@Avitus @gettie That is not a valid solution as they still demand a #PhoneNumber which in more and more juristictions you cannot obtain legally without self-doxxing to the providers if not government!

• Demanding #PhoneNumbers IS the illixit activity and big red flag!

@lackthereof no, it's not because unlike #Phones and #PhoneNumbers, #eMail is not necessarily traceable by circumstances.

• Because a Phone "Line" (regardless of whether it's POTS, ISDN, VoIP, GSM, VoLTE, …) and #telephony in general are designed for realtime communication, they inherently necessitate an active, ongoing connection.
  • Even if it's just some App/PBX/… to connect to the provider and constantly state "I am on the network and able to recieve calls!" (with PSTN networks, there a physical line that gets assumed to have a phone connected)…

Whereas with eMail (and any #asynchronous #communication) you don't have that requirement.

• So unless the provider is being taken over or otherwise "cooperative" there's no means for a sender to know where, when and how a message was retrieved unless the recipient wants the sender to know of it!
  • Besides, even if you don't have an eMail provider like cock.li which natively supports @torproject / #Tor useage with an #OnionService, unless said provider explicitly prevents you from doing so, you can use not just Tor but also other techniques to make it extremely hard (not necessarily impossible, but at least unfeasible at scale!) to get tracked down.
  • In fact, you could even use #Sneakernet - Style distribution through "#MeatProxies" and #DeadDrops (aka. #dr0p) to further twart tracing attempts.

Or to put it simple:

• You can ring up someone and thus circumstantially verify the chain of #PhoneNumber -> #IMSI -> #ICCID -> #SIM -> #IMEI -> Device -> Location -> Owner quite quickly.
  • Whereas you can't positively verify whether an eMail address and/or #XMPP+#OMEMO account belongs to me unless I want you to know that it does!

So either way a phone number is just a horrible means of doing that.

• And don't even get me started on the fact that legally speaking noone truly owns their number.
  • Because even if you got some spechal case number (like UPT was) you still depend on neither regulators nor telcos to not block or otherwise interfere with it. Which is in contrast to say an OnionService which can only be shutdown effectively by sabotage aka. (more or less figurately) "unplugging" it.

I mean, it's not as if I didn't gave @signalapp a fair chance.

• I wanted #Signal to be good - honestly...
  • But I'm old enough that things rarely are that simple as #TechPopulism & #Propaganda claim it to be.
  • Just like 5th grade #SexEd is not a substitute for Endocrinology, Gynecology and Andrology and actually licensed, medical professionals.

So any #Messenger service that requires a #Phone Number for signup and/or useage is truly not a real replacement and inherently makes PROVEN WRONG assumptions [i.e. that it is legal and possible to obtain a phone number anonymously at someone's juristiction] about it's customers' ability to shield their privacy…

• Cuz all the "#Metadata" claims of Signal are complete #MarketingLies by virtue of them storing a Phone Number and not just being (as per admission by @Mer__edith) 'hard locked-in' with #aws but also subject to #CloudAct.
• They certainly are not deploying real #E2EE cuz you neither get #SelfCustody nor #SelfHosting and have to blindly trust them (aka. "#TrustMeBro!") that what they release as #SourceCode is actually what they deploy.
  • It's like all those "#VPN" shillings which one cannot verify to be true or false!

THIS is why I am going fucking ballistic on #TechPopulism aiming at #TechIlliterates because it's spreading a "false sense of #security" whilst completely disregarding absolute fundamentals when it comes to the underlying systems.

• And I don't mean shit like #Govware of the #SS7 kind, but absolute basics in #ITsec, #InfoSec, #OpSec & #ComSec that every @cryptoparty / @cryptoparty / #CryptoParty worth it's name touches on.
  • Signal can't and won't save peoples' asses and the sooner we realize that "complex problems are hard to fix" the less we waste Resources on #HoneyPots that stench like #CrytpoAG & #ANØM!

@divVerent The problem is that @signalapp mandates #PII like #PhoneNumbers, which is critical for said #phishing...

• If they actually did their infrastrutre setup correctly, this would not have been possible in the first place - ffs!
  • That's why I've never even seen nor heard of any #PhishingAttacks on #XMPP+#OMEMO because you don't have to self-d0x to a #centralized, proprietary, #SingleVendor & #SingleProvider messenger which can't even be assed to get their garbage off #aws!

#Signal can spout all their "#Metadata" - #FUD all day but in the end they fall under #CloudAct and will snitch on users because if they didn't it would've been a statistical inevitability that @Mer__edith and #Moxie would've been in jail and Signal shutdown like #EncroChat was.

• Make of that what you will, but demanding a #PhoneNumber [which is either directly ("#KYC!") or indirectly / circumstantially linked to a person should be seen as *THE BIGGEST RED FLAG for any service.
  • It's like asking for an #ID at a store not as means to "verify age" with like a #DOB & Photo on something not trivial to forge but rather demanding someone's address just to buy a beer!

@benroyce @FQQD I know the details:

@signalapp are criminally incompetent like #EncroChat at best if not a #HoneyPot like #ANØM aka. #OperationIronside aka. #OperationTrøjanShield...

#Signal #Govware #incompetence #PII #PhoneNumbers #ToldYaSo

@signalapp those attacks.would've not.been successful if you weren't a #proprietary, #centralized, #SingleVendor / #SingleProvider "solution" that doesn't do #SelfCustoy of all the.keys nor allows for #SelfHosting nor demands #PII like #PhoneNumbers that can be leveraged for that.

• You know what I need to use @monocles / #monoclesChat or @gajim / #XMPP+#OMEMO?
  • Internet connection and an account on any server.

Can't #phish if one doesn't have credentials for #phishing attacks ffs!

• Can't get #phished if noone demands, stores, process or even demands such details in the first place!

Also which #Government is that incompetent to not be able to setup their own comms?

@nono2357 I disgree re: @signalapp / #Signal because it being a #SingleVendor & #SingleProvider 'solution' that by @Mer__edith 's own admission is hard locked-in at #aws and thus doubly subject to #CloudAct makes it a horrible choice, as they also collect #PII (in the form of #PhoneNumbers) and still peddle a #Shitcoin that even #Cryptocurrency expert users like @techlore can't even get to work.

https://www.youtube.com/watch?v=0DSGq9FQKU4
https://www.youtube.com/watch?v=tJoO2uWrX1M

• Sorry, but I'd rather stick with real #E2EE ( = self-custody of all the keys) and use @delta / #deltaChat, @monocles / #monoclesChat & @gajim cuz that I can fully #SelfHost and thus control!

@VD15 also #PizzaHut treats #PhoneNumbers as immuteable cistimer details, so yeah, that is a thing.

See r/ #SoftwareGore !