Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
social.tchncs.de is one of the many independent Mastodon servers you can use to participate in the fediverse.
A friendly server from Germany – which tends to attract techy people, but welcomes everybody. This is one of the oldest Mastodon instances.

Administered by:

Server stats:

3.8K
active users

social.tchncs.de: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.7

#MultiProvider

0 posts0 participants0 posts today
Replied in thread
Public
Kevin Karhan :verified:

@ckrypto if@signalapp@mastodon.world wasn't complying with #CloudAct, @Mer__edith would be in jail.

Not to mention even if Signal keeps their "#OpenSource" code updated - which is doubtful, NOONE can actually #verify that it's the code you actually use - regardless if #backend / #Server or #client / #App!

  • #Signal is as secure as #ANØM, otherwise it would've been shutdown ages ago.

Also if Signal was designed for #security, it would've been #decentralized as #XMPP+#OMEMO and not demand #PII like #PhoneNumbers which oftentimes cannot be obtained anonymously in many juristictions at all!

By comparison, @delta doesn't require any PII, only an #eMail account, and @monocles isn't a #VCmoneyBurningParty but sustainable due to #subscription and they don't even require any personal details for #payment: #CashByMail and #Monero are accepted.

Again: It's Signal alone who have to evidence they are trustworthy, and all I get are "#TrustMeBro!" replies, which means they are not to be trusted.

  • Not to mention, it's just not sustainable to run a #service without #revenue, even if it's run entirely by unpaid volunteers and gets all it's #hosting and #costs donated, someone has to pay for expenses due to #abuse of a service (which is an inevitability come mass adoption)...

Whereas with #XMPP I can completely setup my own server and client, even build my own if I don't trust anyone else and pay someone to audit the code.

Whereas with XMPP & PGP/MIME #eMail I can layer @torproject / #Tor over it, make it an #OnionService and keep that thing under my bed with a literal killswitch...

YouTubeSignal's Terrible MobileCoin BetrayalBy The Hated One
Replied in thread
Public
Kevin Karhan :verified:

@delta also the whole "BuT #mEtAdAtA?" Discussion is completely blown out of proportions by #Signal fanboys.

In fact, I'm convinced someone already made a #delta #chat #server as an #OnionService over @torproject / #Tor just for the lulz.

  • The biggest Advantage for Delta Chat is that it doesn't require yet another server but instead just uses #IMAP + #SMTP and can even be integrated in #corporate communications that require #archival and #indexing by merely feeding the private keys to said #eMail archival software [i.e. #benno #MailArchiv], which makes it possible to comply with regulations like #GoBD & #HGB where applicable.

Not that this is something the average user encounters, but it is a big bonus for larger organizations!

Replied in thread
Public *
Kevin Karhan :verified:

@compl4xx @Layer8 @nick @kuketzblog @marcel @mspro

  • EXAKT DAS!

Meine Rede...

Oder um es einfach zu erklären: Warum gibt es #HTTP(S) & #HTML sowie #eMail ( #IMAP & #SMTP) bis heute und keiner nutzt mehr #AOL, #MSN, #ICQ?

Wenn @signalapp / #Signal wegen #CloudAct geflipped wird wie #EncroChat, #ANØM & #SkyECC dann stehen Leute alternativlos in der shice ubd die ganzen "Sicherheitsversprechen" lösen sich in "#TrustMeBro!" und #Lügen auf.

Ich nutze meinen XMPP-Account seit Ewigkeiten und habe drölfzig Clients durch. Aber Kontakte erreichen mich darüber Problemlos!

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@kuketzblog@social.tchncs.de naja, @signalapp@mastodon.world fällt auch unter #CloudAct ubd #Threema ist noch #proprietärer als #Signal. - Gibt mit #XMPP+#OMEMO eine wirklich #sichere & #dezentrale Alternative die keine #PII wie #Telefonnummern oder #Google-Dienste braucht! Ach ja, @monocles@monocles.social / #moniclesChat haben [grade](https://monocles.social/@monocles/113925173206088469) ne #Promo zum #GlobalSwitchDay und bieten deren #App kostenlos an. - Und sonst gibt's auch noch @delta@chaos.social / #deltaChat welche #PGO/MIME & #eMail als Basis nutzen! Für [beide gibt's](https://github.com/greyhat-academy/lists.d/blob/main/xmpp.servers.list.tsv) [kostenlose Anbieter](https://github.com/greyhat-academy/lists.d/blob/main/email.servers.list.tsv) und #SelfHosting ist genauso machbar wie deren *echte #E2EE* mit #SelfCustody!
Replied in thread
Public
Kevin Karhan :verified:

@max
To quote you directly:

"[...] easy to use solutions that are at the same time private and secure. [...]"

It is easier, faster, cheaper and overall simpler to get someone setup with #XMPP + #OMEMO espechally if they don't have a #PhoneNumber and/or #ID to acquire a #SIM.

And if you go and say, "Just buy a [insert country here] [e]SIM!" and expect #TechIlliterates without a #CreditCard, #PayPal or other means of #OnlinePayment to fiddle around with some #eSIM if not having to get some #eSIMcard because they can only afford to maintain one SIM and can't spend triple-digits on a new devices then you completely missed the point!

It's not that I expect anyone to get #TechLiterate within minutes, but similar to setting up a cordless DECT phone it's something one has to do once in 5 years and just have them put the password in a safe spot to retain...

Point is that #Signal #WontFix their setup and that was evidently clear even before @Mer__edith succeeded #MoxieMarlinspike: Their entire operation has a distinct #CryptoAG stench as it's an #unsustainable #VCmoneyBurning party!

A counterexample on how this could've been done are #Tor, #eMail and other truly #OpenSource as in #MultiVendor & #MultiProvider standards.

Whereas it's trivial to get people setup on one of many XMPP servers I've personally tested!

AFAIK Signal doesn't even have an #OnionService / .onion for their Website, much less any #API enpoints to use it with!

You're free to also provide evidence and supporting data to your arguments, rather then neighsaying against proven to be more secure and reliable [by virtue of decentralization] options like XMPP+OMEMO and/or #PGP/MIME.

The proper fix is to actually assess the situation and acknowledge the risks and limitations as well as the very nature of communications, which means upgrading later is exponentially more painful, thus getting people properly setup once is way easier.

  • Just because WE [ or rather @rysiek in this case ] rather privilegued enough to not be hatecrimed in their current location doesn't mean this is the case for everyone. And having places like Signal rely on a "#CDN" is just another red flag to me because questions like this one just don't arise with monocles.chat as people can just exercise proper #SelfCustody and just use Tor!

Speaking of #monocles: That business is at least #sustainable because it's funded by users (€2 p.m.) which they can pay anonymously

gruene.socialMax L. (@max@gruene.social)@kkarhan@infosec.space Sorry but no, the correct solution is to push for easy to use solutions that are at the same time private and secure. Hiding privacy and security behind a veil of "you need to know" is discrimination of people that are not able (either mentally, physically or monetary) to gain that knowledge. The correct move here is for @signalapp@mastodon.world and any other service to fix this and for legislators to enact laws enforcing proper security and privacy by design.
Replied in thread
Public
Kevin Karhan :verified:

@zeank @MastoDenunzianten Auch sind all.dies #Merting-#Versprechen oder auch #Lügen, denn woher soll mensch verifizieren können, dass das was #Threeema behauptet auch stimmt?

  • Die werden mich das ja nicht persönlich an deren Servern abchecken lassen.

Bei #XMPP+#OMEMO (z.B. @monocles / #monoclesChat & @gajim / #Gajim) & #PGP/MIME (z.B @delta / #DeltaChat) kann ich im Zweifelsfalle #SelfHosting mit nem #RaspberryPi im Kleiderschrank machen.

Angriffe auf dezentrale & offene, #MultiVendor & #MultiProvider-Standards funktionieren nicht skalierbar!

pwnagotchi.aiPwnagotchi - Deep Reinforcement Learning instrumenting bettercap for WiFi pwning. :: Usage
Replied in thread
Public
Kevin Karhan :verified:

@zackwhittaker @kevincollier

Remember:

The only way we can prevent a #Cyberfacist #dystopia is to make it impossible!

Replied in thread
Public
Kevin Karhan :verified:

@ai6yr people need to fucking learn proper #InfoSec, #OpSec, #CkmSec & #ITsec and that means learning to proper use #XMPP+#OMEMO & #PGP/MIME.

@tails_live / @tails / #Tails exists. @gajim / #Gajim exists. @monocles / #monoclesChat exists. @delta / #deltaChat exists. @thunderbird / #Thunderbird exists. @cryptoparty@mastodon.earth / @cryptoparty@chaos.social / #CryptoParties exist.
#Documentation in writing and videos exist.

#selfhosting#multivendor#multiprovider
Public
Kevin Karhan :verified:

@doerk the problem is that we accept #TechIlliterates just regurgitating #MarketingLies of #NSAbook et. al.

Or does anyone believe @signalapp 's @Mer__edith would protect any user if that means she'd be in jail for the rest of her life?

  • Cuz whoever believes that really huffed too much Copium amidst #CloudAct existing and precedents existing!

1
2
3

www.youtube.com - YouTubeAuf YouTube findest du die angesagtesten Videos und Tracks. Außerdem kannst du eigene Inhalte hochladen und mit Freunden oder gleich der ganzen Welt teilen.
Replied in thread
Public
Kevin Karhan :verified:

@delta TBH, I think that #deltaChat, alongside @monocles / #monoclesChat is one of the few real #E2EE #Chat & #Messaging solutions (which allow for full #SelfCustody of keys as well as being based on #OpenStandards for a #MultiVendor & #MultiProvider ecosystem) and even out-of-band verification and key exchange...

  • The main difference is that deltaChat implements #PGP/MIME on #IMAP+#SMTP, which may be easier to setup in some cases and also offer an easy pipeline to archival requirements in #business setups whilst #monocles chat uses #XMPP+#OMEMO first and supports PGP/MIME as a secondary option, making it a good option in individual setups...

Needless to say both support using @torproject / #Tor via #Orbot and thus connecting to an #OnionService or just anonymously connecting to the server one personally chooses...

  • So unless a provider explicitly bans Tor proactively, they'll work just fine.

The advantage of XMPP is that it also allows for calls, whereas I've to see how one can do Group Chats on deltaChat at all...

Public *
Kevin Karhan :verified:

@lightspill Personally, I think that depends...

Certain things are matters of taste (i.e. #vi, #vim, #neovim, #nano, #ne or #kilo as #editors) and certain things are just objectively correct things to do (i.e. #PGP/MIME encryption on #eMail, using #MutiVendor & #MultiProvider #OpenStandads instead of #proprietary #SingleVendor & #SingleProvider "solutions"...)

  • But as @tantacrul once said: "It's okay to be wrong!"

As a #Linux & #Unix-esque #Sysadmin I'd rather be disliked as #BenevolentDictator than to deliver or even maintain subpar, substandard, insecure and unmaintainable solutions, because like an #electrician, people / businesses or rather clients / employers expect me to plan and deliver solutions that are 'up to code' and by 'code' I mean the relevant laws and standards ranging from #GDPR & #BDSG to #PCIDSS & #BSI...

  • EVERYTHING ELSE is secondary!
Replied in thread
Public *
Kevin Karhan :verified:

@dangillmor @eff Yes, but also acknowledge obvious misguidings.

Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”
#selfcustody#decentralized#multivendor
Public
Kevin Karhan :verified:

@thegibson Well, what if I told you that neither #Signal nor #Threema nor any #centralized #SingleVendor & #SingleProvider messenger will be secure.

But don't take my word for it, because just as logless VPNs don't exist so will @signalapp snitch on every user if served with a court order or forced at gunpoint by LEAs and/or facing jail for not complying with #CloudAct.

  • In fact, I'd be surprised if they haven't done so already...

If you want real #security and #privacy, then don't use any #messenger that demands #PII like #PhoneNumbers at all and choose #decentralized, #MultiVendor & #MultiProvider solutions like #XMPP+#OMEMO where you have #SelfCustody of all #Keys and thus you are in control!

Also #Telegram is exclusively being used by #Neonazis, #ConspiracyTheorists and #Disinfo groups...

Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”
Replied in thread
Public *
Kevin Karhan :verified:

@landley @dalias @stman @OS1337 I do agree with your analysis:

Unless #RISCv gets a strong #MultiVendor & #MultiProvider alliance behind it, it won't succeed.

Rather I do expect RISC-V to become relevant once #amd64 went the way of #ix86 and #arm64 is dominating and/or #ARM is being too greedy towards it's licensees that the threshold of acceptable "pain and frustration" in.the form of licensing fees has been exceeded for most of them and they collectively choose to jump ship (and not merely threaten to do so as a negotiation tactic!)...

Replied in thread
Public *
Kevin Karhan :verified:

@HeatSinkAmbassador personally I'd stick with existing, #OpenSource #MultiVendor & #MultiProvider standards (i.e. #XMPP + #OMEMO and #PGP/MIME ) to avoid any #LockIn whatsoever.

Something @EU_Commission has to learn themselves since they also do procure #Windows, #MicrosoftOffice and #aws w/o a proper call-for-tender!
youtube.com/watch?v=duaYLW7LQv

YouTubeThe Microsoft-Dilemma - Europe as a Software Colony (Full Documentary, 2018)By wocomoDOCS
ExploreLive feeds
About