Kevin Karhan Jul 29, 2025

My reservations and criticism re: #Signal are not just valid, but the reality is even worse than I thought:

  • The fact that @signalapp requires not only their shitty #Android #App, and a #PhoneNumber but literally won't allow people to use their shitty #Desktop-App unless they have an Android device with a camera pointed at it makes it utterly unuseable for certain users who don't have a fucking #camera in their Android

Seriously, do they expect folks to deal with that shit?

  • It's already worse in terms of #UX than #telegram and #discord and that too makes #XMPP+#OMEMO clients like @monocles / #monoclesChat & @gajim / #gajim easier and faster to onboard #TechIlliterates onto.
  • Whichever asshole decided that a replacement for #SMS should mandate #PII like a #PhoneNumber & not be natively cross-platform should be banned from doing any #tech in their life. Trying to circumvent this shit and helping folks with it makes me so fucking angry that I'm now explicitly refusing to support it!

FIX THAT SHIT, @Mer__edith, and if it means you need to kick some devs in their crouch then consider this a necessary "investment"

#sarcasm #TechSupport #TalesFromTechSupport #Enshittification #SignalSucks #TelegramSucks #Messengers

Kevin Karhan :verified: (@[email protected])

Content warning: Rant re: Signal Shills being dangerous Tech Illiterates

Infosec.Space
Show threadKevin Karhan Jul 29, 2025

Anyone who expects me to install yet another app for their garbage can kindly fuck off!

  • Fix your shit and give me a compelling reason to even consider making an account in the first place.

I won't but seeing folks who actually take privacy serious and thus have their #cameras removed from their #Android device struggle makes me fucking angry.

Personally, I wished @delta / #deltaChat had a plugin for like @thunderbird / #Thunderbird so that it can be used as #Chat in it and sort the inbox. Would make it the superior solution for #corporations that already have #eMail #Archival setup for legal compliance…

Kevin Karhan :verified: (@[email protected])

One thing that really pisses me off personally is the #regression in terms of #Messenger #Apps. My personal distaste and dislike for #proprietary, #SingleVendor & #SingleProvider #services like #Signal [¹](https://infosec.space/@kkarhan/114234551915193036) [²](https://infosec.space/@kkarhan/114935952643402592), #Telegram, #Discord [³](https://infosec.space/@kkarhan/114865723904157014) [⁴](https://social.treehouse.systems/@krutonium/115157611977216372), #WhatsApp [⁵](https://infosec.space/@kkarhan/114873895410403238), #Slack, #MicrosoftTeams, #discord [⁶](https://infosec.space/@kkarhan/116063760849048926)[⁷](https://infosec.space/@kkarhan/115736223551632209) etc. aside: - *WHY* is there no #CrossProvider #Messenger to handle that shite? - *WHY* does everyone of these shitty providers think people want to download their #bloated #WebApp that takes up triple digit Megabytes if not entire Gigabytes and will gobble up all the #RAM and #CPU each of them can?? This problem ain't new and *already got [solved for corporate social media](https://infosec.space/@kkarhan/114862619013462466) ages ago!* (Not to mention actually good messengers!) - And no, [bridges](https://toots.ch/@dalai/114862754556459439) *[don't](https://swecyb.com/@troed/114862774972645542) count*! - I mean `API 0` - [style](https://digipres.club/@foone/112685423773959519) access because obviously [none of the platforms](https://digipres.club/@foone/112685414638522984) will *allow, endorse or support such an endeavour* and [*actively fight the developers and users*](https://digipres.club/@foone/112685441496803574) ! So yeah, consider this a call for a @[email protected] / #Gajim or @[email protected] / #Pidgin *for garbage platforms!* - Cuz back in the day we had *way worse messengers* yet people actually made #AIM, #ICQ, #MSN, #QQ, #IRC & #XMPP work just fine from one single *"phat" client*! - Can we please get that back? Cuz #WastefulComputing pisses me off! #api0 #Enshittification

Infosec.Space
Show threadKevin Karhan Jul 29, 2025

Also why doesn't @signalapp / #Signal just accept a #screenshot of said #QRcode as a means to authenticate?

  • Seriously, there's no valid reason they can't do it like #Telegram and just send a message in-app to ask:

"Do you want to add/authenticate [instert device name here] at [IP Address]? Here's a unique pairing code to enshure that's correct!"

Like the #UX is worse than early versions of #OTR on #Pidgin back in those days...

Show threadadison verliceJul 29, 2025
@kkarhan @signalapp I think telegram Is just a dumpster fire these days. They're less secure Then all the other encryption apps at least when it comes to the encryption algorithms.
Show threadKevin Karhan Jul 29, 2025

@adisonverlice ALL #SingleVendor, #SingleProvider #Messengers that are #proprietary by virtue of not having everything #FLOSS'd are inherently bad.

If that shit was actually secure, it would've been abused so hard that she'd be in jail for refusing to comply with #CloudAct and duely issued warrants as well as being complicit in the "abuse" of said platform.

thaddeus e. grugq on Twitter

“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”

Twitter
Show threadadison verliceJul 29, 2025
@kkarhan @signalapp @Mer__edith Yeah. Makes me Want to know why exactly The trump administration used signal for classified documents. In fact I actually have a memo from the defense digital service which tells DOD people *not* to use Signal for classified documents. If you want it I can give it to you it's public.
Show threadKevin Karhan Jul 29, 2025

@adisonverlice worse even is that they didn't just use @signalapp but a shady #3rd party client so in this case it's NOT @Mer__edith et. al. who are to blame, but the folks that REFUSED TO ENFORCE #ITsec & #ComSec!

  • Cuz there's a reason they got hired and paid to say "no" and why there's a full suite of dedicaded, applianced hardware for any sensituve comms!

But then again #AgentKrasnov is an #InfoSec, #OpSec & #NatSec nightmare!

Show threadadison verlice
@kkarhan @signalapp @Mer__edith Yeah. And tell me if I'm wrong because I could well be, you seem to know more than I do in terms of signal, but hasn't their protocol and their server code or whatever been out of date for a while? Again tell me if I'm wrong.
Jul 29, 2025 at 10:37amWeb
Show threadKevin Karhan Jul 29, 2025

@adisonverlice @signalapp @Mer__edith yes.

They ain't #FLOSS and I'd not count on their released code to be true because it cannot be verified that it is in fact the infrastructure they run off.
https://www.youtube.com/watch?v=tJoO2uWrX1M

Signal's Terrible MobileCoin Betrayal

YouTube