Veganism Social

Kevin Karhan :verified:<a href="https://tweesecake.social/@adisonverlice" class="u-url mention" rel="nofollow noopener" target="_blank">@adisonverlice</a> even if an <a href="https://infosec.space/tags/MVNO" class="mention hashtag" rel="nofollow noopener" target="_blank">#MVNO</a> isn't demanding any <a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener" target="_blank">#KYC</a> whatsoever (i.e. <a href="https://infosec.space/tags/prepaid" class="mention hashtag" rel="nofollow noopener" target="_blank">#prepaid</a> are offered OTC in most juristictions) it's NOT "<a href="https://infosec.space/tags/Anonymous" class="mention hashtag" rel="nofollow noopener" target="_blank">#Anonymous</a>" but merely <a href="https://infosec.space/tags/pseudonymous" class="mention hashtag" rel="nofollow noopener" target="_blank">#pseudonymous</a> as it's trivial for governments to utilize existing and mandtory "<a href="https://infosec.space/tags/LawfulInterception" class="mention hashtag" rel="nofollow noopener" target="_blank">#LawfulInterception</a>" appliances to create that <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#PII</a> chain.<a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#PhoneNumber</a> <=> <a href="https://infosec.space/tags/ICCID" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICCID</a> (<a href="https://infosec.space/tags/SIMcard" class="mention hashtag" rel="nofollow noopener" target="_blank">#SIMcard</a>) <=> <a href="https://infosec.space/tags/IMSI" class="mention hashtag" rel="nofollow noopener" target="_blank">#IMSI</a> (SIM profile) <=> <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#IMEI</a> (Phone/...).So if <a href="https://infosec.space/tags/Anonymity" class="mention hashtag" rel="nofollow noopener" target="_blank">#Anonymity</a> is important, NONE of these details have to be linked somehow even circumstantial.<ul><li>Bought/paid for the phone/SIM/ a single top-up with ec/CC/PayPal/SEPA/… = busted due to circumstantial connection.</li><li>Use the SIM in any device? Consider them circumstantially connected forever: <a href="https://infosec.space/tags/ICCID" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICCID</a> <=> <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#IMEI</a>.</li><li>Same applies to <a href="https://infosec.space/tags/eSIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#eSIM</a>|s: <a href="https://infosec.space/tags/EID" class="mention hashtag" rel="nofollow noopener" target="_blank">#EID</a> <=> <a href="https://infosec.space/tags/ICCID" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICCID</a> <=> <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#IMEI</a>.</li></ul>Add to the fact that most places have <a href="https://infosec.space/tags/CCTV" class="mention hashtag" rel="nofollow noopener" target="_blank">#CCTV</a>, and assume that they'll keep recordings for the maximum permissible duration if not longer and oftentimes even use questionable cloud services and you get the picture.<ul><li>I.e. in Germany the maximum permissible storage duration is 72 hours (if nothing hapoens that warrants a longer storage i.e. burglary/theft/robbery/arson/...) so anonymous top-ups would necessitate paying cash at a place one's not been known at (i.e. some kiosk) and waiting at least >72 hours (and checking on the purchase location) before redeeming the top-up code (i.e. dialing <code>*104*1234567890123456#</code> )...</li></ul>So any <a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#privacy</a>-based service should never ever & under no circumstances demand a Phone Number!<ul><li>Instead any privacy-focussed service should use <a href="https://infosec.space/tags/OnionServices" class="mention hashtag" rel="nofollow noopener" target="_blank">#OnionServices</a>, host their own <a href="https://infosec.space/tags/OnionService" class="mention hashtag" rel="nofollow noopener" target="_blank">#OnionService</a> or at least <a href="https://infosec.space/tags/DontBlockTor" class="mention hashtag" rel="nofollow noopener" target="_blank">#DontBlockTor</a> and allow users to use it via <a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@torproject</a> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tor</a> to use and signup. (But don't forget circumstantial connections there either!)</li><li>Also the less details they want or store and the least traffic they generate the harder it is to correlate traffic & users.</li></ul>

Kevin Karhan :verified:<a href="https://fedifreu.de/@cryptgoat" class="u-url mention" rel="nofollow noopener" target="_blank">@cryptgoat</a> ja, nur ist es quasi illegal <a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@signalapp</a> / <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#Signal</a> <a href="https://infosec.space/tags/anonym" class="mention hashtag" rel="nofollow noopener" target="_blank">#anonym</a> (also faktisch nur <a href="https://infosec.space/tags/pseudonym" class="mention hashtag" rel="nofollow noopener" target="_blank">#pseudonym</a>, weil stets korrelierbar qua <a href="https://infosec.space/tags/Rufnummer" class="mention hashtag" rel="nofollow noopener" target="_blank">#Rufnummer</a> -> <a href="https://infosec.space/tags/ICCID" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICCID</a> -> <a href="https://infosec.space/tags/IMSI" class="mention hashtag" rel="nofollow noopener" target="_blank">#IMSI</a> -> <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#IMEI</a> -> <a href="https://infosec.space/tags/Location" class="mention hashtag" rel="nofollow noopener" target="_blank">#Location</a>) zu nutzen.<ul><li>Seit 07/2017 sind anonyme <a href="https://infosec.space/tags/SIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#SIM</a>-Karten faktisch illegal und ne SIM mir Rufnummer ist ne <a href="https://infosec.space/tags/Paywall" class="mention hashtag" rel="nofollow noopener" target="_blank">#Paywall</a> die faktisch teurer ist als nen <a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@monocles</a> - Abo.</li></ul>Allein die notwendigen <a href="https://infosec.space/tags/Workarounds" class="mention hashtag" rel="nofollow noopener" target="_blank">#Workarounds</a> sind so heftig paywalled dass es eher sinn macht 1h Hands-on - Training zu investieren...<ul><li>Von den <a href="https://infosec.space/@kkarhan/114234551915193036" rel="nofollow noopener" target="_blank">Problemen die Signal hat</a> ganz zu schweigen...</li></ul><a href="https://fedifreu.de/@cryptgoat/114705198216850106" rel="nofollow noopener" translate="no" target="_blank">https://fedifreu.de/@cryptgoat/114705198216850106</a>

Kevin Karhan :verified:<a href="https://mstdn.jp/@landley" class="u-url mention" rel="nofollow noopener" target="_blank">@landley</a> <a href="https://mstdn.social/@jschauma" class="u-url mention" rel="nofollow noopener" target="_blank">@jschauma</a> <a href="https://infosec.exchange/@ryanc" class="u-url mention" rel="nofollow noopener" target="_blank">@ryanc</a> <a href="https://infosec.exchange/@0xabad1dea" class="u-url mention" rel="nofollow noopener" target="_blank">@0xabad1dea</a> yeah, the exhaustion problem would've been shoved back with a <a href="https://infosec.space/tags/64bit" class="mention hashtag" rel="nofollow noopener" target="_blank">#64bit</a> or sufficiently delayed by a 40bit number.Unless we also hate <a href="https://infosec.space/tags/NAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#NAT</a> and expect every device to have a unique static <a href="https://infosec.space/tags/IP" class="mention hashtag" rel="nofollow noopener" target="_blank">#IP</a> (which is a <a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#privacy</a> nightmare at best that "<a href="https://infosec.space/tags/PrivacyExtensions" class="mention hashtag" rel="nofollow noopener" target="_blank">#PrivacyExtensions</a>" barely fixed.) <ul><li>I mean they could've also gone the <a href="https://infosec.space/tags/DECnet" class="mention hashtag" rel="nofollow noopener" target="_blank">#DECnet</a> approach and use the <a href="https://infosec.space/tags/EUI48" class="mention hashtag" rel="nofollow noopener" target="_blank">#EUI48</a> / <a href="https://infosec.space/tags/MAC" class="mention hashtag" rel="nofollow noopener" target="_blank">#MAC</a>-Address (or <a href="https://infosec.space/tags/EUI64" class="mention hashtag" rel="nofollow noopener" target="_blank">#EUI64</a>) as static addressing system, but that would've made <a href="https://infosec.space/tags/vendors" class="mention hashtag" rel="nofollow noopener" target="_blank">#vendors</a> and not <a href="https://infosec.space/tags/ISPs" class="mention hashtag" rel="nofollow noopener" target="_blank">#ISPs</a> the powerful forces of allocation. (Similar to how technically the <a href="https://infosec.space/tags/ICCID" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICCID</a> dictates <a href="https://infosec.space/tags/GSM" class="mention hashtag" rel="nofollow noopener" target="_blank">#GSM</a> / <a href="https://infosec.space/tags/4G" class="mention hashtag" rel="nofollow noopener" target="_blank">#4G</a> / <a href="https://infosec.space/tags/5G" class="mention hashtag" rel="nofollow noopener" target="_blank">#5G</a> access and not the <a href="https://infosec.space/tags/IMEI" class="mention hashtag" rel="nofollow noopener" target="_blank">#IMEI</a> unless places like Australia ban imported devices.</li></ul> I guess using a <a href="https://infosec.space/tags/128bit" class="mention hashtag" rel="nofollow noopener" target="_blank">#128bit</a> address space was inspired by <a href="https://infosec.space/tags/ZFS" class="mention hashtag" rel="nofollow noopener" target="_blank">#ZFS</a> doing the same before, as the folks who designed both wanted to design a solution that clearly will outlive them (way harder than COBOL has outlived Grace Hopper)...<ul><li>Personally I've only had headaches with <a href="https://infosec.space/tags/IPv6" class="mention hashtag" rel="nofollow noopener" target="_blank">#IPv6</a> because not only do I only have <a href="https://infosec.space/tags/IPv4only" class="mention hashtag" rel="nofollow noopener" target="_blank">#IPv4only</a> <a href="https://infosec.space/tags/Internet" class="mention hashtag" rel="nofollow noopener" target="_blank">#Internet</a> but my <a href="https://infosec.space/tags/ISP" class="mention hashtag" rel="nofollow noopener" target="_blank">#ISP</a> refuses to allocate even a singe /64 to me (but has no problem throwing in a free /29 of <a href="https://infosec.space/tags/IPv4" class="mention hashtag" rel="nofollow noopener" target="_blank">#IPv4</a>'s in with my contract!)and stuff like <a href="https://infosec.space/tags/HurricaneElectric" class="mention hashtag" rel="nofollow noopener" target="_blank">#HurricaneElectric</a> / <a href="https://infosec.space/tags/HEnet" class="mention hashtag" rel="nofollow noopener" target="_blank">#HEnet</a>'s <a href="https://infosec.space/tags/Tunnelbroker" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tunnelbroker</a> fail face first due to <a href="https://infosec.space/tags/Geoblocking" class="mention hashtag" rel="nofollow noopener" target="_blank">#Geoblocking</a> and the fact that <a href="https://infosec.space/tags/ASNs" class="mention hashtag" rel="nofollow noopener" target="_blank">#ASNs</a> get geolocated, not their <a href="https://infosec.space/tags/PoPs" class="mention hashtag" rel="nofollow noopener" target="_blank">#PoPs</a>... </li></ul>If I was <a href="https://social.bund.de/@BNetzA" class="u-url mention" rel="nofollow noopener" target="_blank">@BNetzA</a> I would've mandated <a href="https://infosec.space/tags/DualStack" class="mention hashtag" rel="nofollow noopener" target="_blank">#DualStack</a> and banned <a href="https://infosec.space/tags/CGNAT" class="mention hashtag" rel="nofollow noopener" target="_blank">#CGNAT</a> (or at least the use of CGNAT in <a href="https://infosec.space/tags/RFC1918" class="mention hashtag" rel="nofollow noopener" target="_blank">#RFC1918</a> address spaces) as well as <a href="https://infosec.space/tags/DualStackLite" class="mention hashtag" rel="nofollow noopener" target="_blank">#DualStackLite</a>!

Kevin Karhan :verified:<a href="https://infosec.exchange/@bob_zim" class="u-url mention" rel="nofollow noopener" target="_blank">@bob_zim</a> yeah. Seen it. in the writeup by <a href="https://infosec.exchange/@micahflee" class="u-url mention" rel="nofollow noopener" target="_blank">@micahflee</a> ...I just hope to find any that ain't <a href="https://infosec.space/tags/NetLock" class="mention hashtag" rel="nofollow noopener" target="_blank">#NetLock</a>'d / <a href="https://infosec.space/tags/SimLock" class="mention hashtag" rel="nofollow noopener" target="_blank">#SimLock</a>'d to <a href="https://infosec.space/tags/Verizon" class="mention hashtag" rel="nofollow noopener" target="_blank">#Verizon</a> and that these support more than <a href="https://infosec.space/tags/US" class="mention hashtag" rel="nofollow noopener" target="_blank">#US</a>-<a href="https://infosec.space/tags/LTE" class="mention hashtag" rel="nofollow noopener" target="_blank">#LTE</a> bands... <ul><li>Not shure if it needs a valid <a href="https://infosec.space/tags/SIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#SIM</a> or just an <a href="https://infosec.space/tags/ICCID" class="mention hashtag" rel="nofollow noopener" target="_blank">#ICCID</a> + <a href="https://infosec.space/tags/Ki" class="mention hashtag" rel="nofollow noopener" target="_blank">#Ki</a> on a <a href="https://infosec.space/tags/SIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#SIM</a> to get going (cuz in <a href="https://infosec.space/tags/Germany" class="mention hashtag" rel="nofollow noopener" target="_blank">#Germany</a> it's hard [imported <a href="https://infosec.space/tags/SIM" class="mention hashtag" rel="nofollow noopener" target="_blank">#SIM</a>] to illegal [domestic SIMs] to get an anonymous SIM since 07/2017.</li></ul>I just wish <a href="https://mastodon.social/@eff" class="u-url mention" rel="nofollow noopener" target="_blank">@eff</a> wouldn't expect everyone to use <a href="https://infosec.space/tags/centralized" class="mention hashtag" rel="nofollow noopener" target="_blank">#centralized</a>, <a href="https://infosec.space/tags/SingleVendor" class="mention hashtag" rel="nofollow noopener" target="_blank">#SingleVendor</a> & <a href="https://infosec.space/tags/SingleProvider" class="mention hashtag" rel="nofollow noopener" target="_blank">#SingleProvider</a> services like <a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@signalapp</a> in the age of <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener" target="_blank">#CloudAct</a>, cuz neither I nor anyone I'd trust would submit <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#PII</a> to them like a <a href="https://infosec.space/tags/PhoneNumer" class="mention hashtag" rel="nofollow noopener" target="_blank">#PhoneNumer</a> <a href="https://infosec.space/@kkarhan/114234551915193036" rel="nofollow noopener" target="_blank">as a matter of principle!</a>

Recent searches

Search options

Administered by:

Server stats:

#iccid