Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
101010.pl is one of the many independent Mastodon servers you can use to participate in the fediverse.
101010.pl czyli najstarszy polski serwer Mastodon. Posiadamy wpisy do 2048 znaków.

Administered by:

Server stats:

575
active users

101010.pl: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.0-alpha.4

#monocleschat

0 posts0 participants0 posts today
Replied in thread
Public *
Kevin Karhan :verified:

@Avitus @lispi314 @lauren THE REQUIREMENT FOR A #PhoneNumber BY @signalapp IS LITERALLY THE PROBLEM!

  • #KYC IS THE ILLICT ACTIVITY!!!

If you gonna say "JuSt GeT aN iMpOrTeD #SIM / #eSIM!" then you obviously expect people to have way more #financial means and #TechLiteracy than is needed to get absolute N0obs setup withb#XMPP+#OMEMO and pay for @monocles / #monoclesChat!

IOC.exchangeAvitus (@Avitus@ioc.exchange)@kkarhan@infosec.space @lispi314@udongein.xyz @lauren@mastodon.laurenweinstein.org @signalapp@mastodon.world You can register any number on Signal even a landline, as long as you can get a 2FA SMS or phone call. Signal knows nothing about its users, nor does it attempt to. See https://signal.org/bigbrother/. All they have is the date and time you registered and the last date and time your device connected to a service. They've been subpoenaed many times but haven't been able to provide any data because they don't have it.
#sim#esim
Public *
Kevin Karhan :verified:

Addendum: Funzt wieder. Danke an @Natanox !

Weiß irgendwer warum der #Jabber / #XMPP-#Server vom #CCC / @CCC nicht unter dessen .onion - Domain via @torproject / #Tor erreichbar ist?
infosec.space/@kkarhan/1139749

Ist das nen #Bug von @monocles / #monoclesChat, @guardianproject #Orbot oder warum 404'd das?

#FollowerPower: :boost_ok:

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)Seems like the #OnionService for ```jabber.ccc.de``` @ ```m2ylflyeak6i6o4hsfwcrfwcq2bbjxk6nf2rnmm7fu6qiuu3hybenzid.onion``` is down. - Can anyone else confirm? Cc: @ccc@anonsys.net @CCC@social.bau-ha.us @ccc@chaos.social @clubdiscordia@chaos.social @torproject@mastodon.social #DownForEveryoneOrJustMe #DownDetector #DownDetection #Downtime #Tor #OnionServices #CCC #Jabber #XMPP #Chat #Onion
#OnionService#Debug#Debugging
Replied in thread
Public
Kevin Karhan :verified:

@ck @sven222 @kuketzblog problem is @signalapp is a #Centralized, #Proprietary, #SingleVendor & #SingleProvider solution that falls under #CloudAct and demands #PII in the form of #PhoneNumbers.

Cuz all the #advertising of Signal is close to #TrustMeBro and I'd not trust in @Mer__edith to risk jail for users!

  • But you do you...
Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”
#ITsec#InfoSec#OpSec
Replied in thread
Public
Kevin Karhan :verified:

@tauon Actually, you want to use a truly secure as in real #E2EE solution like #XMPP+#OMEMO as in @monocles / #monoclesChat and @gajim /#gajim...

Mastodonmonocles (@monocles@monocles.social)Attached: 1 image ❗ News 📣 : For the global switch day monocles chat will be available for free in the Playstore (01.02. - 07.02.): https://play.google.com/store/apps/details?id=eu.monocles.chat Take your chance and switch to the XMPP network #globalswitchday #XMPP #monocles #monocleschat #messenger #chat #jabber #otr #omemo #pgp #opensource #openpgp #sustainability #e2ee #endtoendencryption #privacy #security
#techilliterate#normies#consoomers
Replied in thread
Public *
contrapunctus ✊🏳️‍🌈🏳️‍⚧️

@mastodonmigration Obligatory reminder that #Signal relies on a centralized and proprietary server, and does not belong here.

Users of #WhatsApp #Telegram #Discord #Signal and #Threema etc should use #XMPP instead, which is #FreeSoftware and federated.

Users - check out #Quicksy (Android and iOS), #Prav, #Conversations, #Cheogram, #MonoclesChat, #Gajim, #Movim, #Monal...

Self-hosters, check out #Snikket.

Learn more with this user's guide -
contrapunctus.codeberg.page/th

contrapunctus.codeberg.pageThe Quick and Easy Guide to Jabber/XMPP
Replied in thread
Public
Kevin Karhan :verified:

@claudius @max @signalapp

No problem:

I could go on all night, so please shove that #TechPopulism somewhere the sun doesn't shine!

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@max@gruene.social To [quote you directly](https://gruene.social/@max/113872018769294131): > "[...] easy to use solutions that are at the same time private and secure. [...]" - The fact that @signalapp@mastodon.world requires #PII like a #PhoneNumber which more often than not *cannot be legally acquired anonymously* makes it not #private. It is easier, faster, cheaper and overall simpler to get someone setup with #XMPP + #OMEMO espechally if they don't have a #PhoneNumber and/or #ID to acquire a #SIM. And if you go and say, *"Just buy a [insert country here] [e]SIM!"* and expect #TechIlliterates without a #CreditCard, #PayPal or other means of #OnlinePayment to fiddle around with some #eSIM if not having to get some #eSIMcard because they can only afford to maintain one SIM and can't spend triple-digits on a new devices then you *completely missed the point*! - I can much faster and easier get TechIlliterates setup show them around - either in a @cryptoparty@mastodon.earth / @cryptoparty@chaos.social / #CryptoParty - style #classroom / #seminar or 1:1 tutoring than I can *legally acquire and activate a new SIM in #Germany* [since 07/2017]... It's not that I expect anyone to get #TechLiterate within minutes, but similar to setting up a cordless DECT phone it's something one has to do once in 5 years and just have them put the password in a safe spot to retain... - - - Point is that #Signal #WontFix their setup and that was evidently clear even before @Mer__edith@mastodon.world succeeded #MoxieMarlinspike: Their entire operation has a *distinct #CryptoAG stench* as it's an #unsustainable #VCmoneyBurning party! - #CloudAct and the #NOBUS [hegemony](https://en.wikipedia.org/wiki/NOBUS#Criticism) ain't something that just got executed now (neither was #GDPR & #BDSG!)... A counterexample on how this could've been done are #Tor, #eMail and other *truly #OpenSource* as in #MultiVendor & #MultiProvider standards. - *NOTHING* compells Signal to [demand PII](https://en.wikipedia.org/wiki/Signal_(software)), run a #Shitcoin #Scam [aka.](https://en.wikipedia.org/wiki/Signal_(software)#In-app_payments) #MobileCoin that even seasoned #TechLiterates and #CryptoBros [can't setup properly](https://www.youtube.com/watch?v=0DSGq9FQKU4), and in fact Signal using [phone numbers makes it trivial to discriminate against users and easier for them to identify them](https://en.wikipedia.org/wiki/Signal_(software)#Controversial_use)! - If [my reasoning](https://infosec.space/@kkarhan/113869305765533809) didn't resonate with you, then try helping i.e. undocumented migrants aka. *"#SansPapier|s"* to get setup with it without violating laws and/or ToS and/or needing an imported SIM which I'm shure most folks don't have on hand! Whereas it's trivial to get people setup on [one of many XMPP servers I've personally tested](https://github.com/greyhat-academy/lists.d/blob/main/xmpp.servers.list.tsv)! - Not to mention clients like @monocles@monocles.social / #monoclesChat and @gajim@fosstodon.org / #gajim are way more user-friendly and unlike Signal can also work perfectly fine over #Tor, including #OnionServices as endpoints. AFAIK Signal doesn't even have an #OnionService / [```.onion```](https://en.wikipedia.org/wiki/.onion) for their Website, much less any #API enpoints to use it with! - Them relying on #ClownFlare is just something that makes them even *more #sus* as there is *[no legitimate reason](https://en.wikipedia.org/wiki/Cloudflare#Controversies)* to use a #RogueISP like that. - - - You're free to also provide evidence and supporting data to your arguments, rather then *neighsaying* against *proven to be more secure and reliable [by virtue of decentralization]* options like XMPP+OMEMO and/or #PGP/MIME. - What gets my blood boiling is the constant #disinfo by [Signal](https://mstdn.social/@rysiek/113868777937162686) [Fanboys](https://mstdn.social/@rysiek/113869169340313254) like @rysiek@mstdn.social who sell it like #DigitalSnakeoil akin to #AntivirusSoftware, because it's at best *"#TechPopulism"* and at worst [will mislead "TechIlliterates"](https://infosec.space/@agturcz@circumstances.run/113868748895262202) with a [false sense of security](https://infosec.space/@kkarhan/113868987217053362), which in turn puts more users at risk. The *proper fix* is to actually *assess the situation* and acknowledge the *risks and limitations* as well as the very nature of communications, which means *upgrading later* is exponentially more painful, thus getting people *properly setup once* is way easier. - Just because *WE* [ or rather @rysiek@mstdn.social in this case ] rather *privilegued enough* to not be *hatecrimed in their current location* doesn't mean this is the case for everyone. And having places like Signal rely on a *"#CDN"* is just another *red flag* to me because questions like [this one](https://circumstances.run/@agturcz/113866980398547492) just don't arise with [monocles.chat](http://monocles.chat) as people can just exercise proper #SelfCustody and just use Tor! Speaking of #monocles: That business is at least #sustainable because it's funded by users [(€2 p.m.)](https://store.monocles.eu/produkt/monocles-starter-account/) which they can [pay anonymously](https://monocles.eu/more/#payment-section)
#EOD#thxbye#next
Replied in thread
Public
Kevin Karhan :verified:

@max
To quote you directly:

"[...] easy to use solutions that are at the same time private and secure. [...]"

It is easier, faster, cheaper and overall simpler to get someone setup with #XMPP + #OMEMO espechally if they don't have a #PhoneNumber and/or #ID to acquire a #SIM.

And if you go and say, "Just buy a [insert country here] [e]SIM!" and expect #TechIlliterates without a #CreditCard, #PayPal or other means of #OnlinePayment to fiddle around with some #eSIM if not having to get some #eSIMcard because they can only afford to maintain one SIM and can't spend triple-digits on a new devices then you completely missed the point!

It's not that I expect anyone to get #TechLiterate within minutes, but similar to setting up a cordless DECT phone it's something one has to do once in 5 years and just have them put the password in a safe spot to retain...

Point is that #Signal #WontFix their setup and that was evidently clear even before @Mer__edith succeeded #MoxieMarlinspike: Their entire operation has a distinct #CryptoAG stench as it's an #unsustainable #VCmoneyBurning party!

A counterexample on how this could've been done are #Tor, #eMail and other truly #OpenSource as in #MultiVendor & #MultiProvider standards.

Whereas it's trivial to get people setup on one of many XMPP servers I've personally tested!

AFAIK Signal doesn't even have an #OnionService / .onion for their Website, much less any #API enpoints to use it with!

You're free to also provide evidence and supporting data to your arguments, rather then neighsaying against proven to be more secure and reliable [by virtue of decentralization] options like XMPP+OMEMO and/or #PGP/MIME.

The proper fix is to actually assess the situation and acknowledge the risks and limitations as well as the very nature of communications, which means upgrading later is exponentially more painful, thus getting people properly setup once is way easier.

  • Just because WE [ or rather @rysiek in this case ] rather privilegued enough to not be hatecrimed in their current location doesn't mean this is the case for everyone. And having places like Signal rely on a "#CDN" is just another red flag to me because questions like this one just don't arise with monocles.chat as people can just exercise proper #SelfCustody and just use Tor!

Speaking of #monocles: That business is at least #sustainable because it's funded by users (€2 p.m.) which they can pay anonymously

gruene.socialMax L. (@max@gruene.social)@kkarhan@infosec.space Sorry but no, the correct solution is to push for easy to use solutions that are at the same time private and secure. Hiding privacy and security behind a veil of "you need to know" is discrimination of people that are not able (either mentally, physically or monetary) to gain that knowledge. The correct move here is for @signalapp@mastodon.world and any other service to fix this and for legislators to enact laws enforcing proper security and privacy by design.
Replied in thread
Public *
contrapunctus ✊🏳️‍🌈🏳️‍⚧️

@rysiek @kkarhan @agturcz An awful lot of people say they've used #XMPP "a while back". But they're often unaware of the best of XMPP, and have an unfairly negative view of it.

Did you happen to try...

...#Snikket for hosting?
snikket.org

...apps like #Quicksy and #Prav which use phone numbers for easy onboarding, same as #Signal #WhatsApp or #Telegram?
quicksy.im
prav.app

...featureful clients like #Cheogram #MonoclesChat #Gajim #Movim etc?

Snikket ChatSnikket ChatSnikket is a simple, secure and private messaging app
Replied in thread
Public *
Kevin Karhan :verified:

@rysiek @agturcz that's not how you fix #TechIlliteracy, espechally since things changed for the better.

@monocles / #monoclesChat & @gajim / #gajim are quite easy, whereas @signalapp / #Signal demands #PII in the form of a #Phone number which is more often than not not legally obtainable without "#KYC" aka. "forced #SelfDoxxing" all whilst being an extremely #centralized, #SingleVendor & #SingleProvider solution that falls under #CloudAct ant thus cannot adhere to #GDPR & #BDSG!

Otherwise we'd only perpetuate the #Enshittification-#Lifecycle as has happened with #AIM, #ICQ, #BBM and so many more...

  • Mark my words, cuz I've been proven correct up to this point.

If #Signal and @Mer__edith actually cared, they would've setup their system truly decentralized as an #OnionService over @torproject / #Tor!

Mastodon 🐘Michał "rysiek" Woźniak · 🇺🇦 (@rysiek@mstdn.social)@kkarhan@infosec.space I ran and hosted a bunch of XMPP servers a while back. It was a pain to use, and it was easy for users to make mistakes and accidentally send messages in the clear. You are making people les safe. Last time: please stop doing this in my mentions and replies. @agturcz@circumstances.run @torproject@mastodon.social
#THXBYE#EOD#ITsec
Replied in thread
Public
Kevin Karhan :verified:

@moh_kohn except @signalapp too is a #centralized, #SingleVendir & #SingleProvider solution that fully falls under #CliudAct and thus CANNOT comply with #GDPR & #BDSG as a matter of principle since this digital rquivalent of #ExtraordinaryRendition is inherently incompatible!

@monocles / #monoclesChat, @gajim / #gajim & @delta / #deltaChat, @thunderbird / #Thunderbird do support that!

Replied in thread
Public
F3715H

@MartinaNeumayer @VixenBlu @thelusciouslibra Re: #eMail and #Chat, I'd still recommend to stick with #SelfCustody, and use @monocles #monoclesMail, #monoclesChat , @delta #deltaChat and many other options.

- One nifty option for #VideoTelephony one may want to look at is #WebCall:
timur.mobi/webcall/

I got pointed at it since it's very easy to use and unlike #JitsiMeet they don't demand #PII for registration or record stuff and one can #SelfHost it too...

Replied in thread
Public
Kevin Karhan :verified:

@zeank @MastoDenunzianten Auch sind all.dies #Merting-#Versprechen oder auch #Lügen, denn woher soll mensch verifizieren können, dass das was #Threeema behauptet auch stimmt?

  • Die werden mich das ja nicht persönlich an deren Servern abchecken lassen.

Bei #XMPP+#OMEMO (z.B. @monocles / #monoclesChat & @gajim / #Gajim) & #PGP/MIME (z.B @delta / #DeltaChat) kann ich im Zweifelsfalle #SelfHosting mit nem #RaspberryPi im Kleiderschrank machen.

Angriffe auf dezentrale & offene, #MultiVendor & #MultiProvider-Standards funktionieren nicht skalierbar!

pwnagotchi.aiPwnagotchi - Deep Reinforcement Learning instrumenting bettercap for WiFi pwning. :: Usage
Replied in thread
Public *
Kevin Karhan :verified:

@zdl @evacide that any the fact that @signalapp is incorportated in the #USA, making them susceptible to #GDPR & #BDSG-incompatible #cyberfacist bs like #CloudAct.

Remember: #KYC IS THE ILLICIT ACTIVITY when it comes to #Communication!

Compare that to @monocles / #monoclesChat which don't demand any PII or KYC and allow people to pay for their services with #Monero and #CashByMail besides #SEPA #WireTransfer, #Stripe & #PayPal whilst supporting both decentralization (#XMPP is not a #SingleVendor / #SingleProvider solution!), implementing real #SelfCustody (#OMEMO, #OTR & #PGP is supported out of the box) for all the keys, and proper #Anonymitiy (using @torproject / #Tor & @guardianproject #Orbot for #privacy), so in case they ever get a duely sumitted warrant by a court they'd have to comply with, they'll most likely have no data whatsoever on clients that could allow identification.

  • And that is a good thing, because whilst very unlikely, one cannot exclude the non-zero chance of i.e. #MLAT|s being filed with knowingly false information by 3rd countries.

Also having no PII is a matter of reducing #liability in the sense of #DataProtection: All data requested and by #monocles is the bare minimum mandated for #accounting (i.e. only linking a payment like a #TxID / Transaction-ID to an account and then adding up validity/activation period).

#service#subscription#services
ExploreLive feeds
About