Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mstdn.ca/@action_jay" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>action_jay</span></a></span> everything that isn't a fully <a href="https://infosec.space/tags/OpenSource" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenSource</span></a>'d <a href="https://infosec.space/tags/OpenStandard" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpenStandard</span></a> with <a href="https://infosec.space/tags/MultiVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiVendor</span></a> & <a href="https://infosec.space/tags/MultiProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MultiProvider</span></a> support.</p><p>That's why <span class="h-card" translate="no"><a href="https://chaos.social/@delta" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>delta</span></a></span> (<a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PGP</span></a>/MIME) & <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>monocles</span></a></span> / <span class="h-card" translate="no"><a href="https://fosstodon.org/@gajim" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>gajim</span></a></span> (<a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OMEMO</span></a>) are superior to <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> , because that can be easily cracked down on due to <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudAct</span></a>, whereas truly <a href="https://infosec.space/tags/decentralized" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>decentralized</span></a> systems have <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfCustody</span></a> so they can't be taken down effectively.</p><ul><li>Bonus points if they support <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a>, cuz that makes it harder for <em>"state-sponsored"</em> (or rather <em>state-endorsed/governmental</em> attackers) to block or sabotage it (<a href="https://infosec.space/tags/OnionServices" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OnionServices</span></a> are harder to take down!)</li></ul>
Administered by:
#SelfCustody
0 posts0 participants0 posts today
Replied in thread
@mzedp @PhoenixSerenity yeah, people who do #Cryptocurrency but can't be assed to do #SelfCustody (as in #PaperWallet in a safe kinda thing!) are just greedy n0obs horny for money...
Replied in thread
@richi Except @signalapp is not "#Privacy-first" cuz if #Signal did, they'd not.demand #PII (#PhoneNumber) nor remain in the #USA (#CloudAct) nor peddle #Shitcoin-#Scams (#MobileCoin) and put their tech on @torproject / #Tor and fully #decentralized.with 100% #SelfCustody of all the keys!
@funbaker @geist ich habe immer #SelfCustody umgesetzt weil alles andere ist "#TrustMeBro!"
Replied in thread
@kuketzblog da widerspreche ich vehement.
Es gibt #proprietär|e #Silos welche qua #SingleVendor & #SingleProvider-Aufbau als #InformationBlackhole agieren (u.a. #WhatsApp, #Signal, #Threema, #Session, #Telegram, #discord, …)
und es gibt #OffeneStandards die #Wahlfreiheit zwischen #Clients, #Plattformen, #Servern und #Providern ermöglichen (u.a. #IRC, #Zulip, #RocketChat, ...) und echte #E2EE mit #SelfCustody aller Schlüssel ermöglichen (u.a. #XMPP+#OMEMO & #PGP/MIME)...
Natürlich steht es Menschen frei irgendeinen großen, zentralisierten Anbieter zu nutzen, nur wird dieser am ehesten zur #Enshittification neigen und mit #PII wie #Telefonnummern entsprechende Begierlichkeiten wecken!
Replied in thread
@my_millennium danke, aber ich setzt auf #XMPP+#OMEMO weil das ist anbieterunabhängig und anders als #Threema mit #SelfCustody aller Keys und damit echtes #E2EE!
- U.a. mit @monocles / #monoclesChat & @gajim !
docs.monocles.eumonocles chat - monocles Documentation
Replied in thread
@Linux there are 3 big options you forgot that I know of which too ain't under #Cloudact aka. have no subsidiary/office/parent company in the #USA:
- @monocles (email, messaging, managed #nextcloud hosting)
- @Stuxhost (eMail & @nextcloud )
- @nitrokey (a better alternative to @yubico / #Yubikey)
And for #PasswordManagers, there's also #Enpass for those that don't like #KeePassXC / #KeepPassDX / #KeePass and for organizations there's even #Passbolt as a centrally manageable solution. All of these allow #SelfCustody & #SelfHosting on-premise.
Replied in thread
@debby @monocles @Stuxhost well, @delta / #deltaChat is not using #XMPP+#OMEMO (unlike #monoclesChat & #gajim) but #PGP/MIME on regular #eMail, which makes it way easier to setup in organizations as not "yet another server needed" and also easier to comply with mandatory #archival laws in #business use-cases.
#Session & #Signal, like #Telegram & #WhatsApp, do not have their #backend #opensource|d nor allow #SelfHosting and demand #PII like #PhoneNumbers for registration if not useage for no valid reason. Plus they are not just able but obviously willing to snitch on their users (something neither DeltaChat nor monocles chat demand or even can as both do 100% #SelfCustody of all the keys!)
As for #sustainability, monocles is financed by #subscribers (they charge like €2 p.m. for mail & chat) and they can be paid completely anonymously (#Monero & #CashByMail!), whereas #Signal is a #MoneyBurningParty which engages in #Shitcoin-#Scams (see #MobileCoin!) for no valid reason…
docs.monocles.euOverview - monocles Documentation
Replied in thread
@Sascha tja, besser bei #XMPP+#OMEMO bleiben, denn nur echte #E2EE mit #SelfCustody aller Schlüssel ist sicher!
Replied in thread
@dave_andersen even @signalapp has to comply with #CloudAct.
- And we can be very shure they did simply because it's a statistical inevitability by the sheer amount of users they have…
Only real #E2EE (= #SelfHosting-capable with #SelfCustody of all the keys) can be considered safe.
- Demanding #PII like #PhoneNumbers is #KYC, and KYC is the illicit activity!
Replied in thread
@oceanhaiyang I only can link to documentation why you should use @monocles over @Tutanota & @protonprivacy because both refuse to elaborate or support #SelfCustody of #Keys!
- It's only real #E2EE if only you hold all the keys!
Also Proton snitched on their users - as will every single provider cuz #corporations can't invoke the right to remain silent!
docs.monocles.eumonocles mail - monocles Documentation
Replied in thread
@Blaumensch1 @kuketzblog nein.
#XMPP+#OMEMO & #PGG/MIME mit #SelfCustody und Anbietern in der #EU, die keine Niederlassung, Geschäftsrätigkeit oder Anteilseigner aus den #USA haben.
Bspw.: @monocles / #monoclesChat und @delta / #DeltaChat.