Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
freiburg.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Ein Mastodon-Server für Freiburg und Umland betrieben durch den Verein freiburg.social e.V.: https://wir.freiburg.social

Administered by:

Server stats:

534
active users

freiburg.social: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.4

#bdsg

0 posts0 participants0 posts today
Replied in thread
Public
Kevin Karhan :verified:

@signalapp no it's not.

Being a #centralized, #SingleVendor & #SingleProvider solution subject to #CloudAct makes you inherently vulnerable by your own choice and thus trivial to shutdown compared to real #E2EE with #SelfCustody of all the keys and true #decentralization as well as #SelfHosting (i.e. #PGP/MIME [see @delta / #deltaChat et. al.] and #XMPP+#OMEMO [see @monocles / #monoclesChat et. al.]!)

And don't even get me started on you collecting #PII (espechally #PhoneNumbers) for no valid reason, (thus violating #GDPR & #BDSG)...

But yeah, I'll be patient to shout "#ToldYaSo" to your annoying cult of fanboys!

YouTubeWe Tried Signal's MobileCoin So You Never Have To...By Techlore
#toldyaso
Public
Dr. Datenschutz

Datenschutzrecht: Wichtige Gesetze & ihr Verhältnis im Überblick

Auf den ersten Blick ist die Datenschutz-Grundverordnung mit ihren 99 Artikeln ein für juristische Verhältnisse kompaktes Gesetz. Doch wer nun glaubt, dass sich allein mit einem Blick in die DSGVO alle Fragen des Datenschutzrechts klären lassen, irrt. Neben der DSGVO existieren zahlreiche weitere na(...)
dr-datenschutz.de/datenschutzr

Dr. DatenschutzDatenschutzrecht: Wichtige Gesetze & ihr Verhältnis im Überblick
More from Dr. Datenschutz
#BDSG#Fluggastdaten#Gesetz
Replied in thread
Public
Kevin Karhan :verified:

@Sturmflut @fabiscafe @vkc

Or to put it more on the nose: You can be certain that i.e. @Mer__edith of @signalapp will talk cuz she can't pull the 5th on behalf of a user and won't go to jail for any of them.

Whereas if i.e. @monocles (or any #XMPP provider) got sent an order (and just like #Signal they'd comply if done so duely through legal channels, which is way harder in #Germany than the #USA cuz #GDPR & #BDSG & #LawfulInterception being way stricter than #CloudAct), if users used #OMEMO or #PGP/MIME, they (or any other provider) literally can't decrypt even when held at gunpoint, because asymetric public-private cryptography was literally designed to not be breakable unless someone managed to MITM comms from the first contact and any verification.

  • Which is unlikely to impossible unless one's able to literally isolate and manipulate all comms and means to communicate of at least one party, at which point they'd already have warrants to search everything and don't even bother to try MITMing comms but instead kick in doors.

But that's a totally different subject of #OpSec & #InfoSec, not #ComSec & #ITsec on it's own...

Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”
Replied in thread
Public
Kevin Karhan :verified:

@olifantenbaer @admin ja und deshalb habe ich noch keine*n Anwält*in gefunden die #Office365 oder #Windows11 als "#DSGVO-konform" geschweige denn "#BDSG-konform" bezeichnen würden und für die Folgen geradestehen würde!

  • Bin mir sicher @privacyDE wird auch keine*n Finden die sich dss Risiko aufbürgen...

legal.social/@privacyDE/114143

Legal.SocialKirsten Bock💫 (@privacyDE@legal.social)fun fact: die Stellungnahmen der Aufsichtsbehörden im #Datenschutz sind Auslegungshilfen. Sie sind nicht zu verwechseln mit der Rechtsauslegung durch Gerichte. Die Stellungnahmen sollen Anhaltspunkte für die Auslegung der Norman und Leitlinien Unterstützung bei der Anwendung der Normen bei der Verarbeitung personenbezogener Daten in der Praxis geben. Mehr und eine Übersicht von der @DS_Stiftung@social.bund.de unter https://datenschutzarchiv.org/dokumente
Public
Kevin Karhan :verified:

@erebion @inaruck es gibt soviele Gründe weshalb Mensch nicht @signalapp vertrauen sollte.

Aber um es nochnal klar zu erklären:

Nur echte #Dezentralisierung wie bei #XMPP+#OMEMO kann #Datenschutz, #Informationssicherheit und #Vertraulichkeit sicherstellen.

Die strukturellen Probleme von Signal machen es angesichts einer #gleichgeschaltet|en #USA ein absolut unnötiges #Risiko, denn ich garantiere @Mer__edith wird für keine*n User*in lebenslange #Beugehaft riskieren!

Und #Signal ist sehr wohl in der Lage #Govware - #Backdoors zu integrieren, denn sonst wären die wegen #ITAR bereits geknastet worden, weil diese #Nutzer*innen aus #Kuba, #Nordkorea und #Russland haben!

YouTubeSignal's Terrible MobileCoin BetrayalBy The Hated One
Replied in thread
Public
Kevin Karhan :verified:

@Avitus @lispi314 @lauren

#TLDR: @signalapp HAS NO "#LegitimateInterest" TO DEMAND A #PhoneNumber (or any #PII for that matter) TO BEGIN WITH!

  • #BDSG literally bans such unnecessary data collection per law!
IOC.exchangeAvitus (@Avitus@ioc.exchange)@kkarhan@infosec.space @lispi314@udongein.xyz @lauren@mastodon.laurenweinstein.org @signalapp@mastodon.world You can register any number on Signal even a landline, ass long as you can get a 2FA SMS or phone call. Signal knows nothing about its users, nor does it attempt to. See https://signal.org/bigbrother/. All they have is the date and time you registered and the last date and time your device connected to a service. They've been subpoenaed many times but haven't been able to provide any data because they don't have it.
#bdsg
Replied in thread
Public
Kevin Karhan :verified:

@dalias @lauren
@pixelschubsi

Also the blatant dismissal of absolitely basic #OpSec & #ComSec is just flabberghasting.

Only #decentralized, #OpenSource & #OpenStandards can actuall survive long-term and remain #secure.

It's the same reasons we use #PGPG/MIME & #SSH and not #X400 & #X25!

IOW: Think "How can you weaponize Signal?" and see what you csn do just holding key people in contempt...

The less #info a provider has, the less they can be forced to snitch upon customers.

"#JustUseSgnal!" is a form of dangerous "#TechPopulism" aimed at bamboozling #TechIlliterates who don't know better, abusing information asymetry to pull rank instead of investing the time and effort to *explain "how" and "why" this is indeed a good or bad idea.

The only ones that have a chance to beat that are @delta / #deltaChat but that's just #PGP/MIME #eMail in a nice UI...

  • You may now laugh at me and think my "#TinfoilHat sits too tight" but I'm shure sooner or later I'll be evidenced as correct...
Hachyderm.ioCassandrich (@dalias@hachyderm.io)@kkarhan@infosec.space @signalapp@mastodon.world @monocles@monocles.social @lauren@mastodon.laurenweinstein.org Very few systems promoted as Signal alternatives match the cryptographic privacy properties (see: ratcheting, etc.) of Signal. The claims about "located in the USA" and "Cloud Act" are all nonsense because the only threat to Signal users from this is availability (seizure and shutdown of the server infrastructure), not undetected breakage of privacy properties. There are presently no systems with superior privacy properties to Signal *and* level of functionality on par with what general public expects. There are a lot (like the XMPP stuff, *sigh*, and Matrix) that are worse in both regards. If you're happy with reduced functionality, Cwtch (and possibly some other similar Tor-based systems) or VeilidChat are stronger, but it's gonna be a while before you convince normies to use them, and in the mean time they're still going to be on insecure shit like WhatsApp, FB Messenger, Telegram, etc...
#tinfoilhat
ExploreLive feeds
About