Notes | Brutkey

Tommaso Gagliardoni
@tomgag@infosec.exchange

Commerzbank (one of the largest German banks) just banned GrapheneOS:

https://discuss.grapheneos.org/d/28440-commerzbank-one-of-the-largest-german-banks-bans-grapheneos

There is literally zero reason why banking apps shouldn't work on GrapheneOS, and yet so many European financial institutions prefer to rely on the security assurances of megacorporations controlled by a foreign country.

At least I hope that the current geopolitical madness will contribute to stopping this plague.

#google #android #aosp #grapheneos #lineageos #bigtech #enshittification #security #privacy #digitalsovereignty #usa #eu #europe #politics #germany #commerzbank

Tommaso Gagliardoni
@tomgag@infosec.exchange

Oh, this is so f***ing gold. This post is a juice concentrate of the many reasons why Matrix sucks:

https://yaky.dev/2025-11-30-self-hosting-matrix/

Among others:
> Users cannot be deleted
> This is simply not an option in the API. Server admin can perform a "deactivate" (disable login) and "erase" (remove related data, which claims to be GDPR-compliant) on user accounts, but the accounts themselves stay on the server forever.

LOL.

Here is my take on why you should trash Matrix and use XMPP, or ta least Signal instead:

https://gagliardoni.net/#im_battle_2025

#im #matrix #jabber #xmpp #signal #privacy #security #enshittification #cypherpunk

Tommaso Gagliardoni
@tomgag@infosec.exchange

I just noticed that ioc.exchange warrant canary has been dead since March.

https://ioc.exchange/about

I wonder how meaningful canaries are, especially in the context of platforms like Mastodon. I mean, the bar to keep them alive is pretty high: "never provided any law enforcement organization logs/feed of our customers' content". I would expect these things to be the norm for a social media instance.

#mastodon #canary #security #privacy #iocexchange #lawenforcement

Tommaso Gagliardoni
@tomgag@infosec.exchange

The war on crypto never ends. The war on privacy, civil rights, security and freedom of speech never ends.

This time we are dangerously close to lose. The "Child Sexual Abuse" (CSA) EU regulation proposal, more aptly nicknamed "ChatControl", will be voted AGAIN this October, and many countries who opposed it last year are now undecided. The proposal at its roots aims at allowing authorities to break end-to-end encryption for the usual reason: "because of the children". As a father of two, I am disgusted by this recurring, cheap rhetoric.

What you can do: https://www.patrick-breyer.de/en/posts/chat-control/#WhatYouCanDo

#eu #CSA #CSAM #ChatControl #privacy #security #surveillance #authoritarianism #crypto #cryptography #civilrights

An excerpt from Patrick Breyer's website, stating:

The End of the Privacy of Digital Correspondence

The EU Commission proposes to oblige providers to search all private chats, messages, and emails automatically for suspicious content – generally and indiscriminately. The stated aim: To prosecute child sexual exploitation material (CSEM). The result: Mass surveillance by means of fully automated real-time surveillance of messaging and chats and the end of privacy of digital correspondence.

Other aspects of the proposal include ineffective network blocking, screening of personal cloud storage including private photos, mandatory age verification resulting in the end of anonymous communication, appstore censorship and excluding minors from the digital world.

Tommaso Gagliardoni
@tomgag@infosec.exchange

This made me chuckle.

#debian #humor #ipv6 #y2k38 #hackernews

A screenshot of comments in a conversation on HackerNews