GNU social JP
  • FAQ
  • Login
GNU social JPは日本のGNU socialサーバーです。
Usage/ToS/admin/test/Pleroma FE
  • Public

    • Public
    • Network
    • Groups
    • Featured
    • Popular
    • People

Conversation

Notices

  1. Embed this notice
    Håkan Geijer (hakan_geijer@kolektiva.social)'s status on Sunday, 26-Jan-2025 04:02:02 JST Håkan Geijer Håkan Geijer

    Every time I log into Fedi, I see another post with a guide called something like "Activist's Guide to Smartphones" or "Phone Security Guide for Protesters," and every single one of these assumes that the threat model is the kind of police force that exists under liberal democracy where legal protections will afford significant protections. The world is changing, and these guides not only fail to address the threat of an actively hostile fascistic anti-democratic occupying force (I refer here to the police), but such guides generally are limited to "what" and "how" but not miss the more critical "why."

    If you believe that you are facing fascism (or even something close to it), can I please please please convince you to read something written by anarchists who have faced serious repression and are trying to convey just how much phones can lead to the imprisonment of you and your friends for even things that are allegedly "legal."

    https://opsec.riotmedicine.net/downloads#mobile-phone-security

    In conversation about 4 months ago from kolektiva.social permalink

    Attachments

    1. Domain not in remote thumbnail source whitelist: opsec.riotmedicine.net
      Downloads

    2. https://kolektiva.social/system/media_attachments/files/113/890/525/577/103/730/original/7656c0b86c348457.png

    3. https://kolektiva.social/system/media_attachments/files/113/890/525/906/641/329/original/71e341bac41a3104.png
    • Embed this notice
      Håkan Geijer (hakan_geijer@kolektiva.social)'s status on Sunday, 26-Jan-2025 04:05:22 JST Håkan Geijer Håkan Geijer
      in reply to

      Overwhelmingly these guides seem to come from InfoSec or civil liberties focused individuals, groups, or NGOs, but bloody hell, the danger they face tends to pale in comparison to what radicals face, and the level of concern they have is likely far lower than it should be. Watching across the pond at this advice circulating, all I can think is that such liberal notions of rights are security are going to get activists killed or imprisoned for life.

      (not that my advice is perfect. always get a second source. compare what we/i have written to these liberal guides, and diligently study where and how they diverge.)

      In conversation about 4 months ago permalink
    • Embed this notice
      Jimmy Havok (jhavok@mastodon.social)'s status on Sunday, 26-Jan-2025 05:10:35 JST Jimmy Havok Jimmy Havok
      in reply to

      @hakan_geijer Buy a road atlas to travel to demonstrations instead of using your phone to navigate.

      In conversation about 4 months ago permalink
    • Embed this notice
      Håkan Geijer (hakan_geijer@kolektiva.social)'s status on Sunday, 26-Jan-2025 05:10:35 JST Håkan Geijer Håkan Geijer
      in reply to
      • Jimmy Havok

      @jhavok Many modern cars have mobile capabilities, and automatic license plate readers capture and incredible amount of data.

      https://www.securityweek.com/eff-issues-new-warning-after-discovery-of-automated-license-plate-reader-vulnerabilities/

      In conversation about 4 months ago permalink
    • Embed this notice
      Håkan Geijer (hakan_geijer@kolektiva.social)'s status on Sunday, 26-Jan-2025 06:27:11 JST Håkan Geijer Håkan Geijer
      in reply to
      • Qybat

      @Qybat Why do you think something like Debian or Qubes is significantly different than something like LineageOS or GrapheneOS? (ignoring macOS, Windows, and stock Android for now)

      In conversation about 4 months ago permalink
    • Embed this notice
      Qybat (qybat@batchats.net)'s status on Sunday, 26-Jan-2025 06:27:12 JST Qybat Qybat
      in reply to

      @hakan_geijer I know enough tech to say that there is one fundamental rule of avoiding surveillance on your phone: Don't. There are too many different ways it can be compromised, if you are a person of sufficient importance that someone in government actually cares to try. If you want secure communications, the first rule is to get a Real Computer which runs a software environment you and you alone can control.

      In conversation about 4 months ago permalink
    • Embed this notice
      Håkan Geijer (hakan_geijer@kolektiva.social)'s status on Sunday, 26-Jan-2025 06:40:08 JST Håkan Geijer Håkan Geijer
      in reply to
      • Hard Left News

      @hardleft That may be true, but we still have tried to characterized what the profiles look like and why. Many are still accurate for most of Europe which is my primary audience.

      In conversation about 4 months ago permalink
    • Embed this notice
      Hard Left News (hardleft@mastodon.social)'s status on Sunday, 26-Jan-2025 06:40:09 JST Hard Left News Hard Left News
      in reply to

      @hakan_geijer and with the techbroligarchy showing their true colors, a lot of these lower risk profile options are outdated. Most important are the tools of assessing risks & staying disciplined. We're not going to get press releases telling us when to be more careful.

      In conversation about 4 months ago permalink
    • Embed this notice
      Håkan Geijer (hakan_geijer@kolektiva.social)'s status on Sunday, 26-Jan-2025 08:02:51 JST Håkan Geijer Håkan Geijer
      in reply to
      • Tariq

      @rzeta0 This always comes down to "what's your threat model." For most people, a cloud-based password manager is the best solution. I use an offline one I manually sync between devices. Pen and paper can be your password manager, but unless you're super human, most people can't come up with sufficiently random and different passwords for their hundreds of sites they have to log in to. I don't use anti-virus, but I also use Linux so it's a slightly different model there too. VPNs protect against a narrow set of threats and for those they are useful. When people treat VPNs like Tor, they're gonna have a bad time.

      In conversation about 4 months ago permalink
    • Embed this notice
      Tariq (rzeta0@mastodon.social)'s status on Sunday, 26-Jan-2025 08:02:52 JST Tariq Tariq
      in reply to

      @hakan_geijer

      I'm not an expert but I've always thought things like consumer VPNs, password management software and anti-virus software as increasing your risk, not decreasing it.

      The central point is they aggregate your information into the hands of one agent, and agent you don't know - making it easier for them, or those that attack them to get at your data.

      This is a question - I'd welcome comments.

      In conversation about 4 months ago permalink
    • Embed this notice
      Chris Real (_chris_real@kolektiva.social)'s status on Sunday, 26-Jan-2025 08:32:22 JST Chris Real Chris Real
      in reply to

      @hakan_geijer

      Nothing said on surveilled social media is meaningful. The more bold and defying, the more subject to corruption and coopting.

      The revolution will not be televised. Or elevated by the status quo. Or given the win by the referee.

      And the pundits will bicker with the winners. Because that's their bread and butter.

      In conversation about 4 months ago permalink
    • Embed this notice
      Håkan Geijer (hakan_geijer@kolektiva.social)'s status on Sunday, 26-Jan-2025 08:39:31 JST Håkan Geijer Håkan Geijer
      in reply to
      • Tariq

      @rzeta0

      > All your passwords in one online service means adversaries (eg the state) have only one place to get your passwords.

      Yes, but a well-designed service will not be able to turn it over. For example, 1Password and BitWarden (don't trust LastPass, fuck 'em for their repeated bad security) claim that they cannot hand this data over to cops.

      https://1password.com/legal/law-enforcement

      https://bitwarden.com/help/bitwarden-security-white-paper/

      The cloud is just a relay to sync things effectively. There's a lot of trust yes, but trust always ends somewhere. For most people and most activists even, this is acceptable. I think the pool of those who need security above what a cloud service can offer is growing because of increasing repression, but it's still a fine solution for many.

      > Isn't Tor a massive honeypot?

      No. It's open source and too many anarchists and libertarians and just plain cryptography nerds can analyze the code and assert that it's not backdoored. Go to the right places and you can meet devs and relay operators yourselves.

      > If it truly is as effective as people say it is, then it would already be banned already, surely?

      Plenty of things that are effective aren't banned, like even basic e2e encryption for chat. Plus the State still benefits from it working as advertised as it undermines other governments and gives dissidents a means of communication and anti-censorship.

      In conversation about 4 months ago permalink
    • Embed this notice
      Tariq (rzeta0@mastodon.social)'s status on Sunday, 26-Jan-2025 08:39:32 JST Tariq Tariq
      in reply to

      @hakan_geijer

      Thanks for taking the time to reply. I have two follow on questions if you or anyone else has the patience to reply.

      1. All your passwords in one online service means adversaries (eg the state) have only one place to get your passwords. Perhaps this comes down to threat model as you say

      2. Isn't Tor a massive honeypot? It emerged from the US military. If it truly is as effective as people say it is, then it would already be banned already, surely?

      In conversation about 4 months ago permalink
    • Embed this notice
      Håkan Geijer (hakan_geijer@kolektiva.social)'s status on Sunday, 26-Jan-2025 08:47:19 JST Håkan Geijer Håkan Geijer
      in reply to
      • Chris Real

      @_chris_real

      > Nothing said on surveilled social media is meaningful.

      Social media is real life. We're real people talking to each other. We might both right now understand the limits to what we can say without attracting attention, but that doesn't mean that we can't exchange ideas.

      > The revolution will not be televised.

      That phrase doesn't mean what most people think it does.

      https://www.youtube.com/watch?v=kZvWt29OG0s

      In conversation about 4 months ago permalink
    • Embed this notice
      Chris Real (_chris_real@kolektiva.social)'s status on Sunday, 26-Jan-2025 10:30:08 JST Chris Real Chris Real
      in reply to

      @hakan_geijer

      "Real life" means actions that have consequences.

      Opinions on social media are the result of moderators, who monetize the drama of conflict.

      Nahhh . . . it's play-acting without consequences. "Social media is reality" is a selling-point for advertisers. Actions have consequences, not content in a medium controlled by algorithms.

      In conversation about 4 months ago permalink
    • Embed this notice
      undead enby of the apocalypse (enby_of_the_apocalypse@kolektiva.social)'s status on Sunday, 26-Jan-2025 13:00:16 JST undead enby of the apocalypse undead enby of the apocalypse
      in reply to
      • Tariq

      @hakan_geijer @rzeta0 one thing I’ve been thinking about a lot, pen and paper might actually be a lot less secure when a significant threat is house searches by cops and stuff like that, since you can’t really encrypt it. (But also, paper can’t be hacked, paper doesn’t track your location and stuff)

      In conversation about 4 months ago permalink
    • Embed this notice
      undead enby of the apocalypse (enby_of_the_apocalypse@kolektiva.social)'s status on Sunday, 26-Jan-2025 13:04:02 JST undead enby of the apocalypse undead enby of the apocalypse
      in reply to
      • Tariq

      @hakan_geijer @rzeta0 what about keepassxc?

      In conversation about 4 months ago permalink
    • Embed this notice
      Ozzie D, NP-hard :bikepump: :vegan: (ozdreaming@infosec.exchange)'s status on Sunday, 26-Jan-2025 16:24:12 JST Ozzie D, NP-hard :bikepump: :vegan: Ozzie D, NP-hard :bikepump: :vegan:
      in reply to
      • MrTHF
      • Soatok

      @MrTHF SimpleX had a security design review last year (https://github.com/simplex-chat/simplex-chat/blob/stable/docs/SimpleX_Design_Review_2024_Summary_Report_12_08_2024.pdf), although I don't know if it addresses your concerns. And if you haven't already read them, @soatok looked at several messaging apps that get promoted as signal competitors:
      https://soatok.blog/encrypted-messaging-apps/
      (They're probably qualified to answer your questions if you wanted to hire them, but I don't know if they're taking clients.)

      In conversation about 4 months ago permalink

      Attachments

      1. Domain not in remote thumbnail source whitelist: opengraph.githubassets.com
        simplex-chat/docs/SimpleX_Design_Review_2024_Summary_Report_12_08_2024.pdf at stable · simplex-chat/simplex-chat
        SimpleX - the first messaging network operating without user identifiers of any kind - 100% private by design! iOS, Android and desktop apps 📱! - simplex-chat/simplex-chat
      2. Domain not in remote thumbnail source whitelist: soatok.blog
        Encrypted Messaging Apps
        from Soatok
        Over the lifetime of this blog, I’ve looked at a lot of so-called private messaging apps. A lot of this was prompted by random people’s terrible responses to me urging furries to stop u…
    • Embed this notice
      Håkan Geijer (hakan_geijer@kolektiva.social)'s status on Sunday, 26-Jan-2025 16:24:12 JST Håkan Geijer Håkan Geijer
      in reply to
      • Ozzie D, NP-hard :bikepump: :vegan:
      • MrTHF
      • Soatok

      @ozdreaming @MrTHF @soatok I am not a cryptographer so the best I can do is parrot what actual experts say.

      In conversation about 4 months ago permalink
    • Embed this notice
      MrTHF (mrthf@ohai.social)'s status on Sunday, 26-Jan-2025 16:24:14 JST MrTHF MrTHF
      in reply to

      @hakan_geijer I've read the entire English text & I wanted to consult some things

      Are you or do know someone qualified to check & compare decentralizable msg softwares like Matrix & SimpleX? I'm more interested in knowing the validity of "post quantum encryption" claims from SimpleX +possible backdoors, but I'm not tech savy

      Orbot & Riseup VPN would still be a good fit in a threat model that could include them?

      Not for comms, but are Tuta pqe and privacy claims also reliable, unlike Proton?

      In conversation about 4 months ago permalink
    • Embed this notice
      Håkan Geijer (hakan_geijer@kolektiva.social)'s status on Sunday, 26-Jan-2025 16:25:40 JST Håkan Geijer Håkan Geijer
      in reply to
      • undead enby of the apocalypse
      • Tariq

      @enby_of_the_apocalypse @rzeta0 sure but for most people that's not through threat they face. Like one of our parents using that is better than having two passwords they share everywhere.

      In conversation about 4 months ago permalink
    • Embed this notice
      Håkan Geijer (hakan_geijer@kolektiva.social)'s status on Sunday, 26-Jan-2025 16:28:31 JST Håkan Geijer Håkan Geijer
      in reply to
      • undead enby of the apocalypse
      • Tariq

      @enby_of_the_apocalypse @rzeta0 it's what I use and I do manual syncs between devices

      In conversation about 4 months ago permalink
    • Embed this notice
      Håkan Geijer (hakan_geijer@kolektiva.social)'s status on Sunday, 26-Jan-2025 16:29:42 JST Håkan Geijer Håkan Geijer
      • Nils Skirnir

      @nilsskirnir why do you believe signal is suspect?

      In conversation about 4 months ago permalink
    • Embed this notice
      Håkan Geijer (hakan_geijer@kolektiva.social)'s status on Saturday, 08-Mar-2025 04:06:49 JST Håkan Geijer Håkan Geijer
      in reply to
      • The Sleight Doctor 🃏

      @ApostateEnglishman Can you describe what specific threat it is would be addressing? I feel like this is covered by the distinction between demo and burner phones

      In conversation about 3 months ago permalink
    • Embed this notice
      The Sleight Doctor 🃏 (apostateenglishman@mastodon.world)'s status on Saturday, 08-Mar-2025 04:06:50 JST The Sleight Doctor 🃏 The Sleight Doctor 🃏
      in reply to

      @hakan_geijer This a great guide, however, it's worth mentioning that if you're going to some protest or direct action, it's a good idea to buy an unregistered SIM and take a decoy handset with location settings turned off and a VPN turned on.

      You don't have to be a cybersecurity expert to just not use your everyday comms tech. Way easier and probably safer.

      In conversation about 3 months ago permalink

Feeds

  • Activity Streams
  • RSS 2.0
  • Atom
  • Help
  • About
  • FAQ
  • TOS
  • Privacy
  • Source
  • Version
  • Contact

GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.

Creative Commons Attribution 3.0 All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.