toad.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon server operated by David Troy, a tech pioneer and investigative journalist addressing threats to democracy. Thoughtful participation and discussion welcome.

Administered by:

Server stats:

276
active users

#onionservice

0 posts0 participants0 posts today
Replied to Kevin Karhan :verified:

@kkarhan
Hab ich schon einmal angeregt.

Direktvertrieb mit Gehaltsband ohne überflüssige Recruiter, die eh nur lügen.

Und einer der Stelle repräsentativ entsprechenden Person. Azubis und Berufsanfänger, die noch zu Hause wohnen und nebenbei studieren sind eher ungeeignet, eine längere Karriere zu überblicken.

Bei den harten Auflagen schafft aber ohne Umschulung niemand, was zu posten.😃

Replied in thread

@lukeshu So I guess #Anubis has an explicit exception to handle #Lynx and will instead rely on rate-limits and other static means to detect #scrapers and handle with #UserAgent #abuse cases, like #fail2ban-style autobanning of violating IPs...

  • This makes sense for a #WAF like Anubis and would've been the only viable option I'm aware of.

I wounder if anyone has tried using Anubis on @torproject / #Tor to protect #OnionService|s since that would be a reasonable application for it as well.

Replied in thread

@debby that assumes @protonprivacy actually cares about #Privacy, which they evidently don't, cuz otherwise they'd never even #log or #request any #PII to begin with and instead offer their Services via @torproject / #Tor as #OnionService

  • Not to mention they fuck around with customers' #eMails, thus having prevented people from contributing to the #LKML in the past...

To me this isn't a big loss, but a conditionless surrender in favour of better competitiors like @monocles and even @Stuxhost for that matter...

Replied in thread

@pixelcode @taylan Your nonchalant "So what?" gets people publicly murdered by the state in many juristictions...

  • Which is why there is no substitute to teaching proper #TechLiteracy ffs!

If things were so easy as in "JuSt UsE sIgNaL!" then @signalapp would be shut down.

If you do think so then you should really get some professional help, cuz you seem rather lost...

  • #Signal doesn't even bother to have an #OnionService, much less to provide means to use their service without self-doxxing with a #PhoneNumber, which at best is pseudonymous and requires money to attain and maintain...

It's #centralization is an absolute nightmare and mist be deemed as criminally neglectful!

MastodonPixelcode 🇺🇦 (@pixelcode@social.tchncs.de)@kkarhan@infosec.space @taylan@feministwiki.org For every messenger there's the risk of someone finding out that you use that messenger (for example when you download the app without a proxy or when you rent a server for self-hosting). So what? Nothing and no one stops you from voluntarily using Tor to connect to Signal (Orbot, InviZible, Advanced Privacy etc.). For those oppressed by authoritarian regimes, Signal offers easy-to-use censorship-circumvention proxy support built into the app. https://support.signal.org/hc/en-us/articles/360056052052-Proxy-Support
Replied in thread

@Andromxda @pixelcode How can you claim something you can't evidence?

It makes you look like one of those folks shilling #VPN|s that ain't logless after all...

  • I don't believe in #marketing #lies and #Signal can't (and won't) be able to evidence that they don't log shit.

At least they should be honest about things and not claim bs, cuz demanding a #PhoneNumber is just #KYC with extra steps like demanding any #SSN or other #PII. Makes them look like chinese MMORPGs that demand ID card numbers for account signups, thus #paywalling the ability to use their service anonymously...

Infosec ExchangeAndromxda 🇺🇦🇵🇸🇹🇼 (@Andromxda@infosec.exchange)@kkarhan@infosec.space @pixelcode@social.tchncs.de > thus subject to Cloud Act They literally don't store anything about you, other than the phone number you used to sign up, and the timestamp of the last login. They can't fulfill any kind of subpoena, because they simply don't have the data. This was proven in court: https://signal.org/bigbrother/cd-california-grand-jury/ I don't know what your mission is, any why you're constantly spreading misinformation about a secure communications platform, trying to discourage people from using it, without naming alternatives. It's pretty suspicious at the very least.
Replied in thread

@signalapp It's not #disinfo when one points out that you demand #PII aka. #PhoneNumbers from Users and that is literally a architectural vulnerability, alongside your #proprietary & #Centralized #Infrastructure.

Not to mention the lack of @torproject / #Tor support with an #OnionService or the willingness to fulfill #cyberfacist "Embargoes" or shilling a #Shitcoin #Scam named #MobileCoin!

  • #KYC is the illicit activity!!!

And don't get me started on the #cyberfacism that is #CloudAct.

  • If you were secure, criminals would've used your platform so hard, it would've been shutdown like #EncroChat and #SkyECC.

I may nit have allvthe.evidence yet, but #Signal stenches like #ANØM: #Honeypot-esque!

Replied in thread

@ckrypto if@signalapp@mastodon.world wasn't complying with #CloudAct, @Mer__edith would be in jail.

Not to mention even if Signal keeps their "#OpenSource" code updated - which is doubtful, NOONE can actually #verify that it's the code you actually use - regardless if #backend / #Server or #client / #App!

  • #Signal is as secure as #ANØM, otherwise it would've been shutdown ages ago.

Also if Signal was designed for #security, it would've been #decentralized as #XMPP+#OMEMO and not demand #PII like #PhoneNumbers which oftentimes cannot be obtained anonymously in many juristictions at all!

By comparison, @delta doesn't require any PII, only an #eMail account, and @monocles isn't a #VCmoneyBurningParty but sustainable due to #subscription and they don't even require any personal details for #payment: #CashByMail and #Monero are accepted.

Again: It's Signal alone who have to evidence they are trustworthy, and all I get are "#TrustMeBro!" replies, which means they are not to be trusted.

  • Not to mention, it's just not sustainable to run a #service without #revenue, even if it's run entirely by unpaid volunteers and gets all it's #hosting and #costs donated, someone has to pay for expenses due to #abuse of a service (which is an inevitability come mass adoption)...

Whereas with #XMPP I can completely setup my own server and client, even build my own if I don't trust anyone else and pay someone to audit the code.

Whereas with XMPP & PGP/MIME #eMail I can layer @torproject / #Tor over it, make it an #OnionService and keep that thing under my bed with a literal killswitch...

Replied in thread

@erebion @inaruck genau das ist der Falsche Ansatz, da Threat Models sich ständig verschieben und nicht ausgegangen werden kann, dass es dabei bleibt.

Keine*r deloyed drölfzig Messenger oder migriert bedarfsweise User*innen umher.

@erebion @inaruck es gibt soviele Gründe weshalb Mensch nicht @signalapp vertrauen sollte.

Aber um es nochnal klar zu erklären:

Nur echte #Dezentralisierung wie bei #XMPP+#OMEMO kann #Datenschutz, #Informationssicherheit und #Vertraulichkeit sicherstellen.

Die strukturellen Probleme von Signal machen es angesichts einer #gleichgeschaltet|en #USA ein absolut unnötiges #Risiko, denn ich garantiere @Mer__edith wird für keine*n User*in lebenslange #Beugehaft riskieren!

Und #Signal ist sehr wohl in der Lage #Govware - #Backdoors zu integrieren, denn sonst wären die wegen #ITAR bereits geknastet worden, weil diese #Nutzer*innen aus #Kuba, #Nordkorea und #Russland haben!