MastodonTech.de

Pyrzout :vm:Scammers hijack websites of Bank of America, Netflix, Microsoft, and more to insert fake phone number <a href="https://www.malwarebytes.com/blog/news/2025/06/scammers-hijack-websites-of-bank-of-america-netflix-microsoft-and-more-to-insert-fake-phone-number" rel="nofollow noopener" translate="no" target="_blank">https://www.malwarebytes.com/blog/news/2025/06/scammers-hijack-websites-of-bank-of-america-netflix-microsoft-and-more-to-insert-fake-phone-number</a> <a href="https://social.skynetcloud.site/tags/techsupportscammers" class="mention hashtag" rel="nofollow noopener" target="_blank">#techsupportscammers</a> <a href="https://social.skynetcloud.site/tags/ThreatIntelligence" class="mention hashtag" rel="nofollow noopener" target="_blank">#ThreatIntelligence</a> <a href="https://social.skynetcloud.site/tags/phonenumbers" class="mention hashtag" rel="nofollow noopener" target="_blank">#phonenumbers</a> <a href="https://social.skynetcloud.site/tags/sponsoredads" class="mention hashtag" rel="nofollow noopener" target="_blank">#sponsoredads</a> <a href="https://social.skynetcloud.site/tags/Scams" class="mention hashtag" rel="nofollow noopener" target="_blank">#Scams</a> <a href="https://social.skynetcloud.site/tags/News" class="mention hashtag" rel="nofollow noopener" target="_blank">#News</a>

Kevin Karhan :verified:<a href="https://mastodon.social/@Cappyjax" class="u-url mention" rel="nofollow noopener" target="_blank">@Cappyjax</a> IDGAF about "passion". <a href="https://infosec.space/@kkarhan/114697690127511140" rel="nofollow noopener" target="_blank">All I care about is the security of users!</a>Requiring any <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#PII</a> like a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#PhoneNumber</a> is inacceptable when it comes to <a href="https://infosec.space/tags/ComSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#ComSec</a>, <a href="https://infosec.space/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> & <a href="https://infosec.space/tags/OpSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpSec</a>, espechally given <a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@signalapp</a> is not only able but entirely willing to restrict service based off said numbers, making their "solution" insecure by design.<ul><li>There's a reason why <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#XMPP</a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#OMEMO</a> and <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#PGP</a>/MIME [both each over <a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@torproject</a> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tor</a>] is the evidently superior and more secure approach, as being unable to "<a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#KYC</a>" a user is a matter of security...</li></ul>Espechally since obtaining a phone number anonymously is oftentimes illegal (i.e. <a href="https://infosec.space/tags/Germany" class="mention hashtag" rel="nofollow noopener" target="_blank">#Germany</a> made it illegal starting 07/2017, so using any service that demands a phone numner is out of question)<ul><li>And even if one can get an anonymous <a href="https://infosec.space/tags/SIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#SIM</a> (with a phone number) or god forbid <a href="https://infosec.space/tags/eSIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#eSIM</a>, (which is at best pseudonymous as tracking down users by virtue of matching ICCID, IMEI & IMSI to location and time) the chances are high that one ends up with recycled phone numbers that have already been used.</li></ul>Obviously the devs of <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#Signal</a> and <a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener" target="_blank">@Mer__edith</a> are well aware of this critical flaw, which is why I consider them to act as <a href="https://en.wikipedia.org/wiki/Useful_idiot" rel="nofollow noopener" target="_blank">"useful idiots"</a> or rather <a href="https://en.wikipedia.org/wiki/Opposition_(politics)#Controlled_opposition" rel="nofollow noopener" target="_blank">"controlled opposition"</a> as <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#Signal</a> could've been shutdown trivially by the <a href="https://infosec.space/tags/US" class="mention hashtag" rel="nofollow noopener" target="_blank">#US</a> Government or forced into banning users based off their <a href="https://infosec.space/tags/PhoneNumbers" class="mention hashtag" rel="nofollow noopener" target="_blank">#PhoneNumbers</a> (they may call this "<a href="https://infosec.space/tags/sanctions" class="mention hashtag" rel="nofollow noopener" target="_blank">#sanctions</a> <a href="https://infosec.space/tags/compliance" class="mention hashtag" rel="nofollow noopener" target="_blank">#compliance</a>" given they added a <a href="https://infosec.space/tags/Shitcoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#Shitcoin</a> - Wallet into Signal!)...<ul><li>All the "but <a href="https://infosec.space/tags/Metadata" class="mention hashtag" rel="nofollow noopener" target="_blank">#Metadata</a>" <a href="https://infosec.space/tags/FUD" class="mention hashtag" rel="nofollow noopener" target="_blank">#FUD</a> turns into <a href="https://infosec.space/tags/MarketingLies" class="mention hashtag" rel="nofollow noopener" target="_blank">#MarketingLies</a> once put under the looking glass and examined against the risk of state-sponsored / -endordsed / -supported attackers.</li></ul>Whereas with <a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@monocles</a> / <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#monoclesChat</a>, <a href="https://fosstodon.org/@gajim" class="u-url mention" rel="nofollow noopener" target="_blank">@gajim</a> / <a href="https://infosec.space/tags/gajim" class="mention hashtag" rel="nofollow noopener" target="_blank">#gajim</a> and <a href="https://chaos.social/@delta" class="u-url mention" rel="nofollow noopener" target="_blank">@delta</a> / <a href="https://infosec.space/tags/deltaChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#deltaChat</a> and <a href="https://mastodon.online/@thunderbird" class="u-url mention" rel="nofollow noopener" target="_blank">@thunderbird</a> / <a href="https://infosec.space/tags/Thunderbird" class="mention hashtag" rel="nofollow noopener" target="_blank">#Thunderbird</a> respectably I can not only use Tor, but do <a href="https://infosec.space/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#SelfHosting</a> for the entire <a href="https://infosec.space/tags/communications" class="mention hashtag" rel="nofollow noopener" target="_blank">#communications</a> infrastructure (i.e. using an <a href="https://infosec.space/tags/OnionService" class="mention hashtag" rel="nofollow noopener" target="_blank">#OnionService</a> = only reachable via Tor) and get the advantages of a self-routing, self-authenticating & battle-hardened against censorship proxy network that can't be shutdown!<ul><li>And if you think this is too tinfoilhatted, then consider yourself privilegued enough of having your mere existance not being <a href="https://ilga.org/news/state-sponsored-homophobia-december-2019-decade-update/" rel="nofollow noopener" target="_blank">criminalized by the government under threat of public execution!</a></li></ul><a href="https://ilga.org/wp-content/uploads/2024/02/ILGA_World_map_sexual_orientation_laws_December2019.pdf" rel="nofollow noopener" translate="no" target="_blank">https://ilga.org/wp-content/uploads/2024/02/ILGA_World_map_sexual_orientation_laws_December2019.pdf</a> <a href="https://infosec.space/@kkarhan/114697690127511140" translate="no" rel="nofollow noopener" target="_blank">https://infosec.space/@kkarhan/114697690127511140</a>

Kevin Karhan :verified:<a href="https://functional.cafe/@arianvp" class="u-url mention" rel="nofollow noopener" target="_blank">@arianvp</a> and this is why you don't use <a href="https://infosec.space/tags/PushNotifications" class="mention hashtag" rel="nofollow noopener" target="_blank">#PushNotifications</a> and espechally not <a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@signalapp</a> which <a href="https://infosec.space/@kkarhan/114234551915193036" rel="nofollow noopener" target="_blank">can, has and will snitch on users!</a><ul><li>Compare that to <a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@monocles</a> / <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#monoclesChat</a> which even as a provider has 0 <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#PII</a> like <a href="https://infosec.space/tags/PhoneNumbers" class="mention hashtag" rel="nofollow noopener" target="_blank">#PhoneNumbers</a> and people can use their <a href="https://infosec.space/tags/Software" class="mention hashtag" rel="nofollow noopener" target="_blank">#Software</a> without being shackled to their servives and even if people do there is no way for them to extract tue private keys in <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#XMPP</a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#OMEMO</a> and <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#PGP</a>/MIME *unless one explicitly allows them!</li></ul>

Kevin Karhan :verified:<a href="https://chitter.xyz/@Okesska" class="u-url mention" rel="nofollow noopener" target="_blank">@Okesska</a> short answer: You can't and any options are mere asks as in Ttrust me m8! We'll totally delete that data…" Long answer: Consider your privacy irreversibly compromised along the used <a href="https://infosec.space/tags/PhoneNumbers" class="mention hashtag" rel="nofollow noopener" target="_blank">#PhoneNumbers</a>! Get a completely new identity setup…

Kevin Karhan :verified:<a href="https://meow.social/@Arios" class="u-url mention" rel="nofollow noopener" target="_blank">@Arios</a> The Problem is <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#Windows</a>.Don't expect the "<a href="https://infosec.space/tags/DRMflag" class="mention hashtag" rel="nofollow noopener" target="_blank">#DRMflag</a>" to work when it's being used by <a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@signalapp</a> (which in and of itself is problematic for demanding <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#PII</a> like <a href="https://infosec.space/tags/PhoneNumbers" class="mention hashtag" rel="nofollow noopener" target="_blank">#PhoneNumbers</a> and shilling a <a href="https://infosec.space/tags/Shitcoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#Shitcoin</a>-<a href="https://infosec.space/tags/Scam" class="mention hashtag" rel="nofollow noopener" target="_blank">#Scam</a> named <a href="https://infosec.space/tags/MobileCoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#MobileCoin</a>!) because like the <a href="https://infosec.space/tags/API" class="mention hashtag" rel="nofollow noopener" target="_blank">#API</a> to signal to Windows "I'm an <a href="https://infosec.space/tags/Antivirus" class="mention hashtag" rel="nofollow noopener" target="_blank">#Antivirus</a> product, disable defender!" this will be abused.<ul><li>Also working around <a href="https://infosec.space/tags/MicrosoftRecall" class="mention hashtag" rel="nofollow noopener" target="_blank">#MicrosoftRecall</a> and <a href="https://infosec.space/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#Microsoft</a>'s unwillingness to accept (denial of) <a href="https://infosec.space/tags/consent" class="mention hashtag" rel="nofollow noopener" target="_blank">#consent</a> is just bad and we should stop normalizing the use of said <a href="https://infosec.space/tags/Govware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Govware</a> alltogether, as eben <a href="https://infosec.space/tags/pirating" class="mention hashtag" rel="nofollow noopener" target="_blank">#pirating</a> it normalizes it's use.</li></ul>If you are actually concerned re: <a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#privacy</a> you'd yert signal, educate others and use <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#XMPP</a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#OMEMO</a> (i.e. <a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@monocles</a> / <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#monoclesChat</a> & <a href="https://fosstodon.org/@gajim" class="u-url mention" rel="nofollow noopener" target="_blank">@gajim</a> ) or <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#PGP</a>/MIME (i.e. <a href="https://chaos.social/@delta" class="u-url mention" rel="nofollow noopener" target="_blank">@delta</a> / <a href="https://infosec.space/tags/deltaChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#deltaChat</a> & <a href="https://mastodon.online/@thunderbird" class="u-url mention" rel="nofollow noopener" target="_blank">@thunderbird</a> ) over <a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@torproject</a> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tor</a> instead.<ul><li>It does take a bit of setup, but in return you get extreme gains in <a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#privacy</a> beyond what any <a href="https://infosec.space/tags/VPN" class="mention hashtag" rel="nofollow noopener" target="_blank">#VPN</a> provider can offer - legally and technically! </li></ul>Not to mention <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#Signal</a> falls under <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener" target="_blank">#CloudAct</a>, so your privacy there is already nonexistant!<ul><li>Otherwise <a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener" target="_blank">@Mer__edith</a> would've been in jail for the rest of her life already due to the statistic inevitability of it's abuse!</li></ul>

Kevin Karhan :verified:<a href="https://hear-me.social/@debby" class="u-url mention" rel="nofollow noopener" target="_blank">@debby</a> <a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@monocles</a> <a href="https://mstdn.social/@Stuxhost" class="u-url mention" rel="nofollow noopener" target="_blank">@Stuxhost</a> well, <a href="https://chaos.social/@delta" class="u-url mention" rel="nofollow noopener" target="_blank">@delta</a> / <a href="https://infosec.space/tags/deltaChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#deltaChat</a> is not using <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#XMPP</a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#OMEMO</a> (unlike <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#monoclesChat</a> & <a href="https://infosec.space/tags/gajim" class="mention hashtag" rel="nofollow noopener" target="_blank">#gajim</a>) but <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#PGP</a>/MIME on regular <a href="https://infosec.space/tags/eMail" class="mention hashtag" rel="nofollow noopener" target="_blank">#eMail</a>, which makes it way easier to setup in organizations as not "yet another server needed" and also easier to comply with mandatory <a href="https://infosec.space/tags/archival" class="mention hashtag" rel="nofollow noopener" target="_blank">#archival</a> laws in <a href="https://infosec.space/tags/business" class="mention hashtag" rel="nofollow noopener" target="_blank">#business</a> use-cases.<ul><li><a href="https://infosec.space/tags/Session" class="mention hashtag" rel="nofollow noopener" target="_blank">#Session</a> & <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#Signal</a>, like <a href="https://infosec.space/tags/Telegram" class="mention hashtag" rel="nofollow noopener" target="_blank">#Telegram</a> & <a href="https://infosec.space/tags/WhatsApp" class="mention hashtag" rel="nofollow noopener" target="_blank">#WhatsApp</a>, do not have their <a href="https://infosec.space/tags/backend" class="mention hashtag" rel="nofollow noopener" target="_blank">#backend</a> <a href="https://infosec.space/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#opensource</a>|d nor allow <a href="https://infosec.space/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#SelfHosting</a> and demand <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#PII</a> like <a href="https://infosec.space/tags/PhoneNumbers" class="mention hashtag" rel="nofollow noopener" target="_blank">#PhoneNumbers</a> for registration if not useage for no valid reason. Plus they are not just able but obviously willing to snitch on their users (something neither DeltaChat nor monocles chat demand or even can as both do 100% <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener" target="_blank">#SelfCustody</a> of all the keys!)</li><li>As for <a href="https://infosec.space/tags/sustainability" class="mention hashtag" rel="nofollow noopener" target="_blank">#sustainability</a>, monocles is financed by <a href="https://infosec.space/tags/subscribers" class="mention hashtag" rel="nofollow noopener" target="_blank">#subscribers</a> <a href="https://docs.monocles.eu/account/account/#account_types" rel="nofollow noopener" target="_blank">(they charge like €2 p.m. for mail & chat)</a> and they can be paid completely anonymously (<a href="https://infosec.space/tags/Monero" class="mention hashtag" rel="nofollow noopener" target="_blank">#Monero</a> & <a href="https://infosec.space/tags/CashByMail" class="mention hashtag" rel="nofollow noopener" target="_blank">#CashByMail</a>!), whereas <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#Signal</a> is a <a href="https://infosec.space/tags/MoneyBurningParty" class="mention hashtag" rel="nofollow noopener" target="_blank">#MoneyBurningParty</a> which engages in <a href="https://infosec.space/tags/Shitcoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#Shitcoin</a>-<a href="https://infosec.space/tags/Scams" class="mention hashtag" rel="nofollow noopener" target="_blank">#Scams</a> (see <a href="https://infosec.space/tags/MobileCoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#MobileCoin</a>!) for no valid reason…</li></ul>

Kevin Karhan :verified:<a href="https://hachyderm.io/@dave_andersen" class="u-url mention" rel="nofollow noopener" target="_blank">@dave_andersen</a> <a href="https://furry.engineer/@AVincentInSpace" class="u-url mention" rel="nofollow noopener" target="_blank">@AVincentInSpace</a> personally I consider any "<a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#KYC</a>" a risk-factor, and <a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@signalapp</a> has proven their ability and willingness to restrict functionality (i.e. their <a href="https://infosec.space/tags/Shitcoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#Shitcoin</a>-<a href="https://infosec.space/tags/Scam" class="mention hashtag" rel="nofollow noopener" target="_blank">#Scam</a> <a href="https://infosec.space/tags/MobileCoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#MobileCoin</a>) based off said <a href="https://infosec.space/tags/PhoneNumbers" class="mention hashtag" rel="nofollow noopener" target="_blank">#PhoneNumbers</a> (Cuban, Russian and North Korean Numbers were excluded) which are in fact <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#PII</a> (even if one doesn't have to <a href="https://infosec.space/tags/ID" class="mention hashtag" rel="nofollow noopener" target="_blank">#ID</a> for obtaining a <a href="https://infosec.space/tags/SIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#SIM</a>, they are circumstantial PII)... <ul><li>They have neither "legitimate interest" nor legal mandate to collect said data (or to integrate a scammy Shitcoin for that matter) as the discontinuation of <a href="https://infosec.space/tags/ChatSecure" class="mention hashtag" rel="nofollow noopener" target="_blank">#ChatSecure</a> / <a href="https://infosec.space/tags/TextSecure" class="mention hashtag" rel="nofollow noopener" target="_blank">#TextSecure</a> has eliminated the "technical necessity" to have those.</li></ul>Either way they either have to yeet <a href="https://infosec.space/tags/Hegseth" class="mention hashtag" rel="nofollow noopener" target="_blank">#Hegseth</a> as client and/or stop collecting PII like PhoneNumbers - they gotta have to do something…<ul><li>As for <a href="https://infosec.space/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a>, <a href="https://infosec.space/tags/OpSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpSec</a> & <a href="https://infosec.space/tags/ComSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#ComSec</a>, I'd say <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#XMPP</a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#OMEMO</a> remains the gold standard alongside <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#PGP</a>/MIME...</li></ul><a href="https://infosec.space/tags/ITsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#ITsec</a> is a different story, but unlike <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#Signal</a> these do not depend on a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#PhoneNumber</a> and work through <a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@torproject</a> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tor</a>.<ul><li>And I've been using Tor for almost 15 years daily now...</li></ul>

Kevin Karhan :verified:<a href="https://tweesecake.social/@adisonverlice" class="u-url mention" rel="nofollow noopener" target="_blank">@adisonverlice</a> personally, I think <a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@signalapp</a> should not have integrated any <a href="https://infosec.space/tags/wallet" class="mention hashtag" rel="nofollow noopener" target="_blank">#wallet</a> or <a href="https://infosec.space/tags/cryptocurrency" class="mention hashtag" rel="nofollow noopener" target="_blank">#cryptocurrency</a> <a href="https://tweesecake.social/@adisonverlice/114346997047635249" rel="nofollow noopener" target="_blank">at all</a> and instead not eben request <a href="https://infosec.space/tags/PhoneNumbers" class="mention hashtag" rel="nofollow noopener" target="_blank">#PhoneNumbers</a> (which are <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#PII</a>) and move tueir system onto <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tor</a> and have their endpoints as <a href="https://infosec.space/tags/OnionServce" class="mention hashtag" rel="nofollow noopener" target="_blank">#OnionServce</a>, because being a <a href="https://infosec.space/tags/PaymentProcessor" class="mention hashtag" rel="nofollow noopener" target="_blank">#PaymentProcessor</a> (and lets be honest <a href="https://infosec.space/tags/MobileCoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#MobileCoin</a> got pitched for <a href="https://infosec.space/tags/payments" class="mention hashtag" rel="nofollow noopener" target="_blank">#payments</a>) is at best a "legal nightmare" if not a straight-up "You go to Jail!"-card as a matter f principle!Anyone who wants to coordinate <a href="https://infosec.space/tags/payments" class="mention hashtag" rel="nofollow noopener" target="_blank">#payments</a> and <a href="https://infosec.space/tags/finance" class="mention hashtag" rel="nofollow noopener" target="_blank">#finance</a> can do so with external wallets like <a href="https://infosec.space/tags/FeatherWallet" class="mention hashtag" rel="nofollow noopener" target="_blank">#FeatherWallet</a> anyway.

Kevin Karhan :verified:<a href="https://suya.place/users/bogdan" class="u-url mention" rel="nofollow noopener" target="_blank">@bogdan</a> anything that mandates <a href="https://infosec.space/tags/2FA" class="mention hashtag" rel="nofollow noopener" target="_blank">#2FA</a> and doesn't provide <a href="https://infosec.space/tags/TOTP" class="mention hashtag" rel="nofollow noopener" target="_blank">#TOTP</a> or <a href="https://infosec.space/tags/HOTP" class="mention hashtag" rel="nofollow noopener" target="_blank">#HOTP</a> support as per <a href="https://infosec.space/tags/RFC" class="mention hashtag" rel="nofollow noopener" target="_blank">#RFC</a> but demand something like <a href="https://infosec.space/tags/PhoneNumbers" class="mention hashtag" rel="nofollow noopener" target="_blank">#PhoneNumbers</a> that are <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#PII</a> should be outlawed.<ul><li>I can accept <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#PGP</a>-based 2FA as a compromise...</li></ul>

Kevin Karhan :verified:<a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@signalapp</a> no it's not.<ul><li>Otherwise <a href="https://infosec.space/tags/OrganizedCrime" class="mention hashtag" rel="nofollow noopener" target="_blank">#OrganizedCrime</a> would choose <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#Signal</a> so hard, you'd be shutdown within weeks by the <a href="https://infosec.space/tags/FBI" class="mention hashtag" rel="nofollow noopener" target="_blank">#FBI</a> and <a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener" target="_blank">@Mer__edith</a> would be forced to "pull a <a href="https://infosec.space/tags/LavaBit" class="mention hashtag" rel="nofollow noopener" target="_blank">#LavaBit</a>" and face jailtime for obstruction of justice or snitch on users! </li></ul>Being a <a href="https://infosec.space/tags/centralized" class="mention hashtag" rel="nofollow noopener" target="_blank">#centralized</a>, <a href="https://infosec.space/tags/SingleVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#SingleVendor</a> & <a href="https://infosec.space/tags/SingleProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#SingleProvider</a> solution subject to <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener" target="_blank">#CloudAct</a> makes you inherently vulnerable by your own choice and thus trivial to shutdown compared to real <a href="https://infosec.space/tags/E2EE" class="mention hashtag" rel="nofollow noopener" target="_blank">#E2EE</a> with <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener" target="_blank">#SelfCustody</a> of all the keys and true <a href="https://infosec.space/tags/decentralization" class="mention hashtag" rel="nofollow noopener" target="_blank">#decentralization</a> as well as <a href="https://infosec.space/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#SelfHosting</a> (i.e. <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#PGP</a>/MIME [see <a href="https://chaos.social/@delta" class="u-url mention" rel="nofollow noopener" target="_blank">@delta</a> / <a href="https://infosec.space/tags/deltaChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#deltaChat</a> et. al.] and <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#XMPP</a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#OMEMO</a> [see <a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@monocles</a> / <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#monoclesChat</a> et. al.]!)<ul><li>Plus neither of those <a href="https://www.youtube.com/watch?v=0DSGq9FQKU4" rel="nofollow noopener" target="_blank">shill</a> <a href="https://infosec.space/tags/Shitcoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#Shitcoin</a>-<a href="https://infosec.space/tags/Scams" class="mention hashtag" rel="nofollow noopener" target="_blank">#Scams</a> <a href="https://www.youtube.com/watch?v=tJoO2uWrX1M" rel="nofollow noopener" target="_blank">like</a> <a href="https://infosec.space/tags/MobileCoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#MobileCoin</a>! </li></ul>And don't even get me started on you collecting <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#PII</a> (espechally <a href="https://infosec.space/tags/PhoneNumbers" class="mention hashtag" rel="nofollow noopener" target="_blank">#PhoneNumbers</a>) for no valid reason, (thus violating <a href="https://infosec.space/tags/GDPR" class="mention hashtag" rel="nofollow noopener" target="_blank">#GDPR</a> & <a href="https://infosec.space/tags/BDSG" class="mention hashtag" rel="nofollow noopener" target="_blank">#BDSG</a>)...<ul><li>Not to mention relying ob <a href="https://infosec.space/tags/charity" class="mention hashtag" rel="nofollow noopener" target="_blank">#charity</a> and being a <a href="https://infosec.space/tags/VCmoneyBurningParty" class="mention hashtag" rel="nofollow noopener" target="_blank">#VCmoneyBurningParty</a> isn't sustainable to begin with!</li></ul>But yeah, I'll be patient to shout "<a href="https://infosec.space/tags/ToldYaSo" class="mention hashtag" rel="nofollow noopener" target="_blank">#ToldYaSo</a>" to your annoying cult of fanboys!

Kevin Karhan :verified:<a href="https://infosec.exchange/@Andromxda" class="u-url mention" rel="nofollow noopener" target="_blank">@Andromxda</a> <a href="https://fosstodon.org/@mollyim" class="u-url mention" rel="nofollow noopener" target="_blank">@mollyim</a> no it's not bs and fanboying <a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@signalapp</a> <a href="https://www.youtube.com/watch?v=tJoO2uWrX1M" rel="nofollow noopener" target="_blank">isn't going to change that</a>.If <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#Signal</a> was secure it would be the #1 comms tool of organized crime...<ul><li>Yet I've only seen <a href="https://infosec.space/tags/TechIlliterates" class="mention hashtag" rel="nofollow noopener" target="_blank">#TechIlliterates</a> shill it.</li></ul>Real professionals use <a href="https://infosec.space/tags/SelfHosting" class="mention hashtag" rel="nofollow noopener" target="_blank">#SelfHosting</a> capable, fully <a href="https://infosec.space/tags/FLOSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#FLOSS</a>'d solutions like <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#PGP</a>/MIME & <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#XMPP</a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#OMEMO</a>.<ul><li>Again: Demanding <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#PII</a> like <a href="https://infosec.space/tags/PhoneNumbers" class="mention hashtag" rel="nofollow noopener" target="_blank">#PhoneNumbers</a> and shilling a <a href="https://infosec.space/tags/Shitcoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#Shitcoin</a>-<a href="https://infosec.space/tags/Scam" class="mention hashtag" rel="nofollow noopener" target="_blank">#Scam</a> (<a href="https://infosec.space/tags/MobileCoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#MobileCoin</a>) makes Signal literally untrustworthy and if it doesn't for you then maybe your standards are just too low... </li></ul>It's just me reading the room: Cuz <a href="https://infosec.space/tags/ComSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#ComSec</a> isn't done woth "JuSt UsE sIgNaL!" and everyone who claims so without pointing out <a href="https://infosec.space/tags/OpSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpSec</a>, <a href="https://infosec.space/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> & <a href="https://infosec.space/tags/ITsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#ITsec</a> is BSing hard.<ul><li>The cold hard truth is that <a href="https://infosec.space/tags/TechLiteracy" class="mention hashtag" rel="nofollow noopener" target="_blank">#TechLiteracy</a> is irreplaceable and the only solution to it is to actually teach normies how to "get gud" with stuff like PGP.</li></ul>Fortunatelty, <a href="https://mastodon.online/@thunderbird" class="u-url mention" rel="nofollow noopener" target="_blank">@thunderbird</a> and <a href="https://venera.social/profile/tails_live" class="u-url mention" rel="nofollow noopener" target="_blank">@tails_live</a> / <a href="https://fosstodon.org/@tails" class="u-url mention" rel="nofollow noopener" target="_blank">@tails</a> / <a href="https://infosec.space/tags/Tails" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tails</a> and many other tools make that easier than ever before.<ul><li>So rather than <a href="https://infosec.exchange/@Andromxda/114232871558517461" rel="nofollow noopener" target="_blank">vomiting insults against my intellect in my mentions</a>, go to the next <a href="https://mastodon.earth/@cryptoparty" class="u-url mention" rel="nofollow noopener" target="_blank">@cryptoparty@mastodon.earth</a> / <a href="https://infosec.space/tags/Cryptoparty" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cryptoparty</a> / <a href="https://chaos.social/@cryptoparty" class="u-url mention" rel="nofollow noopener" target="_blank">@cryptoparty@chaos.social</a> and lend a hand.</li></ul>

Kevin Karhan :verified:<a href="https://social.tchncs.de/@pixelcode" class="u-url mention" rel="nofollow noopener" target="_blank">@pixelcode</a> <a href="https://fedi.feministwiki.org/users/taylan" class="u-url mention" rel="nofollow noopener" target="_blank">@taylan</a> <a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@signalapp</a> the <a href="https://infosec.space/tags/centralization" class="mention hashtag" rel="nofollow noopener" target="_blank">#centralization</a>, espechally without means to hide it's traffic via <a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@torproject</a> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tor</a> makes it trivial to detect and track <a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@signalapp</a> / <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#Signal</a> users.<ul><li>Add to that the fact that Signal has <a href="https://infosec.space/tags/PhoneNumbers" class="mention hashtag" rel="nofollow noopener" target="_blank">#PhoneNumbers</a> = <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#PII</a> on them and the fact they are incorporated in the <a href="https://infosec.space/tags/USA" class="mention hashtag" rel="nofollow noopener" target="_blank">#USA</a>, thus subject to <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener" target="_blank">#CloudAct</a> and it's not a matter if they snitch on users but how many thousands if not millions got subopena'd to this day.</li></ul>And with no self-custody of keys it's trivial to <a href="https://infosec.space/tags/Room641A" class="mention hashtag" rel="nofollow noopener" target="_blank">#Room641A</a> the users if the devs get "motivated" under threat of spending the rest of theor lives in jail.

Kevin Karhan :verified:<a href="https://fedi.feministwiki.org/users/taylan" class="u-url mention" rel="nofollow noopener" target="_blank">@taylan</a> <a href="https://social.tchncs.de/@pixelcode" class="u-url mention" rel="nofollow noopener" target="_blank">@pixelcode</a> also add tocthe fact that <a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@signalapp</a> collects and stores <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#PII</a> like <a href="https://infosec.space/tags/PhoneNumbers" class="mention hashtag" rel="nofollow noopener" target="_blank">#PhoneNumbers</a>...

Kevin Karhan :verified:<a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@signalapp</a> It's not <a href="https://infosec.space/tags/disinfo" class="mention hashtag" rel="nofollow noopener" target="_blank">#disinfo</a> when one points out that you demand <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#PII</a> aka. <a href="https://infosec.space/tags/PhoneNumbers" class="mention hashtag" rel="nofollow noopener" target="_blank">#PhoneNumbers</a> from Users and that is literally a architectural vulnerability, alongside your <a href="https://infosec.space/tags/proprietary" class="mention hashtag" rel="nofollow noopener" target="_blank">#proprietary</a> & <a href="https://infosec.space/tags/Centralized" class="mention hashtag" rel="nofollow noopener" target="_blank">#Centralized</a> <a href="https://infosec.space/tags/Infrastructure" class="mention hashtag" rel="nofollow noopener" target="_blank">#Infrastructure</a>.<ul><li><a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#Signal</a> being a <a href="https://infosec.space/tags/SingleVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#SingleVendor</a> & <a href="https://infosec.space/tags/SingleProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#SingleProvider</a> <a href="https://infosec.space/tags/Solution" class="mention hashtag" rel="nofollow noopener" target="_blank">#Solution</a> is literally the reason why I consider it <a href="https://infosec.space/tags/insecure" class="mention hashtag" rel="nofollow noopener" target="_blank">#insecure</a>.</li></ul>Not to mention the lack of <a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@torproject</a> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tor</a> support with an <a href="https://infosec.space/tags/OnionService" class="mention hashtag" rel="nofollow noopener" target="_blank">#OnionService</a> or the willingness to fulfill <a href="https://infosec.space/tags/cyberfacist" class="mention hashtag" rel="nofollow noopener" target="_blank">#cyberfacist</a> "Embargoes" or shilling a <a href="https://infosec.space/tags/Shitcoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#Shitcoin</a> <a href="https://infosec.space/tags/Scam" class="mention hashtag" rel="nofollow noopener" target="_blank">#Scam</a> named <a href="https://infosec.space/tags/MobileCoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#MobileCoin</a>!<ul><li><a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#KYC</a> is the illicit activity!!!</li></ul>And don't get me started on the <a href="https://infosec.space/tags/cyberfacism" class="mention hashtag" rel="nofollow noopener" target="_blank">#cyberfacism</a> that is <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener" target="_blank">#CloudAct</a>.<ul><li>If you were secure, criminals would've used your platform so hard, it would've been shutdown like <a href="https://infosec.space/tags/EncroChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#EncroChat</a> and <a href="https://infosec.space/tags/SkyECC" class="mention hashtag" rel="nofollow noopener" target="_blank">#SkyECC</a>.</li></ul>I may nit have allvthe.evidence yet, but <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#Signal</a> stenches like <a href="https://infosec.space/tags/AN%C3%98M" class="mention hashtag" rel="nofollow noopener" target="_blank">#ANØM</a>: <a href="https://infosec.space/tags/Honeypot" class="mention hashtag" rel="nofollow noopener" target="_blank">#Honeypot</a>-esque!

Kevin Karhan :verified:<a href="https://mastodon.world/@jrredho" class="u-url mention" rel="nofollow noopener" target="_blank">@jrredho</a> <a href="https://mastodon.social/@walkinglampshade" class="u-url mention" rel="nofollow noopener" target="_blank">@walkinglampshade</a> <a href="https://mastodon.social/@fj" class="u-url mention" rel="nofollow noopener" target="_blank">@fj</a> Don't 'splain me, m8!Their figleaf exuses are not legitimate and <a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@signalapp</a>'s <a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener" target="_blank">@Mer__edith</a> knows that...<ul><li>After all, <a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@monocles</a> doesn't require any <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#PII</a> at all and they are in fact sustainable as in not requiring <a href="https://infosec.space/tags/donations" class="mention hashtag" rel="nofollow noopener" target="_blank">#donations</a>, since they are user-financed (subscription)...</li></ul>Read criticisms before commenting... <a href="https://www.youtube.com/watch?v=tJoO2uWrX1M" rel="nofollow noopener" translate="no" target="_blank">https://www.youtube.com/watch?v=tJoO2uWrX1M</a><ul><li><a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#KYC</a> (<a href="https://mastodon.world/@jrredho/114225013025088640" rel="nofollow noopener" target="_blank">of any kind</a>, including <a href="https://infosec.space/tags/PhoneNumbers" class="mention hashtag" rel="nofollow noopener" target="_blank">#PhoneNumbers</a>) IS THE ILLICIT ACTIVITY!*</li></ul>

Kevin Karhan :verified:USpol

Kevin Karhan :verified:<a href="https://mastodon.social/@fj" class="u-url mention" rel="nofollow noopener" target="_blank">@fj</a> I still think <a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@signalapp</a> has fundamental flaws like demanding <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#PII</a> (<a href="https://infosec.space/tags/PhoneNumbers" class="mention hashtag" rel="nofollow noopener" target="_blank">#PhoneNumbers</a> can't be obtained anonymously around the globe and are trivial to track down to devices and thus users), being subject to <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener" target="_blank">#CloudAct</a> as an unnecessary & 100% avoidable risk as well as <a href="https://infosec.space/tags/Shitcoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#Shitcoin</a>-<a href="https://infosec.space/tags/Scam" class="mention hashtag" rel="nofollow noopener" target="_blank">#Scam</a> shilling (<a href="https://infosec.space/tags/MobileCoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#MobileCoin</a>) and it's <a href="https://infosec.space/tags/proprietary" class="mention hashtag" rel="nofollow noopener" target="_blank">#proprietary</a>, <a href="https://infosec.space/tags/SingleVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#SingleVendor</a> & <a href="https://infosec.space/tags/SingleProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#SingleProvider</a> nature that makes it inferior to real <a href="https://infosec.space/tags/E2EE" class="mention hashtag" rel="nofollow noopener" target="_blank">#E2EE</a> with <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener" target="_blank">#SelfCustody</a> like <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#PGP</a>/MIME & <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#XMPP</a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#OMEMO</a>!

Kevin Karhan :verified:<a href="https://kolektiva.social/@licho" class="u-url mention" rel="nofollow noopener" target="_blank">@licho</a> <a href="https://hachyderm.io/@osman" class="u-url mention" rel="nofollow noopener" target="_blank">@osman</a> provide evidence the code <a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@signalapp</a> released is actually being deployed.<ul><li>Whereas <a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@monocles</a> has <a href="https://infosec.space/tags/ReproducibleBuilds" class="mention hashtag" rel="nofollow noopener" target="_blank">#ReproducibleBuilds</a> to the point that <a href="https://floss.social/@fdroidorg" class="u-url mention" rel="nofollow noopener" target="_blank">@fdroidorg</a> literally pulls their <code>git</code> and builds it from source.</li></ul>Not to mention pushing a <a href="https://infosec.space/tags/Shitcoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#Shitcoin</a>-<a href="https://infosec.space/tags/Scam" class="mention hashtag" rel="nofollow noopener" target="_blank">#Scam</a> (<a href="https://infosec.space/tags/MobileCoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#MobileCoin</a>) disqualifies <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#Signal</a> per very design! <a href="https://www.youtube.com/watch?v=tJoO2uWrX1M" rel="nofollow noopener" translate="no" target="_blank">https://www.youtube.com/watch?v=tJoO2uWrX1M</a><ul><li>Given the collection of <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#PII</a> like <a href="https://infosec.space/tags/PhoneNumbers" class="mention hashtag" rel="nofollow noopener" target="_blank">#PhoneNumbers</a>, the ability to restrict functionality based off those and the fact that <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#Signal</a> is subject to <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener" target="_blank">#CloudAct</a> make it inherently not trustworthy.</li></ul>And don't even get me started on the fact.it's not sustainable to run it as a <a href="https://infosec.space/tags/VCmoneyBurningParty" class="mention hashtag" rel="nofollow noopener" target="_blank">#VCmoneyBurningParty</a>!<ul><li>As soon as Signal becomes a problem, it will be taken offline, and due to the fact that it is <a href="https://infosec.space/tags/centralized" class="mention hashtag" rel="nofollow noopener" target="_blank">#centralized</a>, <a href="https://infosec.space/tags/proprietary" class="mention hashtag" rel="nofollow noopener" target="_blank">#proprietary</a>, <a href="https://infosec.space/tags/SingleVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#SingleVendor</a> & <a href="https://infosec.space/tags/SingleProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#SingleProvider</a> that's trivial for authorities.</li></ul>Same as identifying users: They already got a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#PhoneNumber</a> which in many juristictions one can't even obtain without <a href="https://infosec.space/tags/ID" class="mention hashtag" rel="nofollow noopener" target="_blank">#ID</a> legally, thus making it super easy to i.e. find and locate a user. Even tze cheapest LEAs can force their local M(V)NOs to <a href="https://infosec.space/tags/SS7" class="mention hashtag" rel="nofollow noopener" target="_blank">#SS7</a> a specific number...<ul><li>All these are unnecessary risks, that could've been avoided, but explicitly don't even get remediated retroactively!</li></ul>Again: Signal has a <a href="https://infosec.space/tags/Honeypot" class="mention hashtag" rel="nofollow noopener" target="_blank">#Honeypot</a> stench, and you better learn proper <a href="https://infosec.space/tags/E2EE" class="mention hashtag" rel="nofollow noopener" target="_blank">#E2EE</a>, <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener" target="_blank">#SelfCustody</a> and <a href="https://infosec.space/tags/TechLiteracy" class="mention hashtag" rel="nofollow noopener" target="_blank">#TechLiteracy</a> because <a href="https://web.archive.org/web/20210606070919/twitter.com/thegrugq/status/1085614812581715968" rel="nofollow noopener" target="_blank">corporations can't pull the 5th [Amendment] on your behalf!</a>

Kevin Karhan :verified:<a href="https://hachyderm.io/@osman" class="u-url mention" rel="nofollow noopener" target="_blank">@osman</a>, no because <a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@signalapp</a> is a <a href="https://infosec.space/tags/proprietary" class="mention hashtag" rel="nofollow noopener" target="_blank">#proprietary</a>, <a href="https://infosec.space/tags/centealized" class="mention hashtag" rel="nofollow noopener" target="_blank">#centealized</a>, <a href="https://infosec.space/tags/SingleVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#SingleVendor</a> & <a href="https://infosec.space/tags/SingleProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#SingleProvider</a> solution that demands <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#PII</a> like <a href="https://infosec.space/tags/PhoneNumbers" class="mention hashtag" rel="nofollow noopener" target="_blank">#PhoneNumbers</a> for no valid reason, is subject to <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener" target="_blank">#CloudAct</a> and only continues to exist because it's convenient as a means to fo <a href="https://infosec.space/tags/BulkSurveillance" class="mention hashtag" rel="nofollow noopener" target="_blank">#BulkSurveillance</a> and mark it's users as <a href="https://infosec.space/tags/PeopleOfInterest" class="mention hashtag" rel="nofollow noopener" target="_blank">#PeopleOfInterest</a>.<ul><li>I'd rather donate to <a href="https://anonsys.net/profile/ccc" class="u-url mention" rel="nofollow noopener" target="_blank">@ccc</a> for running <a href="http://jabber.ccc.de" rel="nofollow noopener" translate="no" target="_blank">http://jabber.ccc.de</a> and buy a <a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@monocles</a> <a href="https://infosec.space/tags/subscription" class="mention hashtag" rel="nofollow noopener" target="_blank">#subscription</a> instead!</li></ul>

Frühere Suchanfragen

Suchoptionen

Verwaltet von:

Serverstatistik:

#phonenumbers