiston</a> <a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@torproject</a> <a href="https://social.librem.one/@guardianproject" class="u-url mention" rel="nofollow noopener" target="_blank">@guardianproject</a> at least <a href="https://social.bund.de/@BNetzA" class="u-url mention" rel="nofollow noopener" target="_blank">@BNetzA</a> & <a href="https://social.bund.de/@Bundesregierung" class="u-url mention" rel="nofollow noopener" target="_blank">@Bundesregierung</a> didn't cancel <a href="https://infosec.space/tags/2G" class="mention hashtag" rel="nofollow noopener" target="_blank">#2G</a> / <a href="https://infosec.space/tags/GSM" class="mention hashtag" rel="nofollow noopener" target="_blank">#GSM</a> / <a href="https://infosec.space/tags/EDGE" class="mention hashtag" rel="nofollow noopener" target="_blank">#EDGE</a> with the <a href="https://infosec.space/tags/3Gshutdown" class="mention hashtag" rel="nofollow noopener" target="_blank">#3Gshutdown</a> like <a href="https://infosec.space/tags/Australia" class="mention hashtag" rel="nofollow noopener" target="_blank">#Australia</a> did recently.<ul><li>Seriously, the Ozzies <a href="https://infosec.space/@kkarhan/113866074599066600" rel="nofollow noopener" target="_blank">mandate</a> <a href="https://infosec.space/tags/VoLTE" class="mention hashtag" rel="nofollow noopener" target="_blank">#VoLTE</a> and literally block <a href="https://infosec.space/tags/ImportPhones" class="mention hashtag" rel="nofollow noopener" target="_blank">#ImportPhones</a> based off <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#IMEI</a>!</li></ul>

Kevin Karhan :verified:<a href="https://possum.city/@tauon" class="u-url mention" rel="nofollow noopener" target="_blank">@tauon</a> 1) <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener" target="_blank">#CloudAct</a> is just <a href="https://infosec.space/tags/CyberFacism" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberFacism</a>, look it up! <a href="https://en.wikipedia.org/wiki/CLOUD_Act" rel="nofollow noopener" translate="no" target="_blank">https://en.wikipedia.org/wiki/CLOUD_Act</a><ul><li>And with <a href="https://infosec.space/tags/Trumpism" class="mention hashtag" rel="nofollow noopener" target="_blank">#Trumpism</a> ravaging the <a href="https://infosec.space/tags/USA" class="mention hashtag" rel="nofollow noopener" target="_blank">#USA</a> must be considered as <a href="https://infosec.space/tags/hostile" class="mention hashtag" rel="nofollow noopener" target="_blank">#hostile</a> as <a href="https://infosec.space/tags/Russia" class="mention hashtag" rel="nofollow noopener" target="_blank">#Russia</a> and the "P.R." <a href="https://infosec.space/tags/China" class="mention hashtag" rel="nofollow noopener" target="_blank">#China</a> by anyone who takes <a href="https://infosec.space/tags/OpSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpSec</a>, <a href="https://infosec.space/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> & <a href="https://infosec.space/tags/ComSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#ComSec</a> seriously!</li></ul>-2) <a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@signalapp</a> 's <a href="https://infosec.space/tags/Server" class="mention hashtag" rel="nofollow noopener" target="_blank">#Server</a> code is proprietary and since it's centralized we can't trust that the code they release is what's running on their backend! <ul><li>Plus their <a href="https://infosec.space/tags/App" class="mention hashtag" rel="nofollow noopener" target="_blank">#App</a> doesn't allow <a href="https://infosec.space/tags/ReproducibleBuilds" class="mention hashtag" rel="nofollow noopener" target="_blank">#ReproducibleBuilds</a> (if Signal was <a href="https://infosec.space/tags/FLOSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#FLOSS</a> it would be on <a href="https://floss.social/@fdroidorg" class="u-url mention" rel="nofollow noopener" target="_blank">@fdroidorg</a> / <a href="https://infosec.space/tags/Fdroid" class="mention hashtag" rel="nofollow noopener" target="_blank">#Fdroid</a>) but alas it isn't!</li></ul>-3) <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#Signal</a> still demands <a href="https://infosec.space/tags/PhoneNumbers" class="mention hashtag" rel="nofollow noopener" target="_blank">#PhoneNumbers</a> which are <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#PII</a> either by association (<a href="https://infosec.space/tags/Number" class="mention hashtag" rel="nofollow noopener" target="_blank">#Number</a> => <a href="https://infosec.space/tags/ICCID" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICCID</a> = <a href="https://infosec.space/tags/SIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#SIM</a> = <a href="https://infosec.space/tags/IMSI" class="mention hashtag" rel="nofollow noopener" target="_blank">#IMSI</a> => <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#IMEI</a> => Location Data <a href="https://infosec.space/@kkarhan/113467346741876822" rel="nofollow noopener" target="_blank">as I explained before</a><a href="https://infosec.space/@kkarhan/113878565911126519" rel="nofollow noopener" target="_blank">twice</a>) or mandatory <a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#KYC</a> / <a href="https://infosec.space/tags/ID" class="mention hashtag" rel="nofollow noopener" target="_blank">#ID</a> requirements (even on prepaid cards), which an increasing amount of juristictions do...<ul><li>They have no "<a href="https://infosec.space/tags/LegitimateInterest" class="mention hashtag" rel="nofollow noopener" target="_blank">#LegitimateInterest</a>" demanding said <a href="https://infosec.space/tags/PersonallyIdentifyingInformation" class="mention hashtag" rel="nofollow noopener" target="_blank">#PersonallyIdentifyingInformation</a> to begin with! </li></ul>-But don't take my word for it. <a href="https://www.youtube.com/watch?v=tJoO2uWrX1M" rel="nofollow noopener" translate="no" target="_blank">https://www.youtube.com/watch?v=tJoO2uWrX1M</a><ul><li>Ask yourself if you'd trust someone <a href="https://www.youtube.com/watch?v=0DSGq9FQKU4" rel="nofollow noopener" target="_blank">peddlibg</a> <a href="https://infosec.space/tags/Shitcoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#Shitcoin</a> <a href="https://infosec.space/tags/Scams" class="mention hashtag" rel="nofollow noopener" target="_blank">#Scams</a> like <a href="https://infosec.space/tags/MobileCoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#MobileCoin</a> with your data!</li></ul>

Kevin Karhan :verified:<a href="https://hachyderm.io/@lucasmz" class="u-url mention" rel="nofollow noopener" target="_blank">@lucasmz</a> <a href="https://ioc.exchange/@Avitus" class="u-url mention" rel="nofollow noopener" target="_blank">@Avitus</a> <a href="https://infosec.exchange/@david_chisnall" class="u-url mention" rel="nofollow noopener" target="_blank">@david_chisnall</a> the benefit of <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#XMPP</a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#OMEMO</a> is that there are <a href="https://github.com/greyhat-academy/lists.d/blob/main/xmpp.servers.list.tsv" rel="nofollow noopener" target="_blank">several providers, including free options</a>...<ul><li><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@monocles</a> also supports <a href="https://infosec.space/tags/Monero" class="mention hashtag" rel="nofollow noopener" target="_blank">#Monero</a> and <a href="https://infosec.space/tags/CashByMail" class="mention hashtag" rel="nofollow noopener" target="_blank">#CashByMail</a> for those that can't use <a href="https://infosec.space/tags/PayPal" class="mention hashtag" rel="nofollow noopener" target="_blank">#PayPal</a>, <a href="https://infosec.space/tags/Stripe" class="mention hashtag" rel="nofollow noopener" target="_blank">#Stripe</a> or <a href="https://infosec.space/tags/SEPA" class="mention hashtag" rel="nofollow noopener" target="_blank">#SEPA</a>.</li></ul>All <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#PII</a> incl. <a href="https://infosec.space/tags/PhoneNumbers" class="mention hashtag" rel="nofollow noopener" target="_blank">#PhoneNumbers</a> can and will be abused by existing governments and if users don't pay, then they are the product and their data is the one to be sold.<ul><li><a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#KYC</a> IS THE <a href="https://infosec.space/tags/IllicitActivity" class="mention hashtag" rel="nofollow noopener" target="_blank">#IllicitActivity</a> WHEN IT COMES TO <a href="https://infosec.space/tags/ComSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#ComSec</a>!</li></ul>After all, you have the same cost problem with phone numbers. Even if one doesn't pay per line/number and never pay for calls and texts, they still have to top it up to extent validity.<ul><li>And again: It's way easier for a government to demand an ID for a <a href="https://infosec.space/tags/SIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#SIM</a> that works in networks around their country (i.e. <a href="https://infosec.space/tags/Turkey" class="mention hashtag" rel="nofollow noopener" target="_blank">#Turkey</a> demands registration on a per-<a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#IMEI</a> - basis *with <a href="https://infosec.space/tags/ID" class="mention hashtag" rel="nofollow noopener" target="_blank">#ID</a>) than to tunnel XMPP+OMEMO through <a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@torproject</a> over <a href="https://infosec.space/tags/EDGEland" class="mention hashtag" rel="nofollow noopener" target="_blank">#EDGEland</a>-speed <a href="https://infosec.space/tags/2G" class="mention hashtag" rel="nofollow noopener" target="_blank">#2G</a> networks.</li></ul>Plus you relying an unfixably insecure <a href="https://infosec.space/tags/Telephony" class="mention hashtag" rel="nofollow noopener" target="_blank">#Telephony</a> makes a system inherently unsafer than it needs to be...<ul><li>This is how people get caught!</li></ul>Also <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#Signal</a> is able and willing to use said PII to restrict and ban users and if I were some dissident in Cuba or North Korea or even just Eritrea or Yemen I'd not rely on non-enforcement of <a href="https://infosec.space/tags/OFAC" class="mention hashtag" rel="nofollow noopener" target="_blank">#OFAC</a> / <a href="https://infosec.space/tags/USML" class="mention hashtag" rel="nofollow noopener" target="_blank">#USML</a> / <a href="https://infosec.space/tags/ITAR" class="mention hashtag" rel="nofollow noopener" target="_blank">#ITAR</a> since Signal can obviously distinguish & identify accounts by virgue if their <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#PhoneNumber</a>! <ul><li>Always think "How can this be weaponized against someone?" when it comes to <a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#privacy</a>!</li></ul>

Kevin Karhan :verified:And don't even get me started on <a href="https://infosec.space/tags/VoLTE" class="mention hashtag" rel="nofollow noopener" target="_blank">#VoLTE</a> <a href="https://www.youtube.com/watch?v=Q6qb9dml6So" rel="nofollow noopener" target="_blank">support</a>...<ul><li>Like <a href="https://infosec.space/tags/Australia" class="mention hashtag" rel="nofollow noopener" target="_blank">#Australia</a> had the glorious idea of shutting down <a href="https://infosec.space/tags/3G" class="mention hashtag" rel="nofollow noopener" target="_blank">#3G</a> AND <a href="https://infosec.space/tags/2G" class="mention hashtag" rel="nofollow noopener" target="_blank">#2G</a> as well as <a href="https://infosec.space/tags/allowlisting" class="mention hashtag" rel="nofollow noopener" target="_blank">#allowlisting</a> <a href="https://www.youtube.com/watch?v=RPlTz-3estM" rel="nofollow noopener" target="_blank">only specific</a> <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#IMEI</a>|s, <a href="https://www.youtube.com/watch?v=zIJavqEzEIw" rel="nofollow noopener" target="_blank">banning > 500k devices</a> for no good reason.</li></ul>Also most <a href="https://infosec.space/tags/VoLTE" class="mention hashtag" rel="nofollow noopener" target="_blank">#VoLTE</a> / <a href="https://infosec.space/tags/Vo5G" class="mention hashtag" rel="nofollow noopener" target="_blank">#Vo5G</a> - devices *explicitly use <a href="https://infosec.space/tags/2G" class="mention hashtag" rel="nofollow noopener" target="_blank">#2G</a> / <a href="https://infosec.space/tags/3G" class="mention hashtag" rel="nofollow noopener" target="_blank">#3G</a> for <a href="https://infosec.space/tags/EmergencyCalls" class="mention hashtag" rel="nofollow noopener" target="_blank">#EmergencyCalls</a>!<ul><li>Which is <a href="https://infosec.space/tags/funfuckingtastic" class="mention hashtag" rel="nofollow noopener" target="_blank">#funfuckingtastic</a> in a place like Australia where basically everything in nature conspires to hurt or kill humans!</li></ul><a href="https://infosec.space/tags/DownUnder" class="mention hashtag" rel="nofollow noopener" target="_blank">#DownUnder</a> <a href="https://infosec.space/tags/AUSpol" class="mention hashtag" rel="nofollow noopener" target="_blank">#AUSpol</a> <a href="https://infosec.space/tags/AUpol" class="mention hashtag" rel="nofollow noopener" target="_blank">#AUpol</a> <a href="https://infosec.space/tags/tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#tech</a> <a href="https://infosec.space/tags/2Gshutdown" class="mention hashtag" rel="nofollow noopener" target="_blank">#2Gshutdown</a> <a href="https://infosec.space/tags/3Gshutdown" class="mention hashtag" rel="nofollow noopener" target="_blank">#3Gshutdown</a> <a href="https://infosec.space/tags/EmergencyCalling" class="mention hashtag" rel="nofollow noopener" target="_blank">#EmergencyCalling</a>

Kevin Karhan :verified:[<a href="https://infosec.space/tags/TLDR" class="mention hashtag" rel="nofollow noopener" target="_blank">#TLDR</a>: JUST TELL ME IF YOUR TABLET CAN DO <a href="https://infosec.space/tags/CALLS" class="mention hashtag" rel="nofollow noopener" target="_blank">#CALLS</a>!]<a href="https://infosec.space/tags/DearVendors" class="mention hashtag" rel="nofollow noopener" target="_blank">#DearVendors</a> of <a href="https://infosec.space/tags/Android" class="mention hashtag" rel="nofollow noopener" target="_blank">#Android</a>-<a href="https://infosec.space/tags/Tablets" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tablets</a>:Off all the <a href="https://infosec.space/tags/Functions" class="mention hashtag" rel="nofollow noopener" target="_blank">#Functions</a> you can put into a <a href="https://infosec.space/tags/Specifications" class="mention hashtag" rel="nofollow noopener" target="_blank">#Specifications</a> Sheet of your Devices there's one you should ALWAYS answer clearly on your <a href="https://infosec.space/tags/Website" class="mention hashtag" rel="nofollow noopener" target="_blank">#Website</a>:DOES YOUR TABLET [with <a href="https://infosec.space/tags/4G" class="mention hashtag" rel="nofollow noopener" target="_blank">#4G</a> / <a href="https://infosec.space/tags/5G" class="mention hashtag" rel="nofollow noopener" target="_blank">#5G</a> / …) SUPPORT MAKING PHONE CALLS?<ul><li>NOT "It can run <a href="https://infosec.space/tags/WhatsApp" class="mention hashtag" rel="nofollow noopener" target="_blank">#WhatsApp</a>" (or whatever shitty <a href="https://infosec.space/tags/CCSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#CCSS</a> for <a href="https://infosec.space/tags/VoIP" class="mention hashtag" rel="nofollow noopener" target="_blank">#VoIP</a> you think of)...</li><li>NOT "It can do <a href="https://infosec.space/tags/CSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#CSD</a> / <a href="https://infosec.space/tags/HSCSD" class="mention hashtag" rel="nofollow noopener" target="_blank">#HSCSD</a> / <a href="https://infosec.space/tags/2G" class="mention hashtag" rel="nofollow noopener" target="_blank">#2G</a> / <a href="https://infosec.space/tags/3G" class="mention hashtag" rel="nofollow noopener" target="_blank">#3G</a> /..."</li><li>But DOES IT SUPPORT <a href="https://infosec.space/tags/GSM" class="mention hashtag" rel="nofollow noopener" target="_blank">#GSM</a>-<a href="https://infosec.space/tags/Calls" class="mention hashtag" rel="nofollow noopener" target="_blank">#Calls</a> (and/or <a href="https://infosec.space/tags/VoLTE" class="mention hashtag" rel="nofollow noopener" target="_blank">#VoLTE</a>)??</li></ul>Like: IS IT TOO MUCH TO ASK TO HAVE THAT INFO IN THE SPECSHEETS?You're obviously able to list all the <a href="https://infosec.space/tags/Codecs" class="mention hashtag" rel="nofollow noopener" target="_blank">#Codecs</a> natively supported and the user-available storage as well as supported Frequency Bands, WWAN modes, WiFi channel width and the Display Glass vs. Panel dimensions including DPI of the latter and whether or not it has a hall effect sensor to detect your overpriced 1st party tablet covers!Now some folks may ask: "WHY does this matter?" or outright dismiss this as a problem.Listen: Not everyone is able or willing to carry two devices when 1 SHOULD BE ENOUGH and also some places (i.e. <a href="https://infosec.space/tags/Turkey" class="mention hashtag" rel="nofollow noopener" target="_blank">#Turkey</a>) have <a href="https://infosec.space/tags/ImportRestrictions" class="mention hashtag" rel="nofollow noopener" target="_blank">#ImportRestrictions</a> re: <a href="https://infosec.space/tags/MobileDevices" class="mention hashtag" rel="nofollow noopener" target="_blank">#MobileDevices</a>, so having more than 1 <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#IMEI</a> is already a "NOPE!" by the authorities.<ul><li>Also this isn't something one can "fix" post-purchase like installing <a href="https://infosec.space/tags/VLC" class="mention hashtag" rel="nofollow noopener" target="_blank">#VLC</a> to decode some obscure file format in Software: Either the <a href="https://infosec.space/tags/Baseband" class="mention hashtag" rel="nofollow noopener" target="_blank">#Baseband</a> and <a href="https://infosec.space/tags/ROM" class="mention hashtag" rel="nofollow noopener" target="_blank">#ROM</a> support <a href="https://infosec.space/tags/PhoneCalls" class="mention hashtag" rel="nofollow noopener" target="_blank">#PhoneCalls</a> or they don't!</li></ul>So why do NONE of the <a href="https://infosec.space/tags/Tablet" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tablet</a> manufacturers allow to <a href="https://infosec.space/tags/search" class="mention hashtag" rel="nofollow noopener" target="_blank">#search</a> or <a href="https://infosec.space/tags/filter" class="mention hashtag" rel="nofollow noopener" target="_blank">#filter</a> for that???<ul><li>Bonus points if you have lazy fucks like <a href="https://infosec.space/tags/HMD" class="mention hashtag" rel="nofollow noopener" target="_blank">#HMD</a> (aka. <a href="https://infosec.space/tags/Nokia" class="mention hashtag" rel="nofollow noopener" target="_blank">#Nokia</a>) who literally copy the <a href="https://infosec.space/tags/Safety" class="mention hashtag" rel="nofollow noopener" target="_blank">#Safety</a> & <a href="https://infosec.space/tags/Useage" class="mention hashtag" rel="nofollow noopener" target="_blank">#Useage</a> information for all <a href="https://infosec.space/tags/Smartphones" class="mention hashtag" rel="nofollow noopener" target="_blank">#Smartphones</a> and <a href="https://infosec.space/tags/Tablets" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tablets</a> and don't even bother to change "Mobile Phone" for "Tablet".</li></ul>NO, instead one has to download an obscenely huge <a href="https://infosec.space/tags/PDF" class="mention hashtag" rel="nofollow noopener" target="_blank">#PDF</a> just to then <a href="https://downloadcenter.samsung.com/content/UM/202410/20241010132004137/SM-X11X_X21X_UM_Open_UU_Ger_Rev.1.2_240925.pdf" rel="nofollow noopener" target="_blank">read on page 34</a> that for any "<a href="https://infosec.space/tags/telephony" class="mention hashtag" rel="nofollow noopener" target="_blank">#telephony</a>" function you NEED YET ANOTHER DEVICE FROM THE SAME MANUFACTURER AND HAVE TO SIGNUP WITH AN ACCOUNT and even that level of <a href="https://infosec.space/tags/abuse" class="mention hashtag" rel="nofollow noopener" target="_blank">#abuse</a> WON'T GUARANTEE THAT IT WORKS...<ul><li>I mean, come on, this ain't some obscure functionality like <a href="https://infosec.space/tags/OMAPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#OMAPI</a> to do some "evil sourcery" like managing an <a href="https://infosec.space/tags/eSIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#eSIM</a> that is in a <a href="https://infosec.space/tags/SIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#SIM</a>-Card form factor!</li></ul>Pretty shure A LOT of other folks have the same question and ain't willing to get yet another device & <a href="https://infosec.space/tags/SIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#SIM</a> just to recieve the occasional call because <a href="https://infosec.space/tags/TechIlliterates" class="mention hashtag" rel="nofollow noopener" target="_blank">#TechIlliterates</a> can't be assed to send an <a href="https://infosec.space/tags/eMail" class="mention hashtag" rel="nofollow noopener" target="_blank">#eMail</a> or learn <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#XMPP</a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#OMEMO</a> to message one...<ul><li>Obviously they same manufacturers are able and willing to specify f-stops of the built-in cameras and list EVERY SINGLE <a href="https://infosec.space/tags/WEARABLE" class="mention hashtag" rel="nofollow noopener" target="_blank">#WEARABLE</a> they made and certify as 'compatible' with, as if anyone is gonna take their non-<a href="https://infosec.space/tags/waterproof" class="mention hashtag" rel="nofollow noopener" target="_blank">#waterproof</a> <a href="https://infosec.space/tags/Tablet" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tablet</a> for a marathon or god forbid triathlon...</li></ul><a href="https://infosec.space/tags/Rant" class="mention hashtag" rel="nofollow noopener" target="_blank">#Rant</a> <a href="https://infosec.space/tags/TechSupport" class="mention hashtag" rel="nofollow noopener" target="_blank">#TechSupport</a> <a href="https://infosec.space/tags/Technology" class="mention hashtag" rel="nofollow noopener" target="_blank">#Technology</a> <a href="https://infosec.space/tags/Support" class="mention hashtag" rel="nofollow noopener" target="_blank">#Support</a> <a href="https://infosec.space/tags/Sysadmin" class="mention hashtag" rel="nofollow noopener" target="_blank">#Sysadmin</a> <a href="https://infosec.space/tags/Procurement" class="mention hashtag" rel="nofollow noopener" target="_blank">#Procurement</a> <a href="https://infosec.space/tags/IT" class="mention hashtag" rel="nofollow noopener" target="_blank">#IT</a> <a href="https://infosec.space/tags/SpecSheet" class="mention hashtag" rel="nofollow noopener" target="_blank">#SpecSheet</a> <a href="https://infosec.space/tags/Tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tech</a>

Kevin Karhan :verified:<a href="https://infosec.space/@ada" class="u-url mention" rel="nofollow noopener" target="_blank">@ada</a> yeah, but then again Oz is ruled by <a href="https://infosec.space/tags/TechIlliterate" class="mention hashtag" rel="nofollow noopener" target="_blank">#TechIlliterate</a> <a href="https://infosec.space/tags/Wankers" class="mention hashtag" rel="nofollow noopener" target="_blank">#Wankers</a> who decided to not only shutdown both <a href="https://infosec.space/tags/2G" class="mention hashtag" rel="nofollow noopener" target="_blank">#2G</a> & <a href="https://infosec.space/tags/3G" class="mention hashtag" rel="nofollow noopener" target="_blank">#3G</a> but <a href="https://www.youtube.com/watch?v=RPlTz-3estM" rel="nofollow noopener" target="_blank">literally</a> <a href="https://infosec.space/tags/ban" class="mention hashtag" rel="nofollow noopener" target="_blank">#ban</a> <a href="https://infosec.space/tags/importPhones" class="mention hashtag" rel="nofollow noopener" target="_blank">#importPhones</a> and basically lock-out any device that desn't do <a href="https://infosec.space/tags/VoLTE" class="mention hashtag" rel="nofollow noopener" target="_blank">#VoLTE</a> their way...And yes, they enforce that like <a href="https://infosec.space/tags/Turkey" class="mention hashtag" rel="nofollow noopener" target="_blank">#Turkey</a> enforces people to register imported devices 30 days after import:<ul><li><a href="https://www.youtube.com/watch?v=zIJavqEzEIw" rel="nofollow noopener" target="_blank">With</a> an <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#IMEI</a> - <a href="https://infosec.space/tags/BanList" class="mention hashtag" rel="nofollow noopener" target="_blank">#BanList</a>!</li></ul>So if you are i.e. a <a href="https://infosec.space/tags/Tourist" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tourist</a> in <a href="https://infosec.space/tags/DownUnder" class="mention hashtag" rel="nofollow noopener" target="_blank">#DownUnder</a> and you got some serious issue, you can't even call their emergency services on 000 cuz your devices got yeeted off the network through no fault of your own!

Kevin Karhan :verified:Seriously, <a href="https://infosec.space/tags/Australia" class="mention hashtag" rel="nofollow noopener" target="_blank">#Australia</a>'s <a href="https://infosec.space/tags/2G" class="mention hashtag" rel="nofollow noopener" target="_blank">#2G</a> & <a href="https://infosec.space/tags/3G" class="mention hashtag" rel="nofollow noopener" target="_blank">#3G</a> <a href="https://infosec.space/tags/Shutdown" class="mention hashtag" rel="nofollow noopener" target="_blank">#Shutdown</a> <a href="https://www.youtube.com/watch?v=zIJavqEzEIw" rel="nofollow noopener" target="_blank">and</a> <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#IMEI</a>-based <a href="https://infosec.space/tags/Blocklisting" class="mention hashtag" rel="nofollow noopener" target="_blank">#Blocklisting</a> WILL inevitably kill people And the only "tool" there is is <a href="https://infosec.space/tags/Telstra" class="mention hashtag" rel="nofollow noopener" target="_blank">#Telstra</a>'s <a href="https://www.telstrawholesale.com.au/3G-Network-Closure-Blocked-Devices-Checker.html" rel="nofollow noopener" target="_blank">Website</a> and just <a href="https://github.com/greyhat-academy/lists.d/blob/main/imei.devices.list.tsv" rel="nofollow noopener" target="_blank">teting random IMEIs</a> only yields two possible results:<ol><li>'We don't know this device at all'</li><li>"'We've not blocklisted it'*</li></ol>Even when testing it with obvious <a href="https://infosec.space/tags/2Gonly" class="mention hashtag" rel="nofollow noopener" target="_blank">#2Gonly</a> & <a href="https://infosec.space/tags/3Gonly" class="mention hashtag" rel="nofollow noopener" target="_blank">#3Gonly</a> devices that certainly don't support <a href="https://infosec.space/tags/VoLTE" class="mention hashtag" rel="nofollow noopener" target="_blank">#VoLTE</a>... <a href="https://infosec.space/tags/GreatFirewallOfAustralia" class="mention hashtag" rel="nofollow noopener" target="_blank">#GreatFirewallOfAustralia</a>

Kevin Karhan :verified:<a href="https://labyrinth.zone/users/halva" class="u-url mention" rel="nofollow noopener" target="_blank">@halva</a> <a href="https://a.bloodyno.se/users/lynn" class="u-url mention" rel="nofollow noopener" target="_blank">@lynn</a> <a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@signalapp</a> <a href="https://tech.lgbt/@deilann" class="u-url mention" rel="nofollow noopener" target="_blank">@deilann</a> The problem is one needs to literally acquire a phone number and have access to it, and the demand of a phone number itself is bad. This makes it unnecessarily complex and expensive compared to using <a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@monocles</a> / <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#monoclesChat</a>. (Cuz if I've to pay to communicate, I might just choose a provider that isn't a <a href="https://infosec.space/tags/VC" class="mention hashtag" rel="nofollow noopener" target="_blank">#VC</a> <a href="https://infosec.space/tags/MoneyBurningParty" class="mention hashtag" rel="nofollow noopener" target="_blank">#MoneyBurningParty</a> but a long-term sustainable solution based off <a href="https://infosec.space/tags/OpenStandards" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpenStandards</a>!)<ul><li>I'm sorry for your location. My sincere condolences!</li></ul>Still, <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#Signal</a> doesn't allow <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener" target="_blank">#SelfCustody</a> of all the keys & <a href="https://infosec.space/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#SelfHosting</a>, which makes it vulnerable as a <a href="https://infosec.space/tags/proprietary" class="mention hashtag" rel="nofollow noopener" target="_blank">#proprietary</a> <a href="https://infosec.space/tags/centralized" class="mention hashtag" rel="nofollow noopener" target="_blank">#centralized</a>, <a href="https://infosec.space/tags/SingleVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#SingleVendor</a> & <a href="https://infosec.space/tags/SingleProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#SingleProvider</a> solution.<ul><li>Just because <a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener" target="_blank">@Mer__edith</a> isn't having <a href="https://infosec.space/tags/Roskonmadnozr" class="mention hashtag" rel="nofollow noopener" target="_blank">#Roskonmadnozr</a> pointing a gun at her head doesn't mean <a href="https://web.archive.org/web/20220112020000/https://twitter.com/thegrugq/status/1085614812581715968" rel="nofollow noopener" target="_blank">she'd risk jail for a user</a> when push comes to shove.</li></ul>And with <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener" target="_blank">#CloudAct</a> on one hand and <a href="https://infosec.space/tags/Trump" class="mention hashtag" rel="nofollow noopener" target="_blank">#Trump</a> wanting to "Speedrun Hitler", I'd not rely on Signal.<ul><li>The "Metadata" <a href="https://infosec.space/tags/FUD" class="mention hashtag" rel="nofollow noopener" target="_blank">#FUD</a> is just a marketing bs because Signal will comply with warrants, whereas nothing prevents me from buying a Thin client, setting up an <a href="https://infosec.space/tags/OnionService" class="mention hashtag" rel="nofollow noopener" target="_blank">#OnionService</a> to tunnel everything over <a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@torproject</a> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tor</a> and rig it to disconnect power if tampered with or upon command.</li></ul>I have setup comms for critical operations (incl. helping people flee Russia!) and I'd rather choose <a href="https://infosec.space/tags/OnionShare" class="mention hashtag" rel="nofollow noopener" target="_blank">#OnionShare</a> over <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#Signal</a> if <a href="https://infosec.space/tags/Metadata" class="mention hashtag" rel="nofollow noopener" target="_blank">#Metadata</a> is a real concern.<ul><li>Internet Access, even in "P.R." <a href="https://infosec.space/tags/China" class="mention hashtag" rel="nofollow noopener" target="_blank">#China</a>, is something feasible to workout given the massive prevalence of public <a href="https://infosec.space/tags/WiFi" class="mention hashtag" rel="nofollow noopener" target="_blank">#WiFi</a>. Also it's easier to spoof/anonymize a MAC than an <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#IMEI</a> or even <a href="https://infosec.space/tags/IMSI" class="mention hashtag" rel="nofollow noopener" target="_blank">#IMSI</a>, so making one dependent on <a href="https://infosec.space/tags/PhoneNumbers" class="mention hashtag" rel="nofollow noopener" target="_blank">#PhoneNumbers</a> to even sign up is inherently bad!</li></ul>

Kevin Karhan :verified:<a href="https://mastodon.au/@quokka1" class="u-url mention" rel="nofollow noopener" target="_blank">@quokka1</a> <a href="https://grapheneos.social/@GrapheneOS" class="u-url mention" rel="nofollow noopener" target="_blank">@GrapheneOS</a> I sincerely doubt the <a href="https://infosec.space/tags/regulators" class="mention hashtag" rel="nofollow noopener" target="_blank">#regulators</a> will do much about it and I assume that like with <a href="https://infosec.space/tags/Turkey" class="mention hashtag" rel="nofollow noopener" target="_blank">#Turkey</a> (aka. <a href="https://infosec.space/tags/T%C3%BCrkiye" class="mention hashtag" rel="nofollow noopener" target="_blank">#Türkiye</a>):Restricted imports of one Device (as per IMEI!!!) per person and year (every entry is counted even if you leave with the device!) and automatically bans them after 30 days of <a href="https://infosec.space/tags/Roaming" class="mention hashtag" rel="nofollow noopener" target="_blank">#Roaming</a> across all networks until one <a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#KYC</a>'s with a Turkish National ID at a <a href="https://infosec.space/tags/T%C3%BCrkcell" class="mention hashtag" rel="nofollow noopener" target="_blank">#Türkcell</a> Store in person results in a literal "<a href="https://infosec.space/tags/BlackMarket" class="mention hashtag" rel="nofollow noopener" target="_blank">#BlackMarket</a>" for domestically sold, cheap prepaid phones by said carriers just to take their <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#IMEI</a> and flash it onto the <a href="https://infosec.space/tags/Baseband" class="mention hashtag" rel="nofollow noopener" target="_blank">#Baseband</a> of an <a href="https://infosec.space/tags/imported" class="mention hashtag" rel="nofollow noopener" target="_blank">#imported</a> <a href="https://infosec.space/tags/Smartphone" class="mention hashtag" rel="nofollow noopener" target="_blank">#Smartphone</a> to circumvent that garbage.<ul><li>Basically the inverse of what people do in places like <a href="https://infosec.space/tags/Thailand" class="mention hashtag" rel="nofollow noopener" target="_blank">#Thailand</a> and <a href="https://infosec.space/tags/Germany" class="mention hashtag" rel="nofollow noopener" target="_blank">#Germany</a> where KYC is mandated even for <a href="https://infosec.space/tags/Prepaid" class="mention hashtag" rel="nofollow noopener" target="_blank">#Prepaid</a> cards and they just import a SIM from neighbouring countries.</li></ul>

DebacleI don't plan to do that, but I'm curious: Can users change the <a href="https://framapiaf.org/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#IMEI</a> of their <a href="https://framapiaf.org/tags/PinePhone" class="mention hashtag" rel="nofollow noopener" target="_blank">#PinePhone</a> using <a href="https://framapiaf.org/tags/Mobian" class="mention hashtag" rel="nofollow noopener" target="_blank">#Mobian</a>?Also: What happens (if anything), if multiple devices in the <a href="https://framapiaf.org/tags/mobile" class="mention hashtag" rel="nofollow noopener" target="_blank">#mobile</a> network show up with the same IMEI?And: What happens to a user who accidently sets their IMEI to the same as one of those people? 😉<a href="https://eumostwanted.eu/" rel="nofollow noopener" translate="no" target="_blank">https://eumostwanted.eu/</a><a href="https://framapiaf.org/tags/EU" class="mention hashtag" rel="nofollow noopener" target="_blank">#EU</a> <a href="https://framapiaf.org/tags/Europol" class="mention hashtag" rel="nofollow noopener" target="_blank">#Europol</a> <a href="https://framapiaf.org/tags/ENFAST" class="mention hashtag" rel="nofollow noopener" target="_blank">#ENFAST</a> <a href="https://framapiaf.org/tags/MostWanted" class="mention hashtag" rel="nofollow noopener" target="_blank">#MostWanted</a> <a href="https://framapiaf.org/tags/mobileLinux" class="mention hashtag" rel="nofollow noopener" target="_blank">#mobileLinux</a> <a href="https://framapiaf.org/tags/GSM" class="mention hashtag" rel="nofollow noopener" target="_blank">#GSM</a>

Recent searches

Search options

Administered by:

Server stats:

#imei