Create accountLogin

Recent searches

No recent searches

Search options

Only available when logged in.
toad.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
Mastodon server operated by David Troy, a tech pioneer and investigative journalist addressing threats to democracy. Thoughtful participation and discussion welcome.

Administered by:

Server stats:

273
active users

toad.social: AboutProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.8

#unencrypted

1 post1 participant0 posts today
Public
PrivacyDigest

#Apple Gave Governments Data on Thousands of #PushNotifications

… sent to its devices, which can identify a target’s specific device or in some cases include #unencrypted content like the actual text displayed in the notification, according to data published by Apple. In one case, that Apple did not ultimately provide data for, #Israel demanded data related to nearly 700 push #notifications as part of a single request.
#privacy #security #e2ee #encryption

404media.co/apple-gave-governm

404 Media · Apple Gave Governments Data on Thousands of Push NotificationsPush notification data can sometimes include the unencrypted content of notifications. Requests include from the U.S., U.K., Germany, and Israel.
Replied in thread
Public
Kevin Karhan :verified:

@AdminKirsty @delta nodds in agreement

Add to that there are sufficient tools that allow for #secure, #E2EE #communication.

  • Like: Even if they don't like #PGP/MIME there's nothing that prevents them from supporting #XMPP+#OMEMO or having any #secure means to communicate.

I do go out of my way to implement better alternatives to existing bad option...

TBH, #unencrypted and thus #insecure communication should disqualify every #company and #organization as a matter or principle and it's high time #GDPR & #BDSG make support for proper #encryption mandatory, regardless if #2FA or general communications!

Public
getmisch

1. Tr^mp's lawyers did not dispute anything disclosed in the new filing. 2. If he believed overturning the election was part of his official acts, why was he using a burner phone routed outside of the U.S., unencrypted? 3. How many countries may be planning to blackmail him as a result of this #security #breach, or others?
#AdamCochran #Smith #filing #burner #phone #SpamRiskEgypt #EspionageAct #indict #espionage #risk #blackmail #foreign #intelligence #unencrypted #official #act #SCOTUS #king

Bullet points about the recently unsealed Smith filing: >Trump used a burner phone, routed through a foreign coutnry to contact MI house speaker. >He pressured the speaker in this off-book call. >Speaker McCarthy knew about the burner phone. >The phone showed up as "Spam Risk Egypt" on caller ID. If the Presdient thought his attempt to overturn the election and forge elector documents were legitimate "official acts" why was he using an insecure, foreign-routed burner phone for these calls? How many other sensitive calls did the former President have on this unencrypted line with co-conspirators, that could now be used as blackmail against him, by any foreign nation which may have tapped that line? (And before the reply bots get here, let me remind them: Trump's legal team did not disupte the authenticity of *anything* unsealed from the Smith filing.)
Public
PrivacyDigest

Over 600 million #Meta #passwords stored in plain text

The issue was first uncovered in 2019 when #Facebook admitted to "hundreds of millions" of passwords being stored #unencrypted. Facebook said that the passwords were not available outside of the company — but also admitted that around 2,000 engineers had made about 9 million queries on that user database
#privacy #security

appleinsider.com/articles/24/0

AppleInsiderMeta stored 600 million Facebook and Instagram passwords in plain textAcross Facebook and Instagram, Meta has been storing more than half a billion users' passwords in plain text, with some easily readable for more than a decade.
Public
Matrix

@root@mindly.social @mindly.social@mindly.social

We have received a bunch of empty Admin Reports from @mindly.social and our reaction have been to Suspended their system account to avoid further spam from them, and Silenced them to help keeping they users of the grid. This is also done to protect the fediverse against CloudFlare's tracking and spying on users and absorbance of [PII](/articles/MTX-A-79/PII) data

![Silenced mindly.social by matrix.rocks](image.png){width=280px}

## About mindly.social

A review of their instance shows us a miss configured instance

Host mindly.social
Software mastodon / 4.2.12
Administrator (Unknown) ((Unknown))

When investigating the privacy violating server, we find it is under CloudFlare's control, now I start to get suspicious of the lowlifes running mindly.com
mindly.social.  3600    IN      NS      duke.ns.cloudflare.com.
mindly.social.  3600    IN      NS      jean.ns.cloudflare.com.
mindly.social.  300     IN      A       188.114.97.3
mindly.social.  300     IN      A       188.114.96.3

Taking a look at the MITM infected instance true a Virtual machine running on Open Source, reveille the following accounts to hang out to dry for spamming fediverse admins with their nonsense of forwarding empty spam reports with no comment or explanations on why a post was reported, The only thing we can come to thing of, is it some newly converted Israelis super puritan Jews who tries to overtake the new world order by their terrorism.

* contact@mindly.social
* @root@mindly.social
Mindly.Social aims to be a friendly, non-topic specific community focused on spreading positivity, expanding your knowledge and experiences, and just being plain old happy on social media for once.
What?? you just proven the opposed by attacking matrix.rocks with spam bombs

## The false reports
All notes mentioned below, is marked with CW and the attachment are marked as sensitive, all in compliance with our rules and guidelines.

- https://matrix.rocks/notes/9y8vfzoqyw reported eight time...
![9y8vfzoqyw](image1.png)

Welcome to the #hallofshame of #stupidity

@matrix.rocks

## tags
#MindlySocial #admin #antiprivacy #cloudflare #cloudflarecyberattack #fediverse #hallofshame #infosec #internetsecurity #mastodonadmin #mastodonadminspammers #mastodonmoderation #mastodonreportspam #mastodonspam #mastodonspamadmins #MITM #moderators #privacy #reportspam #reportspamming #suspended #tracking #unencrypted

Issue: https://kb.mypdns.org/issue/MR-3 #nsfw #bikini
Public
Kevin Karhan :verified:

@CStamp @persagen whilst it's easy to attribute #Unit8200 for that, I'd say this is a too easy kind of explaination as it would be in the best interest if the #IDF to keep enemies like #Hezbollah in blissful ignorance about their #vulnerable #tech whilst maximizing #SIGINT effectiveness by not giving them a reason to implement secure #comms.

To me that sounds like a project some recruit of that unit would've to plan as a means to qualify for membership of that unit.

  • It doesn't make sense to pull that #PagerHack off given it's quite newly deployed (older batteries would've more reliably and faster gone critical due to #Overdischarge!) and having pulled this #exploit also means Hezbollah will clearly fix those issues, starting with devices using #NiCd or #LiFePO4 batteries if not employing proper #E2EE instead of using insecure & #unencrypted #POCSAG...

But since I'm not getting paid for fixing that shitshow AND don't work with or for terrorists (!!!) I won't plug any projects that would've prevented this...

Public *
Al

@marcan
Be careful out there. Its amazing that we use #email, #unencrypted email, for business purposes.

no personal and private information should ever be put in an email that travels in the clear; no account numbers, bdays, transaction info etc.

We need to demand that corps provide their #publicKey and accept our public key before we do business with them.
or
at least demand that they use an encrypted email service.

Learn about public/private key #encryption it's not that hard.

Replied in thread
Public *
aproitz

@bascule @matthew_d_green

Exactly !
This is, what #PavelDurov's
#Statement about #Signal is all about. #Unencrypted #Telegram #Content and #IpAdresses are worldwide accessible at any given #Time for the #Corporation, while their #Encryption - #Features are pretty well hidden for normal #Users.
They do a #Bullshit for #Privacy and #Datasecurity, but call out Others for doing more in this #Area. #Ridiculous. It's a fucking #Disinformation #Campaign.

Replied in thread
Public
Kevin Karhan :verified:

@evacide okay, you want it simple?

1. DONT' USE ANY #proprietary #SingleVendor / #SingleProvider and/or #unencrypted comms at all!

2. DON'T TALK TO ANYONE WHO ISN'T LEGALLY FORCED UNDER THREAT OF JAIL AND LIFELONG UNEMPLOYABILITY TO STFU EVEN TOWARDS COPS & JUDGES!

3. STFU!

4. Act plausibly deniable!

5. Don't take anything that can and thus will be used to track you - including any mobile phones - even switched off!

6. Use @torproject #TorBrowser to look up stuff!

Public
Kevin Karhan :verified:

I guess I found the limits of #DuckDuckGo when it comes to #TechQuestions...

I.e. how do I force a mailserver to reject anything but encrypted (PGP/MIME, optionally also S/MIME) eMails?

And yes, this is related to this post.
mstdn.social/@kkarhan/11015284

Because yeah, I'm sick and tired of #Spam and I think that it's long overdue for me to have #ZeroTolerance to #unencrypted communications.

Mastodon 🐘Kevin Karhan :verified: (@kkarhan@mstdn.social)Serious #tech question #thread for everyone re: #Email. Please boost for a bigger sample size! :boost_ok: What describes your eMail situation: [ ] I self-host my eMails on my own box.[i.e. VM] [ ] I self-host my eMails on a rented box [i.e. VPS] [ ] I pay a provider to do all the eMail stuff [ ] I use a "free"mailer
ExploreLive feeds
About