Show threadNetzblockierer10h ago

@mysk don't believe for a second WhatsApp ever had E2EE at all.

  • Same for Signal, Telegram, Threema, Matrix, etc…

If you can't

  • self-host it's servers,reproduceably build servers & clients
    • dev. your own servers and clients w/ feature parity.
  • as well as use it without self-doxxing aka. needing a Phone Number,

it's insecure!

Because Phone Numbers are intrinsically insecure, as they can always be linked to a device [Number->SIM->ICCID->IMEI) / client (SIP uses UDP = no Tor!) and thus trivially connected by circumstances to a person!

So go with PGP/MIME ( @delta & @thunderbird and/or XMPP+OMEMO ( @gajim and/or @monocles ) over @torproject!

#WhatsApp #E2EE #Signal #Threema #Telegram #Matrix #SelfHosting #ReproduceableBuilds #Server #Client #OpenSource #OpenStandards #SelfDoxxing #KYC #ID #PhoneNumber #SIM #IMEI #Privacy #UDP #Tor #OpSec #InfoSec #ComSec #ITsec #OMEMO #PGP

thaddeus e. grugq on Twitter

“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”

Twitter
Show threadkkarhan2d ago
@mos_8502 becaise #ReproduceableBuilds and proper declaration of dependencies would've achieved the same benefits without the same drawbacks!
Show threadkkarhanJun 8

@lastdinosaur @nixCraft sorry, did a typo.

Besides that:

#ReproduceableBuilds are a hallmark of good codIng, bespechally with #FLOSS, as to evidence the published code is identical to what the binary releases are build from.

- Trust through transparency…

Show threadKevin Karhan Dec 12, 2023

@ravirockks Needless to say that only #transparency with #ReproduceableBuilds can enshure the #SourceCode is related to the #binary released.

And being able to audit oneself or choose any auditor of choice to do so is also critical to the whole #ITsec aspect of it.

You don't want people to be able to "pull rank" but instead you want critical code to be looked at with as many eyes as possible.