Notices by Håkan Geijer (hakan_geijer@kolektiva.social)

@sour @ljrk Yes, so if you want to remove photos from a phone's internal storage, a laptop harddrive, an external harddrive, or something like an SD card, you could do that with Tails, but you don't need to. You can just use `srm`, though forensics is not my forte, so someone else might be able to more accurately direct you.

https://en.wikipedia.org/wiki/Srm_(Unix)

Proton Says It’s "Politically Neutral" While Praising Republican Party. "It's reasonable to worry that tech companies' backbone for protecting users in this way might soften when they get too politically involved with any one administration," said Andrew Crocker, EFF's surveillance litigation director.vhttps://theintercept.com/2025/01/28/proton-mail-andy-yen-trump-republicans/ #Proton #ProtonMail #AndyYen

@sour @ljrk Can you explain that further? Because Tails might not be what you want for that. Or might not be necessary.

@ljrk @sour not that you're wrong but I suspect your level of technicality is maybe too much here. I think maybe the answer is: Tails is good for ephemeral things and is quite anon, but its less commonly use for daily activity.

But to really even answer the question, we need to step back and ask why they want to use Tails in the first place

@glassjellyfish Can you describe specifically what you're referring to here?

@HeavenlyPossum This article is extremely good, and I've found it very relatable.

@nilsskirnir why do you believe signal is suspect?

@enby_of_the_apocalypse @rzeta0 it's what I use and I do manual syncs between devices

@enby_of_the_apocalypse @rzeta0 sure but for most people that's not through threat they face. Like one of our parents using that is better than having two passwords they share everywhere.

@ozdreaming @MrTHF @soatok I am not a cryptographer so the best I can do is parrot what actual experts say.

@sour I don't have data to back this but I would assume a frequently updated Linux is more secure

@walnut I have an open PR on this I'm not merging yet as I'd need to do a full rewrite, but I'm away this does need an update and maybe 2025 is the year to write this. https://gitlab.com/hakan-geijer/mobile-phone-security/-/merge_requests/1

@_chris_real

> Nothing said on surveilled social media is meaningful.

Social media is real life. We're real people talking to each other. We might both right now understand the limits to what we can say without attracting attention, but that doesn't mean that we can't exchange ideas.

> The revolution will not be televised.

That phrase doesn't mean what most people think it does.

https://www.youtube.com/watch?v=kZvWt29OG0s

@rivenskye I have also written about that specifically but I try to address it via example in the above text. https://opsec.riotmedicine.net/downloads#threat-modeling-fundamentals

@sour Enormous "it depends." Are you regularly updating? Comparing it to macOS and Windows? or comparing it to something like GrapheneOS for phones? What is your threat model? The CIA or random hackers? I would suggest everyone get on Linux for many reasons, but doing so requires a little attention and tinkering that commercial OSes do not.

@rzeta0

> All your passwords in one online service means adversaries (eg the state) have only one place to get your passwords.

Yes, but a well-designed service will not be able to turn it over. For example, 1Password and BitWarden (don't trust LastPass, fuck 'em for their repeated bad security) claim that they cannot hand this data over to cops.

https://1password.com/legal/law-enforcement

https://bitwarden.com/help/bitwarden-security-white-paper/

The cloud is just a relay to sync things effectively. There's a lot of trust yes, but trust always ends somewhere. For most people and most activists even, this is acceptable. I think the pool of those who need security above what a cloud service can offer is growing because of increasing repression, but it's still a fine solution for many.

> Isn't Tor a massive honeypot?

No. It's open source and too many anarchists and libertarians and just plain cryptography nerds can analyze the code and assert that it's not backdoored. Go to the right places and you can meet devs and relay operators yourselves.

> If it truly is as effective as people say it is, then it would already be banned already, surely?

Plenty of things that are effective aren't banned, like even basic e2e encryption for chat. Plus the State still benefits from it working as advertised as it undermines other governments and gives dissidents a means of communication and anti-censorship.

@rzeta0 This always comes down to "what's your threat model." For most people, a cloud-based password manager is the best solution. I use an offline one I manually sync between devices. Pen and paper can be your password manager, but unless you're super human, most people can't come up with sufficiently random and different passwords for their hundreds of sites they have to log in to. I don't use anti-virus, but I also use Linux so it's a slightly different model there too. VPNs protect against a narrow set of threats and for those they are useful. When people treat VPNs like Tor, they're gonna have a bad time.

@lockshock They are a good candidate. As is Mullvad if you need an alternative.

@HeavenlyPossum An extension of SEO has always been my assumption

@hardleft That may be true, but we still have tried to characterized what the profiles look like and why. Many are still accurate for most of Europe which is my primary audience.