Soatok DreamseekerJun 18, 2025

I genuinely do not understand people who have deep fried opinions about Signal needing a goddamn phone number in 2025.

Many privacy nerds were outraged when you needed to give out a phone number to other people in order to talk with them. I was one of those nerds. They fixed that with the usernames rollout.

As a mobile phone app, Signal uses your phone number to bootstrap your enrollment into the protocol. This is literally the path of least resistance as an SMS replacement app, for most users.

If you want to know whether Signal can obtain enough metadata to target users that have enrolled, the answer is complicated.

The way profiles are encrypted, and how sealed sender works, makes any targeting seem infeasible. (Your profile key rotates, at mininum, when you block someone.)

Signal currently does not have IP addresses, etc. stored. If this changes in the future, it will not be retroactive. If you're worried about that, Molly boasts Tor support. Maybe that's fine. I haven't audited Molly, and won't.

Show threadSoatok DreamseekerJun 18, 2025

The people who tut-tut over the phone number requirement never articulate anything resembling a coherent threat model.

They also are quick to recommend alternatives with inferior cryptography.

Some days I just want to grab them by the shoulders and scream "SHUT THE FUCK UP YOU ARE HURTING PEOPLE" directly into their ears.

Show threadSoatok DreamseekerJun 18, 2025

"But if my threat model is Mossad, Signal could be forced to-"

No. Stop it. Your threat model isn't fucking Mossad--who could probably pwn half of the entire XMPP ecosystem with a single libxml2 zero-day. (Also maybe Matrix?)

"But my self-hosting"

Irrelevant.

"But jurisdiction"

You think Swiss privacy law will stop the CIA from doing another CryptoAG?

They probably have 10-20 of those floating around already. Private "no log" VPNs are an attractive target for that.

Show threadAndrey {.ru account};Jun 18, 2025
@soatok
A centralized service can go down, federated one cannot. So I still prefer self-hostable solutions over Signal, as they also have reliable cryptography.
Show threadSoatok DreamseekerJun 18, 2025

@darkcat09

A centralized service can go down, federated one cannot.

Tell that to the pawb.social outages.

So I still prefer self-hostable solutions over Signal, as they also have reliable cryptography.

No, they fucking don't.

Pawb.Social Announcements

Announcements about Pawb.Social from the Admin Team. DMs sent to this channel will be reviewed by the Pawb.Social Admin Team. For on-platform moderation issues, please use the report / appeal system on Mastodon / Lemmy instea

Telegram
Show threadAndrey {.ru account};Jun 18, 2025

@soatok

pawb.social

I mean, in a federated network you can just switch to a backup account on another server.
Or choose an instance in a specific country in case of strict censorship.

they don't

Yep, I read these posts. Matrix already switched to vodozemac which had security audits (not taking into account that most clients are unusable…)

Show threadMeko #nowarJun 18, 2025
@darkcat09 @soatok btw friendly reminder that emoji reactions in XMPP/Matrix are somewhy unencrypted. Lol

Imagine getting jailed in Russia for extremist rainbow or trans flag reaction to some message 
Show threadAndrey {.ru account};Jun 18, 2025

@yura
That's why you prefer DeltaChat? :)

@soatok

Show threadAndrey {.ru account};Jun 18, 2025

Btw, @soatok, Delta uses a Rust implementation of safe subset of OpenPGP

@yura

Show threadSoatok DreamseekerJun 18, 2025
@darkcat09 @[email protected] To that I offer the Delta devs a heartfelt "good luck".
Show threadMeko #nowar
Hmm. Looks like I'm blocked by @soatok or his server  

@darkcat09
Jun 18, 2025 at 10:22amWeb
Show threadMeko #nowarJun 18, 2025
Yeah, I'm definitely not shown at all at furry.engineer  

@soatok @darkcat09
Furry.Engineer - Duct tape, hotfixes, and poor soldering!

An instance aimed at techies and engineers of all types within the furry fandom, but anyone is welcome. We're an LGBTQ+ friendly community and aiming to offer a safe space for our users.

Mastodon hosted on furry.engineer
Show threadMirrorJun 18, 2025
@yura @soatok @darkcat09 looks like whole udongein.xyz are blocked. I am not surprised, tbh.
Udongein