cross-posted from: https://lemmy.world/post/25408170

from @MidnightMan

If you have been wondering what you can do make a meaningful difference, then I may have an answer for you. Urgent action is required to prepare the people of the United States for a fascist government to come into power, and by extension the increasingly likely prospect of a genocide, but I can’t do it alone.

If you are a knowledge addict, data miner, proficient writer, or an otherwise gifted individual, then this may be your calling. We’re going to be doing and learning a lot of cool stuff, but the work is tedious, and it will aid you immensely to be driven either out of passion for learning and personal growth, love of labor, or sheer love for your fellow compatriots. Several self-maintained application servers are being run to assist with operations and collaboration.

If you’re curious or want to learn more, you can contact me at midnightman1234@yahoo.com with a new email for increased compartmentaliation, after which you will receive a reply from my primary email. Our activities are strictly legal, but anonymity on your part is strongly encouraged as a precaution to retaliatory action. Interested parties should not respond to this message over Lemmy.

#####################################################################################

The above message is likely an attempt to collect email addresses of people who might be well meaning. I would strongly advise against communicating with this person for the below reasons.

You cannot encrypt email End to End. It has to be stored in plaintext somewhere.

Yahoo does not offer encrypted email.

You have no idea of who will be emailing you back so there will be no way in which to validate your comms.

If you’re looking to organize you can follow the advice below

For those interested in building networks and organizing folks to get together that’s even better. However it carries some risk so if you’re organizing use E2E comms and if you’re researching use Tor Browser. Better yet use a Tails USB on a coffee shop wifi.

https://www.tomsguide.com/how-to/how-to-use-signal

https://www.torproject.org/download/

https://tails.net/doc/first_steps/index.en.html

And don’t communicate over email, even encrypted email. Email needs to be stored and archived for it to work, often in plaintext so it’s never going to be a secure way to communicate.

For a place to start looking for aid and assistance. If there’s a fridge or book or tool share that’s not there, notify them please so they can update the site.

https://mutualaidhub.org/

If you’re looking for a place to help, look up Food Not Bombs plus whatever city is closest to you.

http://foodnotbombs.net/new_site/volunteer.php

I understand it’s an http site. Don’t sign up for anything that doesn’t pass your vibe check.

If you’d like to help undo all these info purges there’s

https://wiki.archiveteam.org/index.php/ArchiveTeam_Warrior

Most of all, talk to loved ones, build community. We keep us safe. If you’re interested you could start a patrol and disrupt ICE stakeouts.

https://www.immigrantdefenseproject.org/raids/

It’s a marathon not a sprint. Sometimes it’s as easy as doing the dishes. Mutual aid helps your neighbors and helps you.

https://afsc.org/news/how-create-mutual-aid-network

Self care and avoiding burnout is most important. They want us harried and worried and feeling like there’s nothing we can do. Fuck that

  • hendrik@palaver.p3x.deEnglish
    5·
    12 hours ago

    Where is this from, a post or a DM? I mean it’s usually a good idea not to trust someone just because they’re pushing your buttons in the right way and offer you exactly what you want. Especially not if it’s a fresh account with almost no history.

    But I don’t think you can say it’s fraudulent. May be a genuine attempt. Or something fishy, idk.

    I’d advise to be a bit more open and transparent anyways. I’m not sure whether we need a secret underground society organizing the resistance at this point. And you’re excluding people if you make it super secretive, invite only, everyone needs to jump through hoops and do some initiation ritual… Why not anonymously discuss our options in the open? So everyone can participate? I’d say this definitely feels a bit like someone is luring me into an unmarked van. And yeah, it’s a bit questionable whether they have ice cream in there…

    • horse_battery_staple@lemmy.worldOP
      7·
      12 hours ago

      Agreed. It’s a DM he’s spammed out. He’s a 22 hour old account and already has two banned comments the other comment is referencing how to bypass security… Smells like a right wing script kiddy looking for targets. I’m not a mod on You Should Know but before he knew about it, my post had 7 upvotes, now it’s sitting at -5 over there.

      Either way, Email is plain text so any cryptographic elements shared there are already compromised. I have to go do other things. Just wanted to make sure the community here was aware.

      • MelodiousFunk@slrpnk.net
        4·
        8 hours ago

        I’m not a mod on You Should Know but before he knew about it, my post had 7 upvotes, now it’s sitting at -5 over there.

        It’s only gotten worse. Who knows how much of that is concerted vs standard dogpiling. Suspicious as all fuck. Thank you for the heads up.

        • horse_battery_staple@lemmy.worldOP
          4·
          8 hours ago

          I think I was wrong about PGP signed emails and the Internet did what the Internet does lol

          However no one should be contacting you out of the blue and asking for an initial point of contact to be in an unencrypted means.

      • hendrik@palaver.p3x.deEnglish
        6·
        12 hours ago

        Email this or that, it doesn’t really matter. Telling people to switch platforms to be “a bit more private” is exactly how grooming works, online fraud works… I think that should trigger the alarm bells, not the way email works.

        I’m not judging the intentions of MidnightMan. But i think he should do it here, where we can all watch and take care of each other. That is if it’s honest.

        • horse_battery_staple@lemmy.worldOP
          4·
          9 hours ago

          You’re absolutely correct. Also I’m not saying that MidnightMan is trying to do anything nefarious, only that they’re going about it in a strange and concerning way.

    • horse_battery_staple@lemmy.worldOP
      3·
      12 hours ago

      Agreed, you’re right, they could share the public key and verify the user on their end. However, it’s on par with sharing notes on paper. Also they verify you with PGP how do you verify them?

          • psyklax@lemmy.dbzer0.com
            5·
            11 hours ago

            That’s wild… how’d he get the email client to send the NTLM hash? That’s the real story, there. If you can remotely pull sensitive files like that, you already own that computer. That’s an email client vuln, not an issue with the method of encryption.

            Actually what is sent is the user’s LAN Manager (LM) or Windows NT LM network authentication challenge response, from which the user’s LM or NT hash can be computed.

            Oh… that’s not good. I’m guessing the client was Outlook. In which case, Outlook had a vuln and that was the issue, not the encryption. Or maybe it was windows itself which was vulnerable.

            I skimmed kind of quick, but it sounds like Kevin used html email to embed something that loaded from a server he owned. That gave him the target IP, he then did some kind of NetBIOS request where windows sent the NTLM challenge response. That was apparently vulnerable to cracking in such a way that revealed the actual NTLM hash of the windows user being emailed. Then THAT hash was crackable to reveal the actual password of the user.

            Not totally sure I read that right, but wow, that is an old ass vuln for windows to still have as late as 2017.