Mastodawn

@micahflee I just think that this will fall flat on it's face when #Signal gets their doors "bootfucked" by #AmericanGestapo!

I hope to be wrong, but they collected all those #PhoneNumbers that are basically a personalized target marker for &"law enforcement"* to attack one after the other…

Kevin Karhan

6d ago

Obviously, this is not #disinformation given the #facts and circumstantial evidence.

TELL ME WHERE I'M WRONG!

#useast1 is in VA, USA. That's very close to #CIA and #NSA and if you think otherwise, buy yourself a fucking map!
@signalapp collects #PII in the form of #PhoneNumbers and stores them.
Without the #US #Government's blessing they'd not merely restrict their #MobileCoin - #Shitcoin availability but be forced to not allow users from #Cuba, #Iran, #Russia and #NorthKorea to even sign up.
#SIgnal almost certainly has been abused by bad actors (i.e. organized crime) by mere statistical inevitability and being forced to comply with duely issued warrants and other legislation (i.e. #CloudAct) or otherwise everyone from C-level down to developer would've faced jailtime until they complied.
#Centralization of Signal isn't excuseable as stupidity or malpractise!
The #FBI has pulled off bigger stings (i.e. #ANØM / #OperationIronside / #OperationTrøjanShield)...

I do expect the reinstatement of my original post!

Show thread

Kevin Karhan

Oct 18

@DarkWebInformer why would anyone use #Telegram instead of #IRC over #Tor?

Espechally given Telegram being neither #private.nor #secure and in fact collecting #PII in the form of #PhoneNumbers...

Show thread

Kevin Karhan

Oct 15

@x_cli Funnily all the @signalapp fans always claim they do protect metadata but that will matter diddly-piss when the #US - Government threatens #Signal Staff with jailtime or holds them at gunpoint.

And whilst @Mer__edith may even be crazy enough to go face jailtime for life for users' actions, I'm convinced the rest of her staff nor the Service Providers that supply #Signal share that longing for martyrdom.

Besides, if they actually cared they'd not collect any data in the first place and instead make shure they can't even collect data like #IPs and #PhoneNumbers by hosting their stuff on @torproject / #Tor and not asking for #PII like a phone # to begin with.

Not to mention remaining in the #USA post - #CloudAct is a big red flag, cuz even if Signal ain't complicit, all their hosters and their upstreams are and I'm convinced that every single connection gets tracked by the #NSA in realtime and every #Google and #Apple account downloading the #App earmarked as well...

Claiming to "Just download and signup to our App" is a magic silver bullet is dishonest at best and worse than lying by omnission in my book.

Cuz if it was that simple @cryptoparty / @cryptoparty / #CryptoParty events would not exist at all!

thaddeus e. grugq (@thegrugq) on X

I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g

X (formerly Twitter)

Show thread

Kevin Karhan

Oct 14

@Mer__edith except @signalapp does collect #PII (#Phonenumbers) and demand it alongside camera access to even use it.

Compare that to @monocles / #monoclesChat and @delta / #deltaChat, which don't demand any personal data nor permissions (beyond internet access and being able to store the login details, obviously!), this is absolutely unreasonable.

Plus unlike #Signal, both offer #realE2EE with #SelfCustody of all the Keys, support @torproject / #Tor for #privacy and don't rely on "Trust me, guys!" advertising and a long-term unsustainable model of donations from billionaires and millionaires to keep running!

Kevin Karhan :verified: (@kkarhan@infosec.space)

My [reservations](https://infosec.space/@kkarhan/114234551915193036) and [criticism](https://infosec.space/@kkarhan/114862595629371002) re: #Signal are not just valid, but the reality is *even worse than I thought*: - The fact that @signalapp@mastodon.world requires not only their shitty #Android #App, and a #PhoneNumber but literally won't allow people to use their shitty #Desktop-App unless they have an Android device with a camera pointed at it makes it utterly unuseable for certain users *who don't have a fucking #camera in their Android*… Seriously, do they expect folks to deal with that shit? - It's already worse in terms of #UX than #telegram and #discord and that too makes #XMPP+#OMEMO clients like @monocles@monocles.social / #monoclesChat & @gajim@fosstodon.org / #gajim easier and faster to onboard #TechIlliterates onto. - Whichever asshole decided that a *replacement for #SMS* should mandate #PII like a #PhoneNumber & not be natively cross-platform should be banned from doing any #tech in their life. Trying to circumvent this shit and helping folks with it makes me so fucking angry that I'm now explicitly refusing to support it! FIX THAT SHIT, @Mer__edith@mastodon.world, and if it means you need to kick some devs in their crouch then consider this a necessary *"investment"*… #sarcasm #TechSupport #TapesFromTechSupport #Enshittifucation #SignalSucks #TelegramSucks #Messengers

Infosec.Space

Kevin Karhan

Oct 5

@mechanix @jlou @delta @randy_ @gaufff and that's why the only correct apporach to this #cyberfascist agenda is to refuse to comply.

If @signalapp & @Mer__edith weren't a #Honeypot, they'd refuse to collect #PII (#PhoneNumbers!) and just #EncryptHarder aka. move their infrastructure into #Tor / @torproject...

After all, they didn't quit #Iran, #Russia or "P.R." #China which have similar #cyberfascism on the books already...

Kevin Karhan

Oct 5

@mechanix @jlou @delta @randy_ @gaufff @torproject Unlikely. Like with any legislation the #EU pushed, it went after the operators and "#ChatControl" aims to kill #GAFAM-competitiors and alternatives.

And structurally, @simplex & @signalapp are closer to that and infinitely more vulnerabe per their #ventralized nature.

Let's say I don't trust #MarketingLies and unless I can self-host it entirely myself, ranging from verified builds off sourcecode to hosting the Servers myself on #Tor, it's not possible to verify certain claims espechally re: infrastructure and "logging"…

Also collecting #PhoneNumbers is a big no-no!

Kevin Karhan

Oct 5

@mechanix @delta @randy_ @gaufff precisely!

Personally, I feel confirmed to not use #Centralized & #proprietary #SingleVendor & #SingleProvider options like @signalapp / #Signal which by virtue of collecting #PII in the form of #PhoneNumbers are at best #UsefulIdiots if nit a blatant #HoneyPot...

Instead, #EncryptHarder and go full #XMPP+#OMEMO / #PGP/MIME over @torproject / #Tor as a matter of principle.

Anything else doesn't work!

The only way you can guarantee your #HumanRights is by actively enforcing and using them in the most aggressibe way possible that doesn't infringe upon others' rights...

Steve Dustcircle 🌹Oct 3

Viral #callrecording app #Neon goes dark after exposing users’ #phonenumbers, call #recordings, and #transcripts

https://techcrunch.com/2025/09/25/viral-call-recording-app-neon-goes-dark-after-exposing-users-phone-numbers-call-recordings-and-transcripts/

Exclusive: Neon takes down app after exposing users' phone numbers, call recordings, and transcripts

Call recording app Neon was one of the top-ranked iPhone apps, but was pulled offline after a security bug allowed any logged-in user to access the call recordings and transcripts of any other user.

TechCrunch

Show thread

Kevin Karhan

Sep 23

@ewolff well, if @Mer__edith and @signalapp card they'd not.just rally their users against "#ChatControl" aka. #cyberfascism but design their systems with #Anonymity and #Privacy in mind.

That includes moving their infrastructure onto @torproject / #Tor and NIT collecting #PII like #PhoneNumbers.

But since they added #MobileCoin as a #Shitcoin and also selectively restricted availability to it we all know this ain't their goal!