Mastodawn

Anyone who expects me to install yet another app for their garbage can kindly fuck off!

Fix your shit and give me a compelling reason to even consider making an account in the first place.

I won't but seeing folks who actually take privacy serious and thus have their #cameras removed from their #Android device struggle makes me fucking angry.

By comparison: @monocles / #monoclesChat has actually good #support and they don't ask for #PII like a #PhoneNumber and allow for #SelfCustody of all the keys.

Personally, I wished @delta / #deltaChat had a plugin for like @thunderbird / #Thunderbird so that it can be used as #Chat in it and sort the inbox. Would make it the superior solution for #corporations that already have #eMail #Archival setup for legal compliance…

Kevin Karhan :verified: (@kkarhan@infosec.space)

One thing that really pisses me off personally is the #regression in terms of #Messenger #Apps. My personal distaste and dislike for #proprietary, #SingleVendor & #SingleProvider #services like #Signal [¹](https://infosec.space/@kkarhan/114234551915193036) [²](https://infosec.space/@kkarhan/114935952643402592), #Telegram, #Discord [³](https://infosec.space/@kkarhan/114865723904157014) [⁴](https://social.treehouse.systems/@krutonium/115157611977216372), #WhatsApp [5](https://infosec.space/@kkarhan/114873895410403238), #Slack, #MicrosoftTeams, etc. aside: - *WHY* is there no #CrossProvider #Messenger to handle that shite? - *WHY* does everyone of these shitty providers think people want to download their #bloated #WebApp that takes up triple digit Megabytes if not entire Gigabytes and will gobble up all the #RAM and #CPU each of them can?? This problem ain't new and *already got [solved for corporate social media](https://infosec.space/@kkarhan/114862619013462466) ages ago!* (Not to mention actually good messengers!) - And no, [bridges](https://toots.ch/@dalai/114862754556459439) *[don't](https://swecyb.com/@troed/114862774972645542) count*! - I mean `API 0` - [style](https://digipres.club/@foone/112685423773959519) access because obviously [none of the platforms](https://digipres.club/@foone/112685414638522984) will *allow, endorse or support such an endeavour* and [*actively fight the developers and users*](https://digipres.club/@foone/112685441496803574) ! So yeah, consider this a call for a @gajim@fosstodon.org / #Gajim or @pidgin@fosstodon.org / #Pidgin *for garbage platforms!* - Cuz back in the day we had *way worse messengers* yet people actually made #AIM, #ICQ, #MSN, #QQ, #IRC & #XMPP work just fine from one single *"phat" client*! - Can we please get that back? Cuz #WastefulComputing pisses me off! #api0 #Enshittification

Infosec.Space

Also why doesn't @signalapp / #Signal just accept a #screenshot of said #QRcode as a means to authenticate?

Seriously, there's no valid reason they can't do it like #Telegram and just send a message in-app to ask:

"Do you want to add/authenticate [instert device name here] at [IP Address]? Here's a unique pairing code to enshure that's correct!"

Like the #UX is worse than early versions of #OTR on #Pidgin back in those days...

adison verlice Jul 29

@kkarhan @signalapp I think telegram Is just a dumpster fire these days. They're less secure Then all the other encryption apps at least when it comes to the encryption algorithms.

@adisonverlice ALL #SingleVendor, #SingleProvider #Messengers that are #proprietary by virtue of not having everything #FLOSS'd are inherently bad.

#Telegram is obviously just a slopps #honeypot. @signalapp's @Mer__edith at least knows how to professionally lie in front of an audience like the fmr. #CryptoAG #CEO did.

If that shit was actually secure, it would've been abused so hard that she'd be in jail for refusing to comply with #CloudAct and duely issued warrants as well as being complicit in the "abuse" of said platform.

thaddeus e. grugq on Twitter

“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo https://t.co/Q2aOQJkG4g”

Twitter

adison verlice Jul 29

@kkarhan @signalapp @Mer__edith Yeah. Makes me Want to know why exactly The trump administration used signal for classified documents. In fact I actually have a memo from the defense digital service which tells DOD people *not* to use Signal for classified documents. If you want it I can give it to you it's public.

@adisonverlice worse even is that they didn't just use @signalapp but a shady #3rd party client so in this case it's NOT @Mer__edith et. al. who are to blame, but the folks that REFUSED TO ENFORCE #ITsec & #ComSec!

Cuz there's a reason they got hired and paid to say "no" and why there's a full suite of dedicaded, applianced hardware for any sensituve comms!

But then again #AgentKrasnov is an #InfoSec, #OpSec & #NatSec nightmare!

adison verlice Jul 29

@kkarhan @signalapp @Mer__edith Yeah. And tell me if I'm wrong because I could well be, you seem to know more than I do in terms of signal, but hasn't their protocol and their server code or whatever been out of date for a while? Again tell me if I'm wrong.

📎Nick

Jul 30

@adisonverlice I think the (released) open source server code was outdated for some time, however right now it seems to be pretty up-to-date: https://github.com/signalapp/Signal-Server
@kkarhan @signalapp @Mer__edith

GitHub - signalapp/Signal-Server: Server supporting the Signal Private Messenger applications on Android, Desktop, and iOS

Server supporting the Signal Private Messenger applications on Android, Desktop, and iOS - signalapp/Signal-Server

GitHub