Lauren WeinsteinGet a Signal account for secure communications. DO IT NOW.
Kevin Karhan 
@lauren no, because @signalapp is subject to #CloudAct (= incompatible with #GDPR & #BDSG if you ever care!) and collects #PII in the firirm of #PhoneNumbers, which are at best pseudonymous but trivial to track and at most means that people inviting others without their consent comitted an illegal disclosure if PII!
- Use real #E2EE with #SelfCustody of all the keys that isn't a #proprietary #SingleVendor & #SingleProvider solution that peddles a #shitcoin #scam!
Give #XMPP+#OMEMO a shot: @monocles / #monocles & @gajim / #gajim.
Signal's Terrible MobileCoin Betrayal
Cassandrich@kkarhan @lauren @signalapp @monocles @gajim This 👆 is pretty much all false, & bad security/privacy advice.
@dalias I sincerely disagree because none of my claims got debunked and no evidence against #XMPP+#OMEMO have come up to me as of today.
- @signalapp being a #centralized, #SingleVendor & #SingleProvider solution subject to #CloudAct by virtue of being located in the #USA WILL NOT JUST BLOW UP IN PEOPLES FACES, BUT GET PEOPLE KILLED under #Trumpism!
I hope to be proven wrong, but up until now I've always been at the position of saying #ToldYaSo!
- Whereas with @monocles you have way stricter #DataProtection (cuz there are no #DataProtevtionLaws in the #US that actually get enforced, otherwise #Musk's minions.would've been jailed of not killed for trespassing and hacking critical systems!) AND unlike #Signal, monocles doesn't demand any #PII whatsoever! https://infosec.space/@kkarhan/113999675511028742
I robot part 6 full movie.I told you so doesnt quite say it.flv
@kkarhan @signalapp @monocles @lauren Very few systems promoted as Signal alternatives match the cryptographic privacy properties (see: ratcheting, etc.) of Signal.
The claims about "located in the USA" and "Cloud Act" are all nonsense because the only threat to Signal users from this is availability (seizure and shutdown of the server infrastructure), not undetected breakage of privacy properties.
There are presently no systems with superior privacy properties to Signal *and* level of functionality on par with what general public expects. There are a lot (like the XMPP stuff, *sigh*, and Matrix) that are worse in both regards. If you're happy with reduced functionality, Cwtch (and possibly some other similar Tor-based systems) or VeilidChat are stronger, but it's gonna be a while before you convince normies to use them, and in the mean time they're still going to be on insecure shit like WhatsApp, FB Messenger, Telegram, etc...
pixelschubsi@dalias @kkarhan @signalapp @monocles @lauren
Some people like to make bold statements without verifying first.
The server *can* do malicious things (even targeted, so it maybe already is happening without anyone known) that result in exactly an "undetected breakage of privacy properties". Here's an issue about this, closed with the comment that privacy features are only best-effort with no guarantee: https://github.com/signalapp/Signal-Android/issues/13842
Signal silently falls back to "unsealed sender" messages if server returns 401 when trying to send "sealed sender" messages · Issue #13842 · signalapp/Signal-Android
Guidelines I have searched searched open and closed issues for duplicates I am submitting a bug report for existing functionality that does not work as intended This isn't a feature request or a di...
Also the blatant dismissal of absolitely basic #OpSec & #ComSec is just flabberghasting.
- It's inherently wrong to put all eggs in one basket and #Signal being not shut down like #SkyECC & #EncroChat makes it just as sus as #ANØM / #OperationIronside / #OperatioTrøjanShield and #CryptoAG / #MINERVA / #RUBIKON.
Only #decentralized, #OpenSource & #OpenStandards can actuall survive long-term and remain #secure.
- Otherwise we'd all gaslight ourselves into ignoring the hard lessions we learned that bought us to the #Fediverse and why we ain't on #Shitter or #tumblr or #BrownSky or #NSAbook (any more)!
It's the same reasons we use #PGPG/MIME & #SSH and not #X400 & #X25!
- Unlike with @signalapp one doesn't has to trust the provider or app. #XMPP+#OMEMO works regardless if you use @monocles or @gajim or do #SelfHosting and only trust code you wrote yourself...
IOW: Think "How can you weaponize Signal?" and see what you csn do just holding key people in contempt...
- And I'm not even talkibg about #Govware - #Backdoors and #MassSurveillance alike #Room651A, but just duely submitted warrants that @Mer__edith will comply with...
The less #info a provider has, the less they can be forced to snitch upon customers.
- So even if you don't give a shit that #CloudAct makes this a "#CantUse & #WintUse" (out of US-centrist privilegue to not comply #GDPR & #BDSG) for many, it's still dishonest.
"#JustUseSgnal!" is a form of dangerous "#TechPopulism" aimed at bamboozling #TechIlliterates who don't know better, abusing information asymetry to pull rank instead of investing the time and effort to *explain "how" and "why" this is indeed a good or bad idea.
- There's a reason why @tails_live / @tails / #Tails doesn't include #Signal and why I'll say it again that XMPP+OMEMO over @torproject / #Tor is the gold standard in terms of #privacy and #security when it comes to #ComSec that isn't #airgapped aka. "Airgapped PGP".
The only ones that have a chance to beat that are @delta / #deltaChat but that's just #PGP/MIME #eMail in a nice UI...
- You may now laugh at me and think my "#TinfoilHat sits too tight" but I'm shure sooner or later I'll be evidenced as correct...
Cassandrich (@[email protected])
@[email protected] @[email protected] @[email protected] @[email protected] Very few systems promoted as Signal alternatives match the cryptographic privacy properties (see: ratcheting, etc.) of Signal. The claims about "located in the USA" and "Cloud Act" are all nonsense because the only threat to Signal users from this is availability (seizure and shutdown of the server infrastructure), not undetected breakage of privacy properties. There are presently no systems with superior privacy properties to Signal *and* level of functionality on par with what general public expects. There are a lot (like the XMPP stuff, *sigh*, and Matrix) that are worse in both regards. If you're happy with reduced functionality, Cwtch (and possibly some other similar Tor-based systems) or VeilidChat are stronger, but it's gonna be a while before you convince normies to use them, and in the mean time they're still going to be on insecure shit like WhatsApp, FB Messenger, Telegram, etc...
@kkarhan I am completely disengaging from this conversation at the level of gratuitous @'ing and #'ing in that last post.
CpyJx 🍉> ... warrants that [@]Mer__edith will comply with...
For anyone else reading this - Signal already complies with the law. The neat thing is they basically collect no data so they have nothing of value to provide when they're compelled to do so: https://signal.org/bigbrother/
