Kevin Karhan 
Imagine This:
You are security researcher
You don't have a #PGP pubkey nor #XMPP+#OMEMO setup
You insist on using #Signal and/or #Telegram and/or #ProtonMail
What are you?
- An #ITsec - #Cosplayer??
Seriously folks:
1. learn fucking #ComSec, #InfoSec & #OpSec cuz
2. every service that demands #PII like a #PhoneNumber is inherently insecure &
3. a lot of places criminaloze #anonymous #SIM #cards & demand #KYC for any Phone Number.
4. It is your moral duty as #TechLiterates to foster and.normalize #OpenStandards that are in fact secure, like #XMPP+#OMEMO & #PGP/MIME.
5. there's no excuse to not use @torproject / #Tor when tools like @micahflee's #OnionShare and @tails_live / @tails / #Tails exist.
6. #SourceProtection is not negotiable!
Which reminds me...
@cryptoparty do you have any events planned soon?
Blue Luma@kkarhan I do differentiate privacy and security, and asking for a PII is about privacy I think, am I wrong ?
I am not saying both aren't correlated, as in point 3., in places privacy are criminalized this is about security too
@blueluma #privacy and #security are inherently intertwined.
- Anything that reduced privacy also reduces security and every good security system will have privacy not just as a cornerstone, but foundation.
There is no legitimate reason to demand any #PII when there's neither legal mandate (i.e. #KYC / #AML) nor risk of fraud (i.e. #prepaid services).
- Heck, #Signal as a #VCmoneyBurningParty doesn't even offer any "#subscription" whatsoever!
@kkarhan there are not many private free instant messaging open-source non-vcfunded app sadly š
@blueluma well, there are #OpenStandards that are truly #decentralized and allow for real #E2EE without bs.
#XMPP+#OMEMO as offered by @monocles and useable through many clients like #monoclesChat, @gajim / #gajim, @pidgin / #pidgin and many more.
#PGP/MIME as implemented by @delta / #deltaChat & @thunderbird / #Thunderbird work fine.
@kkarhan I kind of don't like adding overlay over old protocol like OMEMO. I prefer when a protocol is always secure by default for everything, but that's just my opinion.
Also, PGP seems to have some limitations : https://en.m.wikipedia.org/wiki/Pretty_Good_Privacy#Limitations ?
@kkarhan doesn't ProtonMail use / can use PGP ?
@blueluma if you use #ProtonMail's #PGP "Service" you literally give them control over your messages.
- Given that they have a history of snitching on users, I'd not even trust them to reliably store, send and recieve eMails to begin with.
