Lmst

@psoutham @Lazarou nodds in agreement…

We need an "anti-#Thiel" strategy (anti-#monopolization) strategy that empowers #OpenSource, #OpenStandards and only accepts #MultiVendor & #MultiProvider solutions that are #FLOSS as well as #SelfHosting capable (both in terms of "reproduceable builds" & auditable code as well as "you can set it ou yourself" & no bullshit setup)…

Because monopolization & #enshittification with #CCSS-#SaaS + #subscriptions is just bad and inherently #AntiUser and #AntiConsumer!

Instead #incentives must be set in terms of i.e. #EU-wide public funds for #DigitalInfrastructure that #rewards FLOSS creation and enshures the #maintenance of said projects.

And if that means they gotta pay thousands or even a million people #FullTimeEquivalent #MinimumWage as per their #juristiction then so be it!

@innocence well, they switched to an #AssholeLicensing model, maing the reference implementation now a worse decision and put the Matrix Protocol in danger.

Whereas @delta / #deltaChat uses #PGP/MIME as an open, #MultiVendor & #MultiProvider standard. Ditto for @monocles / #MonoclesChat & @gajim / #gajim (#XMPP+#OMEMO)…

And yes #AGPLv3 is an asshole license as it is inherently incompatible with a shitton of #IP laws and thus (oftentimes) cannot.be complied with.

Choosing it or #SSPL is meant to #monopolize the market for commercial hosting providers that offer #ManagedHosting of #MatrixChat.

#Matrix #Chat

@soop @Li @meluzzy @tauon bonus points if said corpo is subject to laws that mandate them to integrate #Govware #Backdoors and hand over data...

See #CloudAct: https://en.wikipedia.org/wiki/CLOUD_Act

#TLDR: Only #OpenSource, #MultiVendor & #MultiProvider solutions that one can #SelfHost can be trustworthy at all...

This is why #IRC & #XMPP outlived #ICQ & #Skype and why #Mumble & #JitsiMeet will outlive #discord & #GoogleMeet!

@stman @Sempf @LaF0rge yes.

Because physical SIMs, like any "cryptographic chipcard" (i.e. @nitrokey ) did all that fancy public/private crypto on silicon and unless that was compromizeable (which AFAICT always necessistated physical access to the #SIM, espechally in pre-#OMAPI devices) the SIM wasn't 'cloneable' and the weakest link always had been the #MNO /.#MVNO issueing (may it be through #SocialHacking employees into #SimSwapping or LEAs showng up with a warrant and demanding "#LawfulInterception"):

These "attack vectors" were known and whilst unfixable they could at least be mitigated by i.e. NEVER using a #PhoneNumber for anything and/or using anonymously obtained #SIMs. But more and more services like @signalapp did #regression demanding #PII and more and more nations criminalized #AnonymousSimCards under utterly #cyberfacist & #FalsePretenses!

Add to that the regression in flexibility:

Unlike a #SimCard which was designed as a vendor-independent, #MultiVendor, #MultiProvider, device agnostic unit to facilitate the the #authentification and #encryption in #GSM (and successor standards), #eSIMs act to restrict #DeviceFreedom and #ConsumerChoice, which with shit like #KYC per #IMEI (i.e. #Turkey demands it after 90 days of roaming per year) und #lMEI-based #Allowlisting (see #Australia's shitty #VoLTE + #2G & #3G shutdown!) are just acts to clamp down on #privacy and #security.

And with #EID being unique per #eSIM (like the #IMEI on top!) there's nothing stopping #cyberfacist regimes like "P.R." #China, #Russia, #Iran, ... from banning "#eSIMcards" (#eSIM in SIM card form factor) or entire device prefixes (i.e. all phones that are supported by @GrapheneOS ), as M(V)NOs see the EID used to deploy/activate a profile (obviously they don't want people to activate eSIMs more than once, unless explicitly allowed otherwise.

"[…] [Technologies] must always be evaluated for their ability to oppress. […]

Dan Olson

And now you know why I consider a #smartphone with eSIM instead of two SIM slots not as a real #DualSIM device because it restricts my ability to freely move devices.

And whilst German Courts reaffirmed §77 TKG (Telco Law)'s mandate to letting people choose their devices freely, (by declarong #fees for reissue of eSIMs illegal) that is only enforceable towards M(V)NOs who are in #Germany, so 'good luck' trying to enforce that against some overseas roaming provider.

Thus #Impersonation attacks in GSM-based networks are easier than ever before which in the age of more skilled than ever #Cybercriminals and #Cyberterrorists (i.e. #NSA & #Roskomnadnozr) puts espechally the average #TechIlliterate User at risk.

I mean, anyone else remember the #Kiddies that fucked around with #CIA director #Brennan? Those were just using their "weapons-grade #boredom", not being effective, for-profit cyber criminals!

And then think about those who don't have privilegued access to protection by their government, but rather "privilegued access" to prosecution by the state because their very existance is criminalized...

The only advantage eSIMs broight in contrast is 'logistical' convenience because it's mostly a #QRcode and that's just a way to avoid typos on a cryptic #LocalProfileAgent link.

@action_jay everything that isn't a fully #OpenSource'd #OpenStandard with #MultiVendor & #MultiProvider support.

That's why @delta (#PGP/MIME) & @monocles / @gajim (#XMPP+#OMEMO) are superior to @signalapp , because that can be easily cracked down on due to #CloudAct, whereas truly #decentralized systems have #SelfCustody so they can't be taken down effectively.

Bonus points if they support @torproject / #Tor, cuz that makes it harder for "state-sponsored" (or rather state-endorsed/governmental attackers) to block or sabotage it (#OnionServices are harder to take down!)

@threemaapp don't buy #proprietary #SingleVendor and/or #SingleProvider either!

Use only #secure = #OpenSource #OpenStandards that hare #MultiVendor & #MultiProvider, like #XMPP+#OMEMO & #PGP/MIME!

@ckrypto if@signalapp@mastodon.world wasn't complying with #CloudAct, @Mer__edith would be in jail.

Not to mention even if Signal keeps their "#OpenSource" code updated - which is doubtful, NOONE can actually #verify that it's the code you actually use - regardless if #backend / #Server or #client / #App!

#Signal is as secure as #ANØM, otherwise it would've been shutdown ages ago.

Also if Signal was designed for #security, it would've been #decentralized as #XMPP+#OMEMO and not demand #PII like #PhoneNumbers which oftentimes cannot be obtained anonymously in many juristictions at all!

Only #MultiVendor & #MultiProvider standards can be secure, regardless if OMEMO or #PGP/MIME.

By comparison, @delta doesn't require any PII, only an #eMail account, and @monocles isn't a #VCmoneyBurningParty but sustainable due to #subscription and they don't even require any personal details for #payment: #CashByMail and #Monero are accepted.

Not to mention neither #DeltaChat nor #monoclesChat are pandering #Shitcoin #Scams like #MobileCoin that don't work even for #TechLiterate #CryptoBros!

Again: It's Signal alone who have to evidence they are trustworthy, and all I get are "#TrustMeBro!" replies, which means they are not to be trusted.

Not to mention, it's just not sustainable to run a #service without #revenue, even if it's run entirely by unpaid volunteers and gets all it's #hosting and #costs donated, someone has to pay for expenses due to #abuse of a service (which is an inevitability come mass adoption)...

Whereas with #XMPP I can completely setup my own server and client, even build my own if I don't trust anyone else and pay someone to audit the code.

Signal as a #centralized, #SingleVendor & #SingleProvider service is inevitable vulnerable to #RubberhoseCryptoanalysis, and #Meredith will break if not doing so means jail for life until she does!

Whereas with XMPP & PGP/MIME #eMail I can layer @torproject / #Tor over it, make it an #OnionService and keep that thing under my bed with a literal killswitch...

@notjustbikes precisely!

Only #OpenSource & #OpenStandards can yield #MultiVendor & #MultiProvider systems necessary to prevent #monopolies and #oligopolies and enshure #ITsec, #InfoSec, #OpSec & #ComSec, thus being able to comply with #NatSec & #IntlSec demands.

Guess why #NORAD runs #BusyBox / #Linux?

Because they demand every single line of code to be audited MANUALLY!

@delta also the whole "BuT #mEtAdAtA?" Discussion is completely blown out of proportions by #Signal fanboys.

Whereas #deltaChat and #XMPP+#OMEMO are truly #decentralized, #MultiVendor & #MultiProvider #OpenStandards that allow for full #SelfCustody off all the keys and comms.

In fact, I'm convinced someone already made a #delta #chat #server as an #OnionService over @torproject / #Tor just for the lulz.

The biggest Advantage for Delta Chat is that it doesn't require yet another server but instead just uses #IMAP + #SMTP and can even be integrated in #corporate communications that require #archival and #indexing by merely feeding the private keys to said #eMail archival software [i.e. #benno #MailArchiv], which makes it possible to comply with regulations like #GoBD & #HGB where applicable.

Not that this is something the average user encounters, but it is a big bonus for larger organizations!

@cwebber personally, I think it's most important to have #MultiVendor & #MultiProvider, #OpenStandards that allow for #SelfHosting and a thriving ecosystem.

i.e. #XMPP+#OMEMO works fine over @torproject / #Tor and that means both #Clients like @gajim / #gajim & @monocles / #monocles as well as #Servers...

Plus it allows for #SelfCustody of all the keys!

@compl4xx @Layer8 @nick @kuketzblog @marcel @mspro

EXAKT DAS!

Meine Rede...

Oder um es einfach zu erklären: Warum gibt es #HTTP(S) & #HTML sowie #eMail ( #IMAP & #SMTP) bis heute und keiner nutzt mehr #AOL, #MSN, #ICQ?

Weil nur #OffeneStandards als #MultiVendor & #MultiProvider - Lösung taugen und langfristig überleben können!!!

Wenn @signalapp / #Signal wegen #CloudAct geflipped wird wie #EncroChat, #ANØM & #SkyECC dann stehen Leute alternativlos in der shice ubd die ganzen "Sicherheitsversprechen" lösen sich in "#TrustMeBro!" und #Lügen auf.

Wohingegen selbst wenn @monocles nen Front wäre, es mit #XMPP+#OMEMO & #PGP/MIME (bspw. @delta / #deltaChat) sie Sicherheit sank #SepfCustody gewahrt und mittels @torproject / #Tor zusätzliche Sicherheit implementiert werden kann!

Ich nutze meinen XMPP-Account seit Ewigkeiten und habe drölfzig Clients durch. Aber Kontakte erreichen mich darüber Problemlos!

@dansup well, @signalapp too is #proprietary and #centralized and peddles a #Cryptocurrency #Scamcoin named #MobileCoin:
https://www.youtube.com/watch?v=tJoO2uWrX1M

Use #XMPP+#OMEMO (i.e. @monocles / #monoclesChat & @gajim / #gajim) instead!
https://monocles.social/@monocles/113925173206088469

No #PII (like a #PhoneNumber!) required...
https://docs.monocles.eu/account/account/
Truly #decentralized, #OpenSource, #MultiVendor & #MultiProvider 1 with real #E2EE using #SelfCustody of all the keys!

#Shitcoin #Signal

@delta nodds in agreement

Same with #XMPP+#OMEMO:

Only #decentralized, #MultiVendor & #MultiProvider solutions based off #OpenSource and #OpenStandards...

Because only #decentralized solutions will survive!

@max
To quote you directly:

"[...] easy to use solutions that are at the same time private and secure. [...]"

The fact that @signalapp requires #PII like a #PhoneNumber which more often than not cannot be legally acquired anonymously makes it not #private.

It is easier, faster, cheaper and overall simpler to get someone setup with #XMPP + #OMEMO espechally if they don't have a #PhoneNumber and/or #ID to acquire a #SIM.

And if you go and say, "Just buy a [insert country here] [e]SIM!" and expect #TechIlliterates without a #CreditCard, #PayPal or other means of #OnlinePayment to fiddle around with some #eSIM if not having to get some #eSIMcard because they can only afford to maintain one SIM and can't spend triple-digits on a new devices then you completely missed the point!

I can much faster and easier get TechIlliterates setup show them around - either in a @cryptoparty@mastodon.earth / @cryptoparty@chaos.social / #CryptoParty - style #classroom / #seminar or 1:1 tutoring than I can legally acquire and activate a new SIM in #Germany [since 07/2017]...

It's not that I expect anyone to get #TechLiterate within minutes, but similar to setting up a cordless DECT phone it's something one has to do once in 5 years and just have them put the password in a safe spot to retain...

Point is that #Signal #WontFix their setup and that was evidently clear even before @Mer__edith succeeded #MoxieMarlinspike: Their entire operation has a distinct #CryptoAG stench as it's an #unsustainable #VCmoneyBurning party!

#CloudAct and the #NOBUS hegemony ain't something that just got executed now (neither was #GDPR & #BDSG!)...

A counterexample on how this could've been done are #Tor, #eMail and other truly #OpenSource as in #MultiVendor & #MultiProvider standards.

NOTHING compells Signal to demand PII, run a #Shitcoin #Scam aka. #MobileCoin that even seasoned #TechLiterates and #CryptoBros can't setup properly, and in fact Signal using phone numbers makes it trivial to discriminate against users and easier for them to identify them!
If my reasoning didn't resonate with you, then try helping i.e. undocumented migrants aka. "#SansPapier|s" to get setup with it without violating laws and/or ToS and/or needing an imported SIM which I'm shure most folks don't have on hand!

Whereas it's trivial to get people setup on one of many XMPP servers I've personally tested!

Not to mention clients like @monocles / #monoclesChat and @gajim / #gajim are way more user-friendly and unlike Signal can also work perfectly fine over #Tor, including #OnionServices as endpoints.

AFAIK Signal doesn't even have an #OnionService / .onion for their Website, much less any #API enpoints to use it with!

Them relying on #ClownFlare is just something that makes them even more #sus as there is no legitimate reason to use a #RogueISP like that.

You're free to also provide evidence and supporting data to your arguments, rather then neighsaying against proven to be more secure and reliable [by virtue of decentralization] options like XMPP+OMEMO and/or #PGP/MIME.

What gets my blood boiling is the constant #disinfo by Signal Fanboys like @rysiek who sell it like #DigitalSnakeoil akin to #AntivirusSoftware, because it's at best "#TechPopulism" and at worst will mislead "TechIlliterates" with a false sense of security, which in turn puts more users at risk.

The proper fix is to actually assess the situation and acknowledge the risks and limitations as well as the very nature of communications, which means upgrading later is exponentially more painful, thus getting people properly setup once is way easier.

Just because WE [ or rather @rysiek in this case ] rather privilegued enough to not be hatecrimed in their current location doesn't mean this is the case for everyone. And having places like Signal rely on a "#CDN" is just another red flag to me because questions like this one just don't arise with monocles.chat as people can just exercise proper #SelfCustody and just use Tor!

Speaking of #monocles: That business is at least #sustainable because it's funded by users (€2 p.m.) which they can pay anonymously

@zeank @MastoDenunzianten Auch sind all.dies #Merting-#Versprechen oder auch #Lügen, denn woher soll mensch verifizieren können, dass das was #Threeema behauptet auch stimmt?

Die werden mich das ja nicht persönlich an deren Servern abchecken lassen.

Bei #XMPP+#OMEMO (z.B. @monocles / #monoclesChat & @gajim / #Gajim) & #PGP/MIME (z.B @delta / #DeltaChat) kann ich im Zweifelsfalle #SelfHosting mit nem #RaspberryPi im Kleiderschrank machen.

Egal ob @threemaapp , @signalapp , @simplex , @WhatsApp oder #Pwnagotchi #PwnMail ja, das gibts auch gibt's #zentralisiert|e #Server und damit zentrale Angriffspunkte.

Angriffe auf dezentrale & offene, #MultiVendor & #MultiProvider-Standards funktionieren nicht skalierbar!

@zackwhittaker @kevincollier

Remember:

"#LafulInterception" IS the #IllicitActivity!
"#KYC" IS the #IllicitAction!
#Logging IS an act of #Espionage!
#DoNotTrustAnyone - not even me!
Only Soluti ons that allow #SelfCustody of all the Keys & #SelfHosting are truly #E2EE!
Only truly #decentralized, #MultiVendor & #MultiProvider Solutions with true #EndToEndEncryption are secure!
#CloudAct IS the assault on your freedom too!
Use @torproject / #Tor for EVERYTHING!
Use #XMPP+#OMEMO & #PGP/MIME for all your Comms!
Use #Monero instead of #PayPal!

The only way we can prevent a #Cyberfacist #dystopia is to make it impossible!

@ai6yr people need to fucking learn proper #InfoSec, #OpSec, #CkmSec & #ITsec and that means learning to proper use #XMPP+#OMEMO & #PGP/MIME.

#Lazyness is not an excuse!

@tails_live / @tails / #Tails exists. @gajim / #Gajim exists. @monocles / #monoclesChat exists. @delta / #deltaChat exists. @thunderbird / #Thunderbird exists. @cryptoparty@mastodon.earth / @cryptoparty@chaos.social / #CryptoParties exist.
#Documentation in writing and videos exist.

Only #SelfHosting-capable, #MultiVendor & #MultiProvider solutions that implement proper #E2EE & offer you #SelfCustody of all the keys can be considered #secure.
Everyone who demands #PII like #PhoneNumbers, including @signalapp, must be seen as inherently insecure by design - espechally when they are subject to #CloudAct!

@doerk the problem is that we accept #TechIlliterates just regurgitating #MarketingLies of #NSAbook et. al.

Unless something is completely #decentralized as a #MultiVendor & #MultiProvider solution like #XMPP+#OMEMO then it's trivial to force #Govware inside.

Or does anyone believe @signalapp 's @Mer__edith would protect any user if that means she'd be in jail for the rest of her life?

Cuz whoever believes that really huffed too much Copium amidst #CloudAct existing and precedents existing!

1
2
3

@delta TBH, I think that #deltaChat, alongside @monocles / #monoclesChat is one of the few real #E2EE #Chat & #Messaging solutions (which allow for full #SelfCustody of keys as well as being based on #OpenStandards for a #MultiVendor & #MultiProvider ecosystem) and even out-of-band verification and key exchange...

The main difference is that deltaChat implements #PGP/MIME on #IMAP+#SMTP, which may be easier to setup in some cases and also offer an easy pipeline to archival requirements in #business setups whilst #monocles chat uses #XMPP+#OMEMO first and supports PGP/MIME as a secondary option, making it a good option in individual setups...

Needless to say both support using @torproject / #Tor via #Orbot and thus connecting to an #OnionService or just anonymously connecting to the server one personally chooses...

So unless a provider explicitly bans Tor proactively, they'll work just fine.

The advantage of XMPP is that it also allows for calls, whereas I've to see how one can do Group Chats on deltaChat at all...

#MultiProvider

Client Info