#Tag · bonfire.cafe

Fortunately, getting killed by the CIA by means of predator drone strike is not everybody's threat model. For others - certain French judges for example - a real threat can be getting sanctioned by the US government and completely locked out of US services.

So yes, know your threat model when picking between #Signal and #Conversations_im.

Debacle

@debacle@framapiaf.org replied · 3 days ago

@daniel

If getting killed by means of a #predatorDrone strike were among my realistic #threatModels, I'ld avoid owning a #SIM card in the first place. Which is one of the prerequisites for a Signal account. #Jabber ftw.

David Chisnall (*Now with 50% more sarcasm!*)

@david_chisnall@infosec.exchange · 5 days ago

@contrapunctus @alisynthesis @NebulaTide @JohnnieMac

Anyone recommending a decentralised alternative to Signal and not including any discussion of anonymity sets, metadata leakage, and so on, is just telling me that they have absolutely zero idea of how security and privacy work.

XMPP (and I say this as someone who was involved in standardising it back in the day and wrote two client implementations) is not fit for purpose for a modern threat models. It leaks metadata like a sieve to passive adversaries.

The Fediverse is a fundamentally different problem because it's about public communication and does not aim to provide privacy. A tool for private communication is a completely different problem space.

Debacle

@debacle@framapiaf.org replied · 4 days ago

@david_chisnall @contrapunctus @alisynthesis @NebulaTide @JohnnieMac

Anybody talking about anonymity sets, metadata leakage, and so on, without clarifying the #threatModel and actual attack scenario first, should learn about different priorities people might have, when it comes to #security (= #confidentiality, #integrity, #availability)and #digitalSovereignty.

Sure, Signal collects less #metadata than #Jabber, but it has other disadvantages, making it a #NoGo for me:

Michał "rysiek" Woźniak · 🇺🇦 boosted

Bi—zaar

@XavCC@todon.eu · 5 months ago

#FediHelp
I need to talk with someone skilled about #threatModel (digital side) specifically about 'downloads' / archiving / wget (mirroring) and online/offline for field activities (logistics / investigation ) and activist groups (water, mud, soil investigation within sampling and DIY analysis & data production)

I need to talk so do not point me any NGOs (I already now them). And I've been there too.

It's about holistic security approach in this very specific nudge.
Downloading things, offline access first, sharing (see Kiwix and kiwix itw at APC.org)
Being up to a mountain or down to a river or sewers system or so.
Or around floods in streets / towns / cities / lands.
Radio (SDR) scanning in the field and emergency data transmission / copy.

If it's not a clear and not understandable claim, I'm so sorry and please feel free to bake he with your asking and thoughts.

Very very important: carbon-mascu-male alpha-stupid-surviving-boyz are not welcome in this discussion and I'm sure you get the point my dear fedizens (no techbro / no cryptobro and more away)

cc @DigiDefenders @rysiek @onepict
@APC
@iffybooks @hackstub @lacontrevoie

Bi—zaar

@XavCC@todon.eu · 5 months ago

I need to talk so do not point me any NGOs (I already now them). And I've been there too.

If it's not a clear and not understandable claim, I'm so sorry and please feel free to bake he with your asking and thoughts.

Very very important: carbon-mascu-male alpha-stupid-surviving-boyz are not welcome in this discussion and I'm sure you get the point my dear fedizens (no techbro / no cryptobro and more away)

cc @DigiDefenders @rysiek @onepict
@APC
@iffybooks @hackstub @lacontrevoie

Bi—zaar

@XavCC@todon.eu · 5 months ago

I need to talk so do not point me any NGOs (I already now them). And I've been there too.

If it's not a clear and not understandable claim, I'm so sorry and please feel free to bake he with your asking and thoughts.

Very very important: carbon-mascu-male alpha-stupid-surviving-boyz are not welcome in this discussion and I'm sure you get the point my dear fedizens (no techbro / no cryptobro and more away)

cc @DigiDefenders @rysiek @onepict
@APC
@iffybooks @hackstub @lacontrevoie