lingo.lol is one of the many independent Mastodon servers you can use to participate in the fediverse.
A place for linguists, philologists, and other lovers of languages.

Server stats:

53
active users

#pii

0 posts0 participants0 posts today
Pusher of Pixels<p><a href="https://dmv.community/tags/Privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Privacy</span></a> <a href="https://dmv.community/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a></p><p>Searched myself and yowza that's a lot of data.</p><p><a href="https://www.pcmag.com/news/site-behind-major-ssn-leak-returns-with-detailed-data-on-millions-how-to" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">pcmag.com/news/site-behind-maj</span><span class="invisible">or-ssn-leak-returns-with-detailed-data-on-millions-how-to</span></a></p><p>Remove it from their site<br><a href="https://nationalpublicdata.com/optout.html" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">nationalpublicdata.com/optout.</span><span class="invisible">html</span></a></p>
knizer<p>Unexpected weekend thread derailment - I discovered a (kinda cool looking) event to promote which I found only on one of my sources - but when I looked further, I realized that their registration page also included a link to all the responses set to public - everyone's PII - names, emails, socials, home address, phone.</p><p>Initially: Homer backs into the hedges.gif, then I emailed the organizer so they hopefully fix it.<br><a href="https://toot.boston/tags/Security" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Security</span></a> <a href="https://toot.boston/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> <a href="https://toot.boston/tags/events" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>events</span></a> <a href="https://toot.boston/tags/Notion" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Notion</span></a> <a href="https://toot.boston/tags/BostonWeekend" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>BostonWeekend</span></a> <a href="https://toot.boston/tags/sigh" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sigh</span></a></p>
Dissent Doe :cupofcoffee:<p>Promises, promises. </p><p>Exclusive: Brosix and Chatox promised to keep your chats secured. They didn’t.</p><p>A researcher found a misconfigured backup with -- yes, you guessed it -- everything in plaintext instead of encrypted. </p><p>Some entities that used the service are medical entities that were actually mentioning protected health information or attaching files with <a href="https://infosec.exchange/tags/PHI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PHI</span></a> in the chat. </p><p>There were almost 5k Allstate employees using the service and sharing customer <a href="https://infosec.exchange/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> in files. </p><p>And oh yeah, I found one company gossiping about me and plotting against me after I notified them they were leaking tons of <a href="https://infosec.exchange/tags/PHI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PHI</span></a>. I've done them a favor by not publishing all their chat logs about me. :) </p><p>There also appeared to be some "dodgy" stuff on the backup, too. </p><p>Read the details about the exposed backup in my post at <a href="https://databreaches.net/2025/08/05/exclusive-brosix-and-chatox-promised-to-keep-your-chats-secured-they-didnt/" rel="nofollow noopener" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">databreaches.net/2025/08/05/ex</span><span class="invisible">clusive-brosix-and-chatox-promised-to-keep-your-chats-secured-they-didnt/</span></a></p><p><a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>infosec</span></a> <a href="https://infosec.exchange/tags/encryption" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>encryption</span></a> <a href="https://infosec.exchange/tags/databreach" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>databreach</span></a> <a href="https://infosec.exchange/tags/incidentresponse" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>incidentresponse</span></a> <a href="https://infosec.exchange/tags/chatox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>chatox</span></a> <a href="https://infosec.exchange/tags/brosix" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>brosix</span></a> <a href="https://infosec.exchange/tags/dataleak" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>dataleak</span></a></p><p><span class="h-card" translate="no"><a href="https://mastodon.social/@zackwhittaker" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>zackwhittaker</span></a></span></p>
Kevin Karhan :verified:<p>Anyone who expects me to install <a href="https://infosec.space/@kkarhan/114862595629371002" rel="nofollow noopener" target="_blank">yet another app</a> for their garbage can kindly <em>fuck off</em>!</p><ul><li>Fix your shit and give me a compelling reason to even consider making an account in the first place.</li></ul><p>I won't but seeing folks who actually take privacy serious and thus have their <a href="https://infosec.space/tags/cameras" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cameras</span></a> removed from their <a href="https://infosec.space/tags/Android" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Android</span></a> device struggle makes me fucking angry.</p><ul><li>By comparison: <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>monocles</span></a></span> / <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monoclesChat</span></a> has actually good <a href="https://infosec.space/tags/support" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>support</span></a> and they don't ask for <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> like a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a> and allow for <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfCustody</span></a> of all the keys.</li></ul><p>Personally, I wished <span class="h-card" translate="no"><a href="https://chaos.social/@delta" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>delta</span></a></span> / <a href="https://infosec.space/tags/deltaChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>deltaChat</span></a> had a plugin for like <span class="h-card" translate="no"><a href="https://mastodon.online/@thunderbird" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>thunderbird</span></a></span> / <a href="https://infosec.space/tags/Thunderbird" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Thunderbird</span></a> so that it can be used as <a href="https://infosec.space/tags/Chat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Chat</span></a> in it and sort the inbox. Would make it the superior solution for <a href="https://infosec.space/tags/corporations" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>corporations</span></a> that already have <a href="https://infosec.space/tags/eMail" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>eMail</span></a> <a href="https://infosec.space/tags/Archival" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Archival</span></a> setup for legal compliance…</p>
Kevin Karhan :verified:<p>My <a href="https://infosec.space/@kkarhan/114234551915193036" rel="nofollow noopener" target="_blank">reservations</a> and <a href="https://infosec.space/@kkarhan/114862595629371002" rel="nofollow noopener" target="_blank">criticism</a> re: <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Signal</span></a> are not just valid, but the reality is <em>even worse than I thought</em>:</p><ul><li>The fact that <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> requires not only their shitty <a href="https://infosec.space/tags/Android" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Android</span></a> <a href="https://infosec.space/tags/App" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>App</span></a>, and a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a> but literally won't allow people to use their shitty <a href="https://infosec.space/tags/Desktop" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Desktop</span></a>-App unless they have an Android device with a camera pointed at it makes it utterly unuseable for certain users <em>who don't have a fucking <a href="https://infosec.space/tags/camera" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>camera</span></a> in their Android</em>…</li></ul><p>Seriously, do they expect folks to deal woth that shit? It's already worse in terms of <a href="https://infosec.space/tags/UX" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>UX</span></a> than <a href="https://infosec.space/tags/telgram" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>telgram</span></a> and <a href="https://infosec.space/tags/discord" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>discord</span></a> and that too makes <a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>XMPP</span></a>+<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OMEMO</span></a> clients like <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>monocles</span></a></span> / <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monoclesChat</span></a> &amp; <span class="h-card" translate="no"><a href="https://fosstodon.org/@gajim" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>gajim</span></a></span> / <a href="https://infosec.space/tags/gajim" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>gajim</span></a> easier and faster to onboard <a href="https://infosec.space/tags/TechIlliterates" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechIlliterates</span></a> onto.</p><ul><li>Whichever asshole decided that a <em>replacement for <a href="https://infosec.space/tags/SMS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SMS</span></a></em> should mandate <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> like a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a> &amp; not be natively cross-platform should be banned from doing any <a href="https://infosec.space/tags/tech" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>tech</span></a> in their life. Trying to circumvent this shit and helping folks with it makes me so fucking angry that I'm now explicitly refusing to support it!</li></ul><p>FIX THAT SHIT, <span class="h-card" translate="no"><a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Mer__edith</span></a></span>, and if it means you need to kick some devs in their crouch then consider this a necessary <em>"investment"</em>…</p><p><a href="https://infosec.space/tags/sarcasm" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>sarcasm</span></a> <a href="https://infosec.space/tags/TechSupport" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechSupport</span></a> <a href="https://infosec.space/tags/TapesFromTechSupport" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TapesFromTechSupport</span></a> <a href="https://infosec.space/tags/Enshittifucation" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Enshittifucation</span></a> <a href="https://infosec.space/tags/SignalSucks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SignalSucks</span></a> <a href="https://infosec.space/tags/TelegramSucks" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TelegramSucks</span></a> <a href="https://infosec.space/tags/Messengers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Messengers</span></a></p>
Replied in thread

@derekmorr

Let it go, already. No one uses MobileCoin. You can’t even find an exchange to buy it.

Then why does @signalapp still have that shit in it? @Mer__edith could've pulled that #Shitcoin yet refuses to do do!

The Cloud Act is a non-issue. Signal doesn’t have data on users, so they can’t be forced to disclose it.

That's literally wrong!

  • #Signal not only collects #PII in the form of a #PhoneNumher but explicitly is able and willing to use that to dsicriminate against users and restrict app functionality based off their presumed juristiction. There is no "legitimate interest" for.doing so nor any legal mandate to do so (unless we excuse the ehole #MobileCoin-#Scam!)

It’s been 30 years, and no one uses xmpp. Let it go.

Wrong again. Otherwise there wouldn't be thriving ecosystems and Apps to this day. It's just that corporate shills refuse to acknowledge that Signal - like all centralized, proprietary, #SingleVendor and/or #SingleProvider kessengers before and after - will inevitably die as their business model is not sustainable. Sake with #ICQ really. The only exceptions are those that abolish #privacy for #profit, integrate actually working payments or sellout to a #cyberfacist #government (all those apply to #WeChat!)

It’s shocking that people who claim to care about security and privacy push niche apps with terrible UX and no PFS like Delta or XMPP instead of the only private messenger with any real market share, Signal.

You know what's shocking to me: People who are unable or rather unwilling.to acknowledge that Signal is garbage and it's requirement for a #PhoneNumber kills any #privacy benefits it may have on paper by virtue of being at best pseudonymous (assuming the userd don't live in a juristiction that demands "#KYC" for even prepaid #SIM cards (ime. #Germany) or god forbid even #IMEI|s (i.e. #Turkey has a literal allowlist that'll kick any device off it's MNOs after 90 days within 365 days.

  • The #UScentric approach to #privacy and #threats makes Signal absolutely useless in many cases, and I do speak here from experience.

I'd rather help people onboard #XMPP+#OMEMO like @monocles and/or @gajim or #PGP/MIME like @delta & @thunderbird (incl. setting them up with #Orbot / #TorBrowserBundle / @tails_live so their traffic gets through @torproject and doesn't provide any useable IP addresses.

  • I've literally been there and done that!

As for #Sustainability, providers like monocles.eu finance themselves by subscriptions (starting at €2 p.m.) which people can pay fully anonymous using #CashByMail and #Monero on top of common payment methods (i.e. SEPA wire transfer)...

  • So even if you think "#monocles is a #honeypot" that is mitigateable ciz unlike with Signal you can choose your own client, choose a different provider & exervise self-custody of all tue keys!
monocles.eumonocles searchmonocles search, powered by searx
Replied in thread

@Mer__edith yet @signalapp still demands #PII and refuses to pull out of the #USA putting it's users at risk as per #CloudAct.

youtube.com/watch?v=0DSGq9FQKU4

For the last few weeks, I've been getting frequent #ThreeRings tech support calls to my personal mobile number. We don't offer phone-based tech support, so this was a bit of a surprise, and although I don't mind the odd one, this seemed like a significant ramping-up.

So I asked one of them where they found my number, and they said it came up when they did a #Google search for "Three Rings login".

Turns out they were right. Google had the phone number I gave them... four years ago?... for identity verification. But then a few weeks ago they randomly started serving it to people who searched for Three Rings!

I was able to remove it from #GoogleBusinessProfile, where they admitted that they modified it, but I'm yet to receive any kind of explanation.

🔗 Full story: danq.me/2025/05/21/google-shar

Is Node.js the future of backend development, or just a beautifully wrapped grenade?

Lately, I see more and more backend systems, yes, even monoliths, built entirely in Node.js, sometimes with server-side rendering layered on top. These are not toy projects. These are services touching sensitive PII data, sometimes in regulated industries.

When I first used Node.js years ago, I remember:
• Security concepts were… let’s say aspirational.
• Licensing hell due to questionable npm dependencies.
• Tests were flaky, with mocking turning into dark rituals.
• Behavior of libraries changed weekly like socks, but more dangerous.
• Internet required to run a “local” build. How comforting.

Even with TypeScript, it all melts back into JavaScript at runtime, a language so flexible it can hang itself.

Sure, SSR and monoliths can simplify architecture. But they also widen the attack surface, especially when:
• The backend is non-compiled.
• Every endpoint is a potential open door.
• The system needs Node + a fleet of dependencies + a container + prayer just to run.

Compare that to a compiled, stateless binary that:
• Runs in a scratch container.
• Requires zero runtime dependencies.
• Has encryption at rest, in transit, and ideally per-user.
• Can be observed, scaled, audited, stateless and destroyed with precision.

I’ve shipped frontends that are static, CDN-delivered, secure by design, and light enough to fit on a floppy disk. By running them with Node, I’m loading gigabytes of unknown tooling to render “Hello, user”.

So I wonder:
Is this the future? Or am I just… old?

Are we replacing mature, scalable architectures with serverless spaghetti and 12-factor mayhem because “it works on Vercel”?

Tell me how you build secure, observable, compliant systems in Node.js.
Genuinely curious.
Mildly terrified and maybe old.

Replied in thread

@debby @monocles @Stuxhost well, @delta / #deltaChat is not using #XMPP+#OMEMO (unlike #monoclesChat & #gajim) but #PGP/MIME on regular #eMail, which makes it way easier to setup in organizations as "nit yet another server needed" and also easier to comply with mandatory #archival laws in #business use-cases.

docs.monocles.euOverview - monocles Documentation
Replied in thread

@marczz

Why you should use full-disk encryption

If any of the arguments I make below apply to you, you should use full-disk encryption. I am pretty sure the first argument applies to everyone. The second argument applies at least to everyone in the EU and the US state of California. The third argument applies to everyone again.

You will fail to delete drives properly

Storage media get lost. Most people do not know how to properly delete hard disk content before selling them, or they forget it. In the case of flash drives, or SSDs, standard tools like shred don't work. hdparm may do the trick, but this is not well known. If you are lucky, the manufacturer of you SSH provides a Windows app that lets you delete it securely. Your server does not run on Windows of course.

The law demands it

#GDPR and similar data protection and privacy laws require you to store no #PII (personal data) permanently. You have to anonymize PII or delete it after a few weeks. IP addresses are PII. All servers store IP addresses by default. The GDPR also demands that you use state-of-the-art technology to protect sensitive data. Full disk encryption is the state of the art.

Law enforcement makes "mistakes"

I'm a board member of @Artikel5eV, an organisation that runs relays on the Tor network, including exit relays. Running Tor relays is perfectly legal in Germany. Nevertheless, law enforcement agencies have raided the homes of Artikel 5 e.V. board members twice. Illegally so, as a court confirmed recently. I won't run Tor relays in my home, but there is a good chance that my home will be raided one day unless all police officers and prosecutors decide to obey the law.

There is also a possibility that the rule of law might collapse in your country sooner or later. We are just witnessing it in the USA.

You already mentioned that ordinary thieves can also be a problem.

Encryption is available for free

So what is your case against disk encryption? It is obvious that it alone does not solve all IT security issues, but it is an important building block. #LUKS is reliable free and open-source software for HD encryption. If you are not using Linux, check out #VeraCrypt. The Raspberry Pi 5 comes with hardware acceleration for AES, so there no longer is a noticeable performance penalty for encryption.

Replied in thread

@signalapp It's not #disinfo when one points out that you demand #PII aka. #PhoneNumbers from Users and that is literally a architectural vulnerability, alongside your #proprietary & #Centralized #Infrastructure.

Not to mention the lack of @torproject / #Tor support with an #OnionService or the willingness to fulfill #cyberfacist "Embargoes" or shilling a #Shitcoin #Scam named #MobileCoin!

  • #KYC is the illicit activity!!!

And don't get me started on the #cyberfacism that is #CloudAct.

  • If you were secure, criminals would've used your platform so hard, it would've been shutdown like #EncroChat and #SkyECC.

I may nit have allvthe.evidence yet, but #Signal stenches like #ANØM: #Honeypot-esque!