med-mastodon.com is one of the many independent Mastodon servers you can use to participate in the fediverse.
Medical community on Mastodon

Administered by:

Server stats:

362
active users

#pgp

2 posts2 participants0 posts today
Replied in thread

@OhMyGod Remember: ANY "#KYC" in terms of #Messenger| #Apps IS the #IllicitActivity!

Regardless if @matrix or @signalapp , the sheer request, demand or coercion onto #PII like a #PhoneNumber or #eMail-Address is bad.

Personally, I'll recommend to switch to some real #E2EE with good #SelfHosting options like @delta / #deltaChat [which uses #PGP/MIME) or @monocles / #monoclesChat (which is based upon #XMPP+#OMEMO and who do host their own servers which are user-financed and can be paid for 100% anonymously.

@bfdi @kuketzblog @netzpolitik_feed @ccc @heiseonline

Replied in thread

@artfulmodder last time I checked @signalapp still demanded #PII in.the form of a #PhoneNumber, still peddled the #MobileCoin #Shitcoin #Scam and didn't move out of the #Cyberfacist #USA despite #CloudAct being nothing new!

  • Not to mention #Signal is both able and willing to discriminate against users based off said PII. Just because they do it for "#Sanctions #Compliance" diesn't mean they ain't gonna change that nor that @Mer__edith (or anyone else at Signal) could be bribed or threatened to do so.

They are #centralized #SingleVendor & #SingleProvider and are thus a #SinglePointOfFailure per design!

IMHO "memory tagging" is the least of Signal's problems. To me they stench "#ControlledOpposition" just as hard as #ANØM and incompetence as hard as #EncroChat!

Replied in thread

@action_jay everything that isn't a fully #OpenSource'd #OpenStandard with #MultiVendor & #MultiProvider support.

That's why @delta (#PGP/MIME) & @monocles / @gajim (#XMPP+#OMEMO) are superior to @signalapp , because that can be easily cracked down on due to #CloudAct, whereas truly #decentralized systems have #SelfCustody so they can't be taken down effectively.

  • Bonus points if they support @torproject / #Tor, cuz that makes it harder for "state-sponsored" (or rather state-endorsed/governmental attackers) to block or sabotage it (#OnionServices are harder to take down!)
Replied in thread

@heiseonline

Wir brauchen endlich einen kryptografisch sicheren und privatsphärefreundlichen #EPerso.

Und weg von dem ganzen unverschlüsselten Kram wie Telefon, SMS, Fax oder Email. Jede Nachricht muss mit einem privaten Key signiert sein, das geht schon, juckt aber kein Schwein. Keine Behörde, Arztpraxis etc. unterstützt #PGP.

youtube.com/watch?v=PKtklN8mOo

media.ccc.de/v/38c3-eu-s-digit

Landesamt für Steuern Niedersachsen: "Eine verschlüsselte E-Mail-Kommunikation ist derzeit mit den Finanzämtern nicht möglich. Selbstverständlich wird auch in der Steuerverwaltung an der Einführung von Verschlüsselung und elektronischer Signatur gearbeitet, um einen sicheren E-Mail-Verkehr künftig gewährleisten zu können."

Bis die dann irgendwann in 100 Jahren soweit sind, gibt es wahrscheinlich keine E-Mails mehr. Ausserdem stellen sie hier gerade von Thunderbird auf Outlook um. Es wird nicht besser, sondern schlimmer.

hre E-Mails sind nicht so privat, wie Sie denken! 📧🔓

PGP-Verschlüsselung verwandelt brisante Nachrichten in einen unlesbaren Zeichensalat, den nur Sie und der richtige Empfänger lesen können. Bei mailbox.org gehört sichere Kommunikation zur DNA. Wie PGP-Verschlüsselung bei uns funktioniert, warum wir mit unserer Integration einzigartig sind und mehr lesen Sie im vollständigen Artikel: mailbox.org/de/post/pgp-versch

mailbox.orgPGP-Verschlüsselung für höchsten E-Mail-Schutz | mailbox.orgPGP-Verschlüsselung: Wie maximale E-Mail-Sicherheit funktioniert. Jetzt den kompletten Blog lesen!

@martinsteiger Welche?

Weil ich sehe nur #PGP & #OMEMO in Benutzung...

Aber vielleicht sind jene Personen naiv genug #proprietär|en #SingleVendor & #SingleProvider - Lösungen auf den Leim zu gehen?

infosec.space/@kkarhan/1147013
infosec.space/@kkarhan/114697690127511140

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@Cappyjax@mastodon.social IDGAF about *"passion"*. [All I care about is the security of users!](https://infosec.space/@kkarhan/114697690127511140 ) Requiring *any* #PII like a #PhoneNumber is inacceptable when it comes to #ComSec, #InfoSec & #OpSec, espechally given @signalapp@mastodon.world is not only able but entirely willing to restrict service based off said numbers, making their "solution" insecure by design. - There's a reason why #XMPP+#OMEMO and #PGP/MIME [both each over @torproject@mastodon.social / #Tor] is the *evidently superior and more secure approach*, as being unable to *"#KYC"* a user is a matter of security... Espechally since obtaining a phone number anonymously is oftentimes illegal (i.e. #Germany made it illegal starting 07/2017, so using any service that demands a phone numner is out of question) - And even *if* one can get an anonymous #SIM (with a phone number) or god forbid #eSIM, (which is at best pseudonymous as tracking down users by virtue of matching ICCID, IMEI & IMSI to location and time) the chances are high that one ends up with recycled phone numbers that have already been used. Obviously the devs of #Signal and @Mer__edith@mastodon.world are well aware of this critical flaw, which is why I consider them to act as [*"useful idiots"*](https://en.wikipedia.org/wiki/Useful_idiot) or rather [*"controlled opposition"*](https://en.wikipedia.org/wiki/Opposition_(politics)#Controlled_opposition) as #Signal could've been shutdown trivially by the #US Government or forced into banning users based off their #PhoneNumbers (they may call this *"#sanctions #compliance"* given they added a #Shitcoin - Wallet into Signal!)... - All the *"but #Metadata"* #FUD turns into #MarketingLies once put under the looking glass and examined against the risk of state-sponsored / -endordsed / -supported attackers. Whereas with @monocles@monocles.social / #monoclesChat, @gajim@fosstodon.org / #gajim and @delta@chaos.social / #deltaChat and @thunderbird@mastodon.online / #Thunderbird respectably I can not only use Tor, but do #SelfHosting for the entire #communications infrastructure (i.e. using an #OnionService = only reachable via Tor) and get the advantages of a self-routing, self-authenticating & battle-hardened against censorship proxy network that can't be shutdown! - And if you think this is too tinfoilhatted, then consider yourself privilegued enough of having your mere existance not being [criminalized by the government under threat of public execution!]( https://ilga.org/news/state-sponsored-homophobia-december-2019-decade-update/) https://ilga.org/wp-content/uploads/2024/02/ILGA_World_map_sexual_orientation_laws_December2019.pdf https://infosec.space/@kkarhan/114697690127511140
Replied in thread

@Cappyjax IDGAF about "passion". All I care about is the security of users!

Requiring any #PII like a #PhoneNumber is inacceptable when it comes to #ComSec, #InfoSec & #OpSec, espechally given @signalapp is not only able but entirely willing to restrict service based off said numbers, making their "solution" insecure by design.

  • There's a reason why #XMPP+#OMEMO and #PGP/MIME [both each over @torproject / #Tor] is the evidently superior and more secure approach, as being unable to "#KYC" a user is a matter of security...

Espechally since obtaining a phone number anonymously is oftentimes illegal (i.e. #Germany made it illegal starting 07/2017, so using any service that demands a phone numner is out of question)

  • And even if one can get an anonymous #SIM (with a phone number) or god forbid #eSIM, (which is at best pseudonymous as tracking down users by virtue of matching ICCID, IMEI & IMSI to location and time) the chances are high that one ends up with recycled phone numbers that have already been used.

Obviously the devs of #Signal and @Mer__edith are well aware of this critical flaw, which is why I consider them to act as "useful idiots" or rather "controlled opposition" as #Signal could've been shutdown trivially by the #US Government or forced into banning users based off their #PhoneNumbers (they may call this "#sanctions #compliance" given they added a #Shitcoin - Wallet into Signal!)...

  • All the "but #Metadata" #FUD turns into #MarketingLies once put under the looking glass and examined against the risk of state-sponsored / -endordsed / -supported attackers.

Whereas with @monocles / #monoclesChat, @gajim / #gajim and @delta / #deltaChat and @thunderbird / #Thunderbird respectably I can not only use Tor, but do #SelfHosting for the entire #communications infrastructure (i.e. using an #OnionService = only reachable via Tor) and get the advantages of a self-routing, self-authenticating & battle-hardened against censorship proxy network that can't be shutdown!

ilga.org/wp-content/uploads/20
infosec.space/@kkarhan/1146976

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@renardboy@mastodon.social @derekmorr@mastodon.social depends... Did you have to remotely onboard someone onto a secure communication stack whilst they are on the run from the authorities *and* blood relatives due to *"living while trans"* with a *literal "dead or alive" bounty on their head* whilst stuck in a besieged city that's being shelled? - Cuz I did... @signalapp@mastodon.world is evidently a solution appealing to #TechIlliterates with *dangerous 'semi-knowledge'* who are willing to accept a *"#TrustMeBro!"* by @Mer__edith@mastodon.world and #MoxieMarlinspike before her. - Using #Signal would've gotten said person tracked down and killed by the de-facto aithorities for merely having their phone # linked to that shite!