FandaSin<p><span class="h-card" translate="no"><a href="https://infosec.space/@kkarhan" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>kkarhan</span></a></span> </p><p>Thanks for the links.<br>I haven't expected there would be ANY multi protocol tool, you proved me wrong.👍</p><p>* I think <a href="https://social.linux.pizza/tags/toxic" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>toxic</span></a> <a href="https://social.linux.pizza/tags/LockIn" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LockIn</span></a> is the main reason corporations design their shite to be <a href="https://social.linux.pizza/tags/closed" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>closed</span></a>, <a href="https://social.linux.pizza/tags/SingleVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SingleVendor</span></a> & <a href="https://social.linux.pizza/tags/SingleProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SingleProvider</span></a>! </p><p>Yes, I would say so too.🤬</p>
#singlevendor
1 post1 participant0 posts today
One thing that really pisses me off personally is the #regression in terms of #Messenger #Apps.
My personal distaste and dislike for #proprietary, #SingleVendor & #SingleProvider #services like #Signal ¹, #Telegram, #Discord ², #WhatsApp, #Slack, #MicrosoftTeams, etc. aside:
WHY is there no #CrossProvider #Messenger to handle that shite?
WHY does everyone of these shitty providers think people want to download their #bloated #WebApp that takes up triple digit Megabytes if not entire Gigabytes and will gobble up all the #RAM and #CPU they can??
This problem ain't new and already got solved for corporate social media ages ago! (Not to mention actually good messengers!)
I mean
API 0- style access because obviously none of the platforms will allow, endorse or support such an endeavour and actively fight the developers and users !
So yeah, consider this a call for a @gajim / #Gajim or @pidgin / #Pidgin for garbage platforms!
Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)Content warning: Rant re: Signal Shills being dangerous Tech Illiterates
Replied in thread
@photovince anyone who doesn't trust a.#centralized, #proprietary #SingleVendor & #SingleProvider solution that demands #PII for no valid reason like @signalapp does!
Replied in thread
@artfulmodder last time I checked @signalapp still demanded #PII in.the form of a #PhoneNumber, still peddled the #MobileCoin #Shitcoin #Scam and didn't move out of the #Cyberfacist #USA despite #CloudAct being nothing new!
- Not to mention #Signal is both able and willing to discriminate against users based off said PII. Just because they do it for "#Sanctions #Compliance" diesn't mean they ain't gonna change that nor that @Mer__edith (or anyone else at Signal) could be bribed or threatened to do so.
They are #centralized #SingleVendor & #SingleProvider and are thus a #SinglePointOfFailure per design!
- Unlike @delta (which is #PGP/MIME in a different UI) or #XMPP+#OMEMO (which you can use via @torproject / #Tor and connect to a Server that is an #OnionService.
IMHO "memory tagging" is the least of Signal's problems. To me they stench "#ControlledOpposition" just as hard as #ANØM and incompetence as hard as #EncroChat!
Replied in thread
@threemaapp don't buy #proprietary #SingleVendor and/or #SingleProvider either!
- Use only #secure = #OpenSource #OpenStandards that hare #MultiVendor & #MultiProvider, like #XMPP+#OMEMO & #PGP/MIME!
Replied in thread
@mit_scharf the problem with "threat scenarios" is that they tend to change quickly, non-consensual and without warning.
- Demanding any #PII [even by virtue of being correlateable through circumstances] to be able to use a service is inherently bad, espechally since there is no "legitimate interest" for that.
"#KYC" is the illicit activity! and #Signal acts as a controlled opposition by virtue of being a #proprietary, #centralized, #SingleVendor & #SingleProvider "solution" that subjects itself to a juristiction that has 0 #privacy laws and only #cyberfacism (see #CloudAct ) to boot...
- I find it more fatiguing and also expensive to try to workaround shite than to migrate folks to secure standards because that's a one-time investment that I'm willing to take vs. having to jump through hoops and paywalls to acquire a working #SIM (or #eSIM) anonymously and maintaining it.
It's just not in the cards TBH!
en.wikipedia.orgOpposition (politics) - Wikipedia
@martinsteiger Welche?
Weil ich sehe nur #PGP & #OMEMO in Benutzung...
Aber vielleicht sind jene Personen naiv genug #proprietär|en #SingleVendor & #SingleProvider - Lösungen auf den Leim zu gehen?
https://infosec.space/@kkarhan/114701389295661772
infosec.space/@kkarhan/114697690127511140
Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@Cappyjax@mastodon.social IDGAF about *"passion"*. [All I care about is the security of users!](https://infosec.space/@kkarhan/114697690127511140
)
Requiring *any* #PII like a #PhoneNumber is inacceptable when it comes to #ComSec, #InfoSec & #OpSec, espechally given @signalapp@mastodon.world is not only able but entirely willing to restrict service based off said numbers, making their "solution" insecure by design.
- There's a reason why #XMPP+#OMEMO and #PGP/MIME [both each over @torproject@mastodon.social / #Tor] is the *evidently superior and more secure approach*, as being unable to *"#KYC"* a user is a matter of security...
Espechally since obtaining a phone number anonymously is oftentimes illegal (i.e. #Germany made it illegal starting 07/2017, so using any service that demands a phone numner is out of question)
- And even *if* one can get an anonymous #SIM (with a phone number) or god forbid #eSIM, (which is at best pseudonymous as tracking down users by virtue of matching ICCID, IMEI & IMSI to location and time) the chances are high that one ends up with recycled phone numbers that have already been used.
Obviously the devs of #Signal and @Mer__edith@mastodon.world are well aware of this critical flaw, which is why I consider them to act as [*"useful idiots"*](https://en.wikipedia.org/wiki/Useful_idiot) or rather [*"controlled opposition"*](https://en.wikipedia.org/wiki/Opposition_(politics)#Controlled_opposition) as #Signal could've been shutdown trivially by the #US Government or forced into banning users based off their #PhoneNumbers (they may call this *"#sanctions #compliance"* given they added a #Shitcoin - Wallet into Signal!)...
- All the *"but #Metadata"* #FUD turns into #MarketingLies once put under the looking glass and examined against the risk of state-sponsored / -endordsed / -supported attackers.
Whereas with @monocles@monocles.social / #monoclesChat, @gajim@fosstodon.org / #gajim and @delta@chaos.social / #deltaChat and @thunderbird@mastodon.online / #Thunderbird respectably I can not only use Tor, but do #SelfHosting for the entire #communications infrastructure (i.e. using an #OnionService = only reachable via Tor) and get the advantages of a self-routing, self-authenticating & battle-hardened against censorship proxy network that can't be shutdown!
- And if you think this is too tinfoilhatted, then consider yourself privilegued enough of having your mere existance not being [criminalized by the government under threat of public execution!](
https://ilga.org/news/state-sponsored-homophobia-december-2019-decade-update/)
https://ilga.org/wp-content/uploads/2024/02/ILGA_World_map_sexual_orientation_laws_December2019.pdf
https://infosec.space/@kkarhan/114697690127511140
Replied in thread
@Badener1848 @feda @ulrichkelber unabhängig davon sind beide #SingleVendor & #SingoeProvider, proprietär ubd nichz unabhängig verifizierbar.
- Anders als @monocles , @gajim , @delta & @thunderbird !
Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@ulrichkelber@bonn.social dass #NSAbook keine wirkliche #E2EE hat erkennen wir daran dass jene Dienste nicht in #SaudiArabien und #Russland verboten sind!
- Auch den #Werbelügen von @signalapp@mastodon.world darf angesichts #CloudAct nicht geglaubt werden.
Stattdessen bieten sich #XMPP+#OMEMO ( @monocles@monocles.social & @gajim@fosstodon.org ) bsw. #PGP/MIME ( @delta@chaos.social & @thunderbird@mastodon.online ) an...
Replied in thread
@pascal_f @kuketzblog @forthy42 @ulrichkelber
Eben! Ich betrachte es ferner als naiv angesichts #CloudAct, Anbietern proprietärer #SingleVendor / #SingleProvider-"Lösungen" wie @signalapp das vertrauen zu schenken!
- Und wenn das bedeutet dass Leute #Windows11 & Co. rausschmeißen dann ist dem so.
Gerade weil #ITsec, #InfoSec, #OpSec & #ComSec zusammenhängen und nur zusammen funktionieren...
Replied in thread
Let it go, already. No one uses MobileCoin. You can’t even find an exchange to buy it.
Then why does @signalapp still have that shit in it? @Mer__edith could've pulled that #Shitcoin yet refuses to do do!
The Cloud Act is a non-issue. Signal doesn’t have data on users, so they can’t be forced to disclose it.
That's literally wrong!
- #Signal not only collects #PII in the form of a #PhoneNumher but explicitly is able and willing to use that to dsicriminate against users and restrict app functionality based off their presumed juristiction. There is no "legitimate interest" for.doing so nor any legal mandate to do so (unless we excuse the ehole #MobileCoin-#Scam!)
It’s been 30 years, and no one uses xmpp. Let it go.
Wrong again. Otherwise there wouldn't be thriving ecosystems and Apps to this day. It's just that corporate shills refuse to acknowledge that Signal - like all centralized, proprietary, #SingleVendor and/or #SingleProvider kessengers before and after - will inevitably die as their business model is not sustainable. Sake with #ICQ really. The only exceptions are those that abolish #privacy for #profit, integrate actually working payments or sellout to a #cyberfacist #government (all those apply to #WeChat!)
It’s shocking that people who claim to care about security and privacy push niche apps with terrible UX and no PFS like Delta or XMPP instead of the only private messenger with any real market share, Signal.
You know what's shocking to me: People who are unable or rather unwilling.to acknowledge that Signal is garbage and it's requirement for a #PhoneNumber kills any #privacy benefits it may have on paper by virtue of being at best pseudonymous (assuming the userd don't live in a juristiction that demands "#KYC" for even prepaid #SIM cards (ime. #Germany) or god forbid even #IMEI|s (i.e. #Turkey has a literal allowlist that'll kick any device off it's MNOs after 90 days within 365 days.
- The #UScentric approach to #privacy and #threats makes Signal absolutely useless in many cases, and I do speak here from experience.
I'd rather help people onboard #XMPP+#OMEMO like @monocles and/or @gajim or #PGP/MIME like @delta & @thunderbird (incl. setting them up with #Orbot / #TorBrowserBundle / @tails_live so their traffic gets through @torproject and doesn't provide any useable IP addresses.
- I've literally been there and done that!
As for #Sustainability, providers like https://monocles.eu finance themselves by subscriptions (starting at €2 p.m.) which people can pay fully anonymous using #CashByMail and #Monero on top of common payment methods (i.e. SEPA wire transfer)...
monocles.eumonocles searchmonocles search, powered by searx
Replied in thread
@sodiboo @tauon @puppygirlhornypost2 @silly I don't think it's much of a "#freedom" on #iOS but rather that the few devices and OS versions in circulation, alongside everyone from #jailbreaker to #malware (espechally #govware #developers) want to crack it open result in way more personnel and money behind it.
- OFC the fact that the #Android experience is worse from that POV is the lack of #regulation re: #repairability and #openness that would make shit work. Most cheap #phones are done with even cheaper #SoC's by manufacturers who can't be assed (or frankly don't give a shit at all!) when it comes to #Linux #mainline support. (I mean, you've seen the video where @SexyCyborg demanded a vendor to give her the sourcecode as per #GPLv2 for her device?)
Granted @GrapheneOS does limit their support to devices that can comply with their #security standards.
- The issues are mostly caused by hostile app developers that specifically decided to knee-jerk their users / customers for no good reason.
I do wish for both vendors like #Fairphone to up their game and regulators like @EUCommission to actually push for more #transparency, #openness and #LongTermSupport of #Smartphones, because #ManufacturedEwaste like #SOYES, #WiKo, #Unihertz and others that ship #outdated #AndroidDevices and never even a single update are a major problem!
- I don't blame projects like @LineageOS that they can't cover every device & SoC even tho they propably have the widest compatibility, I just think that there needs to be pressure that manufacturers don't just vomit stuff on the market and let customers frustratingly figure out the rest.
I do have to give #Apple credit where it is due, and that is that #iOS does have consistency and accessibility nailed down very well. Something that they obviously are able being the "#BenevolentDictator" of a #SingleVendor & #SingleProvider - platform.
- Obviously since they are the #vendor for #hardware and the sole ["legitimate" / official] #distributor for any #Apps they do OFC cross-finance their relatively long #support with their 15-30% cut from #App #sales & #InAppPurchase|s they charge, which is why #AndroidPhones suffer the "#3DO syndrome": Needing to charge more since they only get to make money once with hardware sales and not after that, so there's no incentive for them to give a shit beyond "brand value" to care. #Google, #Samsing, #Fairphone and very few others do, but most don't as they close the books on the product once launched and sold out (angrily stares at Unihertz)...
Maybe one day the folks at @frameworkcomputer acquire Fairphone and decide to bring the same modularity to #Smartphones and get something done that makes it easy to maintain long-term and that even #GrapheneOS are willing to support.
- Until then the #Enshittification is ruining everything as usual...
Replied in thread
@kuketzblog da widerspreche ich vehement.
Es gibt #proprietär|e #Silos welche qua #SingleVendor & #SingleProvider-Aufbau als #InformationBlackhole agieren (u.a. #WhatsApp, #Signal, #Threema, #Session, #Telegram, #discord, …)
und es gibt #OffeneStandards die #Wahlfreiheit zwischen #Clients, #Plattformen, #Servern und #Providern ermöglichen (u.a. #IRC, #Zulip, #RocketChat, ...) und echte #E2EE mit #SelfCustody aller Schlüssel ermöglichen (u.a. #XMPP+#OMEMO & #PGP/MIME)...
Natürlich steht es Menschen frei irgendeinen großen, zentralisierten Anbieter zu nutzen, nur wird dieser am ehesten zur #Enshittification neigen und mit #PII wie #Telefonnummern entsprechende Begierlichkeiten wecken!
Replied in thread
@my_millennium @dbrgn @monocles @gajim Ist trotzdem #zentralisiert (#SingleVendor & #SingleProvider) und damit #proprietär und untauglich, weil gegen #KeckhoffsPrinzip und grundlegende #InfoSec & #ComSec verstoßend!
Replied in thread
Still a #centralized, #SingleVendor & #SingleProvider service that snitches on users if it ain't yet another #Honeypot like #ANØM...
Replied in thread
@debby #Mumble, #IRC, #XMPP (+OMEMO = @gajim / #monoclesChat) & #Linphone (#SIP / #VoIP) are the better options. #NextcloudTalk also exist and @monocles as well as @Stuxhost offer that.
#Signal and #Session are #proprietary, #centralized, #SingleVendor & #SingleProvider solutions!
And #Matrix is just a shittier #XMPP+#OMEMO. Give @delta / #DeltaChat a try instead.
OfC #JitsiMeet and #WebCall are also great!
Replied in thread
@adisonverlice I think that's dangerous disinfo as @torproject actively works against attempts to fingerprint and track #Tor users.
- I do consider Tor more private than any #VPN simply becaise they can neither ban users nor identify them.
In fact, Tor has been designed with the explicit goal to circumvent #Firewalls and #InternetCensorship methods like #DeepApcketInspection.
- Which is why #OnionShare by @micahflee works so great!
As a matter of principle I'd never vouch for any #centralized, #SingleVendor and/or #SingleProvider solution of any kind, including #Session.
- Tor is sufficiently decentralized in that it is not only completely #OpenSource but has proven to not have SPOFs in the form of maintainers and is able to yeet proplematic folks (unlike #WikiLeaks!)…
Replied in thread
@adisonverlice it's not just re: #Governments (tho #Project2025 explicitly endorses unsactioned comms to twart attempts at #FIOA or any #accountability for that matter), but individuals or any organization:
- If a system is #centralized as in #SingleVendor and/or #SingleProvider, it's inherently vulnerable.
And if #EncroChat got pwned, who's gonna guarantee @signalapp won't if it's actually secure or isn't an #InsideJob like #ANØM.
After all, both #Signal's Organization and key people like @Mer__edith are known to the authorities by more than just their legal name.
- What's gonna prevent #Trump from doing a "bag&drag" on her or getting his goons to put a gun on,the developers' heads and force them to,#d0x all users and #backdoor everything (if they didn't already got forced to have some "#LafwulInterception" gear in a closet like #Room641A...
After all, Signal can't pull the 5th and refuse to comply!
Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo
https://t.co/Q2aOQJkG4g”
Replied in thread
@bob_zim yeah. Seen it. in the writeup by @micahflee ...
I just hope to find any that ain't #NetLock'd / #SimLock'd to #Verizon and that these support more than #US-#LTE bands...
- Not shure if it needs a valid #SIM or just an #ICCID + #Ki on a #SIM to get going (cuz in #Germany it's hard [imported #SIM] to illegal [domestic SIMs] to get an anonymous SIM since 07/2017.
I just wish @eff wouldn't expect everyone to use #centralized, #SingleVendor & #SingleProvider services like @signalapp in the age of #CloudAct, cuz neither I nor anyone I'd trust would submit #PII to them like a #PhoneNumer as a matter of principle!
Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)Content warning: Rant re: Signal Shills being dangerous Tech Illiterates
Replied in thread
@menel @patrick and #Signal despite their #FUD and #MarketingLies is a very #cebtralized, #SingleVendor & #SingleProvieer system relying on #GAFAMs and their #API|s as well as neither allowing #SelfCustody nor #SelfHosting.
Not to mention it's toxic followers that avt like cultists!
Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)Content warning: Rant re: Signal Shills being dangerous Tech Illiterates