Show threadKevin Karhan Mar 27

@pixelcode @taylan Your nonchalant "So what?" gets people publicly murdered by the state in many juristictions...

  • Which is why there is no substitute to teaching proper #TechLiteracy ffs!

If things were so easy as in "JuSt UsE sIgNaL!" then @signalapp would be shut down.

If you do think so then you should really get some professional help, cuz you seem rather lost...

  • #Signal doesn't even bother to have an #OnionService, much less to provide means to use their service without self-doxxing with a #PhoneNumber, which at best is pseudonymous and requires money to attain and maintain...

It's #centralization is an absolute nightmare and mist be deemed as criminally neglectful!

Pixelcode 🇺🇦 (@pixelcode@social.tchncs.de)

@kkarhan@infosec.space @taylan@feministwiki.org For every messenger there's the risk of someone finding out that you use that messenger (for example when you download the app without a proxy or when you rent a server for self-hosting). So what? Nothing and no one stops you from voluntarily using Tor to connect to Signal (Orbot, InviZible, Advanced Privacy etc.). For those oppressed by authoritarian regimes, Signal offers easy-to-use censorship-circumvention proxy support built into the app. https://support.signal.org/hc/en-us/articles/360056052052-Proxy-Support

Mastodon
Show threadKevin Karhan Feb 12

@Zoll wisst ihr was deutlich effektiver wäre?

Wenn das Zeug #legal kontrolliert abgegeben würde (bspw. #Apotheke) denn dann würden die Leute sich nicht Dreck reinkloppen sondern sauberen Stoff haben und #OrganisierteKriminalität ginge leer aus.

Cc: @Bundesregierung @bmg@social.bund.de

Apropos "Hinweise aus dem Ausland", wird interessant wie das so #rechtstaatlich aussieht...

Show threadKevin Karhan Feb 6

@steeps @vultureculture @signalapp

#InconvenientTruth is inconvenient!

Cuz when push comes to shove @Mer__edith will talk - they always do!

But hey, feel free to take the gamble if you believe the #christofacist #Trump-Regime won't target you sooner or later.

#Cyberfacism

thaddeus e. grugq on Twitter

“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”

Twitter
Show threadKevin Karhan Feb 4

@sparfindig @silvan @nakal @kuketzblog

Nehmt mich raus - es ist sinnlos mit digitalen Flacherdlern zu diskutieren...

Die Leute von der #CryptoAG vertrauten auch sich selbst...

https://www.youtube.com/watch?v=jagiJ9YAqto
https://www.youtube.com/watch?v=VWImO1Qz4Zo
https://www.youtube.com/watch?v=pOkNrvB63pc

Und die Leute bei #ANØM verkauften sich auch als absolut sicher....

https://www.youtube.com/watch?v=qq9wnMXvgOc
https://www.youtube.com/watch?v=f6FRIDG8TPY

Streng geheim! Cryptoleaks. Die große BND und CIA Spionage | ZDFinfo Doku

YouTube
Show threadKevin Karhan Feb 2

@mortn @kyleirl @Andres@mastodon.hardcoredevs.com @spycrab @shipwreckt @Mer__edith

#FACT:

#ToldYaSo guys!

#ProTip: Use #XMPP+#OMEMO!
https://infosec.space/@kkarhan/113932376762056036

We Tried Signal's MobileCoin So You Never Have To...

YouTube
Show threadKevin Karhan Jan 23

@sylv_a personally, I'd recommend #XMPP+#OMEMO (and #PGP/MIME - encrypted #eMail) for real #E2EE with #SelfCustody of Keys as well as actual #decentralization.

Cuz I noone's gonna risk jailtime for (non-paying!) users - it at all…

In fact I'd call U.S. MIL/INTEL as "criminally incompetent" if they didn't manage to plant multiple people inside @signalapp / #Signal or any other single-vendor / single-provider messenger.

Personally, solutions like Signal & #Threema have a stench like #CryptoAG / #MINERVA / #Rubikon and #ANØM / #OperationIronside / #OperationTrøjanShield.

By contrast: #OpenStandards like XMPP+OMEMO & PGP/MIME are independently verifyable and not dependent on on a single individual/organization for maintenance/survival/implementation/development.

Personally I'd still recommend @monocles / #monocles with #monoclesChat & #gajim...

thaddeus e. grugq on Twitter

“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”

Twitter
Show threadKevin Karhan Jan 21

@anelki the only ones that believe in "#SecureEmail" after #DNMX, #SkyECC, #EncroChat, #ANØM aka. #OperationIronside aka. #OperationTrøjanShield are #TechIlliterates!

Use #OfflinePGP-Method or @tails_live / @tails / #Tails or don't even bother!!!

- YouTube

Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.

Show threadKevin Karhan Jan 5

@zeank @MastoDenunzianten und wenn der Server ein #OnionService auf @torproject ist, gibt's nichtmals IP-Addressen!

So wie #ANØM aka. #OperationIronside aka. #OperationTrøjanShield...

Kevin Karhan :verified: (@kkarhan@infosec.space)

@MastoDenunzianten@vivaldi.net *EXAKT DAS* ist die *FALSCHE VORSTELLUNG!* - Ein #zentralisiertes, #SingleVendor & #SingleProvider - System wird *IMMER* #Govware-#Backdoors haben weil es dazu verpfklchtet werden kann. - Ohne #CloudAct-*"Compliance"* wäre @signalapp@mastodon.world seit langem abgeschaltet (wie #EncoChat) und @Mer__edith@mastodon.world im Knast! #XMPP+#OMEMO & #PGP/MIME sind dagegen offene #Standards die anders als #Threema, #Signal, #WhatsApp, #Telegram & Co. komplett auditierbar sind und *KEINE* #PII (Personen-Identifizierbaren Informationen) verlangen. - Vertraust nicht @monocles@monocles.social / [monocles chat](https://monocles.chat) als Betrieiber? Kein Problem: Gibt [drölfzig andere](https://github.com/greyhat-academy/lists.d/blob/main/xmpp.servers.list.tsv) und kannst #SelfHosting machen! - Vertraust nicht #moniclesChat oder @gajim@fosstodon.org / #Gajim als Clients? Auch hier gibt's [diverse Alternativen](https://alternativeto.net/feature/xmpp/) und wenn der #Aluhut zu eng ist, bauste halt alles selbst. Wohingegen der #BND & #CIA berühmt sind für die Faktischer Eigentümerschaft und Unterwanderung einzelner Hersteller die #proprietär|e #SingleVendor & #SingleProvider-Lösubgen verkaufen. - Konkrete Beispiele: #CryptoAG aka. #MINERVA / #Rubikon und #TextLite welche via #Phllips plattgemacht wurden…

Infosec.Space
Kevin Karhan Jan 4

@zdl @evacide that any the fact that @signalapp is incorportated in the #USA, making them susceptible to #GDPR & #BDSG-incompatible #cyberfacist bs like #CloudAct.

Remember: #KYC IS THE ILLICIT ACTIVITY when it comes to #Communication!

Compare that to @monocles / #monoclesChat which don't demand any PII or KYC and allow people to pay for their services with #Monero and #CashByMail besides #SEPA #WireTransfer, #Stripe & #PayPal whilst supporting both decentralization (#XMPP is not a #SingleVendor / #SingleProvider solution!), implementing real #SelfCustody (#OMEMO, #OTR & #PGP is supported out of the box) for all the keys, and proper #Anonymitiy (using @torproject / #Tor & @guardianproject #Orbot for #privacy), so in case they ever get a duely sumitted warrant by a court they'd have to comply with, they'll most likely have no data whatsoever on clients that could allow identification.

  • And that is a good thing, because whilst very unlikely, one cannot exclude the non-zero chance of i.e. #MLAT|s being filed with knowingly false information by 3rd countries.

Also having no PII is a matter of reducing #liability in the sense of #DataProtection: All data requested and by #monocles is the bare minimum mandated for #accounting (i.e. only linking a payment like a #TxID / Transaction-ID to an account and then adding up validity/activation period).

Kevin Karhan Dec 4, 2024

Natürlich ist #OrganisierteKriminalität nicht dumm...

Dementsprechend löst weder der #EncroChat-Bust noch #ANØM aka. #OperationIronside aka. #OperationTrøjanShield das Problem, denn das sind Modalitäten und Incentives.

  • Also passiert das was vorauszusehen ist: Aufrüstung und Paranoia...

Dafür muss mensch weder OK noch -Ermittler*in sein, sondern einfach nur den Raum lesen können...

https://www.youtube.com/watch?v=fZO0qz3e8KI

Trotz EncroChat-Hack: So eskaliert die Drogenkriminalität in Deutschland | STRG_F

YouTube