Posts and replies

@fj I still think @signalapp has fundamental flaws like demanding #PII (#PhoneNumbers can't be obtained anonymously around the globe and are trivial to track down to devices and thus users), being subject to #CloudAct as an unnecessary & 100% avoidable risk as well as #Shitcoin-#Scam shilling (#MobileCoin) and it's #proprietary, #SingleVendor & #SingleProvider nature that makes it inferior to real #E2EE with #SelfCustody like #PGP/MIME & #XMPP+#OMEMO!

@kkarhan@infosec.space @fj@mastodon.social some of these are issues, but to be real the suggestion to use PGP and MIME instead of signal is laughable, not only is it nonviable as a replacement, but also is just bad to deal with and use in comparison

firstly, try to achieve similar security as signal with only PGP (or OMEMO), secondly after pulling off that technically impossible feat, try to use it without causing 100x more avoidable security issues than signal does right now

after doing that I think you can appreciate that although signal has many flaws (phone numbers being my biggest issue with them) they are actually still doing state-of-the-art security/privacy/cryptography services and can't easily be replaced by random other tools like this lol

@froge @kkarhan @fj Also XMPP is just bad, not only from a security standpoint (which I trust security experts on, not being one myself) but also as a protocol designed... before smartphones, basically. Being totally married to being connection- instead of session-oriented is basically why Matrix exists, at all.