if your advice wouldn’t work for a sex worker and activist in an abusive relationship showing up to a #cryptoparty then don’t proffer it from on high to strangers like it’s The Only True Way To Do Security.

because in terms of impact you have as an educator or maker of tools? helping that person is harder but they also need good infosec a lot more than the rich white tech dude who wants a secure way to discuss his android fart app with investors.

@r4v5 TBH I suspect protecting a person in this situation from their ex-partner/their allies in in Northern Europe would be far more of a challenge than dealing with the "shadowy adversaries"of a "state government agency" (who in reality don't actually care any more who is sleeping with who or moral policing since the end of last century, unless this directly affects a major investigation, elected represtanatives) or some of their own paid staff!)

@r4v5 in my experience most white cryptobros will never understand this. but you are correct

@r4v5 This toot needs more buttons for expressing enthusiastic agreement

@r4v5 I agree with you no app is a “magic bullet” before using these apps you should know how they work and why they work this way. Healthy paranoia is good. I’m taking a look at cubes for better security

@r4v5 sorry qubes https://www.qubes-os.org/

@r4v5 there's something there about how both tor and Signal are better the more popular they are. weird network effects (hopefully you don't have to talk everyone into installing another chat app)
but also making it less suspicious that someone's using them, as opposed to all tor traffic being drugs, cp and the occasional activist.

I'm not sure if that's selfishness or not, but it's weird that those made the mantra, and not like, U2F, FDE, or deleting your Facebook.

@cdr @r4v5 It is hard e-fucking-nough to get people to install an app. You remember when Signal and Tor didn't exist? When folks were like 'wtf is HTTPS?' And no one was (still) using GPG?

Sure, we shouldn't get complacent. But, like, what the hell do you want from me?

@teslas_moustache

Oh sure, use Signal, and (carefully, under some situations) use tor. I was just speculating on why that became the security advice meme.

@teslas_moustache @cdr

it comes down to understanding the threat models of people you advise. Most would benefit more from a password manager (or notebook) than signal at the moment. their biggest digital threat is not censorship or interception but rather password reuse.

a walkthrough of the way their browser of choice, whatever it is, behaves when going to their bank’s website versus a phishing site.

this is “meet them where they are.”

@cdr @teslas_moustache to clarify, this post was made in the context of folks providing advice to others, either solicited via things like cryptoparties, or unsolicited, like being a rando showing up in someone’s mentions to say they should use pgp to do ...whatever they think pgp is good at

i’ve been doing these kinds of trainings for years and unless you start from a discussion of threat modeling, you’re not helping, just showcasing apps.