@tagesschau ja wenn überall dieselbrige #backdoor|te #Govware (#Windows) benutzt wird ist das nunmal systemisches Versagen und politisch so gewollt!

https://www.youtube.com/watch?v=_7583HNrZJs

@cdonat @dalai @ip6li also ich würde darüber garnicht erst diskutieren:

Entweder fliegt sower hochkant und ich krieg' den Job & Gehalt oder ich gehe und das #BSI zerlegt den Laden so heftig dass keiner der CxO's mehr irgendwo nen Job bekommt, noch nichtmals als Lieferfahrer*in!

https://infosec.space/@kkarhan/114621798932871398

Ich meine wo kommen wir da hin? Leute die #NanoCore unsarkastisch zur #Administration von '#WindowsServer" nutzen?

@GrapheneOS IMHO this needs to be outlawed by @EUCommission and others becaise it impacts #ITsec, #InfoSec, #OpSec, #ComSec, #DataProtection and #ConsumerRights!

@t3n ja, und das Problem ist halt durch #Shitcoins und jene #PostPrivacy basierend.

• Datenlecks bei Börsen wie #Coinbase samt #KYC-Datensätze machen #Entführungen samt #Lösegeldforderungen umso einfacher und gängiger.

Anders als #Banken wo die #ITsec, #InfoSec, #OpSec & #ComSec nicht nur keine #Transparenz des Kontostandes bietet sondern welche auch explizit Pläne für solche Szenarien haben, wo Leute ggf. bedroht werden und gezwungen werden deren Konto leerzuräumen.

• Und während quasi kaum eine Bank >€5k pro Kunde und Tag ausspuckt, ist ein #Shitcoin (#Bspw. #Bitcoin oder #Ethereum) - Wallet zuhause quasi so als würde jemensch damit prahlen Geld unters Bett zu packen, nur mit dem Unterschied dass Kriminelle vorab genau wissen, wieviel dort ist und die Flüsse in Echtzeit kontrollieren können und jene Shitcoins schnell soviel wert sein können wie ne Matratze aus €5-Geldscheinen...

@anagnostes @Cheatha can we get a modern reboot of the "Designed for Linux - Windows Vista incapable" stickers?

• Ideally with hardware purposefully designed to not be able to run #Windows11?

Cuz I think it's high time we stop peddling to a shitty #Govware!

@silhouette @richi @signalapp @torproject

1. You completely miss the points! There is no "#TechnicalNecessity" to demand #PII like a #PhoneNumber - espechally for a "#privacy"-focussed messenger!

2. & 3. #Signal is able and willing to comply with #Cyberfacism and pushing a #Shitcoin (#MobileCoin) makes it trivial to criminalize the App for "illegal & unregilated banking". If #Moxie or @Mer__edith cared they'd yeet that thing (or didn't even integrate it to begin with!) to avoid the attention. And yes Signal does restrict the App functionality when using a phone number from #Russia & #Iran (among other nations), thus affecting not only those in need of safe comms but by sending a verification code to them, earmarking them for police & intelligence. Which bings.me to the 1st agrument.

4. #Tor has a stellar record in terms of stability, integrity and censorship circumvention. DIY'ing something instead if following almost two decades of solid progress is absurd and violates "don't roll your own crypto" as a rule!

5. Only with #SelfCustody can you protect your own data. Or do you really expect Staff from Signal to not talk when facing lifetime in jail? If they have the keys, they can decrypt it, thus their #E2EE is just a "#TrustMeBro!" concept. I mean, what prevents them from being forced into backdooring all comms to @icij as per #NSL? Any "guarantee" without self-custody is worthless by virtue of being unenforceable!

Signal pushing #TechPopulism instead of teaching folks that their #ComSec is worth diddly-piss wothout.#OpSec, #InfoSec & #ITsec is dangerous!

• And yes claiming "JuSt UsE sIgNaL!" is dangerous in the era of #Trump's #cyberfacist regime acting as it does (like with the #ICC)!

Not to mention there are better options that don't do that shite (i.e. demand PII) and just work. @monocles / #monoclesChat & @delta / #deltaChat for example can adapt way better to said risks and ain't run by a #VCmoneyBurningParty!

@ip6li @bsi @bnd @bwi @itzbund

Und um eins klarzustellen: Es ist nicht so als würde ich es per-se ablehnen für @Bundesregierung zu arbeiten.

• Tatsächlich wäre ich daran sogar interessiert, vorausgesetzt es besteht ein echtes Interesse, die #NatSec qua #ITsec, #InfoSec, #OpSec & #ComSec zu verbessern und nicht einfach irgendwelches proprietäres, "#DigitalesSchlangenöl" raufzukleben!

Nur wenn ich faktisch qua #Technologiestack #Microsoft #Windows meiner #Pflicht zur #Vertraulichkeit (#MicrosoftRecall ist integrierte #Malware) nicht nachkommen kann ist dies weder mit #Berufsethik noch Berufshaftpflicht, Rechtsschutzversicherung, Amtseid oder #Verfassungstreue vereinbar!

@my_millennium @dbrgn @monocles @gajim Ist trotzdem #zentralisiert (#SingleVendor & #SingleProvider) und damit #proprietär und untauglich, weil gegen #KeckhoffsPrinzip und grundlegende #InfoSec & #ComSec verstoßend!

@dave_andersen @AVincentInSpace personally I consider any "#KYC" a risk-factor, and @signalapp has proven their ability and willingness to restrict functionality (i.e. their #Shitcoin-#Scam #MobileCoin) based off said #PhoneNumbers (Cuban, Russian and North Korean Numbers were excluded) which are in fact #PII (even if one doesn't have to #ID for obtaining a #SIM, they are circumstantial PII)...

• They have neither "legitimate interest" nor legal mandate to collect said data (or to integrate a scammy Shitcoin for that matter) as the discontinuation of #ChatSecure / #TextSecure has eliminated the "technical necessity" to have those.

Either way they either have to yeet #Hegseth as client and/or stop collecting PII like PhoneNumbers - they gotta have to do something…

• As for #InfoSec, #OpSec & #ComSec, I'd say #XMPP+#OMEMO remains the gold standard alongside #PGP/MIME...

#ITsec is a different story, but unlike #Signal these do not depend on a #PhoneNumber and work through @torproject / #Tor.

• And I've been using Tor for almost 15 years daily now...

@GottaLaff the sheer fact that he didn't get jailed for this violation of #ITsec, #InfoSec, #ComSec & #OpSec rules is propably making #RealityWinner and #ChelseaManning scream internally at max volume.

• IMHO #Hegseth should he sharing a cell with #Ames because he's just a risk to #NatSec!

@shoppingtonz @alternativeto @torproject granted, those cases are "nieche" as in "extreme low latency applications" are out.of scope for #Tor as they are intrinsically incompatible with a self-routing #Proxy network.

• Also proper #OpSec, #InfoSec, #ComSec & #ITsec teaches to never mingle identities and activities...

@QasimRashid Didn't #RealityWinner and #ChelseaManning get jailed for far less impact on #InfoSec, #OpSec & #ComSec than #Hegseth?

@pawanjswal
On a related subject, has anyone else noticed that #Proton seem to be blocking their own Onion address today?!

#JustSaying #email #ProtonMail #compsec #comsec

@masukomi yeah, basic #InfoSec & #ComSec as well as #OpSec!

@dzwiedziu @fj @signalapp not really, as the #Metadata #FUD cited by #Signal is mitigateable with proper measures.

• You can't even run Signal over @torproject and even if that point is moot when you're forced to quasi-#KYC by virtue of a #PhoneNumber aka. #PII they have neither legitimate interest nor technical reason to demand in the first place!

Every claim that things like #ITsec, #InfoSec, #OpSec & #ComSec can be solved with "Just use Signal!" is "#TechPopulism" at best if not being a "#UsefulIdiot"!

• All #centralized, #SingleVendor & #SingleProbider systems are inherently insecure!