@photovince anyone who doesn't trust a.#centralized, #proprietary #SingleVendor & #SingleProvider solution that demands #PII for no valid reason like @signalapp does!
@photovince anyone who doesn't trust a.#centralized, #proprietary #SingleVendor & #SingleProvider solution that demands #PII for no valid reason like @signalapp does!
@artfulmodder last time I checked @signalapp still demanded #PII in.the form of a #PhoneNumber, still peddled the #MobileCoin #Shitcoin #Scam and didn't move out of the #Cyberfacist #USA despite #CloudAct being nothing new!
They are #centralized #SingleVendor & #SingleProvider and are thus a #SinglePointOfFailure per design!
IMHO "memory tagging" is the least of Signal's problems. To me they stench "#ControlledOpposition" just as hard as #ANØM and incompetence as hard as #EncroChat!
@threemaapp don't buy #proprietary #SingleVendor and/or #SingleProvider either!
@mit_scharf the problem with "threat scenarios" is that they tend to change quickly, non-consensual and without warning.
"#KYC" is the illicit activity! and #Signal acts as a controlled opposition by virtue of being a #proprietary, #centralized, #SingleVendor & #SingleProvider "solution" that subjects itself to a juristiction that has 0 #privacy laws and only #cyberfacism (see #CloudAct ) to boot...
It's just not in the cards TBH!
@martinsteiger Welche?
Weil ich sehe nur #PGP & #OMEMO in Benutzung...
Aber vielleicht sind jene Personen naiv genug #proprietär|en #SingleVendor & #SingleProvider - Lösungen auf den Leim zu gehen?
https://infosec.space/@kkarhan/114701389295661772
infosec.space/@kkarhan/114697690127511140
@pascal_f @kuketzblog @forthy42 @ulrichkelber
Eben! Ich betrachte es ferner als naiv angesichts #CloudAct, Anbietern proprietärer #SingleVendor / #SingleProvider-"Lösungen" wie @signalapp das vertrauen zu schenken!
Gerade weil #ITsec, #InfoSec, #OpSec & #ComSec zusammenhängen und nur zusammen funktionieren...
Let it go, already. No one uses MobileCoin. You can’t even find an exchange to buy it.
Then why does @signalapp still have that shit in it? @Mer__edith could've pulled that #Shitcoin yet refuses to do do!
The Cloud Act is a non-issue. Signal doesn’t have data on users, so they can’t be forced to disclose it.
That's literally wrong!
It’s been 30 years, and no one uses xmpp. Let it go.
Wrong again. Otherwise there wouldn't be thriving ecosystems and Apps to this day. It's just that corporate shills refuse to acknowledge that Signal - like all centralized, proprietary, #SingleVendor and/or #SingleProvider kessengers before and after - will inevitably die as their business model is not sustainable. Sake with #ICQ really. The only exceptions are those that abolish #privacy for #profit, integrate actually working payments or sellout to a #cyberfacist #government (all those apply to #WeChat!)
It’s shocking that people who claim to care about security and privacy push niche apps with terrible UX and no PFS like Delta or XMPP instead of the only private messenger with any real market share, Signal.
You know what's shocking to me: People who are unable or rather unwilling.to acknowledge that Signal is garbage and it's requirement for a #PhoneNumber kills any #privacy benefits it may have on paper by virtue of being at best pseudonymous (assuming the userd don't live in a juristiction that demands "#KYC" for even prepaid #SIM cards (ime. #Germany) or god forbid even #IMEI|s (i.e. #Turkey has a literal allowlist that'll kick any device off it's MNOs after 90 days within 365 days.
I'd rather help people onboard #XMPP+#OMEMO like @monocles and/or @gajim or #PGP/MIME like @delta & @thunderbird (incl. setting them up with #Orbot / #TorBrowserBundle / @tails_live so their traffic gets through @torproject and doesn't provide any useable IP addresses.
As for #Sustainability, providers like https://monocles.eu finance themselves by subscriptions (starting at €2 p.m.) which people can pay fully anonymous using #CashByMail and #Monero on top of common payment methods (i.e. SEPA wire transfer)...
@sodiboo @tauon @puppygirlhornypost2 @silly I don't think it's much of a "#freedom" on #iOS but rather that the few devices and OS versions in circulation, alongside everyone from #jailbreaker to #malware (espechally #govware #developers) want to crack it open result in way more personnel and money behind it.
Granted @GrapheneOS does limit their support to devices that can comply with their #security standards.
I do wish for both vendors like #Fairphone to up their game and regulators like @EUCommission to actually push for more #transparency, #openness and #LongTermSupport of #Smartphones, because #ManufacturedEwaste like #SOYES, #WiKo, #Unihertz and others that ship #outdated #AndroidDevices and never even a single update are a major problem!
I do have to give #Apple credit where it is due, and that is that #iOS does have consistency and accessibility nailed down very well. Something that they obviously are able being the "#BenevolentDictator" of a #SingleVendor & #SingleProvider - platform.
Maybe one day the folks at @frameworkcomputer acquire Fairphone and decide to bring the same modularity to #Smartphones and get something done that makes it easy to maintain long-term and that even #GrapheneOS are willing to support.
@kuketzblog da widerspreche ich vehement.
Es gibt #proprietär|e #Silos welche qua #SingleVendor & #SingleProvider-Aufbau als #InformationBlackhole agieren (u.a. #WhatsApp, #Signal, #Threema, #Session, #Telegram, #discord, …)
und es gibt #OffeneStandards die #Wahlfreiheit zwischen #Clients, #Plattformen, #Servern und #Providern ermöglichen (u.a. #IRC, #Zulip, #RocketChat, ...) und echte #E2EE mit #SelfCustody aller Schlüssel ermöglichen (u.a. #XMPP+#OMEMO & #PGP/MIME)...
Natürlich steht es Menschen frei irgendeinen großen, zentralisierten Anbieter zu nutzen, nur wird dieser am ehesten zur #Enshittification neigen und mit #PII wie #Telefonnummern entsprechende Begierlichkeiten wecken!
@my_millennium @dbrgn @monocles @gajim Ist trotzdem #zentralisiert (#SingleVendor & #SingleProvider) und damit #proprietär und untauglich, weil gegen #KeckhoffsPrinzip und grundlegende #InfoSec & #ComSec verstoßend!
Still a #centralized, #SingleVendor & #SingleProvider service that snitches on users if it ain't yet another #Honeypot like #ANØM...
@debby #Mumble, #IRC, #XMPP (+OMEMO = @gajim / #monoclesChat) & #Linphone (#SIP / #VoIP) are the better options. #NextcloudTalk also exist and @monocles as well as @Stuxhost offer that.
#Signal and #Session are #proprietary, #centralized, #SingleVendor & #SingleProvider solutions!
And #Matrix is just a shittier #XMPP+#OMEMO. Give @delta / #DeltaChat a try instead.
OfC #JitsiMeet and #WebCall are also great!
@adisonverlice I think that's dangerous disinfo as @torproject actively works against attempts to fingerprint and track #Tor users.
In fact, Tor has been designed with the explicit goal to circumvent #Firewalls and #InternetCensorship methods like #DeepApcketInspection.
As a matter of principle I'd never vouch for any #centralized, #SingleVendor and/or #SingleProvider solution of any kind, including #Session.
@adisonverlice it's not just re: #Governments (tho #Project2025 explicitly endorses unsactioned comms to twart attempts at #FIOA or any #accountability for that matter), but individuals or any organization:
And if #EncroChat got pwned, who's gonna guarantee @signalapp won't if it's actually secure or isn't an #InsideJob like #ANØM.
After all, both #Signal's Organization and key people like @Mer__edith are known to the authorities by more than just their legal name.
After all, Signal can't pull the 5th and refuse to comply!
@bob_zim yeah. Seen it. in the writeup by @micahflee ...
I just hope to find any that ain't #NetLock'd / #SimLock'd to #Verizon and that these support more than #US-#LTE bands...
I just wish @eff wouldn't expect everyone to use #centralized, #SingleVendor & #SingleProvider services like @signalapp in the age of #CloudAct, cuz neither I nor anyone I'd trust would submit #PII to them like a #PhoneNumer as a matter of principle!
@signalapp no it's not.
Being a #centralized, #SingleVendor & #SingleProvider solution subject to #CloudAct makes you inherently vulnerable by your own choice and thus trivial to shutdown compared to real #E2EE with #SelfCustody of all the keys and true #decentralization as well as #SelfHosting (i.e. #PGP/MIME [see @delta / #deltaChat et. al.] and #XMPP+#OMEMO [see @monocles / #monoclesChat et. al.]!)
And don't even get me started on you collecting #PII (espechally #PhoneNumbers) for no valid reason, (thus violating #GDPR & #BDSG)...
But yeah, I'll be patient to shout "#ToldYaSo" to your annoying cult of fanboys!
@signalapp It's not #disinfo when one points out that you demand #PII aka. #PhoneNumbers from Users and that is literally a architectural vulnerability, alongside your #proprietary & #Centralized #Infrastructure.
Not to mention the lack of @torproject / #Tor support with an #OnionService or the willingness to fulfill #cyberfacist "Embargoes" or shilling a #Shitcoin #Scam named #MobileCoin!
And don't get me started on the #cyberfacism that is #CloudAct.
I may nit have allvthe.evidence yet, but #Signal stenches like #ANØM: #Honeypot-esque!
@signalapp I disagree because your platform is #proprietary, #SingleVendor, #SingleProvider and doesn't allow for #SelfHosting, #SelfCustody of all the Keys and you demand #PII in the form of a #PhoneNumber which can be used.to track users down!
@ueeu I think crucial parts is looking at it's components, dependencies, size and for apps permissions.
#ReproduceableBuilds for example are important, so the actually released source code is what people actually get served as basis.
Plus in terms of #security, choose *real #E2EE with #SelfCustody of all the #Keys!
@petersuber except @signalapp is #commervial as in #VVmoneyBurningParty, #centralized, #proprietary, #SingleVendor & #SingleProvider!