Replied in thread
@GottaLaff the sheer fact that he didn't get jailed for this violation of #ITsec, #InfoSec, #ComSec & #OpSec rules is propably making #RealityWinner and #ChelseaManning scream internally at max volume.
Recent searches
Search options
#comsec
3 posts2 participants0 posts today
Replied in thread
@shoppingtonz @alternativeto @torproject granted, those cases are "nieche" as in "extreme low latency applications" are out.of scope for #Tor as they are intrinsically incompatible with a self-routing #Proxy network.
Replied in thread
@QasimRashid Didn't #RealityWinner and #ChelseaManning get jailed for far less impact on #InfoSec, #OpSec & #ComSec than #Hegseth?
Replied in thread
ѦਹѤʞ @pawanjswal
On a related subject, has anyone else noticed that #Proton seem to be blocking their own Onion address today?!
#JustSaying #email #ProtonMail #compsec #comsec
Replied in thread
Replied in thread
@dzwiedziu @fj @signalapp not really, as the #Metadata #FUD cited by #Signal is mitigateable with proper measures.
- You can't even run Signal over @torproject and even if that point is moot when you're forced to quasi-#KYC by virtue of a #PhoneNumber aka. #PII they have neither legitimate interest nor technical reason to demand in the first place!
Every claim that things like #ITsec, #InfoSec, #OpSec & #ComSec can be solved with "Just use Signal!" is "#TechPopulism" at best if not being a "#UsefulIdiot"!
- All #centralized, #SingleVendor & #SingleProbider systems are inherently insecure!
Replied in thread
@Andromxda @mollyim no it's not bs and fanboying @signalapp isn't going to change that.
If #Signal was secure it would be the #1 comms tool of organized crime...
- Yet I've only seen #TechIlliterates shill it.
Real professionals use #SelfHosting capable, fully #FLOSS'd solutions like #PGP/MIME & #XMPP+#OMEMO.
- Again: Demanding #PII like #PhoneNumbers and shilling a #Shitcoin-#Scam (#MobileCoin) makes Signal literally untrustworthy and if it doesn't for you then maybe your standards are just too low...
It's just me reading the room: Cuz #ComSec isn't done woth "JuSt UsE sIgNaL!" and everyone who claims so without pointing out #OpSec, #InfoSec & #ITsec is BSing hard.
- The cold hard truth is that #TechLiteracy is irreplaceable and the only solution to it is to actually teach normies how to "get gud" with stuff like PGP.
Fortunatelty, @thunderbird and @tails_live / @tails / #Tails and many other tools make that easier than ever before.
- So rather than vomiting insults against my intellect in my mentions, go to the next @cryptoparty@mastodon.earth / #Cryptoparty / @cryptoparty@chaos.social and lend a hand.
@crazy_pony when @signalapp isn't being run as a #VCMoneyBurningParty and they take #InfoSec, #OpSec, #ComSec & #ITsec serious and stop shilling the #Shitcoin #Scams that is #MobileCoin!
For everyone else, there's #XMPP+#OMEMO (see @monocles / #monoclesChat) & #PGO/MIME (see @delta / #deltaChat)…
@osman If your #OpSec, #InfoSec, #ComSec and/or #ITsec relies on @signalapp and/or @Mer__edith risking jail or worse, you fucked up!
- If #Signal was secure, it would've been shutdown like #EncroChat & #SkyECC.
Seriously, to me #Signal stenches #Honeypot like #ANØM & #CryptoAG.
- All Signal fans do is #FUD #PGP/MIME and#XMPP+#OMEMO which are truly #decentralized and allow real #SelfHosting as well as #SelfCustody for complete control of all the data and keys...
That's why I get people setup with it!
Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo
https://t.co/Q2aOQJkG4g”
Replied in thread
@charlesmok no, it's just a sign of #incompetence re: #InfoSec, #OpSec, #ComSec & #ITsec as this is a criminally gross violation of standards that even #POTUS has to abide to.
- There's a reason the #US #MILINTEL have half a dozen different "secure networks" for comms ranging from unclassified to top-secret+nofor!
#Trump should've been forced to hand over his personal devices at entry of the #SCIF this was sent from and only allowed on sanctioned and certified systems with vetted contacts only as pre-appointed who themselves are in a SCIF
- This is such a huge #OpSec failure, it makes #WarThunderForumsLeaks look like a minor indiscretion by comparison.
en.wikipedia.orgSensitive compartmented information facility - Wikipedia
Replied in thread
de.wikipedia.orgCLOUD Act – Wikipedia
Replied in thread
@cmccullough if your #ComSec relies on a provider like @Tutanota defying a court order, then you already lost.
Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo
https://t.co/Q2aOQJkG4g”
Replied in thread
Replied in thread
@StaceyCornelius In the past I did configure seperate systems for clients so they can travel without fuss regardless if "P.R." #China or #Russia or the #USA or #KSA...
- The trick is to never have anything on your device and have a dedicaded burner!
Using @tails_live / @tails / #Tails and @torproject / #TorBrowser and when that's not an option, a #SSH-Tunnel / #OpenVPN or #WireGuard-#VPN to be able to #VNC into a machine.
- Remember: They can only extract data that was saved on a machine!
CONSIDER THE #US ENEMY TERRITORY AS IN "If you wouldn't enter #NorthKorea, then why would you enter the USA?"
Replied in thread
@notjustbikes precisely!
Only #OpenSource & #OpenStandards can yield #MultiVendor & #MultiProvider systems necessary to prevent #monopolies and #oligopolies and enshure #ITsec, #InfoSec, #OpSec & #ComSec, thus being able to comply with #NatSec & #IntlSec demands.
Guess why #NORAD runs #BusyBox / #Linux?
- Because they demand every single line of code to be audited MANUALLY!
Replied in thread
@moanos @halfredgreenapple @vkc precisely that...
- Not to mention distros like @tails_live / @tails / #Tails come pre-setup to deal with a hostile envoirment...
OFC trying to condense #ITsec, #InfoSec, #OpSec & #ComSec down to <11k (or god forbid <500) letters counting spaces is not realistic.
Replied in thread
Or to put it more on the nose: You can be certain that i.e. @Mer__edith of @signalapp will talk cuz she can't pull the 5th on behalf of a user and won't go to jail for any of them.
Whereas if i.e. @monocles (or any #XMPP provider) got sent an order (and just like #Signal they'd comply if done so duely through legal channels, which is way harder in #Germany than the #USA cuz #GDPR & #BDSG & #LawfulInterception being way stricter than #CloudAct), if users used #OMEMO or #PGP/MIME, they (or any other provider) literally can't decrypt even when held at gunpoint, because asymetric public-private cryptography was literally designed to not be breakable unless someone managed to MITM comms from the first contact and any verification.
- Which is unlikely to impossible unless one's able to literally isolate and manipulate all comms and means to communicate of at least one party, at which point they'd already have warrants to search everything and don't even bother to try MITMing comms but instead kick in doors.
But that's a totally different subject of #OpSec & #InfoSec, not #ComSec & #ITsec on it's own...
Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo
https://t.co/Q2aOQJkG4g”
Replied in thread
@voxel personally, I despise @brave and I think it, @Vivaldi or any other #Chromium-#Fork|s are just bad to the point that I recommend using @torproject / #TorBrowser, @dillo / #dillo and #LynxBrowser over those.
I consider #Edge to be #Givware just like #MicrosoftOutlook which leaks all login details to #Microsoft!
docs.monocles.eumonocles mail - monocles Documentation