A Startup is Selling Data Hacked from Peoples’ Computers to Debt Collectors
Infostealer data can include passwords, email and billing addresses, and the embarrassing websites you use. Farnsworth Intelligence is selling to to divorce lawyers and other industries.
Let it go, already. No one uses MobileCoin. You can’t even find an exchange to buy it.
Then why does @signalapp still have that shit in it? @Mer__edith could've pulled that #Shitcoin yet refuses to do do!
The Cloud Act is a non-issue. Signal doesn’t have data on users, so they can’t be forced to disclose it.
That's literally wrong!
It’s been 30 years, and no one uses xmpp. Let it go.
Wrong again. Otherwise there wouldn't be thriving ecosystems and Apps to this day. It's just that corporate shills refuse to acknowledge that Signal - like all centralized, proprietary, #SingleVendor and/or #SingleProvider kessengers before and after - will inevitably die as their business model is not sustainable. Sake with #ICQ really. The only exceptions are those that abolish #privacy for #profit, integrate actually working payments or sellout to a #cyberfacist #government (all those apply to #WeChat!)
It’s shocking that people who claim to care about security and privacy push niche apps with terrible UX and no PFS like Delta or XMPP instead of the only private messenger with any real market share, Signal.
You know what's shocking to me: People who are unable or rather unwilling.to acknowledge that Signal is garbage and it's requirement for a #PhoneNumber kills any #privacy benefits it may have on paper by virtue of being at best pseudonymous (assuming the userd don't live in a juristiction that demands "#KYC" for even prepaid #SIM cards (ime. #Germany) or god forbid even #IMEI|s (i.e. #Turkey has a literal allowlist that'll kick any device off it's MNOs after 90 days within 365 days.
I'd rather help people onboard #XMPP+#OMEMO like @monocles and/or @gajim or #PGP/MIME like @delta & @thunderbird (incl. setting them up with #Orbot / #TorBrowserBundle / @tails_live so their traffic gets through @torproject and doesn't provide any useable IP addresses.
As for #Sustainability, providers like https://monocles.eu finance themselves by subscriptions (starting at €2 p.m.) which people can pay fully anonymous using #CashByMail and #Monero on top of common payment methods (i.e. SEPA wire transfer)...
@Mer__edith yet @signalapp still demands #PII and refuses to pull out of the #USA putting it's users at risk as per #CloudAct.
Mysterious Database of 184 Million Records Exposes Vast Array of #Login #Credentials
#pii #security #privacy
https://www.wired.com/story/mysterious-database-logins-governments-social-media/
For the last few weeks, I've been getting frequent #ThreeRings tech support calls to my personal mobile number. We don't offer phone-based tech support, so this was a bit of a surprise, and although I don't mind the odd one, this seemed like a significant ramping-up.
So I asked one of them where they found my number, and they said it came up when they did a #Google search for "Three Rings login".
Turns out they were right. Google had the phone number I gave them... four years ago?... for identity verification. But then a few weeks ago they randomly started serving it to people who searched for Three Rings!
I was able to remove it from #GoogleBusinessProfile, where they admitted that they modified it, but I'm yet to receive any kind of explanation.
Full story: https://danq.me/2025/05/21/google-shared-my-phone-number/
Is Node.js the future of backend development, or just a beautifully wrapped grenade?
Lately, I see more and more backend systems, yes, even monoliths, built entirely in Node.js, sometimes with server-side rendering layered on top. These are not toy projects. These are services touching sensitive PII data, sometimes in regulated industries.
When I first used Node.js years ago, I remember:
• Security concepts were… let’s say aspirational.
• Licensing hell due to questionable npm dependencies.
• Tests were flaky, with mocking turning into dark rituals.
• Behavior of libraries changed weekly like socks, but more dangerous.
• Internet required to run a “local” build. How comforting.
Even with TypeScript, it all melts back into JavaScript at runtime, a language so flexible it can hang itself.
Sure, SSR and monoliths can simplify architecture. But they also widen the attack surface, especially when:
• The backend is non-compiled.
• Every endpoint is a potential open door.
• The system needs Node + a fleet of dependencies + a container + prayer just to run.
Compare that to a compiled, stateless binary that:
• Runs in a scratch container.
• Requires zero runtime dependencies.
• Has encryption at rest, in transit, and ideally per-user.
• Can be observed, scaled, audited, stateless and destroyed with precision.
I’ve shipped frontends that are static, CDN-delivered, secure by design, and light enough to fit on a floppy disk. By running them with Node, I’m loading gigabytes of unknown tooling to render “Hello, user”.
So I wonder:
Is this the future? Or am I just… old?
Are we replacing mature, scalable architectures with serverless spaghetti and 12-factor mayhem because “it works on Vercel”?
Tell me how you build secure, observable, compliant systems in Node.js.
Genuinely curious.
Mildly terrified and maybe old.
@debby @monocles @Stuxhost well, @delta / #deltaChat is not using #XMPP+#OMEMO (unlike #monoclesChat & #gajim) but #PGP/MIME on regular #eMail, which makes it way easier to setup in organizations as "nit yet another server needed" and also easier to comply with mandatory #archival laws in #business use-cases.
#Session & #Signal, like #Telegram & #WhatsApp, do not have their #backend opensourced nor allow #SelfHosting and demand #PII like #PhoneNumbers for registration if not useage for no valid reason. Plus they are not just able but obviously willing to snitch on their users (something neither DeltaChat nor monocles chat demand or even can as both do 100% #SelfCustody of all the keys!)
As for #sustainability, monocles is financed by #subscribers (they charge like €2 p.m. for mail & chat) and they can be paid completely anonymously (#Monero & #CashByMail!), whereas #Signal is a #MoneyBurningParty which engages in #Shitcoin-#Scams (see #MobileCoin!) for no valid reason…
Nachdem ich nicht nur eine (und viele andere auch!) #Dystopie 1) sondern über ein Dutzend Realität werden sehe, und keiner weiss, was übermorgen in der Retrospektive verboten sein wird (#GreatFirewallOfChina, #Palantir, Massenausweisungen von ausländischen Studenten durch #USgov, usw.), halte ich es für extrem gefährlich, #BigTech aus #China oder den #USA #PII oder #Metadaten...
Meta (Facebook & Instagram) has introduced a new model for managing personal information in Europe: let us take your personal information and use it or else pay a subscription fee.
#DOGE Is Just Getting Warmed Up
DOGE has tapped into some of the most sensitive and valuable data in the world. Now it’s starting to put it to work.
#pii #privacy
https://www.wired.com/story/doge-is-just-getting-warmed-up-data-immigration/
Why you should use full-disk encryption
If any of the arguments I make below apply to you, you should use full-disk encryption. I am pretty sure the first argument applies to everyone. The second argument applies at least to everyone in the EU and the US state of California. The third argument applies to everyone again.
You will fail to delete drives properly
Storage media get lost. Most people do not know how to properly delete hard disk content before selling them, or they forget it. In the case of flash drives, or SSDs, standard tools like shred
don't work. hdparm
may do the trick, but this is not well known. If you are lucky, the manufacturer of you SSH provides a Windows app that lets you delete it securely. Your server does not run on Windows of course.
The law demands it
#GDPR and similar data protection and privacy laws require you to store no #PII (personal data) permanently. You have to anonymize PII or delete it after a few weeks. IP addresses are PII. All servers store IP addresses by default. The GDPR also demands that you use state-of-the-art technology to protect sensitive data. Full disk encryption is the state of the art.
Law enforcement makes "mistakes"
I'm a board member of @Artikel5eV, an organisation that runs relays on the Tor network, including exit relays. Running Tor relays is perfectly legal in Germany. Nevertheless, law enforcement agencies have raided the homes of Artikel 5 e.V. board members twice. Illegally so, as a court confirmed recently. I won't run Tor relays in my home, but there is a good chance that my home will be raided one day unless all police officers and prosecutors decide to obey the law.
There is also a possibility that the rule of law might collapse in your country sooner or later. We are just witnessing it in the USA.
You already mentioned that ordinary thieves can also be a problem.
Encryption is available for free
So what is your case against disk encryption? It is obvious that it alone does not solve all IT security issues, but it is an important building block. #LUKS is reliable free and open-source software for HD encryption. If you are not using Linux, check out #VeraCrypt. The Raspberry Pi 5 comes with hardware acceleration for AES, so there no longer is a noticeable performance penalty for encryption.
What do you have to say, Oracle?
Oracle has reportedly suffered 2 separate breaches exposing thousands of customers‘ PII
@signalapp It's not #disinfo when one points out that you demand #PII aka. #PhoneNumbers from Users and that is literally a architectural vulnerability, alongside your #proprietary & #Centralized #Infrastructure.
Not to mention the lack of @torproject / #Tor support with an #OnionService or the willingness to fulfill #cyberfacist "Embargoes" or shilling a #Shitcoin #Scam named #MobileCoin!
And don't get me started on the #cyberfacism that is #CloudAct.
I may nit have allvthe.evidence yet, but #Signal stenches like #ANØM: #Honeypot-esque!
@signalapp I disagree because your platform is #proprietary, #SingleVendor, #SingleProvider and doesn't allow for #SelfHosting, #SelfCustody of all the Keys and you demand #PII in the form of a #PhoneNumber which can be used.to track users down!