Get a Signal account for secure communications. DO IT NOW.
@kkarhan@lauren no, because @signalapp is subject to #CloudAct (= incompatible with #GDPR & #BDSG if you ever care!) and collects #PII in the firirm of #PhoneNumbers, which are at best pseudonymous but trivial to track and at most means that people inviting others without their consent comitted an illegal disclosure if PII!
- Use real #E2EE with #SelfCustody of all the keys that isn't a [www.youtube.com] #proprietary #SingleVendor & #SingleProvider solution that peddles [www.youtube.com] a #shitcoin #scam!
Give #XMPP+#OMEMO a shot: @monocles / #monocles & @gajim / #gajim.
1 [docs.monocles.eu] 2 [docs.monocles.eu] 3 [docs.monocles.eu] 4 [monocles.eu] 5 [monocles.chat]
@kkarhan @lauren @signalapp @monocles @gajim This 
is pretty much all false, & bad security/privacy advice.
@kkarhan@dalias I sincerely disagree because none of my claims got debunked and no evidence against #XMPP+#OMEMO have come up to me as of today.
- @signalapp being a #centralized, #SingleVendor & #SingleProvider solution subject to #CloudAct by virtue of being located in the #USA WILL NOT JUST BLOW UP IN PEOPLES FACES, BUT GET PEOPLE KILLED under #Trumpism!
I hope to be proven wrong, but up until now I've always been at the position of saying [www.youtube.com] #ToldYaSo!
- Whereas with @monocles you have way stricter #DataProtection (cuz there are no #DataProtevtionLaws in the #US that actually get enforced, otherwise #Musk's minions.would've been jailed of not killed for trespassing and hacking critical systems!) AND unlike #Signal, monocles [monovles.eu] doesn't demand any #PII whatsoever! https://infosec.space/@kkarhan/113999675511028742
@kkarhan @signalapp @monocles @lauren Very few systems promoted as Signal alternatives match the cryptographic privacy properties (see: ratcheting, etc.) of Signal.
The claims about "located in the USA" and "Cloud Act" are all nonsense because the only threat to Signal users from this is availability (seizure and shutdown of the server infrastructure), not undetected breakage of privacy properties.
There are presently no systems with superior privacy properties to Signal *and* level of functionality on par with what general public expects. There are a lot (like the XMPP stuff, *sigh*, and Matrix) that are worse in both regards. If you're happy with reduced functionality, Cwtch (and possibly some other similar Tor-based systems) or VeilidChat are stronger, but it's gonna be a while before you convince normies to use them, and in the mean time they're still going to be on insecure shit like WhatsApp, FB Messenger, Telegram, etc...
sadge
@kkarhanNot only that, but @signalapp being.located in #Trumpist #USA means they gotta have to follow said laws and that means if flexed upon using #FOSTA & #SESTA or god forbid made-up claims to commit #TransGenocide and prosecute #Trans minors and/or their parents and/or medical professionals, THIS WILL BLOW UP IN THEIR FACES like a grenade used as ball gag and fuse pulled!
- It's absolutely trivial to abuse [www.youtube.com] #Govware #Backdoors and thus track people down. #Signal by design and architecture WILL BE COMPLICIT IN IT!
For comparison: @monocles doesn't demand #PII like a #PhoneNumber or anything at all and if you don't trust them either (which is fair - never trust anyone, neither Signal nor #monocles nor me!) you can not only choose from various providers [github.com] but literally #SelfHost your own (even as an #OnionService on @torproject / #Tor) and thus have full control of all the comms.
- And I'd rather recommend @micahflee 's #OnionShare over Signal just because that's even simpler and basically "fully decentralized" and "#serverless" that it's even more flexible.https://onionshare.org
Not having the information would mildly complicate gathering data on participating devices to serve as targeting data.
@kkarhan@lispi314 @lauren Not.only.that, but with a #PhoneNumber it makes it trivial to get details from @signalapp targeting a known individual.
- And with the prevalence of #Govware and the fact that there is literally no #LegitimateInterest since #Signal abandoned #TextSecure, it's yet another design flaw that is beibg intentionally kept instead of fixing it at all!
@Avitus@ioc.exchange@kkarhan @lispi314 @lauren @signalapp You can register any number on Signal even a landline, as long as you can get a 2FA SMS or phone call.
Signal knows nothing about its users, nor does it attempt to. See https://signal.org/bigbrother/. All they have is the date and time you registered and the last date and time your device connected to a service. They've been subpoenaed many times but haven't been able to provide any data because they don't have it.
@kkarhan@Avitus @lispi314 @lauren THE REQUIREMENT [ioc.exchange] FOR A #PhoneNumber BY @signalapp IS LITERALLY THE PROBLEM!
- #KYC IS THE ILLICT ACTIVITY!!!
If you gonna say "JuSt GeT aN iMpOrTeD #SIM / #eSIM!" then you obviously expect people to have way more #financial means and #TechLiteracy than is needed to get absolute N0obs setup withb#XMPP+#OMEMO and pay for @monocles / #monoclesChat!
@kkarhan@Avitus @lispi314 @lauren And if you think @signalapp is gonna defy a duely submitted warrant and doesn't store or;collect any #PII like #PhoneNumbers then you propably;also believe that #LoglessVPN|s are real [web.archive.org]...
@kkarhan@Avitus @lispi314 @lauren And that just assumes the #Trump-#Regime is going to duely submit a warrant to @signalapp and not just blatantly hold everyone.from @Mer__edith downwards at gunpoint.
- Cuz we've seen #Musk and his #Minions basically #hack #CriticalInfrastructure by just walking in the front door and taking over systems!
WE CANNOT ASSUME THE #USA WILL FOLLOW IT'S OWN LAWS ANYMORE!
@kkarhan@infosec.space#TLDR: @signalapp HAS NO "#LegitimateInterest" TO DEMAND A [ioc.exchange] #PhoneNumber (or any #PII for that matter) TO BEGIN WITH!
- #BDSG literally bans such unnecessary data collection per law!
@Avitus@ioc.exchange@kkarhan @lispi314 @lauren @signalapp KYC demands a lot more than a phone number, and you're conflating "we need your phone number for 2FA” with KYC which collects name, address etc. Take a look at https://signal.org/bigbrother/.
@kkarhanNo, it's not a conflation and @signalapp can shove their false justifications in the trashcans, because even they must admit that this is vry much classist at best if notbkakes them useful idiots!
@kkarhan@lispi314 @Avitus @lauren exactly that.
Espechally given that @signalapp discontinued #TextSecure, which was #SMS-based where one could've claimed a "technical necessity" existed.
- Nowadays it's rather empowering bad actors and introducing weaknesses given #GSM and #Telephony is inherently and unfixaboy insecure [www.youtube.com] by design and that noone should rely on it being reliable or accurate to begin with as technology to selectively reroute calls and SMS are as old.as the underlying teoephony network!