Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
en.osm.town is one of the many independent Mastodon servers you can use to participate in the fediverse.
An independent, community of OpenStreetMap people on the Fediverse/Mastodon. Funding graciously provided by the OpenStreetMap Foundation.

Administered by:

Server stats:

259
active users

en.osm.town: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.8

#onionservice

0 posts0 participants0 posts today
Replied in thread
Public *
Kevin Karhan :verified:

@pixelcode @taylan Your nonchalant "So what?" gets people publicly murdered by the state in many juristictions...

  • Which is why there is no substitute to teaching proper #TechLiteracy ffs!

If things were so easy as in "JuSt UsE sIgNaL!" then @signalapp would be shut down.

If you do think so then you should really get some professional help, cuz you seem rather lost...

  • #Signal doesn't even bother to have an #OnionService, much less to provide means to use their service without self-doxxing with a #PhoneNumber, which at best is pseudonymous and requires money to attain and maintain...

It's #centralization is an absolute nightmare and mist be deemed as criminally neglectful!

MastodonPixelcode 🇺🇦 (@pixelcode@social.tchncs.de)@kkarhan@infosec.space @taylan@feministwiki.org For every messenger there's the risk of someone finding out that you use that messenger (for example when you download the app without a proxy or when you rent a server for self-hosting). So what? Nothing and no one stops you from voluntarily using Tor to connect to Signal (Orbot, InviZible, Advanced Privacy etc.). For those oppressed by authoritarian regimes, Signal offers easy-to-use censorship-circumvention proxy support built into the app. https://support.signal.org/hc/en-us/articles/360056052052-Proxy-Support
Replied in thread
Public
Kevin Karhan :verified:

@signalapp It's not #disinfo when one points out that you demand #PII aka. #PhoneNumbers from Users and that is literally a architectural vulnerability, alongside your #proprietary & #Centralized #Infrastructure.

Not to mention the lack of @torproject / #Tor support with an #OnionService or the willingness to fulfill #cyberfacist "Embargoes" or shilling a #Shitcoin #Scam named #MobileCoin!

  • #KYC is the illicit activity!!!

And don't get me started on the #cyberfacism that is #CloudAct.

  • If you were secure, criminals would've used your platform so hard, it would've been shutdown like #EncroChat and #SkyECC.

I may nit have allvthe.evidence yet, but #Signal stenches like #ANØM: #Honeypot-esque!

Replied in thread
Public
Kevin Karhan :verified:

@ckrypto if@signalapp@mastodon.world wasn't complying with #CloudAct, @Mer__edith would be in jail.

Not to mention even if Signal keeps their "#OpenSource" code updated - which is doubtful, NOONE can actually #verify that it's the code you actually use - regardless if #backend / #Server or #client / #App!

  • #Signal is as secure as #ANØM, otherwise it would've been shutdown ages ago.

Also if Signal was designed for #security, it would've been #decentralized as #XMPP+#OMEMO and not demand #PII like #PhoneNumbers which oftentimes cannot be obtained anonymously in many juristictions at all!

By comparison, @delta doesn't require any PII, only an #eMail account, and @monocles isn't a #VCmoneyBurningParty but sustainable due to #subscription and they don't even require any personal details for #payment: #CashByMail and #Monero are accepted.

Again: It's Signal alone who have to evidence they are trustworthy, and all I get are "#TrustMeBro!" replies, which means they are not to be trusted.

  • Not to mention, it's just not sustainable to run a #service without #revenue, even if it's run entirely by unpaid volunteers and gets all it's #hosting and #costs donated, someone has to pay for expenses due to #abuse of a service (which is an inevitability come mass adoption)...

Whereas with #XMPP I can completely setup my own server and client, even build my own if I don't trust anyone else and pay someone to audit the code.

Whereas with XMPP & PGP/MIME #eMail I can layer @torproject / #Tor over it, make it an #OnionService and keep that thing under my bed with a literal killswitch...

YouTubeSignal's Terrible MobileCoin BetrayalBy The Hated One
Replied in thread
Public
Kevin Karhan :verified:

@agturcz @rysiek Use @torproject or better yet, #XMPP+#OMEMO with an #OnionService aka. #Server on a .onion domain...

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@anelki@tilde.zone I do agree to some extent. #PGP/MIME & #XMPP+#OMEMO keep the coversation contents secure, but merely encrypting messages is just 10% of #ComSec! - One also needs to deal with #InfoSec, #OpSec & #ITsec in general... Like: If you use some garbage Android 8.1 device that never got security updates then you can use #Signal all day and that won't protect ya ass! - Speaking of @signalapp@mastodon.world, the same as with any #eMail provider or #Messenger applies: [none of them will refuse to comply with a duely submitted subopena]( https://web.archive.org/web/20210226175949/https://twitter.com/thegrugq/status/1085614812581715968), otherwise @Mer__edith@mastodon.world would already be in prison. - And Signal, like all #centralized, #SingleVendor & #SingleProvider #Messengers collects #PII [#PhoneNumber!] with *no legitimate reason* and is subject to #CloudAct, which is inherently incompatible with #GDPR & #BDSG...
Replied in thread
Public
Kevin Karhan :verified:

@delta TBH, I think that #deltaChat, alongside @monocles / #monoclesChat is one of the few real #E2EE #Chat & #Messaging solutions (which allow for full #SelfCustody of keys as well as being based on #OpenStandards for a #MultiVendor & #MultiProvider ecosystem) and even out-of-band verification and key exchange...

  • The main difference is that deltaChat implements #PGP/MIME on #IMAP+#SMTP, which may be easier to setup in some cases and also offer an easy pipeline to archival requirements in #business setups whilst #monocles chat uses #XMPP+#OMEMO first and supports PGP/MIME as a secondary option, making it a good option in individual setups...

Needless to say both support using @torproject / #Tor via #Orbot and thus connecting to an #OnionService or just anonymously connecting to the server one personally chooses...

  • So unless a provider explicitly bans Tor proactively, they'll work just fine.

The advantage of XMPP is that it also allows for calls, whereas I've to see how one can do Group Chats on deltaChat at all...

Public
Kevin Karhan :verified:

@pixelcode @alshafei again: That is mitigateable by having plausible deniability of said identities and using @torproject / #Tor to connect to said services.

In fact, just using #Orbot and @monocles / #monoclesChat allows you to connect to any XMPP Service, including those that have an #OnionService.

It takes mere seconds to get someone setup and ready to go!

Whereas with #centralized, #proprietary & #SingleVendor / #SingleProvider services, your only security is said provider/vendor saying "#TrustMeBro!"...

Espechally tying accounts to #PhoneNumbers is a big no-go IMHO because that's trivial if not already being spied upon by LEAs and in more juristictions than ever before it's basically illegal to acquire any #SIM without "identification" aka. self-doxxing towards the provider!

And if you really need like an organization group chat, self-hosting #Zulip is an option, as the messages are kept on the server and you just kick user accounts if they get arrested or their equiment confiscated.

#ComSec & #InfoSec necessitate proper #OpSec & #ITsec anyway...

GitHublists.d/xmpp.servers.list.tsv at 6baa1cd666a4d41874b00e86b41ef0aede9d5719 · greyhat-academy/lists.dList of useful things. Contribute to greyhat-academy/lists.d development by creating an account on GitHub.
Public
Jonah Aragon

I’m finally getting over Caddyserver’s betrayal and learning to love it again (as everyone else already has lol). Latest thing I did, hosting all my domains on #Tor without needing to configure each website independently: jonaharagon.com/notes/a-caddyf #Caddy #OnionService

Jonah Aragon · A Caddyfile for hosting your clearnet domain and all subdomains on TorAfter installing torrc and pointing your hidden service to your Caddy server: # Redirect base domain to www subdomain http://example.onion { redir http://www.example.onion{uri} } # Proxy all subdomains of example.com http://*.example.onion { @hostnames header_regexp hostname Host (\S+)\.example\.onion # note the backslashes before the dots
Replied in thread
Public *
Kevin Karhan :verified:

@protonmail @davidrevoy if you actually cared about #privacy and #anonymity you'd not only fix your #OnionService AND allow anonymous payment (i.e. #Monero :monero:) but also help users to setup proper #E2EE like PGP/MIME and instead of fucking around with their eMail contents in transit, offer something that would actually make sense like the option to block unencrypted eMail going out and/or in.
But that would require effort beyond #FUD and False Promises in #Marketing:
youtube.com/watch?v=WVDQEoe6ZW

YouTubeThis Video Is Sponsored By ███ VPNBy Tom Scott
Replied in thread
Public
Kevin Karhan :verified:

@anarchopunk_girl @jabberati @fla @Mer__edith @signalapp
I've heard about it tho I'm a bit hesitant to recommend or use it.

What I can recommend however is #OnionShare by @micahflee which is like the best thing since @torproject #TorBrowser:
onionshare.org
Also there's even an #Mobile version now.

Granted, I'd rather point people to some #XMPP - #Servers that support #Tor with their own #OnionService & teach people how to use #Orbot.
github.com/greyhat-academy/lis
f-droid.org

onionshare.orgOnionShareOnionShare is a tool for anonymous peer-to-peer file sharing, chatting, and web hosting.
ExploreLive feeds
About