social.wildeboer.net is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon instance for people with Wildeboer as their last name

Server stats:

2
active users

#opsec

5 posts4 participants3 posts today
Replied in thread

@Sturmflut @fabiscafe @vkc

Or to put it more on the nose: You can be certain that i.e. @Mer__edith of @signalapp will talk cuz she can't pull the 5th on behalf of a user and won't go to jail for any of them.

Whereas if i.e. @monocles (or any #XMPP provider) got sent an order (and just like #Signal they'd comply if done so duely through legal channels, which is way harder in #Germany than the #USA cuz #GDPR & #BDSG & #LawfulInterception being way stricter than #CloudAct), if users used #OMEMO or #PGP/MIME, they (or any other provider) literally can't decrypt even when held at gunpoint, because asymetric public-private cryptography was literally designed to not be breakable unless someone managed to MITM comms from the first contact and any verification.

  • Which is unlikely to impossible unless one's able to literally isolate and manipulate all comms and means to communicate of at least one party, at which point they'd already have warrants to search everything and don't even bother to try MITMing comms but instead kick in doors.

But that's a totally different subject of #OpSec & #InfoSec, not #ComSec & #ITsec on it's own...

Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”
Replied in thread

@voxel personally, I despise @brave and I think it, @Vivaldi or any other #Chromium-#Fork|s are just bad to the point that I recommend using @torproject / #TorBrowser, @dillo / #dillo and #LynxBrowser over those.

  • Espechally since the #Tor Project actually care about #privacy!

I consider #Edge to be #Givware just like #MicrosoftOutlook which leaks all login details to #Microsoft!

docs.monocles.eumonocles mail - monocles Documentation

Concerned about Microsoft Windows 11 Recall? You should be.

Recall allows Microsoft’s Windows 11 Copilot+ devices to screenshot every action a person takes on their PC.

What can you do? Switching to Linux is the clear answer, but some don't know what distro to try.

DistroSea.com is a website that lets you run and test 60+ Linux distributions straight from your web browser.

Have fun!

Source: distrosea.com/

@erebion @inaruck Ich widerspreche da vehement, da es naiv ist alles in de Verantwortung eines einzelnen Anbieters zu geben.

Nicht kann das Vermitteln von #ITsec, #InfoSec, #OpSec & #ComSec ersetzen, und alle die naiv daran glauben, dass @signalapp / #Signal deren Arsch retten wird, dürften genauso door reinglotzen wie die Opfer von #MINERVA / #RUBIKON aka. #CryptoLeaks.

Replied in thread

@malwaretech what did you expect in a #facist #coup?

  • The fact that #Musk and his #Minions weren't stopped at gunpoint from forcing themselves to attain Administrator privilegues with neither permission nor clearance is an irreconcileable failure of #OpSec & #ITsec.

If I even attempted that remotely I'd be glad if my door gets kicked in.

  • If I attempted that in person, my pronouns would've been nonconsensually changed to was/were and my intrusion location marked with a chalkout line!
Replied in thread

@dalias @lauren
@pixelschubsi

Also the blatant dismissal of absolitely basic #OpSec & #ComSec is just flabberghasting.

Only #decentralized, #OpenSource & #OpenStandards can actuall survive long-term and remain #secure.

It's the same reasons we use #PGPG/MIME & #SSH and not #X400 & #X25!

IOW: Think "How can you weaponize Signal?" and see what you csn do just holding key people in contempt...

The less #info a provider has, the less they can be forced to snitch upon customers.

"#JustUseSgnal!" is a form of dangerous "#TechPopulism" aimed at bamboozling #TechIlliterates who don't know better, abusing information asymetry to pull rank instead of investing the time and effort to *explain "how" and "why" this is indeed a good or bad idea.

The only ones that have a chance to beat that are @delta / #deltaChat but that's just #PGP/MIME #eMail in a nice UI...

  • You may now laugh at me and think my "#TinfoilHat sits too tight" but I'm shure sooner or later I'll be evidenced as correct...
Hachyderm.ioCassandrich (@dalias@hachyderm.io)@kkarhan@infosec.space @signalapp@mastodon.world @monocles@monocles.social @lauren@mastodon.laurenweinstein.org Very few systems promoted as Signal alternatives match the cryptographic privacy properties (see: ratcheting, etc.) of Signal. The claims about "located in the USA" and "Cloud Act" are all nonsense because the only threat to Signal users from this is availability (seizure and shutdown of the server infrastructure), not undetected breakage of privacy properties. There are presently no systems with superior privacy properties to Signal *and* level of functionality on par with what general public expects. There are a lot (like the XMPP stuff, *sigh*, and Matrix) that are worse in both regards. If you're happy with reduced functionality, Cwtch (and possibly some other similar Tor-based systems) or VeilidChat are stronger, but it's gonna be a while before you convince normies to use them, and in the mean time they're still going to be on insecure shit like WhatsApp, FB Messenger, Telegram, etc...
Replied in thread

@COSAntiFascists @iris @Em0nM4stodon I'd not trust @protonprivacy in that regard because they have access to keys and have been caught snitching on #ProtonMail users without a warrant.

Furthermore, #monocles - and every other decent provider - won't bamboozle you with false promises they legally can't fulfill and #DigitalSnakeoil services...

Please amp up you #ITsec, #InfoEec, #OpSec and #ComSec because naively believing a corporation to not snitch on you disqualifies you at best if not put other peoples' lives in danger!

@kubikpixel @malwaretech @tomscott nodds in agreement

If people don't trust a #Govware like #Windows to get that done correctly, then they should not trust 3rd party vendors that have neither sourcecode access nor ability to get someone with sourcecode access to validate and test their work!

Mind you this isn't the basic *"on mailservers/upload servers/... run signature checks for known malware and chmod -x on all attachmebts.

  • It's a systemic issue discarding basic information.