Matthew GarrettTwitter's new encrypted DM system stores your private key material on Twitter-owned services, protected with nothing more than a 4-digit PIN. If hostile, or if legally compelled to, Twitter could easily decrypt all your messages. It's also MITMable and doesn't secure metadata. Use Signal.
Andy Mouse@mjg59 Sometimes I wish folks would stop recommending Signal as a 'secure' alternative.
It's another centralised service based in the US. 🙄
Collecting your phone number. 🙄
@andymouse read the protocol docs. There is no trust placed in the server.
@mjg59 Nah, don't need to. Fully centralised, processes phone numbers, based in the US. Gag order.
Or are you saying phone numbers are never touching Signal's servers? Then why do I need to enter one?
Or that my phone number isn't tied to my account? Then how can I verify my account with it?
If Signal wanted to be private then phone numbers are optional and I can set up a Signal server in my living room.
But... It's not. Never was about that.
@andymouse read the docs or stop speaking, you're not equipped to have a position here
@mjg59 mhmm 🥱 let's talk in a few years