@Blaumensch1 @kuketzblog nein.

#XMPP+#OMEMO & #PGG/MIME mit #SelfCustody und Anbietern in der #EU, die keine Niederlassung, Geschäftsrätigkeit oder Anteilseigner aus den #USA haben.

Bspw.: @monocles / #monoclesChat und @delta / #DeltaChat.

• #CloudAct greift für alle die in den #USA agieren oder dort ne Dependance/Mutter-/Tochtergesellschaft haben!

@linuxer @stormii @karl_ist_super ja, sowas wie @monocles / #monoclesChat, @gajim / #gajim & @delta / #deltaChat...

• Nur weil etwas alle/die meisten machen wird's nicht weniger falsch!

Natürlich kannste #Signal nutzen, nur dann musste halt auch drauf klarkommen dass so zentralisierter shice durch eine christofaschistische Regierung (#USA) irgendwann eingestampft wird.

• Davon dass es eine bescheuerte Idee ist aus gründen von #Datenschutz, einen Anbieter zu nutzen der ne #Telefonnummer verlangt mal abgesehen.

#Monocles verlangt hingegen garkeine Daten und erlaubt anonymes Bezahlen per #Monero & #CashByMail !

#thxbye #EOD

@Wyatt_H_Knott precisely that

There are evidently superior alternatives like the #Fediverse & #XMPP+#OMEMO like @gajim / #gajim and @monocles / #monoclesChat.

@signalapp no it's not.

• Otherwise #OrganizedCrime would choose #Signal so hard, you'd be shutdown within weeks by the #FBI and @Mer__edith would be forced to "pull a #LavaBit" and face jailtime for obstruction of justice or snitch on users!

Being a #centralized, #SingleVendor & #SingleProvider solution subject to #CloudAct makes you inherently vulnerable by your own choice and thus trivial to shutdown compared to real #E2EE with #SelfCustody of all the keys and true #decentralization as well as #SelfHosting (i.e. #PGP/MIME [see @delta / #deltaChat et. al.] and #XMPP+#OMEMO [see @monocles / #monoclesChat et. al.]!)

• Plus neither of those shill #Shitcoin-#Scams like #MobileCoin!

And don't even get me started on you collecting #PII (espechally #PhoneNumbers) for no valid reason, (thus violating #GDPR & #BDSG)...

• Not to mention relying ob #charity and being a #VCmoneyBurningParty isn't sustainable to begin with!

But yeah, I'll be patient to shout "#ToldYaSo" to your annoying cult of fanboys!

@kkarhan @ueeu @monocles It's true that #Conversations and its fork #MonoclesChat are reproducible today, yet they are not setup like this historically (signed by F-Droid). While we push for reproducible builds, these are not a must, but an extra check of trust.

https://f-droid.org/docs/Inclusion_How-To/#reproducible-builds

@ueeu I think crucial parts is looking at it's components, dependencies, size and for apps permissions.

• Also make shure it uses #OpenStandards, because #OpenSource can be just a "smoke grenade" when it's a #centralized, #proprietary, #SingleVendor & #SingleProvider solution.

#ReproduceableBuilds for example are important, so the actually released source code is what people actually get served as basis.

• Both of the latter points are something that @monocles / #monoclesChat does perfectly and that @signalapp completely fails at!

Plus in terms of #security, choose *real #E2EE with #SelfCustody of all the #Keys!

@crazy_pony when @signalapp isn't being run as a #VCMoneyBurningParty and they take #InfoSec, #OpSec, #ComSec & #ITsec serious and stop shilling the #Shitcoin #Scams that is #MobileCoin!

For everyone else, there's #XMPP+#OMEMO (see @monocles / #monoclesChat) & #PGO/MIME (see @delta / #deltaChat)…

@froge @fj I'm not replacing @signalapp with "random tools" but good options.

Like @delta & @thunderbird as well as @monocles / #monoclesChat & @gajim which work flawlessly over @torproject / #Tor using @tails / @tails_live / #Tails and @guardianproject / #Orbot respectably.

• Also these allow not only #SelfHosting but just work and I'd highly recommend #monocles as a hoster which finances iself by users paying and allows #anonymous accoubts & payments including not just #Monero but also #CashByMail!

Considering the costs of even acquiring and upkeeping an #anonymous #SIM, I'd rather pay €2 p.m. for #XMPP+#OMEMO and #PGP/MIME-supported #eMail with the option of self-custody than $2,50+ p.m. just to keep a phone number.

• Plus I don't run around with a #tracking device that could be used to #deanonymize me any second...

Or is anyone here expecting @Mer__edith to risk jail for life amd not comply with #CloudAct?

• If #Signal was as secure as advertised, it would've been shutdown like #EncroChat and #SkyECC!

It stenches like #ANØM, because NOTHING IS FOR FREE and running a #VCmoneyBurningParty is expensive...

Getting started with XMPP/Jabber and PGP for federated, encrypted messaging

This is a short thread where I explain how I started using the XMPP protocol and PGP encryption for secure messaging. I am not a security expert, but I am a mathematician and I am confortable with the Linux command line. This guide is for people who want to use PGP for secure messaging easily. You will need to be okay with typing commands into the Linux command line in order to do this, but I will tell you exactly what to enter.

Part 1: XMPP

Mastodon is like email, but for social media. You sign up for an account with a server, and then you can talk with any other accounts that are signed up on other servers, as long as your servers are getting along. (No one wants emails from the sketchy spam server, and we want to be able to choose between Yahoo, Gmail, etc.) XMPP (a.k.a. Jabber) is the same thing for text messaging.

Just like signing up for an email/Mastodon account, you need to sign up for an account. You can find a list of servers at https://list.jabber.at/ and will probably at least need to provide an email addess when making an account.

Once you have made an account, you need a client. On Linux, I've been having a good time using Dino (https://dino.im/). You can then enter your account name and password to log into your XMPP account and start chatting! There are both public rooms and you can also message directly with your friends.

#security #PGP #XMPP #FOSS #Jabber #Dino #MonoclesChat

(1/4)

@ckrypto if@signalapp@mastodon.world wasn't complying with #CloudAct, @Mer__edith would be in jail.

Not to mention even if Signal keeps their "#OpenSource" code updated - which is doubtful, NOONE can actually #verify that it's the code you actually use - regardless if #backend / #Server or #client / #App!

• #Signal is as secure as #ANØM, otherwise it would've been shutdown ages ago.

Also if Signal was designed for #security, it would've been #decentralized as #XMPP+#OMEMO and not demand #PII like #PhoneNumbers which oftentimes cannot be obtained anonymously in many juristictions at all!

• Only #MultiVendor & #MultiProvider standards can be secure, regardless if OMEMO or #PGP/MIME.

By comparison, @delta doesn't require any PII, only an #eMail account, and @monocles isn't a #VCmoneyBurningParty but sustainable due to #subscription and they don't even require any personal details for #payment: #CashByMail and #Monero are accepted.

• Not to mention neither #DeltaChat nor #monoclesChat are pandering #Shitcoin #Scams like #MobileCoin that don't work even for #TechLiterate #CryptoBros!

Again: It's Signal alone who have to evidence they are trustworthy, and all I get are "#TrustMeBro!" replies, which means they are not to be trusted.

• Not to mention, it's just not sustainable to run a #service without #revenue, even if it's run entirely by unpaid volunteers and gets all it's #hosting and #costs donated, someone has to pay for expenses due to #abuse of a service (which is an inevitability come mass adoption)...

Whereas with #XMPP I can completely setup my own server and client, even build my own if I don't trust anyone else and pay someone to audit the code.

• Signal as a #centralized, #SingleVendor & #SingleProvider service is inevitable vulnerable to #RubberhoseCryptoanalysis, and #Meredith will break if not doing so means jail for life until she does!

Whereas with XMPP & PGP/MIME #eMail I can layer @torproject / #Tor over it, make it an #OnionService and keep that thing under my bed with a literal killswitch...

@aei I only have one: @monocles / #monoclesChat (okay, two: @gajim / #Gajim on #Desktop) for #XMPP+#OMEMO!

@kinetix @anthropy AFAIK, @monocles / #monoclesChat is also available for #iOS.

• Pretty shure it's not using #Apple's #PushNitification backend, but I can't confirm that 100% now.

@buyeuropean don't forget @monocles and @Stuxhost with their #managedNextcloud offerings as well as #monoclesChat & @delta / #deltaChat for #secure #messaging with real #E2EE...

@htwj @Mer__edith yeah, traded one #proproetary, #centralized #SingleVendor & #SingleProvider solution for another.

• Consider #XMPP+#OMEMO (i.e. @monocles / #monoclesChat) and #PGP/MIME (i.e. @delta / #deltaChat) instead...

@delta Yeah, I think #deltaChat is pretty cool and like #XMPP+#OMEMO ( @monocles / #monoclesChat & @gajim / #gajim ) a very good option.

• Espechally since both do real #E2EE and not #AdvertisingLies!

@FerdiMagellan @jwildeboer @soatok besides @monocles / #monoclesChat there are various other #XMPP servers out there...

@kinetix @delta @anthropy I am aware of #DeltaChat.

• As for #XMPP+#OMEMO clients, I can recommend @gajim / #gajim & @monocles / #monoclesChat hands-down, as both are super-easy to setup and get even abdolute #TechIlliterates rollin'...

@truls46 Ein gutes Gegenbeispiel zu @signalapp ist @monocles / #monoclesChat:

• Es werden keine persönliche Daten verlangt!

• Es wird ein offener Standard (#XMPP+#OMEMO) genutzt, sodass #SelfCustody und #Datenhoheit gewährleistet ist!

• Der Dienst ist zwar kostenpflichtig (€2 p.m.), aber komplett anonym bezahlbar (inkl. #Monero & #CashByMail)!

• Nutzung von @torproject #Tor wird nicht verhindert oder blockiert; @guardianproject / #Orbot wird unterstützt!

• In #Deutschland gibt's immernoch #Rechtsstaatlichkeit, anders als in den #USA!

• Anders als #Signal ist #monocles ehrlich, was Sicherheit und Datenschutz angeht...

Ich denke mal das sollte hinreichend meine Argumebte darlegen.

• Kernpunkt ist und bleibt: Signal ist bestenfalls gemeingefährlich-inkompetent oder ein #Honeypot!

@pixelschubsi @erebion @inaruck so oder so sind alle aktuellen #XMPP-Clients, besonders @monocles / #monoclesChat & @gajim / #gajim warnen ganz eindeutig gegen unverschlüsselte kommunikation!

• Außerdem kann ich schneller #TechIlliterates auf #XMPP+#OMEMO onboarden als irgendwer eine anonyme #SIM oder #eSIM mit #Rufnummer besorgen kann.

Zumal auch das nen Kostenfaktor ist, wohingegen es drölfzig Optionen gibt was XMPP angeht!

@inaruck ich hab' Leute konsequent auf #XMPP+#OMEMO migriert, weil @signalapp zentralisiert und unter #CloudAct fällt, folglich inhärent unsicher.

• Ich empfehle @monocles / #monoclesChat