@novet @ambiguous_yelp I'll never trust any #SingleVendor and/or #SingleProvider solution, but demand real #E2EE with #SelfCustody and #SelfHosting capability as #FLOSS with reproduceable builds…
https://infosec.space/@kkarhan/114935952643402592
Unlike #monoclesChat, #gajim (#XMPP+OMEMO) & #deltachat as well as #Thunderbird!
@nono2357 I disgree re: @signalapp / #Signal because it being a #SingleVendor & #SingleProvider 'solution' that by @Mer__edith 's own admission is hard locked-in at #aws and thus doubly subject to #CloudAct makes it a horrible choice, as they also collect #PII (in the form of #PhoneNumbers) and still peddle a #Shitcoin that even #Cryptocurrency expert users like @techlore can't even get to work.
https://www.youtube.com/watch?v=0DSGq9FQKU4
https://www.youtube.com/watch?v=tJoO2uWrX1M
@stman @theruran @50htz @vidak @forthy42 @brume @gorekhaa so yeah, we need a modern equivalent of the original PX-1000, something that isn't an overly complex and backdoored shitbox, but that is simple af.
With options for:
Basically a encryption/decryption unit that has:
Something that just acts as a "Clear Box" (aka. "black box", but transparent) to do critical comms. Something that literally wipes it's memory after use and doesn't store anything on it, but requires the user to keep their key safe!
You know, something that looks like a sleek communicator and isn't a proprietary shitbox that depends on *"#TrustMeBro!" - #centralized, #SingleVendor / #SingleProvider architecture!*…
@Soeren_loeg the fact that @signalapp not only does "#KYC with extra steps" by mandating a #PhoneNumber to this day as well as being solely under #CloudAct whilst basically being a #centralized, #proprietary, #SingleVendor & #SingleProvider solution makes them the ideal candidate for a longterm #HoneyPot like #ANØM aka. #OperationIronside aka. #OperationTrøjanShield.
@tailscale nah, #iMessage is insecure and I'd rather force everyone to use #XMPP+#OMEMO instead because it's not dependent on a #proprietary, #SingleVendor and/or #SingleProvider service from #Apple, who is known to snitch and betray it's paying customers routinely!
Calling the #UK a "#democracy" is like calling the #USA "#socialist"...
If a "platform" is #KYC'ing users from the UK or even is able or willing to collect #PII like #PhoneNumbers that would make them know if a customer is from the UK, it has to be regarded as #insecure - period!
The sheer idea of said #tech is irredeemably wrong!
#ITsec #InfoSec #OpSec #ComSec #privacy #DataProtection #OSA #UKOSA #OnlineSafetyAct
@cryptadamist @davetroy @Powerfromspace1 @davidgerard OFC #Telegram is involved in that #Shitcoin, tho @signalapp did their own Shitcoin (#MobileCoin) first and has a evidently worse experience per my own testing.
The only use-case I've seen for #TonCoin is a paywalled circumvention of #PhoneNumber requirements, and I'd rather recommend people to "obtain" an anonymous (e)SIM and cheap throwaway phone for cash to circumvent that than jumping through hoops to obtain some shitcoin one can't even exchange...
@Morgunin @cyberlyra the only effective means to prevent #LockIn is to refuse to use #proprietary #SingleVendor and/or #SingleProvider solutions and mandate #OpenSource & #OpenStandards.
@f4grx @debacle @nicoco @Elizafox @signalapp no, #Telegram - like all #proprietary #SingleVendor & #SingleProvider services, it's garbage!
Use real #E2EE (with 100% #SelfCustody of all the keys!) that you can actually #SelfHost and run over @torproject / #Tor and never directly or indirectly ID yourself.
Cuz neither @signalapp nor any other hoster that has your keys can "pull the 5th" for you!
@mudaste how can one choose a #centralozed, #SingleVendor & #SingleProvider solution (@simplex) over @briar and espechally @monocles / #monoclesChat & @delta / #deltaChat?
Never heard of @cwtch before!
@PinoBatch +9001%
#IssueTracker and #TicketingSystem|s are way better means to report bugs.
@jenzi @lexinova @davidfetter Doesn't even need that.
#XMPP+#OMEMO (Chats) & #P2P-#WebRTC (Video- & VoiceCalling) are evdently better than a centralized, #SingleVendor & #SingleProvider system…
@laprice pressing X for doubt cuz @signalapp does have #ToS and obviously both the ability and willingness if not being legally mandated to close down accounts - regardless if a "duely issued warrant" or #CloudAct.
Signal being abused is a statistical inevitability and it's one thing to claim to not know the contents vs. knowingly ignoring abuse complaints.
#NotLegalAdvice but given Signal is located in the #USA and thus falling under #US juristiction, I'd only consider the non-reaction as either 'knowingly supporting' or 'being ordered by a judge to not interfere in ongoing investigations'…
But remember: #WhatYouAllowIsWhatWillContinue and Signals #centralized, #proprietary, #SingleVendor & #SingleProvider approach vs. #decentralized (#XMPP+#OMEMO) or #SelfHosting (#OnionShare) will be their downfall - besides hosting at the most expensive provider (#aws) in spitting distance to #CIA & #NSA HQs (#aws_us_east_1) that isn't an outright scam-hoster!
@cartocalypse @sigmasternchen @pallenberg Gibt zuviele Indizien:
#PII wie #Rufnummer wird abgefragt; Geolokation bzw. Service-Beschränkungen aufgrund dessen erfolgen
Aus den #USA = #CloudAct greift
Struktur und Setup ähnelt #ANØM und "Ausfälle" erinnern an #EncroChat .
Wenn @signalapp so sicher wäre wie beworben dann wären #Moxie und @Mer__edith seit Jahren in #Beugehaft wegen #Missbrauch durch Nutzer*innen.
Jedenfalls ist es kein deut besser als #CryptoAG - technisch sogar schlechter denn letztere versuchte wenigstens nicht dauerhaft Kritiker*innen zu gaslighten sondern wurde in der #Schweiz hinter ne #Tarnfirma gepackt.
Es stinkt jedenfalls wie #OperationIronside aka. #OperationTrøjanShield!
@mechanix @delta @randy_ @gaufff precisely!
Personally, I feel confirmed to not use #Centralized & #proprietary #SingleVendor & #SingleProvider options like @signalapp / #Signal which by virtue of collecting #PII in the form of #PhoneNumbers are at best #UsefulIdiots if nit a blatant #HoneyPot...
Anything else doesn't work!
@Jplonie all #proprietary, #SingleVendor & #SingleProvider #SaaS is garbage!
@KirbySSM Yeah, but said platfirms being #proprietary, #centralized & #SingleVendor / #SingleProvider and unwilling to mobilize their user base are part of the problem, not the solution.
@grimmy @MattKC @gajim @pidgin Shure, I just don't use any of these #proprietary, #SingleVendor & #SingleProvider services.
@MurrayWindripper @micahflee except #Signal being a #Centralized, #SingleVendor & #SingleProvider solution that (illegally!) demands and collects #PII (#PhoneNumber) for no legitimate reason makes them inherently bad.
I went into lenghts and have linked details re: @signalapp here:
https://infosec.space/@kkarhan/114862595629371002
@iznogoud @tauon It wasn't meant to be disrespectful, just me being blunt and upfront that this is the least of the problems #discord as an #enshittified #SingleVendor & #SingleProvider #SaaS has...
