@innocence well, they switched to an #AssholeLicensing model, maing the reference implementation now a worse decision and put the Matrix Protocol in danger.

• Whereas @delta / #deltaChat uses #PGP/MIME as an open, #MultiVendor & #MultiProvider standard. Ditto for @monocles / #MonoclesChat & @gajim / #gajim (#XMPP+#OMEMO)…

And yes #AGPLv3 is an asshole license as it is inherently incompatible with a shitton of #IP laws and thus (oftentimes) cannot.be complied with.

• Choosing it or #SSPL is meant to #monopolize the market for commercial hosting providers that offer #ManagedHosting of #MatrixChat.

#Matrix #Chat

@soop @Li @meluzzy @tauon bonus points if said corpo is subject to laws that mandate them to integrate #Govware #Backdoors and hand over data...

See #CloudAct: https://en.wikipedia.org/wiki/CLOUD_Act

• #TLDR: Only #OpenSource, #MultiVendor & #MultiProvider solutions that one can #SelfHost can be trustworthy at all...

This is why #IRC & #XMPP outlived #ICQ & #Skype and why #Mumble & #JitsiMeet will outlive #discord & #GoogleMeet!

@stman @Sempf @LaF0rge yes.

Because physical SIMs, like any "cryptographic chipcard" (i.e. @nitrokey ) did all that fancy public/private crypto on silicon and unless that was compromizeable (which AFAICT always necessistated physical access to the #SIM, espechally in pre-#OMAPI devices) the SIM wasn't 'cloneable' and the weakest link always had been the #MNO /.#MVNO issueing (may it be through #SocialHacking employees into #SimSwapping or LEAs showng up with a warrant and demanding "#LawfulInterception"):

• These "attack vectors" were known and whilst unfixable they could at least be mitigated by i.e. NEVER using a #PhoneNumber for anything and/or using anonymously obtained #SIMs. But more and more services like @signalapp did #regression demanding #PII and more and more nations criminalized #AnonymousSimCards under utterly #cyberfacist & #FalsePretenses!

Add to that the regression in flexibility:

Unlike a #SimCard which was designed as a vendor-independent, #MultiVendor, #MultiProvider, device agnostic unit to facilitate the the #authentification and #encryption in #GSM (and successor standards), #eSIMs act to restrict #DeviceFreedom and #ConsumerChoice, which with shit like #KYC per #IMEI (i.e. #Turkey demands it after 90 days of roaming per year) und #lMEI-based #Allowlisting (see #Australia's shitty #VoLTE + #2G & #3G shutdown!) are just acts to clamp down on #privacy and #security.

• And with #EID being unique per #eSIM (like the #IMEI on top!) there's nothing stopping #cyberfacist regimes like "P.R." #China, #Russia, #Iran, ... from banning "#eSIMcards" (#eSIM in SIM card form factor) or entire device prefixes (i.e. all phones that are supported by @GrapheneOS ), as M(V)NOs see the EID used to deploy/activate a profile (obviously they don't want people to activate eSIMs more than once, unless explicitly allowed otherwise.

"[…] [Technologies] must always be evaluated for their ability to oppress. […]

• Dan Olson

And now you know why I consider a #smartphone with eSIM instead of two SIM slots not as a real #DualSIM device because it restricts my ability to freely move devices.

• And whilst German Courts reaffirmed §77 TKG (Telco Law)'s mandate to letting people choose their devices freely, (by declarong #fees for reissue of eSIMs illegal) that is only enforceable towards M(V)NOs who are in #Germany, so 'good luck' trying to enforce that against some overseas roaming provider.

Thus #Impersonation attacks in GSM-based networks are easier than ever before which in the age of more skilled than ever #Cybercriminals and #Cyberterrorists (i.e. #NSA & #Roskomnadnozr) puts espechally the average #TechIlliterate User at risk.

• I mean, anyone else remember the #Kiddies that fucked around with #CIA director #Brennan? Those were just using their "weapons-grade #boredom", not being effective, for-profit cyber criminals!

And then think about those who don't have privilegued access to protection by their government, but rather "privilegued access" to prosecution by the state because their very existance is criminalized...

The only advantage eSIMs broight in contrast is 'logistical' convenience because it's mostly a #QRcode and that's just a way to avoid typos on a cryptic #LocalProfileAgent link.

@action_jay everything that isn't a fully #OpenSource'd #OpenStandard with #MultiVendor & #MultiProvider support.

That's why @delta (#PGP/MIME) & @monocles / @gajim (#XMPP+#OMEMO) are superior to @signalapp , because that can be easily cracked down on due to #CloudAct, whereas truly #decentralized systems have #SelfCustody so they can't be taken down effectively.

• Bonus points if they support @torproject / #Tor, cuz that makes it harder for "state-sponsored" (or rather state-endorsed/governmental attackers) to block or sabotage it (#OnionServices are harder to take down!)

@threemaapp don't buy #proprietary #SingleVendor and/or #SingleProvider either!

• Use only #secure = #OpenSource #OpenStandards that hare #MultiVendor & #MultiProvider, like #XMPP+#OMEMO & #PGP/MIME!

@ckrypto if@signalapp@mastodon.world wasn't complying with #CloudAct, @Mer__edith would be in jail.

Not to mention even if Signal keeps their "#OpenSource" code updated - which is doubtful, NOONE can actually #verify that it's the code you actually use - regardless if #backend / #Server or #client / #App!

• #Signal is as secure as #ANØM, otherwise it would've been shutdown ages ago.

Also if Signal was designed for #security, it would've been #decentralized as #XMPP+#OMEMO and not demand #PII like #PhoneNumbers which oftentimes cannot be obtained anonymously in many juristictions at all!

• Only #MultiVendor & #MultiProvider standards can be secure, regardless if OMEMO or #PGP/MIME.

By comparison, @delta doesn't require any PII, only an #eMail account, and @monocles isn't a #VCmoneyBurningParty but sustainable due to #subscription and they don't even require any personal details for #payment: #CashByMail and #Monero are accepted.

• Not to mention neither #DeltaChat nor #monoclesChat are pandering #Shitcoin #Scams like #MobileCoin that don't work even for #TechLiterate #CryptoBros!

Again: It's Signal alone who have to evidence they are trustworthy, and all I get are "#TrustMeBro!" replies, which means they are not to be trusted.

• Not to mention, it's just not sustainable to run a #service without #revenue, even if it's run entirely by unpaid volunteers and gets all it's #hosting and #costs donated, someone has to pay for expenses due to #abuse of a service (which is an inevitability come mass adoption)...

Whereas with #XMPP I can completely setup my own server and client, even build my own if I don't trust anyone else and pay someone to audit the code.

• Signal as a #centralized, #SingleVendor & #SingleProvider service is inevitable vulnerable to #RubberhoseCryptoanalysis, and #Meredith will break if not doing so means jail for life until she does!

Whereas with XMPP & PGP/MIME #eMail I can layer @torproject / #Tor over it, make it an #OnionService and keep that thing under my bed with a literal killswitch...

@notjustbikes precisely!

Only #OpenSource & #OpenStandards can yield #MultiVendor & #MultiProvider systems necessary to prevent #monopolies and #oligopolies and enshure #ITsec, #InfoSec, #OpSec & #ComSec, thus being able to comply with #NatSec & #IntlSec demands.

Guess why #NORAD runs #BusyBox / #Linux?

• Because they demand every single line of code to be audited MANUALLY!

@delta also the whole "BuT #mEtAdAtA?" Discussion is completely blown out of proportions by #Signal fanboys.

• Whereas #deltaChat and #XMPP+#OMEMO are truly #decentralized, #MultiVendor & #MultiProvider #OpenStandards that allow for full #SelfCustody off all the keys and comms.

In fact, I'm convinced someone already made a #delta #chat #server as an #OnionService over @torproject / #Tor just for the lulz.

• The biggest Advantage for Delta Chat is that it doesn't require yet another server but instead just uses #IMAP + #SMTP and can even be integrated in #corporate communications that require #archival and #indexing by merely feeding the private keys to said #eMail archival software [i.e. #benno #MailArchiv], which makes it possible to comply with regulations like #GoBD & #HGB where applicable.

Not that this is something the average user encounters, but it is a big bonus for larger organizations!