med-mastodon.com is one of the many independent Mastodon servers you can use to participate in the fediverse.
Medical community on Mastodon

Administered by:

Server stats:

365
active users

#omemo

0 posts0 participants0 posts today
Replied in thread

@OhMyGod Remember: ANY "#KYC" in terms of #Messenger| #Apps IS the #IllicitActivity!

Regardless if @matrix or @signalapp , the sheer request, demand or coercion onto #PII like a #PhoneNumber or #eMail-Address is bad.

Personally, I'll recommend to switch to some real #E2EE with good #SelfHosting options like @delta / #deltaChat [which uses #PGP/MIME) or @monocles / #monoclesChat (which is based upon #XMPP+#OMEMO and who do host their own servers which are user-financed and can be paid for 100% anonymously.

@bfdi @kuketzblog @netzpolitik_feed @ccc @heiseonline

Replied to EmpathicQubit

@empathicqubit Good question. I'd recommend you to check this with @monocles developers.

Personally, I run all my #XMPP+#OMEMO through @torproject /#Tor anyway, so my battery runtime is pretty garbage...

#Monocles does - AFAICT - allow to configure #notifications but since it's basically always connected that makes not much of a difference for battery runtim. Tho you can set it to if, when and how it notifies you.

MastodonDEEmpathicQubit (@empathicqubit@mastodon.de)For those that run an #XMPP server, does it seem safe enough to enable XEP-0357 if one is concerned about third party data leaks to push notification services? Is #OMEMO enough to nullify concerns? I'm using #Monocles and #Prosody and I'm trying to optimize battery usage on #Android / #LineageOS
Replied in thread

@artfulmodder last time I checked @signalapp still demanded #PII in.the form of a #PhoneNumber, still peddled the #MobileCoin #Shitcoin #Scam and didn't move out of the #Cyberfacist #USA despite #CloudAct being nothing new!

  • Not to mention #Signal is both able and willing to discriminate against users based off said PII. Just because they do it for "#Sanctions #Compliance" diesn't mean they ain't gonna change that nor that @Mer__edith (or anyone else at Signal) could be bribed or threatened to do so.

They are #centralized #SingleVendor & #SingleProvider and are thus a #SinglePointOfFailure per design!

IMHO "memory tagging" is the least of Signal's problems. To me they stench "#ControlledOpposition" just as hard as #ANØM and incompetence as hard as #EncroChat!

Replied in thread

@action_jay everything that isn't a fully #OpenSource'd #OpenStandard with #MultiVendor & #MultiProvider support.

That's why @delta (#PGP/MIME) & @monocles / @gajim (#XMPP+#OMEMO) are superior to @signalapp , because that can be easily cracked down on due to #CloudAct, whereas truly #decentralized systems have #SelfCustody so they can't be taken down effectively.

  • Bonus points if they support @torproject / #Tor, cuz that makes it harder for "state-sponsored" (or rather state-endorsed/governmental attackers) to block or sabotage it (#OnionServices are harder to take down!)
Replied in thread

@flan #XMPP

  • El servidor de XMPP que mejor maneja #OMEMO es #Prosody
  • Las usuarias deberían recibir una inducción para que se aseguren de configurar sus clientes con OMEMO activado siempre.
  • El cliente para #Android que reúne todas las características que valoramos como grupo es #Monocles: [video]llamadas, OMEMO, widgets webxcd, interfaz elegante y amigable, reacciones a mensajes con emoji (selector cómodo), inserción de multimedia, renderizado de markdown, hilos.
  • El cliente para #Linux que tiene casi todas las características que valoramos es #Gajim (aunque aún carece de llamadas y widgets webxcd).
  • Los clientes web recomendados son #conversejs y #Movim, aunque tienen limitaciones que deben ser comentadas siempre que alguien se integra a un grupo, en concreto, Movim, es incapaz de insertar multimedia cifrada.

La táctica es sencilla

Pedirle el dispositivo al sujeto interesado

Instalarle #fdroid + #conversations

Activar notificaciones
Activar acceso a contactos
Desactivar la optimización de batería
Esconder la notificación del servicio en segundo plano

Activar #OMEMO por defecto

Crear un chat con el sujeto

Mandar un mensaje para establecer las claves OMEMO

?????

Listo!

No encuentro una manera más viable y sin dolor de pasar a la gente que no sabe y no quiere saber de algo más que #WhatsApp

Funciona? Sip, así tengo a mis familiares y puñado de amigos en el humilde servidor de bonito

Encuesta sobre #XMPP con cifrado #OMEMO

Si te has comunicado mediante dicho protocolo, con dicho cifrado ¿cuál ha sido tu experiencia?

Favor de impulsar para conseguir una buena muestra de experiencias.

Replied to CryptGoat

@cryptgoat Es ist aber nachweislich einfacher und schneller, z.B. @monocles / #monoclesChat anonym einzurichten, als sich über umwege ne anonyme #SIM-Karte zu beschaffen.

  • Gerade weil letztere seit 07/2017 kriminalisiert wurden!

#Matrix ist shice, aber #XMPP+#OMEMO funktionert sehr gut.

Genauso wie #VPN|s nachweislich shice sind und @torproject / #Tor ungeschlagen ist!

Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”

@debacle @cryptgoat

#XMPP leidet seit Jahren darunter, dass kein Client wie der andere funktioniert. So hat es zig Jahre gebraucht bis #OMEMO in den wichtigsten Clients vertreten war und dann stolperte man auch noch lange danach über die unterschiedlichen Implementierungen und Defaults.“

Schlimm. Ist das immer noch so? Egal. Hauptsache ich bekomme Klicks für meinen shitpost. Hab ich selber jemals was beigetragen zu dem Projekt? Nö, natürlich nicht. Ich red ja lieber dumm daher.

Continued thread

XMPP leidet seit Jahren darunter, dass kein Client wie der andere funktioniert. So hat es zig Jahre gebraucht bis #OMEMO in den wichtigsten Clients vertreten waren und dann stolperte man auch noch lange danach über die unterschiedlichen Implementierungen und Defaults. Tja, steckt halt kein Geld drin, alles historisch gewchsen. Immerhin laufen XMPP-Server auf Kartoffeln.

#Matrix-Server nicht, aber dafür wollte man alles besser machen: Dicke Finanzierung, große Akteure an Bord geholt, Standardclient #Element, der quasi die anzustrebenden Feature-Defaults vorgibt. Und jetzt geh ich als Newbie auf die offizielle Seite von Element und will den Messenger runterladen: element.io/download
Dort wird mir dann #ElementX nahegelegt. Blöd ist nur, dass das Ding zig Sachen nicht kann, die man über Jahre hinweg beim alten Element eingeführt hat und wo viele Leute inzwischen drauf bauen. X hat keine Unterstützung für Spaces, keine Nachrichten-Threads, keine Nachrichten-Suche. In meinen Matrix-Gruppen hab ich ständig Diskussionen, ob wir dieses oder jenes Feature nutzen können, weil Client XY es nicht unterstützt – darunter der FRICKING Hauptmessenger von #Matrix. Es ist zum Verzweifeln. 😫 (2/?)

element.ioDownload ElementDownload Element, an end-to-end encrypted secure messenger and collaboration app with voice and video chat. Available on Web, Android, iOS, macOS, Windows & Linux.

@martinsteiger Welche?

Weil ich sehe nur #PGP & #OMEMO in Benutzung...

Aber vielleicht sind jene Personen naiv genug #proprietär|en #SingleVendor & #SingleProvider - Lösungen auf den Leim zu gehen?

infosec.space/@kkarhan/1147013
infosec.space/@kkarhan/114697690127511140

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@Cappyjax@mastodon.social IDGAF about *"passion"*. [All I care about is the security of users!](https://infosec.space/@kkarhan/114697690127511140 ) Requiring *any* #PII like a #PhoneNumber is inacceptable when it comes to #ComSec, #InfoSec & #OpSec, espechally given @signalapp@mastodon.world is not only able but entirely willing to restrict service based off said numbers, making their "solution" insecure by design. - There's a reason why #XMPP+#OMEMO and #PGP/MIME [both each over @torproject@mastodon.social / #Tor] is the *evidently superior and more secure approach*, as being unable to *"#KYC"* a user is a matter of security... Espechally since obtaining a phone number anonymously is oftentimes illegal (i.e. #Germany made it illegal starting 07/2017, so using any service that demands a phone numner is out of question) - And even *if* one can get an anonymous #SIM (with a phone number) or god forbid #eSIM, (which is at best pseudonymous as tracking down users by virtue of matching ICCID, IMEI & IMSI to location and time) the chances are high that one ends up with recycled phone numbers that have already been used. Obviously the devs of #Signal and @Mer__edith@mastodon.world are well aware of this critical flaw, which is why I consider them to act as [*"useful idiots"*](https://en.wikipedia.org/wiki/Useful_idiot) or rather [*"controlled opposition"*](https://en.wikipedia.org/wiki/Opposition_(politics)#Controlled_opposition) as #Signal could've been shutdown trivially by the #US Government or forced into banning users based off their #PhoneNumbers (they may call this *"#sanctions #compliance"* given they added a #Shitcoin - Wallet into Signal!)... - All the *"but #Metadata"* #FUD turns into #MarketingLies once put under the looking glass and examined against the risk of state-sponsored / -endordsed / -supported attackers. Whereas with @monocles@monocles.social / #monoclesChat, @gajim@fosstodon.org / #gajim and @delta@chaos.social / #deltaChat and @thunderbird@mastodon.online / #Thunderbird respectably I can not only use Tor, but do #SelfHosting for the entire #communications infrastructure (i.e. using an #OnionService = only reachable via Tor) and get the advantages of a self-routing, self-authenticating & battle-hardened against censorship proxy network that can't be shutdown! - And if you think this is too tinfoilhatted, then consider yourself privilegued enough of having your mere existance not being [criminalized by the government under threat of public execution!]( https://ilga.org/news/state-sponsored-homophobia-december-2019-decade-update/) https://ilga.org/wp-content/uploads/2024/02/ILGA_World_map_sexual_orientation_laws_December2019.pdf https://infosec.space/@kkarhan/114697690127511140