@kkarhan@anelki I do agree to some extent.
#PGP/MIME & #XMPP+#OMEMO keep the coversation contents secure, but merely encrypting messages is just 10% of #ComSec!
Like: If you use some garbage Android 8.1 device that never got security updates then you can use #Signal all day and that won't protect ya ass!
- Speaking of @signalapp, the same as with any #eMail provider or #Messenger applies:
none of them will refuse to comply with a duely submitted subopena [web.archive.org], otherwise @Mer__edith would already be in prison.
- And Signal, like all #centralized, #SingleVendor & #SingleProvider #Messengers collects #PII [#PhoneNumber!] with no legitimate reason and is subject to #CloudAct, which is inherently incompatible with #GDPR & #BDSG...
@kkarhan@anelki if @signalapp in general and @Mer__edith in specific were honest, she'd point out that #Signal isn't and won't ever be #secure as it doesn't allow for #SelfCustody.
- Something that @monocles / #monoclesChat 1 [docs.monocles.eu], @gajim / #gajim [#XMPP+#OMEMO] and @thunderbird / #Thunderbird as well as @delta / #deltaChat [#PGP/MIME] offer by default...
@kkarhan@anelki the only ones that believe in "#SecureEmail" after #DNMX, #SkyECC, #EncroChat, #ANØM aka. #OperationIronside aka. #OperationTrøjanShield are #TechIlliterates!
Use #OfflinePGP-Method [www.youtube.com] or @tails_live / @tails / #Tails or don't even bother!!!
@kkarhan@infosec.space@anelki cuz if #Signal and/or #WhatsApp actually had good encryption, they'd be shutdown due to #NonCompliance with #CloudAct and their staff would be jailed for #ITAR violations...
- Then again even if WhatsApp technically [www.youtube.com] does #E2EE that doesn't mean it has to be good or secure.
If I use RSA-128 to generate the keys for AES-256 then it's technically E2EE but even the worst-equipped police force can read the comms basically in realtime!