Anøm claimed to offer total security — but claims are worthless without independent verification.

We make some big claims too: we're onion-routed and decentralised with anonymous sign-up.

The difference is, our security audit by @quarkslab@twitter.com proves it.

nytimes.com/2021/06/08/world/a

@session
TL:DR

Better than

being in a 5-eyes country, might still be forced to give out metadata (connections between users) to authorities.

Until there is full decentralization of servers I would still go for or

@jcast @session

Let's say 14 Eyes instead of 5 Eyes, since that jurisdictional issue extends to those countries in most ways as well :)

Finland, Seychelles, Romania, San Marino all have pretty good privacy laws, yet some of them are still listed as 3rd party nations due to their association w/NATO.

Even a business based in a 5 Eyes (perhaps 14 Eyes) country may be subject to compliance with Intelligence agencies even if their physical infrastructure assets are located outside of this sphere.

Security is relative, so the first question one needs to ask is, "What is it that is occurring on the machinery or network that needs to be safeguarded?"

For example, Finland has great privacy laws, but blocking/filtering Pr0n is an option for providers in that country.

Germany (a 14 Eyes nation), is quite strict with software piracy and copyright infringement.

Romania, purportedly has very strong privacy laws and favored by many, but it's also not really a friendly place for pr0n. Romania also rejects EU regulations to the contrary of their own privacy regulations as unlawful.

A lot of people like Switzerland and The Netherlands, but the latter falls squarely within the 9 Eyes layer of the lasagna.

Again, it's important to check the country of registration of the provider too.

I like to examine exactly what it is that the customer does or is looking to do, and then make determinations upon that and other information I have for them.

Most folks having, nothing to worry about other than which country they want their IP addy's originating from for the television programming they're interested in, or perhaps some cryptocurrency accounts or other VoIP or banking activities.

Very few domestic terrorists exist in comparison to folks who are either just paranoid or insist on their right to privacy as a matter of principle, and if I ever had a customer that I found was some kind of terroristic miscreant I would likely save the government the court costs and simply dispatch them to Valhalla myself.
Follow

@tallship @session
Well being centralized makes it extremely easy to systematically gather metadata and gag the service provider.

That is more difficult with small or self hosted provider, or at least it doesn't tend to happen.

The 5 eyes countries are more assiduous and aggressive in this.

@tallship @session
I'm talking about intelligence agencies not sys admins.

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!