Mastodawn

Scott Wilson

@scottwilson@infosec.exchange

363 Followers

379 Following

90 Posts

27+ year information security “professional”.
 I like non-alcoholic #beer, #gardening and yardwork, playing guitar, and reading #books (mystery, thriller, suspense, #scifi, fantasy, astrophysics, and cosmology).

Stage IIIB #ColorectalCancer survivor.
 I'm a middle-aged, middle class Christian, husband, dad, doggy-daddy, and friend. I’m supporter of #LGBTQIA rights, a #BlackLivesMatter advocate, a believer in #TransRights and proponent of equality. I support #Ukraine.

Only hand-crafted, artisanal memes.

Posts are on auto-delete (1 week).

Home Page	https://bscottwilson.com
Code	https://codeberg.org/bswilson

Scott Wilson 14h ago

SaraMG 🏳️‍🌈15h ago

I love a good mansplain smackdown.

Scott Wilson 14h ago

like #hotsauce?
like the small batch, locally made stuff?

https://ravenholmspices.etsy.com

^^ made right here in #sandiego

i made a new coupon code - JULY4TH - a full 20% off your entire order.

and if youre feeling spendy, please loot the shop - the sooner I clear out the current inventory, the sooner i can get started on #nopesauce v6 - where the sweetener will be pineapple instead of mango, and it'll be chorizo mode >:D

sale goes til June 30th, so you can have it in time for the 4th!

Scott Wilson 15h ago

SANS Internet Storm Center - SANS.edu - Go Sentinels!15h ago

Don’t Make it Easier than it Already is…..Default Passwords [Guest Diary] https://isc.sans.edu/diary/32054

Scott Wilson 15h ago

Y’all are close, so close…

What’s missing is, I’M ALL OUT OF NOPESAUCE!!!

Time to place an order with @Viss and Ravenholm Spices!

https://www.etsy.com/shop/RavenholmSpices

RavenholmSpices - Etsy

Shop Stuff bordering that near-panic heat level :D by RavenholmSpices located in San Diego, California. Smooth shipping! Has a history of shipping on time with tracking. Rave reviews! Average review rating is 4.8 or higher

Etsy

Scott Wilson 15h ago

Who can detect what’s wrong with this picture (what’s missing)?
#food

Scott Wilson 17h ago

TUESDAY CAGE MATCH ACTION CHOOSE YOUR FIGHTER

ROUND 1

SCOTT VS. MULCH

ROUND 2

SCOTT VS. TENABLE

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

OK I won round 1, but did not win round 2. 🥲

#tenable #mulch #infosec

Scott Wilson 21h ago

HalvarFlake 22h ago

Scott Wilson 21h ago

TechCrunch 1d ago

Mastodon updates its terms to prohibit AI model training
https://techcrunch.com/2025/06/17/mastodon-updates-its-terms-to-prohibit-ai-model-training/?utm_source=flipboard&utm_medium=activitypub

Posted into Latest TechCrunch Stories @latest-techcrunch-stories-Techcrunch

Mastodon updates its terms to prohibit AI model training | TechCrunch

Days after Elon Musk-owned X updated its terms to explicitly prohibit AI model training, decentralized social network Mastodon updated its own rules to bar any kind of model training, as well.

TechCrunch

Scott Wilson 21h ago

BSides RDU 1d ago

Don't forget, get your BSides RDU tickets now for $35 before the price goes up on 8/1!
https://www.eventzilla.net/e/bsidesrdu-2025-2138649409

BSidesRDU 2025

BSides RDU 2025 will be at the NC State University's McKimmon Center (free parking).See our…

Eventzilla

Scott Wilson 1d ago

infosystir 1d ago

THIS JUST IN!!!

Mental Health Hackers will be working in partnership with @blueteamvillage at #DEFCON this year to provide a quiet conversations room.

You can expect:
- To find other likeminded individuals talking about all things defensive security.
- Mental health peer support, information, and giveaways
- Content, presentations, and group sessions relating to mental health in tech

We would like to welcome our first sponsor for this partnership! @limacharlieio

×

Meredith Whittaker 2d ago

Use Signal. We promise, no AI clutter, and no surveillance ads, whatever the rest of the industry does. <3

Sexy Techy 𝕐 2d ago

@Mer__edith Not accessibility wise

Nick Silkey 🪓🪵 🪣💧2h ago

@Techgirl1232 @Mer__edith lean in. Use it where you can. Talk about your experience on accessibility. Feedback the only way anything improves amongst us humans. It demonstrably works. It's how we have built everything together. We can do so much together. ✌️💙

Shawn Webb 2d ago

@Mer__edith Use Signal. Use Tor. Use Signal behind Tor. :-)

Cdrik ⏚🌻2d ago

Thanks for sharing @Mer__edith

Do you have a link ?

Alexandre 2d ago

@Bristow_69 @Mer__edith Probablement ces 2 liens / These 2 links https://about.fb.com/news/2025/06/helping-you-find-more-channels-businesses-on-whatsapp/ https://techcrunch.com/2025/06/16/whatsapp-is-adding-ads-to-the-status-screen/

Helping You Find More Channels and Businesses on WhatsApp

We're introducing channel subscriptions, promoted channels and ads in Status to WhatsApp's Updates tab.

Meta Newsroom

Blue Luma 1d ago

@Bristow_69 @Mer__edith probably https://noyb.eu/en/whatsapp-getting-ads-using-personal-data-instagram-and-facebook

WhatsApp is getting ads using personal data from Instagram and Facebook

Meta is expanding its ads business on WhatsApp using your data from Instagram and Facebook

noyb.eu

@Bristow_69 Signal's account is linked in her profile, and that has a link.

Martin Rocket 8h ago

@Bristow_69 There you go: https://noyb.eu/en/whatsapp-getting-ads-using-personal-data-instagram-and-facebook
The screenshot by @Mer__edith shows an article by @noybeu

https://mastodon.social/@noybeu/114693494985013191

WhatsApp is getting ads using personal data from Instagram and Facebook

Meta is expanding its ads business on WhatsApp using your data from Instagram and Facebook

noyb.eu

I know. #Signal is #fantastic and #adfree. Forget #Whatsapp !

Cassandrich 2d ago

@Mer__edith And you can also promise not being owned by nazis with VC brainworms looking for the first opportunity to sell out their users. Unlike SimpleX.

Please, if you can, try to focus on some of the selling points they're using to dupe folks onto their platform, some of which really matter (like anonymous sign-up).

aburka 🫣1d ago

@dalias @Mer__edith The ability to use my signal account on a burner phone would be amazing (and obviously technically feasible, since the desktop app exists)

@aburka 🤔
Interesting, I can see a (legitimate) use case for that, like travelling to certain countries where they feel the excessive need to search your phone.

An option to limit the address book and chat sync, managed from your main device, could be useful in that scenario too.

@dalias @Mer__edith

#Signal #SignalApp

Penelope Gwen 🏳️‍⚧️1d ago

@aburka
If you mean adding your burner phone as a linked device to your Signal account, I've been able to use the Molly client on Android to achieve this

aburka 🫣1d ago

@pogmommy nice, hadn't heard of Molly but will look into it. Not entirely sure how to feel about unofficial signal software... witness the US govt's usage of a signal client that was MITMing all the comms. Of course they did that on purpose but a malicious client could do the same

Penelope Gwen 🏳️‍⚧️1d ago

@aburka don't blame you at all. All I've seen about Molly seems to indicate high safety/security- it appears to be well-regarded in the grapheneos forums/community. Its selling point is being a hardened fork of the official Signal client, featuring things like at-rest encryption, ram wiping, etc. And if you install Molly-foss (the only version available in Accrescent store) it replaces proprietary blobs that Signal depends on for notifs/location services with secure, open-source alternatives.
their website is https://molly.im & the link to the project's git repo is https://github.com/mollyim/mollyim-android
fwiw, I'm not a dev or contributor to the project, just a satisfied user. definitely look into it yourself before trusting it with your data & access to your signal account.

Molly

Molly is an improved Signal app for Android

aburka 🫣23h ago

@pogmommy high regard by grapheneos users is a strong recommendation!

@dalias @Mer__edith I'd prefer it without the cryptocurrency bullshit too.

maybe official clients for operating systems not controlled by google or apple

CC: @dalias@hachyderm.io @Mer__edith@mastodon.world

👊🇺🇸🔥9h ago

@mansr @dalias @Mer__edith It's just a wallet. Don't turn it on and you'll never see it.

@Avitus @mansr @dalias @Mer__edith Proof: I use Signal and have no idea what they're talking about. 😅

@kaiserkiwi @Avitus @dalias @Mer__edith This: https://support.signal.org/hc/en-us/articles/360057625692-In-app-Payments

@Avitus @dalias @Mer__edith Any association with cryptocurrency is suspicious.

Blue Luma 1d ago

@dalias @Mer__edith can you share a link about this please ?

Cassandrich 1d ago

@blueluma @Mer__edith See the links from the post I'm replying to here: https://hachyderm.io/@dalias/114631010411924253

Beware: vile transphobic comments if you click thru to the birdchan link. I've intentionally linked to a point where folks can navigate to it but won't inadvertently open it up without several click-thrus.

Cassandrich (@dalias@hachyderm.io)

@Ember@blobfox.coffee Thanks for the citation. For those who don't need to actually see the vile receipts (don't click thru unless you really do), the lead dev of SimpleX posts vile shit on birdchan (of course) in favor of abuse of trans children. DO NOT USE SIMPLEX. DO NOT PROMOTE SIMPLEX. CALL FOLKS OUT WHEN THEY DO.

Hachyderm.io

Anne Ominous 2d ago

should i turn off push motifications for Signal to make it even more secure?

Derek Morr 1d ago

@rustoleumlove @Mer__edith message content isn't included in Signal's push notifications.

Anne Ominous 1d ago

yet, i can see that content in the notification.

Mehdi Kharraz 1d ago

@rustoleumlove @derekmorr From my understanding, Signal's push notifications just act as a way to wake up the device. Then, the app fetches the encrypted content from Signal's server, decrypt it locally, and generate a local notification with the decrypted content.

Anne Ominous 1d ago

thank you so much for that explanation.

Derek Morr 1d ago

@imkh @rustoleumlove that's right. The push notification had an empty body. So all Google or Apple sees is that you got a message on Signal at a certain time.

👊🇺🇸🔥9h ago

@rustoleumlove @derekmorr Meredith addressed this 18 months ago https://mastodon.world/@Mer__edith/111563865413484025

Meredith Whittaker (@Mer__edith@mastodon.world)

PSA: We've received questions about push notifications. First: push notifications for Signal NEVER contain sensitive unencrypted data & do not reveal the contents of any Signal messages or calls–not to Apple, not to Google, not to anyone but you & the people you're talking to. 1/

Mastodon

Rosbeef Andino 1d ago

@rustoleumlove @Mer__edith #molly from @fdroidorg . you can self host #ntfy and #mollysocket simply with @yunohost to get selfhosted notification service.

@Mer__edith
Or better yet, use decentralized Software.

@zwecki @Mer__edith What do you recommend as a decentralized, privacy aware chat app, available on all major platforms?

florian_a 21h ago

@gatogatogato @zwecki @Mer__edith Matrix is great (@matrix). Although Signal remains the gold standard for encryption.

Claudius 19h ago

@zwecki I'd be open to suggestions as long as it's not the dumpster fire that is called Matrix/Element.

@claudius I guess XMPP? 😅😬 @zwecki

Sebastian "spaetz" Spaeth 10h ago

@claudius works fine here 🙂

👊🇺🇸🔥9h ago

@zwecki @Mer__edith They did that once. It didn't go well.

"In May 2016, Moxie Marlinspike wrote that federation with the CyanogenMod servers had degraded the user experience and held back development, and that their servers will probably not federate with other servers again."

Moxie also did an entire presentation about why it's inferior: https://www.youtube.com/watch?v=DdM-XTRyC9c

36C3 - The ecosystem is moving

YouTube

Fritz Adalis 2d ago

@Mer__edith @Viss
While I appreciate the overall sentiment, "no surveillance ads" seems oddly specific, like something is in the pipeline that needs that wording.

Matthew Sainsbury 1d ago

@FritzAdalis @Mer__edith @Viss https://i.kym-cdn.com/photos/images/newsfeed/002/659/979/108.png

Fritz Adalis 1d ago

@mattsains @Mer__edith @Viss
Eh, maybe. I hope it's nothing and I'm just being a jerk.

kainisenni 1d ago

@FritzAdalis
I think that Signal's requests for donations can count as ads, hence the wording. If they were planning something evil they'd just lie.
@Mer__edith @Viss

Fritz Adalis 1d ago

@kainisenni @Mer__edith @Viss
I mean Mozilla didn't when they finished jumping the shark, they could have left in "we'll never sell your data" and claimed it was an oversight when they got caught.

Francesco 2d ago

@Mer__edith How’s that DMA interoperability with WhatsApp coming along? Will people ever be able to use whatever app they want without worrying about network effects?

@Mer__edith could you move the foundation outside the USA?

Derek Morr 1d ago

@aroom @Mer__edith what jurisdiction would you prefer?

Alessandro Corazza 🇨🇦1d ago

@derekmorr @aroom @Mer__edith Germany would be a good fit. Signal remaining in the US sends very negative signals to the rest of us. If Signal weren't centralized it wouldn't be a problem, but...

@derekmorr @Mer__edith no idea. That was a legit question tho. Would it be possible financially wise? And is it simply possible?

@derekmorr @aroom @Mer__edith A juridiction not under cloud act and compliant with GDPR for example.

@Mer__edith just some crypto coin integration, because that was super necessary

@kolya @Mer__edith Yeah, that doesn't at all sound shady.

CpyJx 🍉1d ago

We can critique the implementation, but integrating crypto aligns with Signal's core mission: "to protect free expression and enable secure global communication through open-source privacy technology".

Just as cash enables private, in-person transactions, privacy-focused cryptocurrencies can support secure, anonymous digital payments. Similarly, end-to-end encrypted chats are the digital counterpart to private, face-to-face conversations.

Source: https://signalfoundation.org/en/

Signal Foundation

Protecting free expression and enabling secure global communication through open source privacy technology.

Signal Foundation

@Cappyjax it's a chat app FFS. it doesn't need a mission statement to begin with. it's supposed to do one thing. and it ain't crypto.

CpyJx 🍉1d ago

It's cool you don't think they need one, but its basically a requirement for tax-exempt non-profits– Source: https://nonprofitlawblog.com/purpose-statement-articles-of-incorporation-nonprofit-charitable-corporation/

Look up any 501(c)(3) non-profit org, they all have one: https://501c3lookup.org/

Here's a list of 17 mission statements for easy perusing: https://donorbox.org/nonprofit-blog/mission-statement-examples

The benefits of a privacy-enabling crypto is well within their scope. That it didn't work well, was implemented poorly, or take off is irrelevant to the discussion. Be mad at something else.

Purpose Statement – Nonprofit Articles of Incorporation

A charity’s articles of incorporation must limit the corporation’s purposes to one or more of the exempt purposes set forth in Section 501(c)(3) of the Internal Revenue Code: “rel…

Nonprofit Law Blog