If your war council relies on @signalapp, make sure you donate a few dollars to ensure its sustainability.
@kkarhan@infosec.space@osman, no because @signalapp is a #proprietary, #centealized, #SingleVendor & #SingleProvider solution that demands #PII like #PhoneNumbers for no valid reason, is subject to #CloudAct and only continues to exist because it's convenient as a means to fo #BulkSurveillance and mark it's users as #PeopleOfInterest.
- I'd rather donate to @ccc for running http://jabber.ccc.de and buy a @monocles #subscription instead!
@kkarhan@osman If your #OpSec, #InfoSec, #ComSec and/or #ITsec relies on @signalapp and/or @Mer__edith risking jail or worse [web.archive.org], you fucked up!
- If #Signal was secure, it would've been shutdown like #EncroChat & #SkyECC.
Seriously, to me #Signal stenches #Honeypot like #ANØM & #CryptoAG.
- All Signal fans do is #FUD #PGP/MIME and#XMPP+#OMEMO which are truly #decentralized and allow real #SelfHosting as well as #SelfCustody for complete control of all the data and keys...
That's why I get people setup with it!
@kkarhan @osman @signalapp @ccc @monocles show me the part of the code where it's compromised to be used to mass surveillance
@kkarhan@licho @osman provide evidence the code @signalapp released is actually being deployed.
- Whereas @monocles has #ReproducibleBuilds to the point that @fdroidorg literally pulls their
gitand builds it from source.
Not to mention pushing a #Shitcoin-#Scam (#MobileCoin) disqualifies #Signal per very design!
https://www.youtube.com/watch?v=tJoO2uWrX1M
- Given the collection of #PII like #PhoneNumbers, the ability to restrict functionality based off those and the fact that #Signal is subject to #CloudAct make it inherently not trustworthy.
And don't even get me started on the fact.it's not sustainable to run it as a #VCmoneyBurningParty!
- As soon as Signal becomes a problem, it will be taken offline, and due to the fact that it is #centralized, #proprietary, #SingleVendor & #SingleProvider that's trivial for authorities.
Same as identifying users: They already got a #PhoneNumber which in many juristictions one can't even obtain without #ID legally, thus making it super easy to i.e. find and locate a user. Even tze cheapest LEAs can force their local M(V)NOs to #SS7 a specific number...
- All these are unnecessary risks, that could've been avoided, but explicitly don't even get remediated retroactively!
Again: Signal has a #Honeypot stench, and you better learn proper #E2EE, #SelfCustody and #TechLiteracy because corporations can't pull the 5th [Amendment] on your behalf! [web.archive.org]
@kkarhan @osman @signalapp @monocles @fdroidorg
I'm totally with you on the mobile coin. I withdrawn my beta testing volunteering when they started it, warned friends who wanted to buy it by making a big analysis of the coin back in on my deleted now twitter - turned out i saved their asses.
However, I do think moxie has a point with the design choices he's made. Like using your real identity is no issue under the full zero knowledge e2e encryption. It supports the spread of encryption itself and normalizes being on signal. 10 years ago it was controversial to be there, I had to explain it to people, now even my grandma uses it.
Using phone numbers decouples your social network from the service. You OWN YOUR SOCIAL GRAPH. They don't capture your network effect this way - you always have a way to reconnect. I think it's a wise tradeoff. Signal works very well for everyday people. The fact you have to KYC your number when buying is irrelevant to the threat model considered.
IIRC Signal has reproducible builds
https://github.com/signalapp/Signal-Android/blob/main/reproducible-builds/README.md
But I indeed think they can easily take it down. That's no good therefore I advocate having multiple ways of communicating.