Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
infosec.space is one of the many independent Mastodon servers you can use to participate in the fediverse.
A Mastodon instance for info/cyber security-minded people. This instance blocks threads.net

Administered by:

Server stats:

47
active users

infosec.space: AboutPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.0-alpha.4+glitch

Public

just a reminder — do NOT do things you don't want your admin seeing in direct messages. if you want to, ask that person for an end-to-end encrypted messaging service like signal or matrix.

@tauon Actually, you want to use a truly secure as in real solution like + as in @monocles / and @gajim /#gajim...

Mastodonmonocles (@monocles@monocles.social)Attached: 1 image ❗ News 📣 : For the global switch day monocles chat will be available for free in the Playstore (01.02. - 07.02.): https://play.google.com/store/apps/details?id=eu.monocles.chat Take your chance and switch to the XMPP network #globalswitchday #XMPP #monocles #monocleschat #messenger #chat #jabber #otr #omemo #pgp #opensource #openpgp #sustainability #e2ee #endtoendencryption #privacy #security
#techilliterate#normies#consoomers
Feb 02, 2025, 10:45 PM·Public
2boosts·3favorites
Public

@kkarhan@infosec.space signal is more secure than xmpp+omemo

Public

@tauon no, it is not because it is a , , & solution subject to that collects like , which makes it inherently less secure, as they are able and willing to restrict access as they please.

*
Public

@kkarhan@infosec.space

centralised
tbh i agree, i don't like that signal is centralised, but that isn't insecure, it's just an anti-feature
proprietary
no it isn't, every element of signal is open source
subject to cloud act
what is that? are you talking about subpoenaing of information? they legally have to do that anyway, and can't give anything except for the account creation date and the date that the account was last accessed
collects pii like phone numbers
i'm pretty sure they don't

signal is more secure than anything you've mentioned because on signal, encryption is not optional. any service where encryption is optional is not secure.

Public

@tauon

1) is just , look it up!
en.wikipedia.org/wiki/CLOUD_Act

-

2) @signalapp 's code is proprietary and since it's centralized we can't trust that the code they release is what's running on their backend!

-

3) still demands which are either by association ( => = = => => Location Data as I explained before [infosec.space]twice [infosec.space]) or mandatory / requirements (even on prepaid cards), which an increasing amount of juristictions do...

-

But don't take my word for it.
youtube.com/watch?v=tJoO2uWrX1M

en.wikipedia.orgCLOUD Act - Wikipedia
#shitcoin#scams#mobilecoin
*
Public

@tauon Also what goid is an encryption like @signalapp is you don't have of all the keys?

  • Shure you could disable encryption but @monocles shows you when it's active and when not and comes with sensible defaults like having active per default...

I can setup over a dozen 1:1 with accounts and & @gajim / in the time it takes me to get a from overseas with a phone number as mandated by @signalapp and maintaining that number for will easily cost like $2,50 p.m. at minimum.

  • Whereas a Data-only eSIM is way faster and cheaper to get and maintain.

In fact even legitimately acquiring and registering a in-store in takes longer than setting up & monocles chat & a XMPP account whilst on throttled speeds...

possum.city/notes/a3rt4nzbn11z

Possum City🌸 lily 🏳️‍⚧️ :flag_pansexual: :flag_ace: θΔ ⋐ & ∞ (@tauon)@kkarhan@infosec.space > centralised tbh i agree, i don't like that signal is centralised, but that isn't insecure, it's just an anti-feature > proprietary no it isn't, every element of signal is open source > subject to cloud act what is that? are you talking about subpoenaing of information? they legally have to do that anyway, and can't give anything except for the account creation date and the date that the account was last accessed > collects pii like phone numbers i'm pretty sure they don't signal is more secure than anything you've mentioned because on signal, encryption is not optional. any service where encryption is optional is not secure. RE: @tauon@possum.city no, it is not because it is a #Centralized, #proprietary, #SingleVendor & #SingleProvider solution subject to #CloudAct that collects #PII like #PhoneNumbers, which makes it inherently less secure, as they are able and willing to restrict access as they please. RE: ...
*
Public
"More secure than XMPP+OMEMO" depends on what you mean by "secure". For me, this is definitely not the case, as Signal unconditionally requires my passport during registration.
Public

@Seyd@declin.eu

Signal unconditionally requires my passport during registration.
what the fuck? it shouldn't do that

Public
In Belarus, it’s not possible to get a SIM card without registering with a passport.
Public
What will happen if this company sells the same number for Signal registration to someone else in a year?
Public

@Seyd ive had this happen with other companies before, i guess if youre concerned about that you could use something like Crypton or Stealths that act just like a normal phone operator, but for a virtual number. so like you pay $15/month and they give you complete control over the number. its a lot more expensive but it prevents this kind of thing from happening.

Public
I absolutely do not want to pay 15 € a month for a messenger, this is more than I pay for 0,5 Gbps unlimited internet.
In XMPP I have full free control over OMEMO keys already.
Public

@kali@dystopia.zip @Seyd@declin.eu @tauon@possum.city A nice workaround. How long until they find out and ban phone numbers provided by this service?

Clearly they wanted to outsource identity management because they can't be arsed to design it themselves. :ablobdizzy:

Explore
About