@Fusel @BenBen nicht wirklich...

• Keine "#SelfCustody" im Sinne eines Kryptosystems!

@Lioh +9001%

The only secure solution is to exercise #SelfCustody of all the keys!

• Which is why I hint at @monocles #monoclesMail & #monoclesChat as using #PGP/MIME & #XMPP+#OMEMO and clients like theirs or others like @gajim & @thunderbird makes it impossible for them to decrypt any comms.

@silhouette @richi @signalapp @torproject

1. You completely miss the points! There is no "#TechnicalNecessity" to demand #PII like a #PhoneNumber - espechally for a "#privacy"-focussed messenger!

2. & 3. #Signal is able and willing to comply with #Cyberfacism and pushing a #Shitcoin (#MobileCoin) makes it trivial to criminalize the App for "illegal & unregilated banking". If #Moxie or @Mer__edith cared they'd yeet that thing (or didn't even integrate it to begin with!) to avoid the attention. And yes Signal does restrict the App functionality when using a phone number from #Russia & #Iran (among other nations), thus affecting not only those in need of safe comms but by sending a verification code to them, earmarking them for police & intelligence. Which bings.me to the 1st agrument.

4. #Tor has a stellar record in terms of stability, integrity and censorship circumvention. DIY'ing something instead if following almost two decades of solid progress is absurd and violates "don't roll your own crypto" as a rule!

5. Only with #SelfCustody can you protect your own data. Or do you really expect Staff from Signal to not talk when facing lifetime in jail? If they have the keys, they can decrypt it, thus their #E2EE is just a "#TrustMeBro!" concept. I mean, what prevents them from being forced into backdooring all comms to @icij as per #NSL? Any "guarantee" without self-custody is worthless by virtue of being unenforceable!

Signal pushing #TechPopulism instead of teaching folks that their #ComSec is worth diddly-piss wothout.#OpSec, #InfoSec & #ITsec is dangerous!

• And yes claiming "JuSt UsE sIgNaL!" is dangerous in the era of #Trump's #cyberfacist regime acting as it does (like with the #ICC)!

Not to mention there are better options that don't do that shite (i.e. demand PII) and just work. @monocles / #monoclesChat & @delta / #deltaChat for example can adapt way better to said risks and ain't run by a #VCmoneyBurningParty!

@mzedp @PhoenixSerenity yeah, people who do #Cryptocurrency but can't be assed to do #SelfCustody (as in #PaperWallet in a safe kinda thing!) are just greedy n0obs horny for money...

@richi Except @signalapp is not "#Privacy-first" cuz if #Signal did, they'd not.demand #PII (#PhoneNumber) nor remain in the #USA (#CloudAct) nor peddle #Shitcoin-#Scams (#MobileCoin) and put their tech on @torproject / #Tor and fully #decentralized.with 100% #SelfCustody of all the keys!

@kuketzblog da widerspreche ich vehement.

Es gibt #proprietär|e #Silos welche qua #SingleVendor & #SingleProvider-Aufbau als #InformationBlackhole agieren (u.a. #WhatsApp, #Signal, #Threema, #Session, #Telegram, #discord, …)

und es gibt #OffeneStandards die #Wahlfreiheit zwischen #Clients, #Plattformen, #Servern und #Providern ermöglichen (u.a. #IRC, #Zulip, #RocketChat, ...) und echte #E2EE mit #SelfCustody aller Schlüssel ermöglichen (u.a. #XMPP+#OMEMO & #PGP/MIME)...

Natürlich steht es Menschen frei irgendeinen großen, zentralisierten Anbieter zu nutzen, nur wird dieser am ehesten zur #Enshittification neigen und mit #PII wie #Telefonnummern entsprechende Begierlichkeiten wecken!

@my_millennium danke, aber ich setzt auf #XMPP+#OMEMO weil das ist anbieterunabhängig und anders als #Threema mit #SelfCustody aller Keys und damit echtes #E2EE!

• U.a. mit @monocles / #monoclesChat & @gajim !

@Linux there are 3 big options you forgot that I know of which too ain't under #Cloudact aka. have no subsidiary/office/parent company in the #USA:

• @monocles (email, messaging, managed #nextcloud hosting)
• @Stuxhost (eMail & @nextcloud )
• @nitrokey (a better alternative to @yubico / #Yubikey)

And for #PasswordManagers, there's also #Enpass for those that don't like #KeePassXC / #KeepPassDX / #KeePass and for organizations there's even #Passbolt as a centrally manageable solution. All of these allow #SelfCustody & #SelfHosting on-premise.

@debby @monocles @Stuxhost well, @delta / #deltaChat is not using #XMPP+#OMEMO (unlike #monoclesChat & #gajim) but #PGP/MIME on regular #eMail, which makes it way easier to setup in organizations as not "yet another server needed" and also easier to comply with mandatory #archival laws in #business use-cases.

• #Session & #Signal, like #Telegram & #WhatsApp, do not have their #backend #opensource|d nor allow #SelfHosting and demand #PII like #PhoneNumbers for registration if not useage for no valid reason. Plus they are not just able but obviously willing to snitch on their users (something neither DeltaChat nor monocles chat demand or even can as both do 100% #SelfCustody of all the keys!)

• As for #sustainability, monocles is financed by #subscribers (they charge like €2 p.m. for mail & chat) and they can be paid completely anonymously (#Monero & #CashByMail!), whereas #Signal is a #MoneyBurningParty which engages in #Shitcoin-#Scams (see #MobileCoin!) for no valid reason…

@Sascha tja, besser bei #XMPP+#OMEMO bleiben, denn nur echte #E2EE mit #SelfCustody aller Schlüssel ist sicher!

@dave_andersen even @signalapp has to comply with #CloudAct.

• And we can be very shure they did simply because it's a statistical inevitability by the sheer amount of users they have…

Only real #E2EE (= #SelfHosting-capable with #SelfCustody of all the keys) can be considered safe.

• Demanding #PII like #PhoneNumbers is #KYC, and KYC is the illicit activity!