@signalapp It's not #disinfo when one points out that you demand #PII aka. #PhoneNumbers from Users and that is literally a architectural vulnerability, alongside your #proprietary & #Centralized #Infrastructure.

• #Signal being a #SingleVendor & #SingleProvider #Solution is literally the reason why I consider it #insecure.

Not to mention the lack of @torproject / #Tor support with an #OnionService or the willingness to fulfill #cyberfacist "Embargoes" or shilling a #Shitcoin #Scam named #MobileCoin!

• #KYC is the illicit activity!!!

And don't get me started on the #cyberfacism that is #CloudAct.

• If you were secure, criminals would've used your platform so hard, it would've been shutdown like #EncroChat and #SkyECC.

I may nit have allvthe.evidence yet, but #Signal stenches like #ANØM: #Honeypot-esque!

@signalapp I disagree because your platform is #proprietary, #SingleVendor, #SingleProvider and doesn't allow for #SelfHosting, #SelfCustody of all the Keys and you demand #PII in the form of a #PhoneNumber which can be used.to track users down!

• If #Signal was as secure as claimed, it would've been shut down like #EncroChat, #SkyECC & others...

@ueeu I think crucial parts is looking at it's components, dependencies, size and for apps permissions.

• Also make shure it uses #OpenStandards, because #OpenSource can be just a "smoke grenade" when it's a #centralized, #proprietary, #SingleVendor & #SingleProvider solution.

#ReproduceableBuilds for example are important, so the actually released source code is what people actually get served as basis.

• Both of the latter points are something that @monocles / #monoclesChat does perfectly and that @signalapp completely fails at!

Plus in terms of #security, choose *real #E2EE with #SelfCustody of all the #Keys!

@lauren no, because @signalapp is subject to #CloudAct (= incompatible with #GDPR & #BDSG if you ever care!) and collects #PII in the firirm of #PhoneNumbers, which are at best pseudonymous but trivial to track and at most means that people inviting others without their consent comitted an illegal disclosure if PII!

• Use real #E2EE with #SelfCustody of all the keys that isn't a #proprietary #SingleVendor & #SingleProvider solution that peddles a #shitcoin #scam!

Give #XMPP+#OMEMO a shot: @monocles / #monocles & @gajim / #gajim.

1 2 3 4 5

@blog @sylv_a @viennawriter nur dass @signalapp auch nen #Shitcoin - #Scam und #proprietär|e #SingleVendor / #SinglePrivider - Lösung ist die unzulässig #PII wie #Telefonnummer|n verlangt!
https://www.youtube.com/watch?v=tJoO2uWrX1M

You use XMPP+OMEMO because you think it's neat.

I use XMPP+OMEMO because all centralized, single-vendor and/or single-provider messengers are inherently garbage, collect PII like phone numbers for no "legitimate reason" and don't offer proper End-to-End - Encryption with self-custody of all the keys, making them either honeypots or prime targets for warrants.

• We are not the same!

@rysiek also #Telegram - like @signalapp - demand and collect #PII like #PhoneNumbers which ain't possible to acquire anonymoisly in more and more juristictions.

• Plus, both are #centralized, #SingleVendor & #SingleProvider solutions that don't allow for #SelfCustody of all the keys nor #SelfHosting and thus violate #KerckhoffsPrinciple, meaning they are inherently #insecure.

Using #XMPP+#OMEMO by contrast is secure and adding @torproject / #Tor to tunnel it makes it even more anonymous.

• So don't expect any messenger to cover your 6, but instead go out of your way so that even when held at gunpoint, they can't decrypt comms!

Cnsider every #Messenger that doesn't #decentralize and support #Tor oit of tue box to be insecure!

@evacide NO, YOU CANNOT USE @signalapp@mastodon.world WITHOUT A PHONE NUMBER!!! *

They still require a phone number as they still do restrict the functionality of their App based off the phone number given!

Also we've all seen that #centralized, #SingleVendor & #SingleProvider solutions are inherently bad - so why should anyone use #Signal over #XMPP+#OMEMO or XMPP+#PGP/MIME ???

#Signal, like every provider in the #USA, is subject to #CloudAct ** and will obviously hand over the #metadata they collected without legitimate interest if told to do so. ***

After all, clients like @monocles ' #monoclesChat **** make XMPP w/ OMEMO and PGP/MIME extremely user-friendly...

Im many juristictions, you cannot legally obtain an anonymous prepaid SIM legally! *****


- - -

Sources:

* https://social.tchncs.de/@kuketzblog/111968247576555678

** https://en.wikipedia.org/wiki/CLOUD_Act

*** https://web.archive.org/web/20220112020000/https://twitter.com/thegrugq/status/1085614812581715968

**** https://f-droid.org/en/packages/de.monocles.chat/

*****
https://infosec.space/@kkarhan/111968383793566135

@fuchsiii @noxypaws @devopscats @josh Just because #MicrosoftTeams gradually forces changes and doesn't shove #UI & #UX #Enshittification from one day to the other down Users' throats like #Slack or #Discord doesn't make it less shitty...

All #centralized, #SingleVendor & #SingleProvder, #SaaS-only.solutions are bad.

@Mer__edith Well, it is up to us, by boycotting businesses that produce, research, use, employ, support, sell or buy that tech as well as consequently only accepting tech and solutions that make it hard if not nearly-impossible to do these kinds of #MassSurveillance...

This necessitates everything to be #OpenSource'd and #decentralized properly and refusal to use any #centralized #SingleVendor and/or #SingleProvider solution whatsoever...

@Mer__edith I think that @signalapp could've avoided most of these costs if they weren't a #centralized, #SingleVendor & #SingleProvider solution but instead aimed at #decentralization.

But that would not work for a #metadata-driven #Honeypot that is subject to #CloudAct and aims to lure #TechIlliterates into a false sense of #Security...

@Mer__edith Personally, @signalapp still collects way too much data and IMHO still has the same issues as all #centralized #SingleVendor & #SinlgeProvider solutions.

And considering #CloudAct and the ability as well as willingness of #Signal to enforce #Embargos, I'd just not trust it at all!

In fact, I'd call the #NSA and #FBI as "criminally incompetent" if they didn't place people within Signal...

@kobayashi90 very simple:
Like @protonmail they act as a #SingleVendor / #SingleProvider solution and @signalapp not only refuses to distribute their app as #sourcecode so @fdroidorg and others can actually release reproducible builds but they also don't make it #SelfHosting capable.

Not to mention their reliance of #GoogleAPIs and #centralization in the #USA and thus subject to #CloudAct as well as collecting #PhoneNumbers and being thus able and willing to do #Cyberfacism on behalf of US Gov.

@kobayashi90 I mean, we gotta have to inform the #TechIlliterates that may stumble upon this thread and they too need to be informed on ~why~ claims made by @protonmail, @signalapp and other #centralized #SingleVendor & #SingleProvider solutions are inherently wrong!

We can't complain about people being #'TechIlliterate without doing our part in reducing #TechIlliteracy and making people more #TechLiterate...

@evacide okay, you want it simple?

1. DONT' USE ANY #proprietary #SingleVendor / #SingleProvider and/or #unencrypted comms at all!

2. DON'T TALK TO ANYONE WHO ISN'T LEGALLY FORCED UNDER THREAT OF JAIL AND LIFELONG UNEMPLOYABILITY TO STFU EVEN TOWARDS COPS & JUDGES!

3. STFU!

4. Act plausibly deniable!

5. Don't take anything that can and thus will be used to track you - including any mobile phones - even switched off!

6. Use @torproject #TorBrowser to look up stuff!

@aurynn @HopelessDemigod no, they ain't, because #Signal is a #SingleVendor / #SingleProvider solution and thus will implement #Govware #Backdoors as per #CloudAct and regular "#LawfulInterception" laws required...

https://twitter.com/thegrugq/status/1085614812581715968

@evacide And that's why I refuse to use insecure aka. all #SingleVendor & #SingleProvider solutions and demand the same from my contacts or refuse to allow them to add me to anything.