@Mer__edith No.

The fact that @signalapp CHOSE to host the most expensive way possible at a #US military contrator and in spittibgbditance to #CIA & #NSA is so deliberate, it makes #ANØM aka. #OperationIronside aka. #OperationTrojanShield professional by comparison for taking the time and effort to setup shell companies and servers in #Lithuania.

Or to ask bluntly: What Guarantees are there to prevent the #Trump Regime from taking down #Signal once it outlived it's usefulness at skirting #SubshineLaws and #Accountability and #Recordkeeping laws?

• Even if we assume you and all the coders are willing to "choose death over surrendering the keys" or implementing #Govware #Backdoors (which are wholly unnecessary with you demanding #PII like #PhoneNumbers and #Room641A-Style equipment doing the whole #metadata shit)…

If you don't own and physically control the hardware it's run on, the mere existance of #Signal depends on the goodwill of #JeffBezos!

@laprice pressing X for doubt cuz @signalapp does have #ToS and obviously both the ability and willingness if not being legally mandated to close down accounts - regardless if a "duely issued warrant" or #CloudAct.

• Neither @Mer__edith nor #Moxie nor anyone else at #Signal is gonna risk jailtime protecting others given that unlike Mafia 'scapegoats' they don't get paid for shutting up and serving time.

Signal being abused is a statistical inevitability and it's one thing to claim to not know the contents vs. knowingly ignoring abuse complaints.

• Cuz #OCILLA only covers their ass legally until the point they get to know certain abuses. After that (+ a certain grace period for duely investigating validity) that doesn't apply anymore.

#NotLegalAdvice but given Signal is located in the #USA and thus falling under #US juristiction, I'd only consider the non-reaction as either 'knowingly supporting' or 'being ordered by a judge to not interfere in ongoing investigations'…

• And whether or not Signal is yet another #ANØM / #OperationIronside / #OperationTrøjanShield - style #Honeypot or just criminally stupid is up to speculation at this point.

But remember: #WhatYouAllowIsWhatWillContinue and Signals #centralized, #proprietary, #SingleVendor & #SingleProvider approach vs. #decentralized (#XMPP+#OMEMO) or #SelfHosting (#OnionShare) will be their downfall - besides hosting at the most expensive provider (#aws) in spitting distance to #CIA & #NSA HQs (#aws_us_east_1) that isn't an outright scam-hoster!

Obviously, this is not #disinformation given the #facts and circumstantial evidence.

• TELL ME WHERE I'M WRONG!

• #useast1 is in VA, USA. That's very close to #CIA and #NSA and if you think otherwise, buy yourself a fucking map!
• @signalapp collects #PII in the form of #PhoneNumbers and stores them.
• Without the #US #Government's blessing they'd not merely restrict their #MobileCoin - #Shitcoin availability but be forced to not allow users from #Cuba, #Iran, #Russia and #NorthKorea to even sign up.
• #SIgnal almost certainly has been abused by bad actors (i.e. organized crime) by mere statistical inevitability and being forced to comply with duely issued warrants and other legislation (i.e. #CloudAct) or otherwise everyone from C-level down to developer would've faced jailtime until they complied.
• #Centralization of Signal isn't excuseable as stupidity or malpractise!
• The #FBI has pulled off bigger stings (i.e. #ANØM / #OperationIronside / #OperationTrøjanShield)...

I do expect the reinstatement of my original post!

@cartocalypse @sigmasternchen @pallenberg Gibt zuviele Indizien:

#PII wie #Rufnummer wird abgefragt; Geolokation bzw. Service-Beschränkungen aufgrund dessen erfolgen

• Dienst ist nicht per-se für Nutzer aus #Embargo-Staaten (#ITAR) wie #Kuba, #Iran, #Russland, #Nordkorea, ... gesperrt, was #Sondergenemigung durch #US-Regierung bedarf!

Aus den #USA = #CloudAct greift

• #AWS = #GAFAMs als #Hosting
• Das genutzte Datacenter ist in Spuckweite zu #CIA & #NSA
• Absichtlich #zentralisiert als #SingleVendor & #SingleProvider Lösung.

Struktur und Setup ähnelt #ANØM und "Ausfälle" erinnern an #EncroChat .

• Und diverse weitere Ungereihmtheiten wie Kamerazugriff um es am #PC zu nutzen.
• Keine #SelfCustody und kein #SelfHosting möglich.

Wenn @signalapp so sicher wäre wie beworben dann wären #Moxie und @Mer__edith seit Jahren in #Beugehaft wegen #Missbrauch durch Nutzer*innen.

• Ich kann die ganze Woche weiter machen, aber die Tatsache dass #Signal durch ein AWS-#Datacenter down geht zeugt von schlampiger Infrastruktur und Mehr Geld als Verstand!

Jedenfalls ist es kein deut besser als #CryptoAG - technisch sogar schlechter denn letztere versuchte wenigstens nicht dauerhaft Kritiker*innen zu gaslighten sondern wurde in der #Schweiz hinter ne #Tarnfirma gepackt.

• Wenn #Signal sicher wäre, würde es wie #OnionShare und #XMPP+#OMEMO #dezentral, (über @torproject / #Tor) und #SelfHosting - fähig sein.

Es stinkt jedenfalls wie #OperationIronside aka. #OperationTrøjanShield!

@pixelcode @taylan Your nonchalant "So what?" gets people publicly murdered by the state in many juristictions...

• Which is why there is no substitute to teaching proper #TechLiteracy ffs!

If things were so easy as in "JuSt UsE sIgNaL!" then @signalapp would be shut down.

• Or do you really think that in a world where multi-year long sting ops like #ANØM / #OperationIronside / #OperationTrøjanShield get greenlit that @Mer__edith would risk dying of old age in jail for non-paying users?

If you do think so then you should really get some professional help, cuz you seem rather lost...

• #Signal doesn't even bother to have an #OnionService, much less to provide means to use their service without self-doxxing with a #PhoneNumber, which at best is pseudonymous and requires money to attain and maintain...

It's #centralization is an absolute nightmare and mist be deemed as criminally neglectful!

@Zoll wisst ihr was deutlich effektiver wäre?

Wenn das Zeug #legal kontrolliert abgegeben würde (bspw. #Apotheke) denn dann würden die Leute sich nicht Dreck reinkloppen sondern sauberen Stoff haben und #OrganisierteKriminalität ginge leer aus.

Cc: @Bundesregierung @bmg@social.bund.de

• Weil anders ist der "#Drogenkrieg" nicht gewinnbar!

Apropos "Hinweise aus dem Ausland", wird interessant wie das so #rechtstaatlich aussieht...

• Siehe #EncroChat & #ANØM / #operationIronside / #OperationTrøjanShield…

@sparfindig @silvan @nakal @kuketzblog

Nehmt mich raus - es ist sinnlos mit digitalen Flacherdlern zu diskutieren...

Die Leute von der #CryptoAG vertrauten auch sich selbst...

https://www.youtube.com/watch?v=jagiJ9YAqto
https://www.youtube.com/watch?v=VWImO1Qz4Zo
https://www.youtube.com/watch?v=pOkNrvB63pc

Und die Leute bei #ANØM verkauften sich auch als absolut sicher....

• Weil #OperationIronside / #OperationTrøjanShield dahinter stand.

https://www.youtube.com/watch?v=qq9wnMXvgOc
https://www.youtube.com/watch?v=f6FRIDG8TPY

@mortn @kyleirl @Andres@mastodon.hardcoredevs.com @spycrab @shipwreckt @Mer__edith

#FACT:

• @signalapp / #Signal is subject to #CloudAct and thus inherently incompatible with #GDPR & #BDSG!

• Signal demands #PII in the form of a #PhoneNumber!

• Signal to this day peddles a #Shitcoin named #MobileCoin!

• If Signal didn't have a #Govware #Backdoor, it would've been banned and shut down just like #EncroChat and #SkyECC.

• Signal is as secure as #ANØM aka. #OperationIronside aka. #OperationTrøjanShield and #CryptoAG aka. #MINEROVA aka. #Rubikon.

#ToldYaSo guys!

#ProTip: Use #XMPP+#OMEMO!
https://infosec.space/@kkarhan/113932376762056036

@sylv_a personally, I'd recommend #XMPP+#OMEMO (and #PGP/MIME - encrypted #eMail) for real #E2EE with #SelfCustody of Keys as well as actual #decentralization.

• All #SingleVendor and/or #SingleProvider solutions are inherently insecure, if not due to #TechStack (i.e. using a #CDN like #ClownFlare for app assets with no valid reason), #PII (demaning a #PhoneNumber which oftentimes cannot be obtained anonymously for no valod reason!) or lack of #DataProtection #Laws (i.e. #CloudAct is inherently incompatible with #GDPR & #BDSG), it's due to the inherent risks of #centralization.

Cuz I noone's gonna risk jailtime for (non-paying!) users - it at all…

• Not even @Mer__edith !

In fact I'd call U.S. MIL/INTEL as "criminally incompetent" if they didn't manage to plant multiple people inside @signalapp / #Signal or any other single-vendor / single-provider messenger.

• Cuz if Signal wasn't #NOBUS, they would've been shutdown/taken down/criminalized/hacked like #EncroChat and #SkyECC.

Personally, solutions like Signal & #Threema have a stench like #CryptoAG / #MINERVA / #Rubikon and #ANØM / #OperationIronside / #OperationTrøjanShield.

By contrast: #OpenStandards like XMPP+OMEMO & PGP/MIME are independently verifyable and not dependent on on a single individual/organization for maintenance/survival/implementation/development.

• Also not depending on #GAFAMs and/or #VCmoneyBurningParties is way more sustainable long-term...

Personally I'd still recommend @monocles / #monocles with #monoclesChat & #gajim...

@anelki the only ones that believe in "#SecureEmail" after #DNMX, #SkyECC, #EncroChat, #ANØM aka. #OperationIronside aka. #OperationTrøjanShield are #TechIlliterates!

Use #OfflinePGP-Method or @tails_live / @tails / #Tails or don't even bother!!!

@zeank @MastoDenunzianten und wenn der Server ein #OnionService auf @torproject ist, gibt's nichtmals IP-Addressen!

• Deshalb nutzen weder @signalapp noch @threemaapp #Tor, weil diese bestenfalls gemeingefährlich inkompetent aber wahrscheinlicher #Honeypots sind.

So wie #ANØM aka. #OperationIronside aka. #OperationTrøjanShield...

@zdl @evacide that any the fact that @signalapp is incorportated in the #USA, making them susceptible to #GDPR & #BDSG-incompatible #cyberfacist bs like #CloudAct.

• If #Signal cared, they'd completely #OpenSource #backend and #frontend as well as #decentralize and refuse to collect any #PII (like #PhoneNumers) at all!

Remember: #KYC IS THE ILLICIT ACTIVITY when it comes to #Communication!

• To me Signal has a stench like #CryptoAG (aka. #MINERVA / #RUBIKON), #EncroChat and espechally #ANØM (aka. #OperationIronside / #OperationTrøjanShield)...

Compare that to @monocles / #monoclesChat which don't demand any PII or KYC and allow people to pay for their services with #Monero and #CashByMail besides #SEPA #WireTransfer, #Stripe & #PayPal whilst supporting both decentralization (#XMPP is not a #SingleVendor / #SingleProvider solution!), implementing real #SelfCustody (#OMEMO, #OTR & #PGP is supported out of the box) for all the keys, and proper #Anonymitiy (using @torproject / #Tor & @guardianproject #Orbot for #privacy), so in case they ever get a duely sumitted warrant by a court they'd have to comply with, they'll most likely have no data whatsoever on clients that could allow identification.

• And that is a good thing, because whilst very unlikely, one cannot exclude the non-zero chance of i.e. #MLAT|s being filed with knowingly false information by 3rd countries.

Also having no PII is a matter of reducing #liability in the sense of #DataProtection: All data requested and by #monocles is the bare minimum mandated for #accounting (i.e. only linking a payment like a #TxID / Transaction-ID to an account and then adding up validity/activation period).

• And since running a #Service costs money, the low #subscription to their #Services makes them independent from #ads, #crawling / #espionage against #customers and depending on #grants and #donations to keep the lights on, making it a #sustainable #business...

Natürlich ist #OrganisierteKriminalität nicht dumm...

• Solange es #Profit gibt wegen der #Kriminalisierung von #OpferlosenDelikte|n, solange werden Leute dies tun.

Dementsprechend löst weder der #EncroChat-Bust noch #ANØM aka. #OperationIronside aka. #OperationTrøjanShield das Problem, denn das sind Modalitäten und Incentives.

• Also passiert das was vorauszusehen ist: Aufrüstung und Paranoia...

Dafür muss mensch weder OK noch -Ermittler*in sein, sondern einfach nur den Raum lesen können...

https://www.youtube.com/watch?v=fZO0qz3e8KI

@rrb #Honeypot would imply they actually put in some effort like #CryptoAG and #ANØM aka. #OperationIronside aka. #OperationTrøjanShield...

Rather I think #Zcash are #UsefulIdiots and #ControlledOpposition like #Signal...

@HonkHase @GrapheneOS +1

Indeed I've to dive deeper into #GrapheneOS's security geatures.

• Pretty shure you also have a "decoy mode" password implemented that wipes all tue keys if not go as far as to show a fake unlocked android.

Kinda like "#ArcaneOS" (a botched @LineageOS fork) but without #Govware #Backdoors...

#ANØM #OperationIronside #OperationTrøjanShield

@therainingmonkey IMHO #Signal is jist another #HoneyPot like #ANØM / #OperationIronside/ #OperationTrøjanShield and #CryptoAG / #MINERVA / #Rubikon before it.

• Why else do you think they are incorporated in the #USA despite #CloudAct, run as #VC #MoneyBurningParty & ain't forced to yeet all Phone Numbers from #Russia, #NorthKorea, #Iran and "P.R." #China?

@signalapp is good.

• It's so good that it scratches that part of my mind that doesn't allow good to exist without precondition....

So I'd never count on anyone not talking, espechally @Mer__edith when faced with lifetime in jail for not doing so.

#sarcasm

You use XMPP+OMEMO because you think it's neat.

I use XMPP+OMEMO because all centralized, single-vendor and/or single-provider messengers are inherently garbage, collect PII like phone numbers for no "legitimate reason" and don't offer proper End-to-End - Encryption with self-custody of all the keys, making them either honeypots or prime targets for warrants.

• We are not the same!

#XMPP #OMEMO #WeAreNotTheSame #SingleVendor #SingleProvider #Centralization #E2EE #Encryption #SelfCustody #Honeypot #Warrant #Signal #Telegram #EncroChat #ANØM #OperationIronside #OperationTrøjanShield #ITsec #InfoSec #OpSec #ComSec #PII #PhoneNumbers #PhoneNumber

@ditol @samueljohn @linuzifer

THIS is where I disagree...

You may think it's elitist, but if people are too lazy to learn even fundamentals like how to use #Tails then maybe they should just not do #tech at all?

• Like: We expect people to show at the every least theoretical proficiency in terms of #TrafficCode and #VehicleSafety in +every juristiction I'm aware of* and literally mandated #DrivingLicense|s for that reason.

I'll gladly teach #TechIlliterates but I won't waste my time on people that spread disinfo...

It's 2024: @tails_live / @tails has been out for over a decade and there are a shitload of guides ranging from written documentation to Zoomer-friendly TikTok-Style shorts on how to get started.

• I don't expect people to do #airgapped pffline-PGP but with @thunderbird including #Enigmail and not requiring any external dependencies like the god-awful #GPG4Win stuff's easier than ever.

• Same with #mobile: #Appls like @monocles / #monoclesChat are so easy, I've been able to onboard literal tech-illiterates remotely with few steps and simple instructions.

FOR THE LAST TIME:

*STOP MAKING EXCUSES TO JUSTIFY ESCALATING COMMITMENT TO EVIDENTLY BAD SOLUTIONS!"

• Cuz when push comes to shove @Mer__edith herself would introduce a #Govware #backdoor into @signalapp when faced with indefinite jailtime...

Whereas with #SelfCustody of all the keys as well as #ReproduceableBuilds and real #decentralization, this would be evidently impossible even if all the devs wanted to comply honestly and not just because they could be held at gunpoint.

• #Signal is not your friend. It's merely a tax-exempt "non-profit" corporation, and corporations are explicitly nobodys friend - espechally when they demand #PII like phone numbers for useage.

Compare that to #monocles where you do pay like €2 p.m. but in return get #standard #protocols like #IMAP, #SMTP & #XMPP and can pay anonymously and not have to provide any PII whatsoever!

• And unlike #Signal they ain't dependent on #VC funding and #grant money to keep the lights on.

Make of that what you will, but just like allowing flatearthers to roam freely without caretaker supervision doesn't make the world less round, so won't the facts change about #ITsec, #InfoSec, #OpSec & #ComSec.

• The only reason Signal is still online and not #pwned like #EncroChat is because it's either a Sting op like #ANØM aka. #OperationIronside aka. #OperationTrøjanShield or they have already backdoored their #backend so hard that all their #marketing is just #lies like #Apple...
  

Because all #centralized, #SingleVendor & #SingleProvider solutions are bad, and if they don't even allow for #SelfCustody then they are just a #grift to #scam tech-illiterates that don't know and/or don't care!

#thxbye #EOD

@frodo @evacide @monocles

I don't compromise on #ITsec, #InfoSec, #OpSec and #ComSec.

If I were to use #Signal or #Threema or #Telegram or #SimpleX or whatever shit messenger is trendy, I'd indirectly vouch for it and endorse it.

• Which I won't given ample of examples like Telegram, #EncroChat, #ANØM aka. #OperationIronside aka. #OperationTrøjanShield and all the garbage that #CryptoAG released.

Trust must be earned, and @signalapp didn't even bother to do basic design considerations:

• All their "but #Metadata" #FUD is horseshite when they demand #PII like a #PhoneNumber and are openly able and willing to discriminate and/or restrict service solely based off said info they have NO "#legitimateInterest" in demanding at all!