On Becky! Internet Mail's GnuPG Plugin

Dieter Frye includestdioh at secmail.pro
Wed Sep 9 13:00:45 CEST 2020

> Unless you live in North Korea or something there are always ways around
> SIM registration laws, though they get expensive depending on where you
> live.
This may have been true at some point in the past, but unfortunately I
failed to secure this type of solution when I had the chance to. Today it
simply isn't viable.

> If you have a trusted US contact you can just have them grab you a
> bunch of Mint Mobile SIMs and have them cooperate with sending you the OTP
> codes during signups, for example.
My trusted contacts, irrespective of the country they reside in, are in
pretty much the same situation as myself, so unfortunately it's no use.

> Or if you are a man of many quatloos,
> you can fly to the U.S. and do the trick here yourself and then fly back
> home and use the accounts.  Once you sign up you change the OTP recovery
> phone number to a VOIP number you control (you'd need to purchase this
> VOIP number anonymously too, there are plenty of ways to do that like
> MySudo, Twillio, etc).   But unless you're doing some really hinky-dinky
> stuff like investigating organized criminals or sending the Guardian
> classified videos of drone strikes on baby kittens, this is mega overkill.
Anything you pay for will inevitably leave a trace unless they're working
with some flavor of digital currency, and on top of that...from MySudo:

"We are committed to working with government agencies if evidence of
illegal activity by a user is brought to our attention. We investigate all
reports where MySudo may have been misused."

They can (and usually do) declare absolutely anything to be "illegal"
these days, and who's going to tell them otherwise? You waste a BLM
terrorist death-threatening you and your family in the midst of your own
property and you're the one committing an illegal act as far as the "law"
of the land is concerned.

Twillio doesn't even let me in...

I appreciate the suggestions but the days of presumption of innocence and
constitutional civil liberties in general are far behind us already.

> Using XP is madness, IMO.  If you're that into rolling your own system why
> in the heck wouldn't you be petting the penguin?  I mean, why would you
> use a fully configurable open source OS or a fully audited secure distro
> based on said open source OS when you could instead use an obsolete
> proprietary OS that's had no security patches in over half a decade?
Because a barebones Posready 2009 installation (which actually received
patches regularly all the way up to 2019) is about as fully configurable
as virtually any Linux/BSD distro out there, and I've also spent the last
9 years or so auditing this particular OS and I know for a fact it is not
compromised in any meaningful way. Think of it as an "ArchWindows" of
sorts that I'm very familiar with.

As for security patches, XP's solely there to provide the file system, the
API and part of the TCP-IP stack; everything else I handle through 3rd
party applications.

In any event, there's quality (and for me, indispensable) Windows software
that doesn't have an equivalent in the OpenBSD world, which's what I use
for pretty much everything else save for my own rig.

> wouldn't even trust XP for airgapping.  If the baddies were really after
> you I'm sure they'd find whatever you've done to harden your XP boxen
> super amusing.   They might even send each other screenshots of your setup
> over Signal while making funny comments.
You bet they would haha.

Actually I have thought of putting it all together into a book, but I
figured no one would care. Guess the craft's dying with me.

More information about the Gnupg-users mailing list