Mastodawn

#Monero #XMR #Privacy #SelfCustody #Node

Mar 16

@hcf @dans_root @earthnewstech except both fuck up their self-hosted PGP which doesn't doesn't do real #E2EE if you don't exercise #SelfCustody of all the keys and use #PGP/MIME over #IMAP+#SMTP!

Something that @monocles does disclose in their documentation!

monocles mail - monocles Documentation

Reel Tubes Mar 16

Phoenix/Electrum mit kostenlosem Bitcoin Fulcrum verbinden – schnell & sicher auf dem Smartphone! Schritt-für-Schritt-Anleitung für mehr Privatsphäre und Self‑custody. Unbedingt ansehen! #Bitcoin #Phoenix #Electrum #Fulcrum #Privacy #SelfCustody #MobileWallet #German
https://video.it-service-commander.de/videos/watch/c640bae4-d886-4144-8a06-ed767c203da6

Phoenix / Electrum App mit Bitcoin Fulcrum Service verbinden

PeerTube

Arnold Nakamura Mar 16

Monero pruned nodes: run monerod --prune-blockchain for full verification at ~50GB instead of 170GB+. Same security guarantees, 1/3 the storage. Combined with Tor/I2P, you get maximum privacy without trusting anyone else's node. Self-sovereignty starts with your own infrastructure.

Mar 12

@mailbox_org Ich rate zu #PGP/MIME weil anders als S/MIME es nicht auf #SSL-Zertifikate und -Zertifizierungsstellen setzt, sondern 100% #SelfCustody umsetzt und #dezentral ist!

Gute #eMail - Clients wie @monocles / #monoclesMail & @thunderbird / #Thunderbird unterstützen das konsequent und unabhängig des eMail-Providers, sogar über @torproject / #Tor!

Mar 10

@lackthereof no, it's not because unlike #Phones and #PhoneNumbers, #eMail is not necessarily traceable by circumstances.

Because a Phone "Line" (regardless of whether it's POTS, ISDN, VoIP, GSM, VoLTE, …) and #telephony in general are designed for realtime communication, they inherently necessitate an active, ongoing connection.
- Even if it's just some App/PBX/… to connect to the provider and constantly state "I am on the network and able to recieve calls!" (with PSTN networks, there a physical line that gets assumed to have a phone connected)…

Whereas with eMail (and any #asynchronous #communication) you don't have that requirement.

So unless the provider is being taken over or otherwise "cooperative" there's no means for a sender to know where, when and how a message was retrieved unless the recipient wants the sender to know of it!
- Besides, even if you don't have an eMail provider like cock.li which natively supports @torproject / #Tor useage with an #OnionService, unless said provider explicitly prevents you from doing so, you can use not just Tor but also other techniques to make it extremely hard (not necessarily impossible, but at least unfeasible at scale!) to get tracked down.
- In fact, you could even use #Sneakernet - Style distribution through "#MeatProxies" and #DeadDrops (aka. #dr0p) to further twart tracing attempts.

Or to put it simple:

You can ring up someone and thus circumstantially verify the chain of #PhoneNumber -> #IMSI -> #ICCID -> #SIM -> #IMEI -> Device -> Location -> Owner quite quickly.
- Whereas you can't positively verify whether an eMail address and/or #XMPP+#OMEMO account belongs to me unless I want you to know that it does!

So either way a phone number is just a horrible means of doing that.

And don't even get me started on the fact that legally speaking noone truly owns their number.
- Because even if you got some spechal case number (like UPT was) you still depend on neither regulators nor telcos to not block or otherwise interfere with it. Which is in contrast to say an OnionService which can only be shutdown effectively by sabotage aka. (more or less figurately) "unplugging" it.

I mean, it's not as if I didn't gave @signalapp a fair chance.

I wanted #Signal to be good - honestly...
- But I'm old enough that things rarely are that simple as #TechPopulism & #Propaganda claim it to be.
- Just like 5th grade #SexEd is not a substitute for Endocrinology, Gynecology and Andrology and actually licensed, medical professionals.

So any #Messenger service that requires a #Phone Number for signup and/or useage is truly not a real replacement and inherently makes PROVEN WRONG assumptions [i.e. that it is legal and possible to obtain a phone number anonymously at someone's juristiction] about it's customers' ability to shield their privacy…

Cuz all the "#Metadata" claims of Signal are complete #MarketingLies by virtue of them storing a Phone Number and not just being (as per admission by @Mer__edith) 'hard locked-in' with #aws but also subject to #CloudAct.
They certainly are not deploying real #E2EE cuz you neither get #SelfCustody nor #SelfHosting and have to blindly trust them (aka. "#TrustMeBro!") that what they release as #SourceCode is actually what they deploy.
- It's like all those "#VPN" shillings which one cannot verify to be true or false!

THIS is why I am going fucking ballistic on #TechPopulism aiming at #TechIlliterates because it's spreading a "false sense of #security" whilst completely disregarding absolute fundamentals when it comes to the underlying systems.

And I don't mean shit like #Govware of the #SS7 kind, but absolute basics in #ITsec, #InfoSec, #OpSec & #ComSec that every @cryptoparty / @cryptoparty / #CryptoParty worth it's name touches on.
- Signal can't and won't save peoples' asses and the sooner we realize that "complex problems are hard to fix" the less we waste Resources on #HoneyPots that stench like #CrytpoAG & #ANØM!

ProtonMail Sends User IP and Device Info to Swiss Authorities.

YouTube

@kaschmir @WinFuture Merke: Anbieter wie @Tutanota und @[email protected] retten einem nicht den Arsch!

Saubere, echte #E2EE (mit #SelfCustody aller Keys!) und konsequente Nutzung von @torproject / #Tor sowie #Monero dagegen schon!
- Ehrliche Anbieter wie @monocles weisen darauf auch explizit hin!

Die Leute müssen endlich lernen, was #ITsec, #InfoSec, #OpSec & #ComSec ist!

thaddeus e. grugq on Twitter

“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”

Twitter

@mic @wesdym "well said" doesn't make it less wrong!

If you don't have sole, #SelfCustody of all the #Keys, you have neither control nor provacy!

Unless you want to make it easy to get spied upon amidst centralization!.

Kevin Karhan :verified: (@[email protected])

@[email protected] @[email protected] it's *NOT* #E2EE if you don't have 100% #SelfCustody of all the keys! - Not your keys = not your control! Otherwise we'd allow #MarketingLies like like those of #WhatsApp to be normalized, when clearly it's not the case! - If #ProtonMail was actually E2EE they'd have no keys whatsoever and be unable to provide any data access. - Kinda like @[email protected] / #deltaChat (#PGP/MIME #eMail) and any #XMPP+#OMEMO client does… https://infosec.space/@kkarhan/116186109475109526

Infosec.Space

https://infosec.space/@kkarhan/116186109475109526

@NebulaTide @wesdym it's NOT #E2EE if you don't have 100% #SelfCustody of all the keys!

Not your keys = not your control!

Otherwise we'd allow #MarketingLies like like those of #WhatsApp to be normalized, when clearly it's not the case!

If #ProtonMail was actually E2EE they'd have no keys whatsoever and be unable to provide any data access.
- Kinda like @delta / #deltaChat (#PGP/MIME #eMail) and any #XMPP+#OMEMO client does…

Kevin Karhan :verified: (@[email protected])

@[email protected] and that's why *noone* should use #ProtonMail and their shitty #PGP setup! - Only #SelfCustody and communicating solely over #Tor can help. - But @[email protected] [fucked up](https://www.youtube.com/watch?v=IeXaYR4ed9c) their #OnionService, so I'll stay with @[email protected] which at least #DontBlockTor and allow anonymous Payment options (#CashByMail & #Monero)…

Infosec.Space