Post AMf0QzH6CZ1v4UvmnA by atoponce@fosstodon.org
(DIR) More posts by atoponce@fosstodon.org
(DIR) Post #AMetUQY6YNvmqoZvbU by toolofheresy@todon.eu
2022-08-18T16:36:58Z
0 likes, 2 repeats
Don't use messengers that demand your phone number. Period. Three Options out of many: Wire (uses email OR phone.) Briar (email)Tox (Antox app) ... entirely anonymous#Signal says 1,900 users’ phone numbers exposed by #Twilio breach-TechCrunch via @yogthos https://techcrunch.com/2022/08/15/signal-phone-number-exposed-twilio/
(DIR) Post #AMex8oKbqn583YDLFo by atoponce@fosstodon.org
2022-08-18T17:40:05Z
0 likes, 0 repeats
@toolofheresy @yogthos Using a phone number to register an account allows the user to manage their social graph locally rather than storing it on service provider's servers.Signal does not ship a web interface; Wire does. Unless you're inspecting the code on every page refresh, you can't be 100% certain malicious JavaScript wasn't loaded to compromise security.Tox isn't secure, as it's vulnerable to key compromise impersonation during its handshake.https://github.com/TokTok/c-toxcore/issues/426
(DIR) Post #AMf0A0qp5Wvp2MXwmW by toolofheresy@todon.eu
2022-08-18T18:13:51Z
0 likes, 0 repeats
@atoponce @yogthos I prefer not to use phone numbers, and create my own 'social diagram', if I really need that, which isn't part of a messaging application. The idea of allowing any server or application that connects to the internet do that for me scares the living f+ck out of me. If messages require a super-high security level tox and Tails are a good combination. Just trash the tox account after use and destroy the computer because NO ORGANIZATION will protect you against a court order or state apparatus at the expense of their messenger operation, and signal, like tor, is already compromised afaic. I use it for the local foodnotbombs operation, and that's all. Coordinating free meals for poor folks.About tor being 'compromised'. Remember Jake Applebaum? The reason he quit tor and was gang vilified with a basket of lies and fabrications was almost certainly because he called the tor team on their preference for 'user-friendliness (gui etc) over putting funds towards security. Just call me a paranoid but to me 'user-friendly' attracts more victims to potentially spy on and Signal is on the same federal fund handout as torproject
(DIR) Post #AMf0QzH6CZ1v4UvmnA by atoponce@fosstodon.org
2022-08-18T18:17:00Z
0 likes, 0 repeats
@toolofheresy @yogthos A "social graph" doesn't mean a visual graph or diagram. It means how you manage your contacts, which in a phone is typically via a contacts list, and in email, and address book.Tox is not secure, as shown in that GitHub issue. No modern secure end-to-end encrypted messaging platform is vulnerable to KCI.Yes, I remember Jacob Applebaum. He's a sexual predator.
(DIR) Post #AMf1tPiZa1zf96tsvI by toolofheresy@todon.eu
2022-08-18T18:33:19Z
0 likes, 0 repeats
@atoponce 🤣Yeah sure about the predator bs. They litter the computer industry btw. A night out at amy hipster bar in my bay area town proves that, so save it for someone whose ignorant. I watched closely and followed up on the complaints ... and as is typical with Institutional SLANDER, no charges were ever filed by anyone. There's a reason for that. The reason is simply their stories were fabrications.
(DIR) Post #AMkqneS9e2rPDGfRmS by NatCor@mastodon.social
2022-08-21T13:57:17Z
0 likes, 0 repeats
@atoponce@toolofheresy @yogthos I believe wire save all contacts unencrypted on its servers and metadata is also saved unencrypted on its servers to enable multidevice/multiplatform feature and you can't delete your contacts just hide them. also, their doc indicate login is passed unencrypted to their servers. I would like to use wire, but for those reasons I don't. thats for wire personal. I'm not sure of wire enterprise version. correct me if I'm wrong. thx.
(DIR) Post #AMlpgmMHwtKsuM2i24 by thisisthebreath@noagendasocial.com
2022-08-22T01:19:36Z
0 likes, 0 repeats
@ringo thanks for digging stuff like this out of the fediverse