Markus Weingärtner @markusblogde

Kevin Karhan :verified:<a href="https://twink.men/@link" class="u-url mention" rel="nofollow noopener" target="_blank">@link</a> on the yes side you need to add <a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@torproject</a> / <a href="https://infosec.space/tags/TorBrowser" class="mention hashtag" rel="nofollow noopener" target="_blank">#TorBrowser</a>

Coach Spore DieselMy <a href="https://spore.social/tags/TorBrowser" class="mention hashtag" rel="nofollow noopener" target="_blank">#TorBrowser</a> on <a href="https://spore.social/tags/android" class="mention hashtag" rel="nofollow noopener" target="_blank">#android</a> is having tremendous difficulty with the Mastodon update. The little bar with navigation icons is getting stuck part way up the page, obscuring things like the button to submit a post.I don't know how to show it without messing up people's privacy. Tor won't display the live feeds page at all.

Kevin Karhan :verified:<a href="https://www.youtube.com/watch?v=3wlNemFwbwE" rel="nofollow noopener" target="_blank">This</a> is nothing new what <a href="https://mastodon.social/@doingfedtime" class="u-url mention" rel="nofollow noopener" target="_blank">@doingfedtime</a> shows here.<ul><li>Certainly, I am displeased about the way <a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@torproject</a> does downgrade things, but then again the default config of <a href="https://infosec.space/tags/TorBrowser" class="mention hashtag" rel="nofollow noopener" target="_blank">#TorBrowser</a> & <a href="https://venera.social/profile/tails_live" class="u-url mention" rel="nofollow noopener" target="_blank">@tails_live</a> / <a href="https://fosstodon.org/@tails" class="u-url mention" rel="nofollow noopener" target="_blank">@tails</a> / <a href="https://infosec.space/tags/Tails" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tails</a> was meant to let people circumvent censorship, not <a href="https://pastebin.com/GrV3uYh5" rel="nofollow noopener" target="_blank">run</a> DNMs!</li></ul>Obviously they need to fix that and work towards better security, including to enshure <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tor</a> <a href="https://infosec.space/tags/Browser" class="mention hashtag" rel="nofollow noopener" target="_blank">#Browser</a> doesn't reset it's <a href="https://infosec.space/tags/SecuritySettings" class="mention hashtag" rel="nofollow noopener" target="_blank">#SecuritySettings</a> on reboot, because if people made the concious decision to block all <a href="https://infosec.space/tags/JavaScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#JavaScript</a> then they that should be at least respected! <a href="https://infosec.space/tags/ITsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#ITsec</a> <a href="https://infosec.space/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://infosec.space/tags/OpSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpSec</a> <a href="https://infosec.space/tags/ComSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#ComSec</a>

uzoMal eine klare Empfehlung für <a href="https://mastodon.social/tags/SearXNG" class="mention hashtag" rel="nofollow noopener" target="_blank">#SearXNG</a> Das läuft seit einen Monat ohne Probleme bei mir. Die Suchmöglichkeiten und Ergebnisse finde deutlich besser als bei <a href="https://mastodon.social/tags/DuckDuckGo" class="mention hashtag" rel="nofollow noopener" target="_blank">#DuckDuckGo</a> Was auch ziemlich cool ist ist die Netzwerkfähigkeit mit <a href="https://mastodon.social/tags/nginx" class="mention hashtag" rel="nofollow noopener" target="_blank">#nginx</a> und <a href="https://mastodon.social/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tor</a> Hidden Service. Für Firefox gibt es ein passendes addon Namens <a href="https://mastodon.social/tags/SearXNG4all" class="mention hashtag" rel="nofollow noopener" target="_blank">#SearXNG4all</a> Da kann man dann die passende Adresse eingeben. Leider findet <a href="https://mastodon.social/tags/Torbrowser" class="mention hashtag" rel="nofollow noopener" target="_blank">#Torbrowser</a> für Android das addon nicht und ich musste mir da ein Lesezeichen setzen. <a href="https://github.com/searxng/searxng" rel="nofollow noopener" translate="no" target="_blank">https://github.com/searxng/searxng</a>

Kevin Karhan :verified:<a href="https://cyberpunk.lol/@vfrmedia" class="u-url mention" rel="nofollow noopener" target="_blank">@vfrmedia</a> that's not a hit at <a href="https://cyberpunk.lol/@vantablack" class="u-url mention" rel="nofollow noopener" target="_blank">@vantablack</a> . Her Website is interactive art… It's a hit against big corporations who shove websites so full if garbage that I need to basically use <a href="https://infosec.space/tags/TorBrowser" class="mention hashtag" rel="nofollow noopener" target="_blank">#TorBrowser</a> on highest safety setting.just to not trash the battery life on my devices.

Seth G.I just tried updating the <a href="https://chaos.social/tags/TorBrowser" class="mention hashtag" rel="nofollow noopener" target="_blank">#TorBrowser</a> via <a href="https://floss.social/@fdroidorg" class="u-url mention" rel="nofollow noopener" target="_blank">@fdroidorg</a> on my <a href="https://chaos.social/tags/GooglePixel" class="mention hashtag" rel="nofollow noopener" target="_blank">#GooglePixel</a>, but it was blocked by the new <a href="https://chaos.social/tags/AdvancedProtection" class="mention hashtag" rel="nofollow noopener" target="_blank">#AdvancedProtection</a> feature in <a href="https://chaos.social/tags/Android" class="mention hashtag" rel="nofollow noopener" target="_blank">#Android</a>. Incredible. Guess that's a <a href="https://chaos.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a> feature that won't actually fit my threat model.<a href="https://chaos.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#CyberSecurity</a> <a href="https://chaos.social/tags/Android16" class="mention hashtag" rel="nofollow noopener" target="_blank">#Android16</a>

Emma Liv 🌈 🇨🇦3/ I'm thinking, maybe <a href="https://mastodon.social/tags/TorBrowser" class="mention hashtag" rel="nofollow noopener" target="_blank">#TorBrowser</a> <a href="https://mastodon.social/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tor</a> can help them? Perhaps I could send them an installer and instructions?Would I be commiting a crime? Am I not thinking this through? (I'm Canadian). Any <a href="https://mastodon.social/tags/help" class="mention hashtag" rel="nofollow noopener" target="_blank">#help</a> <a href="https://mastodon.social/tags/advice" class="mention hashtag" rel="nofollow noopener" target="_blank">#advice</a> would be appreciated! The regular people of <a href="https://mastodon.social/tags/Iran" class="mention hashtag" rel="nofollow noopener" target="_blank">#Iran</a> don't deserve this!<a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@torproject</a>

Kevin Karhan :verified:<a href="https://mstdn.social/@BrodieOnLinux" class="u-url mention" rel="nofollow noopener" target="_blank">@BrodieOnLinux</a> I am pretty shure <a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@torproject</a> / <a href="https://infosec.space/tags/TorBrowser" class="mention hashtag" rel="nofollow noopener" target="_blank">#TorBrowser</a> and any <a href="https://infosec.space/tags/App" class="mention hashtag" rel="nofollow noopener" target="_blank">#App</a> that does <a href="https://infosec.space/tags/Proxy" class="mention hashtag" rel="nofollow noopener" target="_blank">#Proxy</a> through <a href="https://social.librem.one/@guardianproject" class="u-url mention" rel="nofollow noopener" target="_blank">@guardianproject</a> / <a href="https://infosec.space/tags/Orbot" class="mention hashtag" rel="nofollow noopener" target="_blank">#Orbot</a> for <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tor</a> access is not affected but I do encourage both <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tor</a> and Orbot devs to test against <a href="https://infosec.space/tags/LocalhostTracking" class="mention hashtag" rel="nofollow noopener" target="_blank">#LocalhostTracking</a>!<a href="https://infosec.space/tags/Spyware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Spyware</a> <a href="https://infosec.space/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#InfoSec</a> <a href="https://infosec.space/tags/ComSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#ComSec</a> <a href="https://infosec.space/tags/ITsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#ITsec</a> <a href="https://infosec.space/tags/OpSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#OpSec</a> <a href="https://infosec.space/tags/Malware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Malware</a> <a href="https://infosec.space/tags/LocalhostTracking" class="mention hashtag" rel="nofollow noopener" target="_blank">#LocalhostTracking</a> <a href="https://infosec.space/tags/Govware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Govware</a> <a href="https://infosec.space/tags/StasiBook" class="mention hashtag" rel="nofollow noopener" target="_blank">#StasiBook</a> <a href="https://infosec.space/tags/Facebook" class="mention hashtag" rel="nofollow noopener" target="_blank">#Facebook</a> <a href="https://infosec.space/tags/Meta" class="mention hashtag" rel="nofollow noopener" target="_blank">#Meta</a>

Kevin Karhan :verified:<a href="https://infosec.exchange/@cR0w" class="u-url mention" rel="nofollow noopener" target="_blank">@cR0w</a> too many.<ul><li>Jist like there are way too many applications suceptible to the <a href="https://infosec.space/tags/CryptoAPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#CryptoAPI</a> <a href="https://infosec.space/tags/backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#backdoor</a> of <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#Windows</a>.</li></ul><a href="http://github.com/kkarhan/windows-ca-backdoor-fix" rel="nofollow noopener" translate="no" target="_blank">http://github.com/kkarhan/windows-ca-backdoor-fix</a>So far testing by <a href="https://social.heise.de/@ct_Magazin" class="u-url mention" rel="nofollow noopener" target="_blank">@ct_Magazin</a> / <a href="https://social.heise.de/@heiseonline" class="u-url mention" rel="nofollow noopener" target="_blank">@heiseonline</a> (and myseof later on) revealed only few <a href="https://infosec.space/tags/Apps" class="mention hashtag" rel="nofollow noopener" target="_blank">#Apps</a> not vulnerable to this specifics <a href="https://infosec.space/tags/Govware" class="mention hashtag" rel="nofollow noopener" target="_blank">#Govware</a>:<ul><li><a href="https://infosec.space/tags/Firefox" class="mention hashtag" rel="nofollow noopener" target="_blank">#Firefox</a> (uses <a href="https://mastodon.cc/@Mozilla" class="u-url mention" rel="nofollow noopener" target="_blank">@Mozilla</a> / <a href="https://mastodon.social/@mozilla_support" class="u-url mention" rel="nofollow noopener" target="_blank">@mozilla_support</a> / <a href="https://infosec.space/tags/Mozilla" class="mention hashtag" rel="nofollow noopener" target="_blank">#Mozilla</a> <a href="https://infosec.space/tags/NSS" class="mention hashtag" rel="nofollow noopener" target="_blank">#NSS</a> & has it's own <a href="https://infosec.space/tags/SSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#SSL</a> certificate storage)</li><li><a href="https://mastodon.online/@thunderbird" class="u-url mention" rel="nofollow noopener" target="_blank">@thunderbird</a> (Mozilla NSS)</li><li><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@torproject</a> / <a href="https://infosec.space/tags/TorBrowser" class="mention hashtag" rel="nofollow noopener" target="_blank">#TorBrowser</a> (Mozilla NSS; custom certificates)</li><li><a href="https://infosec.space/tags/curl" class="mention hashtag" rel="nofollow noopener" target="_blank">#curl</a> (uses <a href="https://mastodon.social/@bagder" class="u-url mention" rel="nofollow noopener" target="_blank">@bagder</a> <a href="https://infosec.space/tags/WolfSSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#WolfSSL</a> and manages it's own certs)</li></ul>Anything else that uses the CryptoAPI is, espechally *all <a href="https://infosec.space/tags/Chromium" class="mention hashtag" rel="nofollow noopener" target="_blank">#Chromium</a>-Forks (aka. All Browsers except Firefox, Tor Browser, <a href="https://infosec.space/tags/dillo" class="mention hashtag" rel="nofollow noopener" target="_blank">#dillo</a>, <a href="https://infosec.space/tags/LynxBrowser" class="mention hashtag" rel="nofollow noopener" target="_blank">#LynxBrowser</a>…)

Kevin Karhan :verified:<a href="https://social.tchncs.de/@Bugspriet" class="u-url mention" rel="nofollow noopener" target="_blank">@Bugspriet</a> <a href="https://oxytodon.com/@fuchsiii" class="u-url mention" rel="nofollow noopener" target="_blank">@fuchsiii</a> davon rate ich prinzipiell ab!<ul><li>Ich nutz' bei denen aus Prinzip <a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@torproject</a> / <a href="https://infosec.space/tags/TorBrowser" class="mention hashtag" rel="nofollow noopener" target="_blank">#TorBrowser</a> auf höchstem Sicherheitsstand und blocke alle Cookies!</li></ul>

Kevin Karhan :verified:<a href="https://em.erge.to/users/LunaDragofelis" class="u-url mention" rel="nofollow noopener" target="_blank">@LunaDragofelis</a> <a href="https://mastodontech.de/@gulli" class="u-url mention" rel="nofollow noopener" target="_blank">@gulli</a> <a href="https://oxytodon.com/@fuchsiii" class="u-url mention" rel="nofollow noopener" target="_blank">@fuchsiii</a> worse even: <ul><li>They do this kind of shit - just like other <a href="https://infosec.space/tags/DarkPattern" class="mention hashtag" rel="nofollow noopener" target="_blank">#DarkPattern</a>|s like constantly nudging people into agreeing with their tracking bs - REGARDLESS if one uses <a href="https://infosec.space/tags/TorBrowser" class="mention hashtag" rel="nofollow noopener" target="_blank">#TorBrowser</a> and disables all <a href="https://infosec.space/tags/Cookies" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cookies</a> & <a href="https://infosec.space/tags/JavaScript" class="mention hashtag" rel="nofollow noopener" target="_blank">#JavaScript</a> or logs into a <a href="https://infosec.space/tags/YouTube" class="mention hashtag" rel="nofollow noopener" target="_blank">#YouTube</a> account on <a href="https://infosec.space/tags/GoogleChrome" class="mention hashtag" rel="nofollow noopener" target="_blank">#GoogleChrome</a>.</li></ul>So yet another reason I use <a href="https://inv.nadeko.net" rel="nofollow noopener" translate="no" target="_blank">https://inv.nadeko.net</a> on <a href="https://infosec.space/tags/Firefox" class="mention hashtag" rel="nofollow noopener" target="_blank">#Firefox</a>, cuz there's way less bs and it's recommendations ain't full of racist & facist <a href="https://infosec.space/tags/RageBait" class="mention hashtag" rel="nofollow noopener" target="_blank">#RageBait</a> & <a href="https://infosec.space/tags/ClickBait" class="mention hashtag" rel="nofollow noopener" target="_blank">#ClickBait</a>!

Kevin Karhan :verified:<a href="https://infosec.space/@voxel" class="u-url mention" rel="nofollow noopener" target="_blank">@voxel</a> well, <a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@torproject</a> / <a href="https://infosec.space/tags/TorBrowser" class="mention hashtag" rel="nofollow noopener" target="_blank">#TorBrowser</a> does that for everything but bookmarks by default, and that is good.

Antwortete im Thread

**Kevin Karhan** @kkarhan@infosec.space · 4. Juni

4. Juni

Kevin Karhan @kkarhan@infosec.space

@heluecht @ulrichkelber @Olaf_Ruhl_Jiddische_Lieder ich rate prinzipiell zu @torproject / #TorBrowser…

Antwortete im Thread

**Kevin Karhan** @kkarhan@infosec.space · 4. Juni

4. Juni

Kevin Karhan @kkarhan@infosec.space

@stiefel_fan @montag @ulrichkelber oder garnicht erst jene dienste bzw. wenn dann nur pseudonym über @torproject / #TorBrowser und nie mit echten Namen oder gar entsprecjenden persönlichen Details!

Antwortete im Thread

**Kevin Karhan** @kkarhan@infosec.space · 4. Juni

4. Juni

Kevin Karhan @kkarhan@infosec.space

@estelle @torproject / #TorBrowser and #LynxBrowser over #Tor.

**Neustradamus :xmpp: :linux:** @neustradamus@mastodon.social · 3. Juni

3. Juni

Neustradamus :xmpp: :linux: @neustradamus@mastodon.social

#Tails 6.16 has been released (#Debian / #Tor / #TorBrowser / #Firefox / #WebBrowser / #Thunderbird / #Onion / #Darknet / #DarkWeb / #DeepWeb) https://tails.net/

tails.netTails - Startseite

Antwortete im Thread

**Kevin Karhan** @kkarhan@infosec.space · 2. Juni *

2. Juni *

Kevin Karhan @kkarhan@infosec.space

@voxel well, better than asking @brave, just use @torproject / #TorBrowser which does that per default, espechally on @tails_live / @tails / #Tails where it only stores #bookmarks!

Antwortete im Thread

**Kevin Karhan** @kkarhan@infosec.space · 1. Juni *

1. Juni *

Kevin Karhan @kkarhan@infosec.space

@collectifission @jeffmcneill @alberto the problem is that #Mozilla failed to use their past "#UncoditionalIncome" or rather absurdly good #Google deal in any meaningful and sustainable way.

And if the relationship were to change from "#FLOSS like free beer!" to a "#transactional" one I'd certainly expect them to not just #DoBetter, but have more #transparency, #accountability and stop their #Enshittification!

Which is why I want @Mozilla / @mozilla_support to hand over #Firefox to @torproject and make #TorBrowser it's #upstream.

Obviously the best option would be for #Mozilla to become like a #nonprofit (#eV) or #cooperative (#eG) where they have to actually #audit their finances (in the case of cooperatives, by an accredited external auditor) to enshure they ain't wasting huge amounts of money.
Cuz even if everyone there makes $200k a year (obviously they don't) that's still $300M that had to go somewhere.

And even if we assume they blow another $100M on equipment, hosting, sponsorships and other expenses that's still $200M unaccounted for.

I'd be willing to pay for a good browser, I really would, but that also entails said #funding to go somewhere useful as per the interest of those funding.

Anything else is a #donation.

Antwortete im Thread

**Kevin Karhan** @kkarhan@infosec.space · 29. Mai *

29. Mai *

Kevin Karhan @kkarhan@infosec.space

@dashjackson @froge @arstechnica this isn't new either.

#Microsoft refuses to fix their #CrpytoAPI #Backdoor so anything that uses it (all browsers excpet #Firefox & #TorBrowser as well as all eMail clients except #Thunderbird) are vulnerable, and that vulnerable is trigger-able with a single HTTPS request.

https://github.com/kkarhan/windows-ca-backdoor-fix