🌸 lily πŸ³οΈβ€βš§οΈ   ΞΈΞ” ⋐ & ∞Feb 2
just a reminder β€” do NOT do things you don't want your admin seeing in direct messages. if you want to, ask that person for an end-to-end encrypted messaging service like signal or matrix.
Show threadKevin Karhan Feb 2

@tauon Actually, you want to use a truly secure as in real #E2EE solution like #XMPP+#OMEMO as in @monocles / #monoclesChat and @gajim /#gajim...

monocles (@monocles@monocles.social)

Attached: 1 image ❗ News πŸ“£ : For the global switch day monocles chat will be available for free in the Playstore (01.02. - 07.02.): https://play.google.com/store/apps/details?id=eu.monocles.chat Take your chance and switch to the XMPP network #globalswitchday #XMPP #monocles #monocleschat #messenger #chat #jabber #otr #omemo #pgp #opensource #openpgp #sustainability #e2ee #endtoendencryption #privacy #security

Mastodon
Show thread🌸 lily πŸ³οΈβ€βš§οΈ   ΞΈΞ” ⋐ & ∞Feb 2
@kkarhan signal is more secure than xmpp+omemo
Show threadKevin Karhan Feb 2
@tauon no, it is not because it is a #Centralized, #proprietary, #SingleVendor & #SingleProvider solution subject to #CloudAct that collects #PII like #PhoneNumbers, which makes it inherently less secure, as they are able and willing to restrict access as they please.
Show thread🌸 lily πŸ³οΈβ€βš§οΈ   ΞΈΞ” ⋐ & ∞Feb 2

@kkarhan

centralisedtbh i agree, i don't like that signal is centralised, but that isn't insecure, it's just an anti-featureproprietaryno it isn't, every element of signal is open sourcesubject to cloud actwhat is that? are you talking about subpoenaing of information? they legally have to do that anyway, and can't give anything except for the account creation date and the date that the account was last accessedcollects pii like phone numbersi'm pretty sure they don't

signal is more secure than anything you've mentioned because on signal, encryption is not optional. any service where encryption is optional is not secure.

Show threadKevin Karhan 

@tauon

1) #CloudAct is just #CyberFacism, look it up!
https://en.wikipedia.org/wiki/CLOUD_Act

-

2) @signalapp 's #Server code is proprietary and since it's centralized we can't trust that the code they release is what's running on their backend!

-

3) #Signal still demands #PhoneNumbers which are #PII either by association (#Number => #ICCID = #SIM = #IMSI => #IMEI => Location Data as I explained beforetwice) or mandatory #KYC / #ID requirements (even on prepaid cards), which an increasing amount of juristictions do...

-

But don't take my word for it.
https://www.youtube.com/watch?v=tJoO2uWrX1M

CLOUD Act - Wikipedia

Feb 3 at 12:20amWeb
Show threadKevin Karhan Feb 3

@tauon Also what goid is an encryption like @signalapp is you don't have #SelfCustody of all the keys?

  • Shure you could disable encryption but @monocles shows you when it's active and when not and comes with sensible defaults like having #OMEMO active per default...

I can setup over a dozen #TechIlliterates 1:1 with #XMPP accounts and #monoclesChat & @gajim / #gajim in the time it takes me to get a #nonKYC #eSIM from overseas with a phone number as mandated by @signalapp and maintaining that number for #Signal will easily cost like $2,50 p.m. at minimum.

  • Whereas a Data-only eSIM is way faster and cheaper to get and maintain.

In fact even legitimately acquiring and registering a #Prepaid #SIM in-store in #Germany takes longer than setting up #Fdroid & monocles chat & a XMPP account whilst on throttled #EDGEland speeds...

https://possum.city/notes/a3rt4nzbn11z01vi

🌸 lily πŸ³οΈβ€βš§οΈ :flag_pansexual: :flag_ace: ΞΈΞ” ⋐ & ∞ (@tauon)

@kkarhan@infosec.space > centralised tbh i agree, i don't like that signal is centralised, but that isn't insecure, it's just an anti-feature > proprietary no it isn't, every element of signal is open source > subject to cloud act what is that? are you talking about subpoenaing of information? they legally have to do that anyway, and can't give anything except for the account creation date and the date that the account was last accessed > collects pii like phone numbers i'm pretty sure they don't signal is more secure than anything you've mentioned because on signal, encryption is not optional. any service where encryption is optional is not secure. RE: @tauon@possum.city no, it is not because it is a #Centralized, #proprietary, #SingleVendor & #SingleProvider solution subject to #CloudAct that collects #PII like #PhoneNumbers, which makes it inherently less secure, as they are able and willing to restrict access as they please. RE: ...

Possum City