@TheMorpheus Merke: alle #zentralsiert|en, #SingleVendor und/oder #SingleProvider - Dienste sind inhärent unsicher und shice.

Egal ob #threema, #Signal, #discord, oder wasauchimmer...

@divVerent The problem is that @signalapp mandates #PII like #PhoneNumbers, which is critical for said #phishing...

• If they actually did their infrastrutre setup correctly, this would not have been possible in the first place - ffs!
  • That's why I've never even seen nor heard of any #PhishingAttacks on #XMPP+#OMEMO because you don't have to self-d0x to a #centralized, proprietary, #SingleVendor & #SingleProvider messenger which can't even be assed to get their garbage off #aws!

#Signal can spout all their "#Metadata" - #FUD all day but in the end they fall under #CloudAct and will snitch on users because if they didn't it would've been a statistical inevitability that @Mer__edith and #Moxie would've been in jail and Signal shutdown like #EncroChat was.

• Make of that what you will, but demanding a #PhoneNumber [which is either directly ("#KYC!") or indirectly / circumstantially linked to a person should be seen as *THE BIGGEST RED FLAG for any service.
  • It's like asking for an #ID at a store not as means to "verify age" with like a #DOB & Photo on something not trivial to forge but rather demanding someone's address just to buy a beer!

@signalapp those attacks.would've not.been successful if you weren't a #proprietary, #centralized, #SingleVendor / #SingleProvider "solution" that doesn't do #SelfCustoy of all the.keys nor allows for #SelfHosting nor demands #PII like #PhoneNumbers that can be leveraged for that.

• You know what I need to use @monocles / #monoclesChat or @gajim / #XMPP+#OMEMO?
  • Internet connection and an account on any server.

Can't #phish if one doesn't have credentials for #phishing attacks ffs!

• Can't get #phished if noone demands, stores, process or even demands such details in the first place!

Also which #Government is that incompetent to not be able to setup their own comms?

@DanielLuecking Angesichts dessen dass @signalapp ein zentralisierter #SingleVendor & #SingleProvider - #Chat-Anbieter ist betrachte ich es als deren Versagen.

• Ist ja nicht wie #XMPP+#OMEMO oder #eMail, und selbst da sind #Domains vergleichsweisr gut um dinge abzuschätzen.
• Zumindest Keywords wie "#Support" könnte #Signal reservieren bzw. in deren "Nutzernamen"-Vergabe abhängig von #Verifikation machen.
  • Also so wie #Shitter bevor #Musk den Laden mit Vollgas enshittified hatte…

@pinkforest thus the only correct reaction is multiple approaches:

• Refuse to use #centralized, #proprietary, #SingleVendor & #SingleProvider solutions.
• #SelfHost (or pay someone to host it for you!)
• encrypt harder
  • Put your chat on @torproject / #Tor i.e. use #OnionShare)
  • refuse any "#KYC" aka. "#AgeVerification" as a matter of principle!

Otherwiae we get the #Enshittification cycle going...

@novet @ambiguous_yelp I'll never trust any #SingleVendor and/or #SingleProvider solution, but demand real #E2EE with #SelfCustody and #SelfHosting capability as #FLOSS with reproduceable builds…

• Something #Signal can't and won't deliver as a matter of principle!

https://infosec.space/@kkarhan/114935952643402592

Unlike #monoclesChat, #gajim (#XMPP+OMEMO) & #deltachat as well as #Thunderbird!

@nono2357 I disgree re: @signalapp / #Signal because it being a #SingleVendor & #SingleProvider 'solution' that by @Mer__edith 's own admission is hard locked-in at #aws and thus doubly subject to #CloudAct makes it a horrible choice, as they also collect #PII (in the form of #PhoneNumbers) and still peddle a #Shitcoin that even #Cryptocurrency expert users like @techlore can't even get to work.

https://www.youtube.com/watch?v=0DSGq9FQKU4
https://www.youtube.com/watch?v=tJoO2uWrX1M

• Sorry, but I'd rather stick with real #E2EE ( = self-custody of all the keys) and use @delta / #deltaChat, @monocles / #monoclesChat & @gajim cuz that I can fully #SelfHost and thus control!

@stman @theruran @50htz @vidak @forthy42 @brume @gorekhaa so yeah, we need a modern equivalent of the original PX-1000, something that isn't an overly complex and backdoored shitbox, but that is simple af.

With options for:

• PS/2 [or USB] Keyboard
• serial (thermal) printer
• parallel (20x4) LC-Display (or Braille Screen)
• acoustic modem (AFSK, using 3,5mm TRRS connector and adapters to line in/out and RJ-9 (handset)/RJ-11 (POTS/PSTN) phone.
• IrDA & Consumer-IR & QR-code reader module for public key exchange
• SDR reciever/transmitter (for paging).

Basically a encryption/decryption unit that has:

• User input [PS/2](keyboard, QR-Code reader)
• User output [Screen, Printer]
• Remote input [IR, IrDA, Modem, SDR-Reciever]
• Remote output [IR, IrDA, Modem, SDR Transciever]

Something that just acts as a "Clear Box" (aka. "black box", but transparent) to do critical comms. Something that literally wipes it's memory after use and doesn't store anything on it, but requires the user to keep their key safe!

You know, something that looks like a sleek communicator and isn't a proprietary shitbox that depends on *"#TrustMeBro!" - #centralized, #SingleVendor / #SingleProvider architecture!*…

@Soeren_loeg the fact that @signalapp not only does "#KYC with extra steps" by mandating a #PhoneNumber to this day as well as being solely under #CloudAct whilst basically being a #centralized, #proprietary, #SingleVendor & #SingleProvider solution makes them the ideal candidate for a longterm #HoneyPot like #ANØM aka. #OperationIronside aka. #OperationTrøjanShield.

• By the sheer size of users, it's a statistical inevitability that they got #Subopena'd and since they don't implement real #E2EE (with #SelfCustody of all the keys!) @Mer__edith would be in jail *if there wasn't a #Govware #backdoor as mandated per telco laws in every juristiction (see "#LawfulInterception!")…

Not to mention #Signal ticks way too many "#sus" boxes…