Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
freiburg.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Ein Mastodon-Server für Freiburg und Umland betrieben durch den Verein freiburg.social e.V.: https://wir.freiburg.social

Administered by:

Server stats:

530
active users

freiburg.social: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.4

#legitimateinterest

0 posts0 participants0 posts today
Replied in thread
Public
Kevin Karhan :verified:

@walkinglampshade @jrredho @fj It's basic #InfoSec, really:

Thus #Signal fails at protevting #Journalists and theor sources because they do have that data and can be #subopena'd for it if they don't already provide #BulkSurveillance & #LawfulInterception #API|s to comply with #CloudAct. (Or are you guys so naive and believe @Mer__edith will risk dying of old age in jail for non-paying users?)

  • This entire "thread vector" just doesn't exist with #XMPP+#OMEMO nor #PGP/MIME!

And if you believe "this won't ne used/abused me because I'm from 'Murica!" and point at #ANØM as an example, then you really ignored all tze #Cyberfacism since 9/11…

Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”
Replied in thread
Public
Kevin Karhan :verified:

@Avitus @lispi314 @lauren

#TLDR: @signalapp HAS NO "#LegitimateInterest" TO DEMAND A #PhoneNumber (or any #PII for that matter) TO BEGIN WITH!

  • #BDSG literally bans such unnecessary data collection per law!
IOC.exchangeAvitus (@Avitus@ioc.exchange)@kkarhan@infosec.space @lispi314@udongein.xyz @lauren@mastodon.laurenweinstein.org @signalapp@mastodon.world You can register any number on Signal even a landline, ass long as you can get a 2FA SMS or phone call. Signal knows nothing about its users, nor does it attempt to. See https://signal.org/bigbrother/. All they have is the date and time you registered and the last date and time your device connected to a service. They've been subpoenaed many times but haven't been able to provide any data because they don't have it.
#bdsg
Replied in thread
Public *
Kevin Karhan :verified:

@tauon

1) #CloudAct is just #CyberFacism, look it up!
en.wikipedia.org/wiki/CLOUD_Act

-

2) @signalapp 's #Server code is proprietary and since it's centralized we can't trust that the code they release is what's running on their backend!

-

3) #Signal still demands #PhoneNumbers which are #PII either by association (#Number => #ICCID = #SIM = #IMSI => #IMEI => Location Data as I explained beforetwice) or mandatory #KYC / #ID requirements (even on prepaid cards), which an increasing amount of juristictions do...

-

But don't take my word for it.
youtube.com/watch?v=tJoO2uWrX1M

en.wikipedia.orgCLOUD Act - Wikipedia
#shitcoin#scams#mobilecoin
Replied in thread
Public
Kevin Karhan :verified:

@GrapheneOS @thomas @wonka Also I think the issues usually outweigh the benefits - at least when we look at individuals & devices owned by consumers vs. corporate #ITsec where locking down devices is seen as desireable!

  • It should be the sole discretion of the devices' owners whether or not such a feature should be used or accessible and it shpuld be disallowed to coerce people into "consenting" under threat of denied access.

Because for every "#LegitimateInterest" (i.e. #2FA #Authenticator) I can find a dozen reasons this "functionaloty" should be discontinued and considered malware.

#legitimateinterest
Replied in thread
Public
Kevin Karhan :verified:

@inthehands how about the #InconvenientTruth that both @signalapp / #Signal and #Telegram are BOTH EQUALLY BAD since they both are #proprietary, #centralized #SingleVendor & #SingleProvider solutions that collect #PII like #PhoneNumbers with no "#LegitimateInterest" because they are not "technically necessary" to fulfill their services.

Plus they not only can but will include #Govware #backdoors when pressed hard enough aka. cops with 3-hole masks put a gun to their heads...

Just like there are no #LoglessVPN's these Services and their #staff have addresses...
web.archive.org/web/2021022617

Instead, consider something where the #developers nor #maintainers can't do that - like with #XMPP + #OMEMO where you have #SelfCustody of all the #Keys and thus you are in control!

Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”
ExploreLive feeds
About