@mudaste how can one choose a #centralozed, #SingleVendor & #SingleProvider solution (@simplex) over @briar and espechally @monocles / #monoclesChat & @delta / #deltaChat?

Never heard of @cwtch before!

@PinoBatch +9001%

• #discord and other shitty #SingleVendor & #SingleProvider #SaaS creates #InformationBlackhole|s.

#IssueTracker and #TicketingSystem|s are way better means to report bugs.

• #Docukentation is key and users should be given accessible, step-by-step guides and easy troubleshooting help where needed.

@jenzi @lexinova @davidfetter Doesn't even need that.

#XMPP+#OMEMO (Chats) & #P2P-#WebRTC (Video- & VoiceCalling) are evdently better than a centralized, #SingleVendor & #SingleProvider system…

• And that is why @signalapp will inevitably end like #ICQ & #Skype!

@laprice pressing X for doubt cuz @signalapp does have #ToS and obviously both the ability and willingness if not being legally mandated to close down accounts - regardless if a "duely issued warrant" or #CloudAct.

• Neither @Mer__edith nor #Moxie nor anyone else at #Signal is gonna risk jailtime protecting others given that unlike Mafia 'scapegoats' they don't get paid for shutting up and serving time.

Signal being abused is a statistical inevitability and it's one thing to claim to not know the contents vs. knowingly ignoring abuse complaints.

• Cuz #OCILLA only covers their ass legally until the point they get to know certain abuses. After that (+ a certain grace period for duely investigating validity) that doesn't apply anymore.

#NotLegalAdvice but given Signal is located in the #USA and thus falling under #US juristiction, I'd only consider the non-reaction as either 'knowingly supporting' or 'being ordered by a judge to not interfere in ongoing investigations'…

• And whether or not Signal is yet another #ANØM / #OperationIronside / #OperationTrøjanShield - style #Honeypot or just criminally stupid is up to speculation at this point.

But remember: #WhatYouAllowIsWhatWillContinue and Signals #centralized, #proprietary, #SingleVendor & #SingleProvider approach vs. #decentralized (#XMPP+#OMEMO) or #SelfHosting (#OnionShare) will be their downfall - besides hosting at the most expensive provider (#aws) in spitting distance to #CIA & #NSA HQs (#aws_us_east_1) that isn't an outright scam-hoster!

@cartocalypse @sigmasternchen @pallenberg Gibt zuviele Indizien:

#PII wie #Rufnummer wird abgefragt; Geolokation bzw. Service-Beschränkungen aufgrund dessen erfolgen

• Dienst ist nicht per-se für Nutzer aus #Embargo-Staaten (#ITAR) wie #Kuba, #Iran, #Russland, #Nordkorea, ... gesperrt, was #Sondergenemigung durch #US-Regierung bedarf!

Aus den #USA = #CloudAct greift

• #AWS = #GAFAMs als #Hosting
• Das genutzte Datacenter ist in Spuckweite zu #CIA & #NSA
• Absichtlich #zentralisiert als #SingleVendor & #SingleProvider Lösung.

Struktur und Setup ähnelt #ANØM und "Ausfälle" erinnern an #EncroChat .

• Und diverse weitere Ungereihmtheiten wie Kamerazugriff um es am #PC zu nutzen.
• Keine #SelfCustody und kein #SelfHosting möglich.

Wenn @signalapp so sicher wäre wie beworben dann wären #Moxie und @Mer__edith seit Jahren in #Beugehaft wegen #Missbrauch durch Nutzer*innen.

• Ich kann die ganze Woche weiter machen, aber die Tatsache dass #Signal durch ein AWS-#Datacenter down geht zeugt von schlampiger Infrastruktur und Mehr Geld als Verstand!

Jedenfalls ist es kein deut besser als #CryptoAG - technisch sogar schlechter denn letztere versuchte wenigstens nicht dauerhaft Kritiker*innen zu gaslighten sondern wurde in der #Schweiz hinter ne #Tarnfirma gepackt.

• Wenn #Signal sicher wäre, würde es wie #OnionShare und #XMPP+#OMEMO #dezentral, (über @torproject / #Tor) und #SelfHosting - fähig sein.

Es stinkt jedenfalls wie #OperationIronside aka. #OperationTrøjanShield!

@mechanix @delta @randy_ @gaufff precisely!

Personally, I feel confirmed to not use #Centralized & #proprietary #SingleVendor & #SingleProvider options like @signalapp / #Signal which by virtue of collecting #PII in the form of #PhoneNumbers are at best #UsefulIdiots if nit a blatant #HoneyPot...

• Instead, #EncryptHarder and go full #XMPP+#OMEMO / #PGP/MIME over @torproject / #Tor as a matter of principle.

Anything else doesn't work!

• The only way you can guarantee your #HumanRights is by actively enforcing and using them in the most aggressibe way possible that doesn't infringe upon others' rights...

@Jplonie all #proprietary, #SingleVendor & #SingleProvider #SaaS is garbage!

@KirbySSM Yeah, but said platfirms being #proprietary, #centralized & #SingleVendor / #SingleProvider and unwilling to mobilize their user base are part of the problem, not the solution.

• Notwidthstanding the #criminalization of real #E2EE is a problem as we can see with #Monero vs. all the #Shitcoins that ain't being targeted!

@grimmy @MattKC @gajim @pidgin Shure, I just don't use any of these #proprietary, #SingleVendor & #SingleProvider services.

• OFC it's his time and skills...

@MurrayWindripper @micahflee except #Signal being a #Centralized, #SingleVendor & #SingleProvider solution that (illegally!) demands and collects #PII (#PhoneNumber) for no legitimate reason makes them inherently bad.

I went into lenghts and have linked details re: @signalapp here:
https://infosec.space/@kkarhan/114862595629371002

@iznogoud @tauon It wasn't meant to be disrespectful, just me being blunt and upfront that this is the least of the problems #discord as an #enshittified #SingleVendor & #SingleProvider #SaaS has...

• Sorry if that made you feel uncomfortable or seemed unprofessional from me.

@arstechnica Obviously, #Starlink is sabotaging #FTTB & #FTTH as regulators like @BNetzA allow subsidies for that #proprietary #SingleVendor & #SingleProvider network instead of #OpenAccess #fiber-pairs based off #Ethernet…

@ustralien @bjoern Unabhängig davon ist die globale Verfügbarkeit essentiell.

• Wenn internationale Händler und Plattformen (auch außerhalb der #EU) es nicht unterstützen ist es im 21. Jahrhundert relativ wertlos.

Nennt sich #Nerzwerkeffekt und da es ein #zentralisiertes, #SingleVendor & #SingleProvider - System ist hat es nunmal entsprechende *Kritik zu fixen!

• "#SelfHosting" ist bei #wero nicht vorgesehen und wäre nur für Großkonzerne überhaupt den Aufwand ( @BaFin - Genemigung für einen eigenen #Zahlungsdienstleister) wert, selbst wenn dies vorgesehen ist.

@soatok IMHO all #centralized, #SingleVendor & #SingleProvider solutions are bad - including #Signal!

https://infosec.space/@kkarhan/114935952643402592

#InconvenientTruth

@adisonverlice ALL #SingleVendor, #SingleProvider #Messengers that are #proprietary by virtue of not having everything #FLOSS'd are inherently bad.

• #Telegram is obviously just a slopps #honeypot. @signalapp's @Mer__edith at least knows how to professionally lie in front of an audience like the fmr. #CryptoAG #CEO did.

If that shit was actually secure, it would've been abused so hard that she'd be in jail for refusing to comply with #CloudAct and duely issued warrants as well as being complicit in the "abuse" of said platform.

@glitzersachen @Yuki relative...

I think that @cperciva et. al. made a good product & service with #Tarsnap and their #SelfCustody-based #encryption is solid.

• It's just that it is still a #SingleVendor / #SingleProvider solution and that #BDSG & #GDPR say "No!" when it comes to handing over data to 3rd parties outside the #EU that are subject to #CloudAct, regardless if it's considered 'unfeasible if not impossible' that they could ever decrypt it.

https://tarsnap.com

@FandaSin Obviously that is kinda expected.

• But then again this problem also exists for Tools like HootSuite and NUVI that are used by #corporations to do #CustomerService and #SocialMediaManagment on #CorporateSocialMedia like #Shitter and #NSAbook.

I don't expect a single developer with no money and time to maintain this, but at least see some professional option for that.

• I think #toxic #LockIn is the main reason corporations design their shite to be #closed, #SingleVendor & #SingleProvider!

https://infosec.space/@kkarhan/114862635509691979

One thing that really pisses me off personally is the #regression in terms of #Messenger #Apps.

My personal distaste and dislike for #proprietary, #SingleVendor & #SingleProvider #services like #Signal ¹ ², #Telegram, #Discord ³ ⁴, #WhatsApp 5, #Slack, #MicrosoftTeams, etc. aside:

• WHY is there no #CrossProvider #Messenger to handle that shite?

• WHY does everyone of these shitty providers think people want to download their #bloated #WebApp that takes up triple digit Megabytes if not entire Gigabytes and will gobble up all the #RAM and #CPU each of them can??

This problem ain't new and already got solved for corporate social media ages ago! (Not to mention actually good messengers!)

• And no, bridges don't count!

• I mean API 0 - style access because obviously none of the platforms will allow, endorse or support such an endeavour and actively fight the developers and users !

So yeah, consider this a call for a @gajim / #Gajim or @pidgin / #Pidgin for garbage platforms!

• Cuz back in the day we had way worse messengers yet people actually made #AIM, #ICQ, #MSN, #QQ, #IRC & #XMPP work just fine from one single "phat" client!

• Can we please get that back? Cuz #WastefulComputing pisses me off!

#api0 #Enshittification

@photovince anyone who doesn't trust a.#centralized, #proprietary #SingleVendor & #SingleProvider solution that demands #PII for no valid reason like @signalapp does!

@artfulmodder last time I checked @signalapp still demanded #PII in.the form of a #PhoneNumber, still peddled the #MobileCoin #Shitcoin #Scam and didn't move out of the #Cyberfacist #USA despite #CloudAct being nothing new!

• Not to mention #Signal is both able and willing to discriminate against users based off said PII. Just because they do it for "#Sanctions #Compliance" diesn't mean they ain't gonna change that nor that @Mer__edith (or anyone else at Signal) could be bribed or threatened to do so.

They are #centralized #SingleVendor & #SingleProvider and are thus a #SinglePointOfFailure per design!

• Unlike @delta (which is #PGP/MIME in a different UI) or #XMPP+#OMEMO (which you can use via @torproject / #Tor and connect to a Server that is an #OnionService.

IMHO "memory tagging" is the least of Signal's problems. To me they stench "#ControlledOpposition" just as hard as #ANØM and incompetence as hard as #EncroChat!