Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://infosec.exchange/@SecurityWriter" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>SecurityWriter</span></a></span> I don't defend this, nor anything else that <span class="h-card" translate="no"><a href="https://mastodon.social/@MastodonEngineering" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>MastodonEngineering</span></a></span> / <a href="https://infosec.space/tags/Mastodon" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Mastodon</span></a> <a href="https://infosec.space/tags/devs" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>devs</span></a> do, including <a href="https://github.com/mastodon/mastodon/issues/28605" rel="nofollow noopener" target="_blank">stifling and sabotaging</a> the need for good moderation tools.</p><ul><li>In return I think that the arguments pushed against the <a href="https://infosec.space/tags/Fediverse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Fediverse</span></a> by (alleged) <a href="https://infosec.space/tags/TechIlliterates" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechIlliterates</span></a> are not worth entertaining, cuz the same folks would also dismiss any alternative to <a href="https://infosec.space/tags/GMail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>GMail</span></a> cuz <em>they'd have to 'choose a Server'</em>....</li></ul><p>If we can't expect <a href="https://infosec.space/tags/users" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>users</span></a> to make informed decisions, then maybe they should not be allowed to use tech.</p><ul><li>Sorry for me <a href="https://infosec.space/tags/venting" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>venting</span></a>, but noone would dismiss <a href="https://infosec.space/tags/eMail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eMail</span></a> because <a href="https://infosec.space/tags/mutt" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>mutt</span></a> is not a beginner-friendly eMail client for folks that can't even use a goddamn mouse, as so many <a href="https://infosec.space/tags/Zoomers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Zoomers</span></a> these days do.</li></ul><p>I gladly <em>teach people tech</em> but most don't want to learn or even follow through on suggestions, advice and take explanaitions to their answers, and at a certain point that's just tiring...</p>
#TechIlliterates
0 posts0 participants0 posts today
Replied in thread
@rysiek @agturcz that's not how you fix #TechIlliteracy, espechally since things changed for the better.
@monocles / #monoclesChat & @gajim / #gajim are quite easy, whereas @signalapp / #Signal demands #PII in the form of a #Phone number which is more often than not not legally obtainable without "#KYC" aka. "forced #SelfDoxxing" all whilst being an extremely #centralized, #SingleVendor & #SingleProvider solution that falls under #CloudAct ant thus cannot adhere to #GDPR & #BDSG!
- Sorry, but "#TechPopulism" alike
"JuSt UsE sIgNaL !"won't fix #TechIlliteracy but rather provide false sense of security to #TechIlliterates when the correct solution is to teach proper #TechLiteracy like @cryptoparty@chaos.social / @cryptoparty@mastodon.earth / #CryptoParty does...
Otherwise we'd only perpetuate the #Enshittification-#Lifecycle as has happened with #AIM, #ICQ, #BBM and so many more...
- Mark my words, cuz I've been proven correct up to this point.
If #Signal and @Mer__edith actually cared, they would've setup their system truly decentralized as an #OnionService over @torproject / #Tor!
Mastodon 🐘Michał "rysiek" Woźniak · 🇺🇦 (@rysiek@mstdn.social)@kkarhan@infosec.space I ran and hosted a bunch of XMPP servers a while back. It was a pain to use, and it was easy for users to make mistakes and accidentally send messages in the clear.
You are making people les safe. Last time: please stop doing this in my mentions and replies.
@agturcz@circumstances.run @torproject@mastodon.social
[#TLDR: JUST TELL ME IF YOUR TABLET CAN DO #CALLS!]
#DearVendors of #Android-#Tablets:
Off all the #Functions you can put into a #Specifications Sheet of your Devices there's one you should ALWAYS answer clearly on your #Website:
DOES YOUR TABLET [with #4G / #5G / …) SUPPORT MAKE PHONE CALLS?
Like: IS IT TOO MUCH TO ASK TO HAVE THAT INFO IN THE SPECSHEETS?
You're obviously able to list all the #Codecs natively supported and the user-available storage as well as supported Frequency Bands, WWAN modes, WiFi channel width and the Display Glass vs. Panel dimensions including DPI of the latter and whether or not it has a hall effect sensor to detect your overpriced 1st party tablet covers!
Now some folks may ask: "WHY does this matter?" or outright dismiss this as a problem.
Listen:
Not everyone is able or willing to carry two devices when 1 SHOULD BE ENOUGH and also some places (i.e. #Turkey) have #ImportRestrictions re: #MobileDevices, so having more than 1 #IMEI is already a "NOPE!" by the authorities.
- Also this isn't something one can "fix" post-purchase like installing #VLC to decode some obscure file format in Software: Either the #Baseband and #ROM support #PhoneCalls or they don't!
So why do NONE of the #Tablet manufacturers allow to #search or #filter for that???
- Bonus points if you have lazy fucks like #HMD (aka. #Nokia) who literally copy the #Safety & #Useage information for all #Smartphones and #Tablets and don't even bother to change "Mobile Phone" for "Tablet".
NO, instead one has to download an obscenely huge #PDF just to then read on page 34 that for any "#telephony" function you NEED YET ANOTHER DEVICE FROM THE SAME MANUFACTURER AND HAVE TO SIGNUP WITH AN ACCOUNT and even that level of #abuse WON'T GUARANTEE THAT IT WORKS...
- I mean, come on, this ain't some obscure functionality like #OMAPI to do some "evil sourcery" like managing an #eSIM that is in a #SIM-Card form factor!
Pretty shure A LOT of other folks have the same question and ain't willing to get yet another device & #SIM just to recieve the occasional call because #TechIlliterates can't be assed to send an #eMail or learn #XMPP+#OMEMO to message one...
- Obviously they same manufacturers are able and willing to specify f-stops of the built-in cameras and list EVERY SINGLE #WEARABLE they made and certify as 'compatible' with, as if anyone is gonna take their non-#waterproof #Tablet for a marathon or god forbid triathlon...
Und deshalb zwangsmigriere ich #TechIlliterates auf #Linux denn ich werde nicht dafür bezahlt, ständig #DigitalerKammerjäger zu spielen...
Replied in thread
I finally understand how Mastodon is dificult.
Replied in thread
@Natanox @djvdq I do agree in that regard as in that a lot of #FLOSS doesn't do good #UI & #UX but I've yet to see an issue that wasn't already covered well-enough (even for #GnuPG / #GPG there's #Kleopatra as a nice #GUI!) to the point that even on #Windows or #macOS you'd have to use a #CLI tool for that...
- Cuz 99,999% of what "#TechIlliterates" and "#Normies" want is to get their basic stuff done and working.
In fact, they don't give a s**t about tje underlying OS. Most don't even care if they use #Firefox or #Chrome and #Google or #DuckDuckGo.
- All they want is get shit done! And these.folks are eadily helped with a hands-on on a good #Linux dostro and maybe preinstalling some #RemoteSupport tool like #Dayon where one can help them if there ever was a need to do anything...
Replied in thread
@hollowone @vvelox @SecurityWriter
IDK what planet you live at, but I'd trust @libreoffice more than #MicrosoftOffice.
- And yes, I literally migrated some cursed shite from #Windows to #Linux and got it to work with #Libreoffice, so it's mostly a matter of #pain, #frustration and #cost for the decisionmakers.
As a #Sysadmin, I'm used to acting as "#BenevolentDictator" cuz otherwise #TechIlliterates would fuck up (literally) everything!
- Sounds harsh but I'd rather not work in #IT than committing professional malpractice by using #Windows & #Office365 as that combo cannot under any circumstances comply with #GDPR & #BDSG and just because too many folks ignore that [just like they did when GDPR rolled out) doesn't mean this #InconvenientTruth won't go away...
I'd rather invest time and effort to not be shackled to a #GAFAM & #PRISM collaborator than just doing what everyone else does.
Replied in thread
@xoron I don't want to discourage you at all - in fact I think your goal is not just noble but also worth aspiring to.
- My recommendation is always to scout out existing solutions, protocols and standards and see if those can be salvaged / used and if not, reason why. #PGP/MIME may seem crusty but a good UI can make it easy. Same.goes for #OMEMO & #OTR...
But whatever you do, please "DO NOT DIY ENCRYPTION!"
- Instead delegate it to drop-in libraries (i.e. crypto++ for C++) that are well, maintained and getting audited.
Prioritize features early on and make a decision what you want and if/how these can be accomplished. If necessary, have different modes / functions one has to context-switch (i.e. videocalling can't work in an airgapped network unless your callers are in the same (W)LAN).
- If possible choose to stay platform-independent in terms of tech, so like #WebCall, #JitsiMeet, etc. you can simply package that up with nw.js... (Except if you need like a minimalist, (n)curses-style TUI tool like #enc)
User-test early on. Espechally with "#TechIlliterates", if you can.
- Focus on a #MVP (minimum viable product) early on.
Write #documentation early on since that'll remove headaches. And I don't just mean #CommentYourCode but go deep and explain in detail why you chose something. This will help not just you.
- In terms of "scouting existing solutions" I'd recommend to take a look not just at #JitsiMeet & #WebCall, but also #Briar, #ServalMesh, @monocles / #monoclesChat, @gajim / #gajim and @micahflee's #OnionShare.
Make yourself a list what you like and dislike from those.
- Same with #Linphone, @zulip / #Zulip, #WhatsApp, #Signal, #Threema and even #WeChat, #FacebookMessenger, #iMessage, #FaceTime and god forbid #Skype, #MicrosoftTeams as well as #Slack.
Don't be afraid if your #App can't tick all the boxes at first release. Rather feel free to slowly ibtegrate them.
Needless to say I do sincerely wish you good luck and only the best in terms of success.
nwjs.ioNW.jsnwjs
Replied in thread
@jdohrmann @DigitalWriter@bildung.social Wegen solcher Leute bin ich in der IT als "wohlwollender Diktator" agierend.
- Wenn wir #TechIlliterates über den #TechStack entscheiden lassen, kommt nachher noch #MSDOS & #WindowsXP im Jahre 2024 raus!
Solche Leute haben gefälligst @libreoffice zu lernen oder werden wegen #Arbeitsverweigerung gegangen!
Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@_DigitalWriter_@bildung.social hatte mit solchen Leuten 2017 zu tun und dann flink denen [genau das](https://github.com/webapp-crew/) bereitgestellt.
- inzwischen diskutier' ich mit so todeslosten Markenopfern nicht mehr, sondern erzwinge als #Sysadmin die Umstellung, weil #Windows11, #Office365 / #Microsoft365 & Co. schon allein wegen #CloudAct nicht in der Lage sind, #DSGVO & #BDSG-Compliance zu erreichen. Und kein*e Fachanwält*in hat bisher verbindlich und mit Haftung für die Folgen das Gegenteil behauptet!
@estelle well,
@signalapp is a #proprietary, #SingleProvider, #SingleVendor, solution that collects #PII in the form of #PhoneNumbers and is not only extremely #centralized but subject to #CloudAct.
- And as we all know, neither @Mer__edith nor anyone else would go to jail for their users.
The only #secure comms are those with real #E2EE and #SelfCustody of all the keys.
- Consider #XMPP + #OMEMO clients like @gajim and #monoclesChat and providers like @monocles / #monocles and cock.li that don't collect any PII and just work fine over @torproject / #Tor for real #privacy!
Everything else is just baiting #TechIlliterates to a #VC #MoneyBurningPit that is is #Signal.
- And if you ain't convinced, consider the fact that Signal peddles a #Shitcoin known as #MobileCoin which is more #delisted than #Monero and has no practical use-case to this day!
Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo
https://t.co/Q2aOQJkG4g”
Replied in thread
@samueljohn @ditol @linuzifer @tails_live @tails @thunderbird @monocles @Mer__edith @signalapp
Again: It's OUR responsibility to fix that!!!
- Sorry to break it to you but #Linux is really getting traction as #Apple and #Microsoft race on how much they can #abuse #users and #Enshittify their products!
But hey, if you want to lean back as a consumer and huff #copium, feel free to do so.
- Just don't whine everytime I can say #ToldYaSo...
Cuz if we allow ignorant #TechIlliterates to dictate #tech and #standards, we'll soon have #christofacists roaming the streets lynching every non-flatearther on sight...
MastodonSamuel (@samueljohn@mastodon.world)@kkarhan@infosec.space @ditol@freiburg.social @linuzifer@23.social @tails_live@venera.social @tails@fosstodon.org @thunderbird@mastodon.online @monocles@monocles.social @Mer__edith
My whole point is that you are mostly in a happy crypto bubble. 95+% of "normal" ppl haven't even heard of a cryptoparty. Those that show up are already affine to technology. For the rest of us what works is WhatsApp and @signalapp and Threema.
Next you say that 2025 will be the year of Linux on the desktop 😇. Thanks, but no thanks.