Login

Recent searches

No recent searches

Search options

Only available when logged in.
mastodon.online is one of the many independent Mastodon servers you can use to participate in the fediverse.
A newer server operated by the Mastodon gGmbH non-profit

Administered by:

Server stats:

11K
active users

mastodon.online: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.4.0-nightly.2025-03-25

#monocleschat

5 posts3 participants0 posts today
Replied in thread
Public
Kevin Karhan :verified:

@signalapp no it's not.

Being a #centralized, #SingleVendor & #SingleProvider solution subject to #CloudAct makes you inherently vulnerable by your own choice and thus trivial to shutdown compared to real #E2EE with #SelfCustody of all the keys and true #decentralization as well as #SelfHosting (i.e. #PGP/MIME [see @delta / #deltaChat et. al.] and #XMPP+#OMEMO [see @monocles / #monoclesChat et. al.]!)

And don't even get me started on you collecting #PII (espechally #PhoneNumbers) for no valid reason, (thus violating #GDPR & #BDSG)...

But yeah, I'll be patient to shout "#ToldYaSo" to your annoying cult of fanboys!

YouTubeWe Tried Signal's MobileCoin So You Never Have To...By Techlore
#toldyaso
Replied in thread
Public
Kevin Karhan :verified:

@ueeu I think crucial parts is looking at it's components, dependencies, size and for apps permissions.

#ReproduceableBuilds for example are important, so the actually released source code is what people actually get served as basis.

Plus in terms of #security, choose *real #E2EE with #SelfCustody of all the #Keys!

Replied in thread
Public *
Kevin Karhan :verified:

@froge @fj I'm not replacing @signalapp with "random tools" but good options.

Like @delta & @thunderbird as well as @monocles / #monoclesChat & @gajim which work flawlessly over @torproject / #Tor using @tails / @tails_live / #Tails and @guardianproject / #Orbot respectably.

Considering the costs of even acquiring and upkeeping an #anonymous #SIM, I'd rather pay €2 p.m. for #XMPP+#OMEMO and #PGP/MIME-supported #eMail with the option of self-custody than $2,50+ p.m. just to keep a phone number.

Or is anyone here expecting @Mer__edith to risk jail for life amd not comply with #CloudAct?

It stenches like #ANØM, because NOTHING IS FOR FREE and running a #VCmoneyBurningParty is expensive...

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@osman@hachyderm.io If your #OpSec, #InfoSec, #ComSec and/or #ITsec relies on @signalapp@mastodon.world and/or @Mer__edith@mastodon.world [risking jail *or worse*](https://web.archive.org/web/20210908180219/https://twitter.com/thegrugq/status/1085614812581715968), you fucked up! - If #Signal was secure, it would've been shutdown like #EncroChat & #SkyECC. Seriously, to me #Signal stenches #Honeypot like #ANØM & #CryptoAG. - All Signal fans do is #FUD #PGP/MIME and#XMPP+#OMEMO which are truly #decentralized and allow real #SelfHosting as well as #SelfCustody for complete control of all the data and keys... That's why I get people setup with it!
Public
Charlotte Aten

Getting started with XMPP/Jabber and PGP for federated, encrypted messaging

This is a short thread where I explain how I started using the XMPP protocol and PGP encryption for secure messaging. I am not a security expert, but I am a mathematician and I am confortable with the Linux command line. This guide is for people who want to use PGP for secure messaging easily. You will need to be okay with typing commands into the Linux command line in order to do this, but I will tell you exactly what to enter.

Part 1: XMPP

Mastodon is like email, but for social media. You sign up for an account with a server, and then you can talk with any other accounts that are signed up on other servers, as long as your servers are getting along. (No one wants emails from the sketchy spam server, and we want to be able to choose between Yahoo, Gmail, etc.) XMPP (a.k.a. Jabber) is the same thing for text messaging.

Just like signing up for an email/Mastodon account, you need to sign up for an account. You can find a list of servers at list.jabber.at/ and will probably at least need to provide an email addess when making an account.

Once you have made an account, you need a client. On Linux, I've been having a good time using Dino (dino.im/). You can then enter your account name and password to log into your XMPP account and start chatting! There are both public rooms and you can also message directly with your friends.

#security #PGP #XMPP #FOSS #Jabber #Dino #MonoclesChat

(1/4)

list.jabber.atXMPP servers
Replied in thread
Public
Kevin Karhan :verified:

@ckrypto if@signalapp@mastodon.world wasn't complying with #CloudAct, @Mer__edith would be in jail.

Not to mention even if Signal keeps their "#OpenSource" code updated - which is doubtful, NOONE can actually #verify that it's the code you actually use - regardless if #backend / #Server or #client / #App!

  • #Signal is as secure as #ANØM, otherwise it would've been shutdown ages ago.

Also if Signal was designed for #security, it would've been #decentralized as #XMPP+#OMEMO and not demand #PII like #PhoneNumbers which oftentimes cannot be obtained anonymously in many juristictions at all!

By comparison, @delta doesn't require any PII, only an #eMail account, and @monocles isn't a #VCmoneyBurningParty but sustainable due to #subscription and they don't even require any personal details for #payment: #CashByMail and #Monero are accepted.

Again: It's Signal alone who have to evidence they are trustworthy, and all I get are "#TrustMeBro!" replies, which means they are not to be trusted.

  • Not to mention, it's just not sustainable to run a #service without #revenue, even if it's run entirely by unpaid volunteers and gets all it's #hosting and #costs donated, someone has to pay for expenses due to #abuse of a service (which is an inevitability come mass adoption)...

Whereas with #XMPP I can completely setup my own server and client, even build my own if I don't trust anyone else and pay someone to audit the code.

Whereas with XMPP & PGP/MIME #eMail I can layer @torproject / #Tor over it, make it an #OnionService and keep that thing under my bed with a literal killswitch...

YouTubeSignal's Terrible MobileCoin BetrayalBy The Hated One
Replied in thread
Public *
Kevin Karhan :verified:

@truls46 Ein gutes Gegenbeispiel zu @signalapp ist @monocles / #monoclesChat:

Ich denke mal das sollte hinreichend meine Argumebte darlegen.

  • Kernpunkt ist und bleibt: Signal ist bestenfalls gemeingefährlich-inkompetent oder ein #Honeypot!
docs.monocles.eumonocles chat - monocles Documentation
#honeypot
Replied in thread
Public
Kevin Karhan :verified:

@pixelschubsi @dalias @puppygirlhornypost2 that doesn't change the inherent issues of @signalapp being #centralized, #SingleVendor & #SingleProvider compared to #XMPP+#OMEMO as in @monocles / #monoclesChat & @gajim / #gajim.

Or des anyone expect #Signal and it's staff to actually resist?

Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@lauren@mastodon.laurenweinstein.org no, because @signalapp@mastodon.world is subject to #CloudAct (= incompatible with #GDPR & #BDSG if you ever care!) and collects #PII in the firirm of #PhoneNumbers, which are at best pseudonymous but trivial to track and at most means that people inviting others without their consent comitted an illegal disclosure if PII! - Use *real #E2EE* with #SelfCustody of all the keys that isn't [a](https://www.youtube.com/watch?v=tJoO2uWrX1M) #proprietary #SingleVendor & #SingleProvider solution that [peddles](https://www.youtube.com/watch?v=0DSGq9FQKU4) a #shitcoin #scam! Give #XMPP+#OMEMO a shot: @monocles@monocles.social / #monocles & @gajim@fosstodon.org / #gajim. [1](https://docs.monocles.eu/apps/chat.app/) [2](https://docs.monocles.eu/services/chat.service/) [3](https://docs.monocles.eu/account/account/) [4](https://monocles.eu/more/#account-section) [5](https://monocles.chat/login)
Replied in thread
Public *
Kevin Karhan :verified:

@Avitus @lispi314 @lauren THE REQUIREMENT FOR A #PhoneNumber BY @signalapp IS LITERALLY THE PROBLEM!

  • #KYC IS THE ILLICT ACTIVITY!!!

If you gonna say "JuSt GeT aN iMpOrTeD #SIM / #eSIM!" then you obviously expect people to have way more #financial means and #TechLiteracy than is needed to get absolute N0obs setup withb#XMPP+#OMEMO and pay for @monocles / #monoclesChat!

IOC.exchangeAvitus (@Avitus@ioc.exchange)@kkarhan@infosec.space @lispi314@udongein.xyz @lauren@mastodon.laurenweinstein.org @signalapp@mastodon.world You can register any number on Signal even a landline, ass long as you can get a 2FA SMS or phone call. Signal knows nothing about its users, nor does it attempt to. See https://signal.org/bigbrother/. All they have is the date and time you registered and the last date and time your device connected to a service. They've been subpoenaed many times but haven't been able to provide any data because they don't have it.
#sim#esim
Replied in thread
Public
Kevin Karhan :verified:

@Beggarmidas @Em0nM4stodon personally, I do consider #Smartphones an attack vector and recommend everyone to use @tails_live / @tails / #Tails or at least @torproject / #Tor via @guardianproject / #Orbot and ideally open, #PublicWiFi like @freifunk / #freifunk.

Fortunately, @monocles / #monoclesChat integrates Orbot Support so it's just a few taps to get everything tunned through Tor!

docs.monocles.eu/apps/torify.a

If @signalapp cared, they would've #decentralized and put their backend on Tor and not demand #PII like a #PhoneNumber.

docs.monocles.eumonocles chat - monocles Documentation
ExploreLive feeds
About