Replied in thread
@patterfloof assuming that #cyberfacist lawmakers actually cared and didn't just want to impose #Cyberfacism and abuse the them-created infrastructure for even more illicit and nefarious purposes.
#cyberfacist
1 post1 participant0 posts today
Replied in thread
Because physical SIMs, like any "cryptographic chipcard" (i.e. @nitrokey ) did all that fancy public/private crypto on silicon and unless that was compromizeable (which AFAICT always necessistated physical access to the #SIM, espechally in pre-#OMAPI devices) the SIM wasn't 'cloneable' and the weakest link always had been the #MNO /.#MVNO issueing (may it be through #SocialHacking employees into #SimSwapping or LEAs showng up with a warrant and demanding "#LawfulInterception"):
- These "attack vectors" were known and whilst unfixable they could at least be mitigated by i.e. NEVER using a #PhoneNumber for anything and/or using anonymously obtained #SIMs. But more and more services like @signalapp did #regression demanding #PII and more and more nations criminalized #AnonymousSimCards under utterly #cyberfacist & #FalsePretenses!
Add to that the regression in flexibility:
Unlike a #SimCard which was designed as a vendor-independent, #MultiVendor, #MultiProvider, device agnostic unit to facilitate the the #authentification and #encryption in #GSM (and successor standards), #eSIMs act to restrict #DeviceFreedom and #ConsumerChoice, which with shit like #KYC per #IMEI (i.e. #Turkey demands it after 90 days of roaming per year) und #lMEI-based #Allowlisting (see #Australia's shitty #VoLTE + #2G & #3G shutdown!) are just acts to clamp down on #privacy and #security.
- And with #EID being unique per #eSIM (like the #IMEI on top!) there's nothing stopping #cyberfacist regimes like "P.R." #China, #Russia, #Iran, ... from banning "#eSIMcards" (#eSIM in SIM card form factor) or entire device prefixes (i.e. all phones that are supported by @GrapheneOS ), as M(V)NOs see the EID used to deploy/activate a profile (obviously they don't want people to activate eSIMs more than once, unless explicitly allowed otherwise.
"[…] [Technologies] must always be evaluated for their ability to oppress. […]
- Dan Olson
And now you know why I consider a #smartphone with eSIM instead of two SIM slots not as a real #DualSIM device because it restricts my ability to freely move devices.
- And whilst German Courts reaffirmed §77 TKG (Telco Law)'s mandate to letting people choose their devices freely, (by declarong #fees for reissue of eSIMs illegal) that is only enforceable towards M(V)NOs who are in #Germany, so 'good luck' trying to enforce that against some overseas roaming provider.
Thus #Impersonation attacks in GSM-based networks are easier than ever before which in the age of more skilled than ever #Cybercriminals and #Cyberterrorists (i.e. #NSA & #Roskomnadnozr) puts espechally the average #TechIlliterate User at risk.
- I mean, anyone else remember the #Kiddies that fucked around with #CIA director #Brennan? Those were just using their "weapons-grade #boredom", not being effective, for-profit cyber criminals!
And then think about those who don't have privilegued access to protection by their government, but rather "privilegued access" to prosecution by the state because their very existance is criminalized...
The only advantage eSIMs broight in contrast is 'logistical' convenience because it's mostly a #QRcode and that's just a way to avoid typos on a cryptic #LocalProfileAgent link.
Replied in thread
@jmcs @dansup given how #PayPal bans people at random (and refuses to elaborate why when asked for, as said person hasn't violated their ToS!) I'd not trust them either.
- In terms of #privacy, #SEPA too has none as the #EU didn't even try to oppose #cyberfacist #hegemony imposed by the #USA.
So if you don't trust #cryptocurrency at all [which I don't blame you for when there's only one non - #Shitcoin on the market], consider #CashByMail instead.
Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@dansup@mastodon.social the only correct move is to choose something that isn't garbage like #PayPal...
- So far I doubt anyone in #finance will do that and even *wannabe "#competitiors"* like #wero fail to be *truly global*...
The only *"good" option* (or *to be honest, "least worst"*) I've seen is #Monero, which *just works* and it works so well the #US Government *hates it* because it is literally the closest to *"#digital #cash"* there is...
https://www.youtube.com/watch?v=H33ggs7bh8M
https://www.youtube.com/watch?v=B7sLnmlZ-kU
#notLegalAdvice #NotFinancialAdvice
Replied in thread
@artfulmodder last time I checked @signalapp still demanded #PII in.the form of a #PhoneNumber, still peddled the #MobileCoin #Shitcoin #Scam and didn't move out of the #Cyberfacist #USA despite #CloudAct being nothing new!
- Not to mention #Signal is both able and willing to discriminate against users based off said PII. Just because they do it for "#Sanctions #Compliance" diesn't mean they ain't gonna change that nor that @Mer__edith (or anyone else at Signal) could be bribed or threatened to do so.
They are #centralized #SingleVendor & #SingleProvider and are thus a #SinglePointOfFailure per design!
- Unlike @delta (which is #PGP/MIME in a different UI) or #XMPP+#OMEMO (which you can use via @torproject / #Tor and connect to a Server that is an #OnionService.
IMHO "memory tagging" is the least of Signal's problems. To me they stench "#ControlledOpposition" just as hard as #ANØM and incompetence as hard as #EncroChat!
Replied in thread
@stevefoerster @CppGuy whilst the #USA isn't the only country known where the immigration officer has the ultimate say about whether one's allowed to enter or not (Japan has similar laws), it os the only one known to flex it so often that it's a travel advisory.
- Alongside the fact that it's #cyberfacist af and if one cannot get data transfered one has to "mule in" storage like drugs, making it as bad as North Korea for the average traveler...
I'd rather recommend #Germany for international students cuz it's way cheaper and has way higher quality of life cuz stuff like #Healthcare isn't an absurd clusterfuck!
Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)Attached: 2 images
@tagesschau@ard.social das ist nix neues.
- Die #USA sind #Cyberfaschistisch und erzwingen unter #Gewaltanwendung und #Einreiseverweigerung eine allumfassende #Datenherausgabe auf allen Geräten und -Accounts und haben qua #CloudAct kompletten Vollzugriff auf sämtliche #US-basierten Anbieter.
- So wurden Leute schon wegen einzelner, persönlicher Nachrichten auf #NSAbook die Einreise untersagt und zurückgewiesen.
Wer glaibt es gäbe unterm #Trump-Regime sowas wie #Rechtsstaatlichkeit wenn solche Methoden schon unter #Biden & #Obama gängig waren hat entweder keine Ahnung oder ist gemeingefährlich naiv, da selbst @AuswaertigesAmt@social.bund.de [davor warnt!](https://www.auswaertiges-amt.de/de/service/laender/usa-node/usavereinigtestaatensicherheit-201382?isLocal=false&isPreview=false#content_4)
Einreisende in die USA sind faktisch rechtlos!
Replied in thread
Let it go, already. No one uses MobileCoin. You can’t even find an exchange to buy it.
Then why does @signalapp still have that shit in it? @Mer__edith could've pulled that #Shitcoin yet refuses to do do!
The Cloud Act is a non-issue. Signal doesn’t have data on users, so they can’t be forced to disclose it.
That's literally wrong!
- #Signal not only collects #PII in the form of a #PhoneNumher but explicitly is able and willing to use that to dsicriminate against users and restrict app functionality based off their presumed juristiction. There is no "legitimate interest" for.doing so nor any legal mandate to do so (unless we excuse the ehole #MobileCoin-#Scam!)
It’s been 30 years, and no one uses xmpp. Let it go.
Wrong again. Otherwise there wouldn't be thriving ecosystems and Apps to this day. It's just that corporate shills refuse to acknowledge that Signal - like all centralized, proprietary, #SingleVendor and/or #SingleProvider kessengers before and after - will inevitably die as their business model is not sustainable. Sake with #ICQ really. The only exceptions are those that abolish #privacy for #profit, integrate actually working payments or sellout to a #cyberfacist #government (all those apply to #WeChat!)
It’s shocking that people who claim to care about security and privacy push niche apps with terrible UX and no PFS like Delta or XMPP instead of the only private messenger with any real market share, Signal.
You know what's shocking to me: People who are unable or rather unwilling.to acknowledge that Signal is garbage and it's requirement for a #PhoneNumber kills any #privacy benefits it may have on paper by virtue of being at best pseudonymous (assuming the userd don't live in a juristiction that demands "#KYC" for even prepaid #SIM cards (ime. #Germany) or god forbid even #IMEI|s (i.e. #Turkey has a literal allowlist that'll kick any device off it's MNOs after 90 days within 365 days.
- The #UScentric approach to #privacy and #threats makes Signal absolutely useless in many cases, and I do speak here from experience.
I'd rather help people onboard #XMPP+#OMEMO like @monocles and/or @gajim or #PGP/MIME like @delta & @thunderbird (incl. setting them up with #Orbot / #TorBrowserBundle / @tails_live so their traffic gets through @torproject and doesn't provide any useable IP addresses.
- I've literally been there and done that!
As for #Sustainability, providers like https://monocles.eu finance themselves by subscriptions (starting at €2 p.m.) which people can pay fully anonymous using #CashByMail and #Monero on top of common payment methods (i.e. SEPA wire transfer)...
monocles.eumonocles searchmonocles search, powered by searx
Replied in thread
@oatmeal @aral calling it "Dual Use" when it's explicitly #Cyberfacist #Govware is like calling a Guillotine an "Industrial-Grade fruit Slicer"…
Replied in thread
@a_cubed @cascheranno @geerlingguy I think #YouTube should be forced to publish exactly what they don't like or ban from their platform, but that would result in #transparency instead of #cyberfacist uncertaintly where only people with range and connections get that #privilegue...
- But that assumes that YouTube actually cares and doesn't suffer from late stage #Enshittification syndrome...
Replied in thread
@silhouette @richi @signalapp @torproject
1. You completely miss the points! There is no "#TechnicalNecessity" to demand #PII like a #PhoneNumber - espechally for a "#privacy"-focussed messenger!
2. & 3. #Signal is able and willing to comply with #Cyberfacism and pushing a #Shitcoin (#MobileCoin) makes it trivial to criminalize the App for "illegal & unregilated banking". If #Moxie or @Mer__edith cared they'd yeet that thing (or didn't even integrate it to begin with!) to avoid the attention. And yes Signal does restrict the App functionality when using a phone number from #Russia & #Iran (among other nations), thus affecting not only those in need of safe comms but by sending a verification code to them, earmarking them for police & intelligence. Which bings.me to the 1st agrument.
4. #Tor has a stellar record in terms of stability, integrity and censorship circumvention. DIY'ing something instead if following almost two decades of solid progress is absurd and violates "don't roll your own crypto" as a rule!
5. Only with #SelfCustody can you protect your own data. Or do you really expect Staff from Signal to not talk when facing lifetime in jail? If they have the keys, they can decrypt it, thus their #E2EE is just a "#TrustMeBro!" concept. I mean, what prevents them from being forced into backdooring all comms to @icij as per #NSL? Any "guarantee" without self-custody is worthless by virtue of being unenforceable!
Signal pushing #TechPopulism instead of teaching folks that their #ComSec is worth diddly-piss wothout.#OpSec, #InfoSec & #ITsec is dangerous!
- And yes claiming "JuSt UsE sIgNaL!" is dangerous in the era of #Trump's #cyberfacist regime acting as it does (like with the #ICC)!
Not to mention there are better options that don't do that shite (i.e. demand PII) and just work. @monocles / #monoclesChat & @delta / #deltaChat for example can adapt way better to said risks and ain't run by a #VCmoneyBurningParty!
dumbfuckingweb.sitePost by sleepy silhouette, @silhouette@dumbfuckingweb.site@kkarhan@infosec.space @richi@vmst.io @signalapp@mastodon.world @torproject@mastodon.social >PII afaik the only info is that you have registered to Signal and the last time you've connected. Other services do this too, for technical reasons. >USA irrelevant given the guarantees of their E2...
Replied in thread
@JuliusGoat TBH, #DHS makes #Gestapo look like disorganized street gangsters cuz the #Nazis wished they had the #Cyberfacist data hoarding in their days and #NSAbook to track folks.
Replied in thread
@openrightsgroup you cannot fix what's inherently broken!
#OSA, like #KOSA, #FOSTA & #SESTA before, is #cyberfacist bs and everyone in favour of it should be voted out of office!
Replied in thread
@wchr and the worst part: @EUCommission et. al. signed off on #US demands for this #cyberfacist bs. re #PNR|s!
Replied in thread
@stf also don't call "#protectEU" or "#ChatControl" as anything but #Cyberfacism and the people advocating for as #cyberfacist POS that need to be stopped by any means necessary!
Replied in thread
@CCC well, #EUROPOL is full of facists that demand not mere #Govware #backdoors but front door access 24/7 and in bulk.
- I think that's not only #unconstitutional but sheer jealousy of #cyberfacist #NOBUS doctrine...
Replied in thread
@Fr333k @FritzAdalis propably...
Whatever floated #NSA's #cyberfacist boat back then (or today, cuz #PRISM never really ended. It merely got transfered over and legalized (see #CloudAct)...
Replied in thread
@signalapp It's not #disinfo when one points out that you demand #PII aka. #PhoneNumbers from Users and that is literally a architectural vulnerability, alongside your #proprietary & #Centralized #Infrastructure.
- #Signal being a #SingleVendor & #SingleProvider #Solution is literally the reason why I consider it #insecure.
Not to mention the lack of @torproject / #Tor support with an #OnionService or the willingness to fulfill #cyberfacist "Embargoes" or shilling a #Shitcoin #Scam named #MobileCoin!
- #KYC is the illicit activity!!!
And don't get me started on the #cyberfacism that is #CloudAct.
- If you were secure, criminals would've used your platform so hard, it would've been shutdown like #EncroChat and #SkyECC.
I may nit have allvthe.evidence yet, but #Signal stenches like #ANØM: #Honeypot-esque!
Replied in thread
@itsfoss yes, but only if they remove #cyberfacist, make it #FLOSS, #mandatory and choose #KISS over optics.
Replied in thread
@kernelcomments FUCK ITAR and all the #Cyberfacist crap!
Replied in thread
@ErikJonker TBH, if it was my decision every #Compamy and #Service subject to #cyberfacist regulation like #CloudAct would be banned across the #EU.
- Instead, @EUCommission is violating it's own #procurement #laws!
Replied in thread
@LeftistLawyer well, I banned #Apple a long time ago from #Procurement for backstabbing clients and being a #cyberfacist #bootlicker to the "P.R." #China: