Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://awawa.club/users/byte" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>byte</span></a></span> I'm gonna say it afain: <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> / <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Signal</span></a> is a <a href="https://infosec.space/tags/Honeypot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Honeypot</span></a> and they snitch on users.</p><ul><li>Why else would they demand a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a> and host their shit in spitting distance to the <a href="https://infosec.space/tags/NSA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NSA</span></a>?</li></ul><p>Calling it <a href="https://infosec.space/@kkarhan/115406314819823694" rel="nofollow noopener" target="_blank"><em>"malpractice"</em></a> would imply they <em>'didn't knew better'</em>!</p><ul><li>Remember: <a href="https://infosec.space/tags/EncroChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EncroChat</span></a> too had some <a href="https://infosec.space/tags/outage" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>outage</span></a> as well and <a href="https://infosec.space/tags/AN%C3%98M" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ANØM</span></a> was a Honeypot too...</li></ul><p>And I'm not even getting started on <a href="https://infosec.space/tags/cyberfascism" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberfascism</span></a> like <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudAct</span></a>, <a href="https://infosec.space/tags/ITAR" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITAR</span></a> & Co.</p>
musician.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon site for Musicians and people into Music
Administered by:
Server stats:
146active users
musician.social: About · Status · Profiles directory · Privacy policy
Mastodon: About · Get the app · Keyboard shortcuts · View source code · v4.5.0
#phonenumber
0 posts · 0 participants · 0 posts today
Kevin Karhan :verified:<p>Seriously, <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Signal</span></a> / <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> is bad and everyone who relies on <span class="h-card" translate="no"><a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Mer__edith</span></a></span> et. al. to not break when handed a <em>duely issued warrant</em> (or being held at gunpoint) by <a href="https://infosec.space/tags/US" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>US</span></a> authorities is as dellusional as the users of <a href="https://infosec.space/tags/AN%C3%98M" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ANØM</span></a> and <a href="https://infosec.space/tags/EncroChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EncroChat</span></a>! </p><p>There's no valid excuse to collect <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> like a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a>!</p><ul><li>And Signal being not just <em>able but entirely willing</em> to <em>"restrict services"</em> based off the presumed location of the users is just a big red flag.</li></ul><p>If they took <a href="https://infosec.space/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> seriously, they'd use <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OMEMO</span></a> over <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a> and let users have 100% <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfCustody</span></a> of all the keys as well as completely <a href="https://infosec.space/tags/decentralize" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>decentralize</span></a>, including the ability to <a href="https://infosec.space/tags/SelfHost" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfHost</span></a> on <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span>. </p><p><a href="https://www.youtube.com/watch?v=tJoO2uWrX1M&t=887s" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">youtube.com/watch?v=tJoO2uWrX1</span><span class="invisible">M&t=887s</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://hear-me.social/@Jerry" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Jerry</span></a></span> FOR WHAT FUCKIBG PURPOSE DOES <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> EVEN WANT <a href="https://infosec.space/tags/Location" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Location</span></a> DATA BUT <a href="https://infosec.space/tags/Spying" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Spying</span></a> ON IT'S USERS?</p><ul><li>Also demanding <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> like a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a> which at best is pseudonymous amd trivial to <a href="https://infosec.space/tags/deanonymize" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>deanonymize</span></a> <em>IS</em> the <a href="https://infosec.space/tags/IllicitActivity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IllicitActivity</span></a>!</li></ul><p>Also it's not even <a href="https://infosec.space/tags/FLOSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FLOSS</span></a> (why else is there no <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Signal</span></a> <a href="https://infosec.space/tags/App" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>App</span></a> on <span class="h-card" translate="no"><a href="https://floss.social/@fdroidorg" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>fdroidorg</span></a></span> ?)</p><ul><li>My verdict is that Signal - like <a href="https://infosec.space/tags/AN%C3%98M" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ANØM</span></a> - is a <a href="https://infosec.space/tags/HoneyPot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HoneyPot</span></a>… I don't have evidenye <em>- yet -</em> but so far my track record has been excellent…</li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Mer__edith</span></a></span> on a different note: Does <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> plan to actually increase it's own <a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> and <a href="https://infosec.space/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>security</span></a> by not demanding <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> like a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a>, not mandating the garbage <a href="https://infosec.space/tags/app" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>app</span></a> to have <a href="https://infosec.space/tags/CameraAccess" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CameraAccess</span></a> (which doesn't work on devices without a camera!) and actually <a href="https://infosec.space/tags/decentralizing" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>decentralizing</span></a> onto <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a>, mandating <em>real <a href="https://infosec.space/tags/E2EE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>E2EE</span></a> with <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfCustody</span></a> of all the keys</em> as well as removing the <a href="https://infosec.space/tags/Shitcoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Shitcoin</span></a> that is <a href="https://infosec.space/tags/MobileCoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MobileCoin</span></a> from it? </p><ul><li>Cuz so far <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Signal</span></a> looks as much to me like a <a href="https://infosec.space/tags/HoneyPot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HoneyPot</span></a> as <a href="https://infosec.space/tags/AN%C3%98M" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ANØM</span></a>... </li></ul><p>And it's not as if I didn't <a href="https://infosec.space/@kkarhan/114935952643402592" rel="nofollow noopener" target="_blank">try it out!</a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> you are <em>lying by omnission and technicality</em> because why else do you demand a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a> and <a href="https://infosec.space/@kkarhan/114935952643402592" rel="nofollow noopener" target="_blank">mandate users to grant access to a devices' camera</a> just to let them use more than the one device they currently use?</p><ul><li>You could've easily allowed either importing the QR-Code or offered a <a href="https://infosec.space/tags/Pubkey" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Pubkey</span></a>-ID to type in. But you chose neither…</li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.social/@stman" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>stman</span></a></span> <span class="h-card" translate="no"><a href="https://masto.hackers.town/@theruran" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>theruran</span></a></span> <span class="h-card" translate="no"><a href="https://cathode.church/@50htz" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>50htz</span></a></span> <span class="h-card" translate="no"><a href="https://social.solarpunk.au/users/vidak" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>vidak</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.net2o.de/@forthy42" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>forthy42</span></a></span> yeah, and because <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> demands both <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> in the form of a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a> nor <a href="https://infosec.space/tags/decentralized" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>decentralized</span></a> properly - including putting their <a href="https://infosec.space/tags/App" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>App</span></a> on <span class="h-card" translate="no"><a href="https://floss.social/@fdroidorg" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>fdroidorg</span></a></span> (which would necessitate it to be actually <a href="https://infosec.space/tags/FLOSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>FLOSS</span></a>!) - they are making their users vulnerable! </p><ul><li>But <span class="h-card" translate="no"><a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Mer__edith</span></a></span> knew that already, didn't she?</li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://tech.lgbt/@alex" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>alex</span></a></span> I think <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Signal</span></a> is a <a href="https://infosec.space/tags/HoneyPot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HoneyPot</span></a> and people trusting <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> or <span class="h-card" translate="no"><a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Mer__edith</span></a></span> may sooner than later find themselves in shackles than those that didn't use it (or any other service that demands <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> / <a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KYC</span></a> for no valid reason)…</p><ul><li>But that's just me acknowledging that there has never been a valid reason to demand a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a> for anything that doesn'f demand the phone network!</li></ul><p><a href="https://infosec.space/@kkarhan/114862595629371002" translate="no" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.space/@kkarhan/1148625</span><span class="invisible">95629371002</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> Then why do you demand a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a> in the first place?</p>
Kevin Karhan :verified:<p>Seriously folks:</p><p><code>1.</code> learn <em>fucking</em> <a href="https://infosec.space/tags/ComSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ComSec</span></a>, <a href="https://infosec.space/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> & <a href="https://infosec.space/tags/OpSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpSec</span></a> cuz</p><p><code>2.</code> every service that demands <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> like a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a> is inherently insecure &</p><p><code>3.</code> a lot of places criminaloze <a href="https://infosec.space/tags/anonymous" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>anonymous</span></a> <a href="https://infosec.space/tags/SIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SIM</span></a> <a href="https://infosec.space/tags/cards" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cards</span></a> & demand <a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KYC</span></a> for any Phone Number.</p><p><code>4.</code> It is your moral duty as <a href="https://infosec.space/tags/TechLiterates" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechLiterates</span></a> to foster and.normalize <a href="https://infosec.space/tags/OpenStandards" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenStandards</span></a> that are in fact secure, like <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OMEMO</span></a> & <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PGP</span></a>/MIME.</p><p><code>5.</code> there's no excuse to not use <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a> when tools like <span class="h-card" translate="no"><a href="https://infosec.exchange/@micahflee" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>micahflee</span></a></span>'s <a href="https://infosec.space/tags/OnionShare" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OnionShare</span></a> and <span class="h-card" translate="no"><a href="https://venera.social/profile/tails_live" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tails_live</span></a></span> / <span class="h-card" translate="no"><a href="https://fosstodon.org/@tails" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>tails</span></a></span> / <a href="https://infosec.space/tags/Tails" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tails</span></a> exist.</p><p><code>6.</code> <a href="https://infosec.space/tags/SourceProtection" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SourceProtection</span></a> is not negotiable!</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://tweesecake.social/@adisonverlice" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>adisonverlice</span></a></span> There are more effective means cuz one can buy literal 4-5 digit phone number blocks + inifinitely long extensions in many juristictions with nothing more than money, and it only increases the cost if onboarding/migrating and lessens privacy!</p><ul><li>Like seriously, <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> demanding a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a> puts every of their users at risk, espechally those in places like <a href="https://infosec.space/tags/Iran" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Iran</span></a>, <a href="https://infosec.space/tags/KSA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KSA</span></a>, <a href="https://infosec.space/tags/Russia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Russia</span></a> and <em>"P.R."</em> <a href="https://infosec.space/tags/China" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>China</span></a>!</li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://tweesecake.social/@adisonverlice" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>adisonverlice</span></a></span> <span class="h-card" translate="no"><a href="https://hachyderm.io/@BenjaminHCCarr" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>BenjaminHCCarr</span></a></span> personally, I see any service requesting a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a> as bad because there is never a legitimate reason to do so.</p><ul><li>Neither is it a secure way to verify against <a href="https://infosec.space/tags/bots" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>bots</span></a> nor ID <a href="https://infosec.space/tags/users" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>users</span></a>.</li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://fosstodon.org/@MurrayWindripper" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>MurrayWindripper</span></a></span> <span class="h-card" translate="no"><a href="https://infosec.exchange/@micahflee" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>micahflee</span></a></span> except <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Signal</span></a> being a <a href="https://infosec.space/tags/Centralized" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Centralized</span></a>, <a href="https://infosec.space/tags/SingleVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SingleVendor</span></a> & <a href="https://infosec.space/tags/SingleProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SingleProvider</span></a> solution that (illegally!) demands and collects <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> (<a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a>) for <em>no legitimate reason</em> makes them inherently bad.</p><p>I went into lenghts and have linked details re: <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> here:<br><a href="https://infosec.space/@kkarhan/114862595629371002" translate="no" rel="nofollow noopener" target="_blank"><span class="invisible">https://</span><span class="ellipsis">infosec.space/@kkarhan/1148625</span><span class="invisible">95629371002</span></a></p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://hachyderm.io/@dalias" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>dalias</span></a></span> <em>nodds in agreement</em>...</p><ul><li><p>I can understand it for <a href="https://infosec.space/tags/business" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>business</span></a> <a href="https://infosec.space/tags/communications" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>communications</span></a> and all the crappy <a href="https://infosec.space/tags/SaaS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SaaS</span></a> corporations use to keep their shit up and running. </p></li><li><p>Like <a href="https://infosec.space/tags/GitHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GitHub</span></a>, <a href="https://infosec.space/tags/Slack" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Slack</span></a>, <a href="https://infosec.space/tags/GoogleWorkspace" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GoogleWorkspace</span></a> and all that cringe. </p></li></ul><p>I can see why they want to push for <a href="https://infosec.space/tags/2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2FA</span></a> and have <a href="https://infosec.space/tags/business" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>business</span></a> customers mandate that for accounts cuz <em>"<a href="https://infosec.space/tags/CheckboxSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CheckboxSecurity</span></a>"</em> and stuff...</p><ul><li>But even then corporate security and supply chain security should not rely on those solely...</li></ul><p>Worst when <a href="https://infosec.space/tags/2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>2FA</span></a> doesn't allow <a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a>-friendly options like TANs and/or <a href="https://infosec.space/tags/TOTP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TOTP</span></a> / <a href="https://infosec.space/tags/HOTP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HOTP</span></a> but demand <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> like a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a>! </p><ul><li>Mandating <a href="https://infosec.space/tags/eMail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eMail</span></a> and using that for 2FA is also a shit idea...</li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://estrogen.network/@amythegay" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>amythegay</span></a></span> <span class="h-card" translate="no"><a href="https://hai.z0ne.social/@kura" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>kura</span></a></span> I'd not use that shit anyway because <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> demanding <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> in the form of a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a> <em><a href="https://infosec.space/@kkarhan/114935952643402592" rel="nofollow noopener" target="_blank">is</a> <a href="https://infosec.space/@kkarhan/114234551915193036" rel="nofollow noopener" target="_blank">the</a> illicit activity</em>...</p><ul><li>I use <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OMEMO</span></a> for 15+ years now.</li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://tweesecake.social/@adisonverlice" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>adisonverlice</span></a></span> even <em>if</em> an <a href="https://infosec.space/tags/MVNO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MVNO</span></a> isn't demanding any <a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KYC</span></a> whatsoever (i.e. <a href="https://infosec.space/tags/prepaid" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>prepaid</span></a> are offered OTC in most juristictions) it's <em>NOT</em> "<a href="https://infosec.space/tags/Anonymous" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Anonymous</span></a>" but merely <em><a href="https://infosec.space/tags/pseudonymous" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>pseudonymous</span></a></em> as it's trivial for governments to utilize existing <em>and mandtory "<a href="https://infosec.space/tags/LawfulInterception" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>LawfulInterception</span></a>" appliances</em> to create that <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> chain.</p><p><a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a> <=> <a href="https://infosec.space/tags/ICCID" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ICCID</span></a> (<a href="https://infosec.space/tags/SIMcard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SIMcard</span></a>) <=> <a href="https://infosec.space/tags/IMSI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IMSI</span></a> (SIM profile) <=> <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IMEI</span></a> (Phone/...).</p><p>So if <a href="https://infosec.space/tags/Anonymity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Anonymity</span></a> is important, <em>NONE</em> of these details have to be linked somehow even circumstantial.</p><ul><li><p>Bought/paid for the phone/SIM/ a single top-up with ec/CC/PayPal/SEPA/… = busted due to circumstantial connection.</p></li><li><p>Use the SIM in any device? Consider them <em>circumstantially connected</em> forever: <a href="https://infosec.space/tags/ICCID" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ICCID</span></a> <=> <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IMEI</span></a>.</p></li><li><p>Same applies to <a href="https://infosec.space/tags/eSIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eSIM</span></a>|s: <a href="https://infosec.space/tags/EID" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>EID</span></a> <=> <a href="https://infosec.space/tags/ICCID" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ICCID</span></a> <=> <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>IMEI</span></a>.</p></li></ul><p>Add to the fact that most places have <a href="https://infosec.space/tags/CCTV" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CCTV</span></a>, and assume that they'll keep recordings for the <em>maximum permissible duration</em> if not longer and oftentimes even use questionable cloud services and you get the picture.</p><ul><li>I.e. in Germany the maximum permissible storage duration is 72 hours (<em>if nothing hapoens that warrants a longer storage i.e. burglary/theft/robbery/arson/...</em>) so anonymous top-ups would necessitate paying cash at a place one's not been known at (i.e. some kiosk) and waiting at least >72 hours (and checking on the purchase location) before redeeming the top-up code (i.e. dialing <code>*104*1234567890123456#</code> )...</li></ul><p>So any <a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a>-based service should <em>never ever & under no circumstances</em> demand a Phone Number!</p><ul><li><p>Instead any privacy-focussed service should use <a href="https://infosec.space/tags/OnionServices" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OnionServices</span></a>, host their own <a href="https://infosec.space/tags/OnionService" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OnionService</span></a> or at least <a href="https://infosec.space/tags/DontBlockTor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DontBlockTor</span></a> and allow users to use it via <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a> to use and signup. (But don't forget circumstantial connections there either!)</p></li><li><p>Also the less details they want or store and the least traffic they generate the harder it is to correlate traffic & users.</p></li></ul>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://birdbutt.com/@aetus" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>aetus</span></a></span> so basicaly like <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>monocles</span></a></span> / <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monoclesChat</span></a> but.demanding <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> (<a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a>) for <a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KYC</span></a> and not providing actual <a href="https://infosec.space/tags/E2EE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>E2EE</span></a> with real <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfCustody</span></a> of all the keys!</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://tweesecake.social/@adisonverlice" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>adisonverlice</span></a></span> <span class="h-card" translate="no"><a href="https://piraten-partei.social/@nick" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>nick</span></a></span> Personally, I think that <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> is just a <a href="https://infosec.space/tags/Honeypot" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Honeypot</span></a> like <a href="https://infosec.space/tags/AN%C3%98M" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ANØM</span></a>:</p><ul><li>Cuz the lack of consequences re: rampant (by vortue of being statistically inevitable!) abuse lets me believe they have their shit backdoored jist for <em>"compliance"</em> reason...</li></ul><p>If <span class="h-card" translate="no"><a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Mer__edith</span></a></span> / <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Signal</span></a> were pro-<a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> they'd not demand a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a> to begin with or expect people to have cameras in their Android devices...</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://tweesecake.social/@adisonverlice" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>adisonverlice</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> again: <a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>KYC</span></a> <em>is</em> the illicit activity and demanding <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> and/or sending confirmation <a href="https://infosec.space/tags/SMS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SMS</span></a> is inherently bad.</p><p>Compared to i.e. <span class="h-card" translate="no"><a href="https://chaos.social/@delta" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>delta</span></a></span> / <a href="https://infosec.space/tags/deltaChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>deltaChat</span></a> or <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>monocles</span></a></span> / <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monoclesChat</span></a> it's already a no-go to demand a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a>, and the latter one is actually <a href="https://infosec.space/tags/sustainable" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sustainable</span></a>.because it's paid for by users and not a <a href="https://infosec.space/tags/VCmoneyBurningParty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VCmoneyBurningParty</span></a>!</p>
Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://tweesecake.social/@adisonverlice" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>adisonverlice</span></a></span> the fact that <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> demands <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> like a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a> for <em>no "legitimate reason!</em> whatsoever already makes them noncompliant woth <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudAct</span></a> and thus failing my <a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a> test!</p>
Kevin Karhan :verified:<p>Anyone who expects me to install <a href="https://infosec.space/@kkarhan/114862595629371002" rel="nofollow noopener" target="_blank">yet another app</a> for their garbage can kindly <em>fuck off</em>!</p><ul><li>Fix your shit and give me a compelling reason to even consider making an account in the first place.</li></ul><p>I won't but seeing folks who actually take privacy serious and thus have their <a href="https://infosec.space/tags/cameras" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cameras</span></a> removed from their <a href="https://infosec.space/tags/Android" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Android</span></a> device struggle makes me fucking angry.</p><ul><li>By comparison: <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>monocles</span></a></span> / <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monoclesChat</span></a> has actually good <a href="https://infosec.space/tags/support" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>support</span></a> and they don't ask for <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> like a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a> and allow for <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfCustody</span></a> of all the keys.</li></ul><p>Personally, I wished <span class="h-card" translate="no"><a href="https://chaos.social/@delta" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>delta</span></a></span> / <a href="https://infosec.space/tags/deltaChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>deltaChat</span></a> had a plugin for like <span class="h-card" translate="no"><a href="https://mastodon.online/@thunderbird" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>thunderbird</span></a></span> / <a href="https://infosec.space/tags/Thunderbird" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Thunderbird</span></a> so that it can be used as <a href="https://infosec.space/tags/Chat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Chat</span></a> in it and sort the inbox. Would make it the superior solution for <a href="https://infosec.space/tags/corporations" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>corporations</span></a> that already have <a href="https://infosec.space/tags/eMail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eMail</span></a> <a href="https://infosec.space/tags/Archival" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Archival</span></a> setup for legal compliance…</p>
TrendingLive feeds
Mastodon is the best way to keep up with what's happening.
Follow anyone across the fediverse and see it all in chronological order. No algorithms, ads, or clickbait in sight.
Create accountLoginDrag & drop to upload