@dave_andersen @AVincentInSpace personally I consider any "#KYC" a risk-factor, and @signalapp has proven their ability and willingness to restrict functionality (i.e. their #Shitcoin-#Scam #MobileCoin) based off said #PhoneNumbers (Cuban, Russian and North Korean Numbers were excluded) which are in fact #PII (even if one doesn't have to #ID for obtaining a #SIM, they are circumstantial PII)...

• They have neither "legitimate interest" nor legal mandate to collect said data (or to integrate a scammy Shitcoin for that matter) as the discontinuation of #ChatSecure / #TextSecure has eliminated the "technical necessity" to have those.

Either way they either have to yeet #Hegseth as client and/or stop collecting PII like PhoneNumbers - they gotta have to do something…

• As for #InfoSec, #OpSec & #ComSec, I'd say #XMPP+#OMEMO remains the gold standard alongside #PGP/MIME...

#ITsec is a different story, but unlike #Signal these do not depend on a #PhoneNumber and work through @torproject / #Tor.

• And I've been using Tor for almost 15 years daily now...

@lastquake a #XMPP-#Bot would be even better, as #Telegram demands #PII in the form of a #PhoneNumber!

@dzwiedziu @fj @signalapp not really, as the #Metadata #FUD cited by #Signal is mitigateable with proper measures.

• You can't even run Signal over @torproject and even if that point is moot when you're forced to quasi-#KYC by virtue of a #PhoneNumber aka. #PII they have neither legitimate interest nor technical reason to demand in the first place!

Every claim that things like #ITsec, #InfoSec, #OpSec & #ComSec can be solved with "Just use Signal!" is "#TechPopulism" at best if not being a "#UsefulIdiot"!

• All #centralized, #SingleVendor & #SingleProbider systems are inherently insecure!

@pixelcode @taylan Your nonchalant "So what?" gets people publicly murdered by the state in many juristictions...

• Which is why there is no substitute to teaching proper #TechLiteracy ffs!

If things were so easy as in "JuSt UsE sIgNaL!" then @signalapp would be shut down.

• Or do you really think that in a world where multi-year long sting ops like #ANØM / #OperationIronside / #OperationTrøjanShield get greenlit that @Mer__edith would risk dying of old age in jail for non-paying users?

If you do think so then you should really get some professional help, cuz you seem rather lost...

• #Signal doesn't even bother to have an #OnionService, much less to provide means to use their service without self-doxxing with a #PhoneNumber, which at best is pseudonymous and requires money to attain and maintain...

It's #centralization is an absolute nightmare and mist be deemed as criminally neglectful!

@Andromxda @pixelcode How can you claim something you can't evidence?

• Pretty shure if it's not @signalapp themselves, then their centralized architecture and unwillingness to even have an #OnionService on @torproject makes it trivial to pull a #Room641A on them.

It makes you look like one of those folks shilling #VPN|s that ain't logless after all...

• I don't believe in #marketing #lies and #Signal can't (and won't) be able to evidence that they don't log shit.

At least they should be honest about things and not claim bs, cuz demanding a #PhoneNumber is just #KYC with extra steps like demanding any #SSN or other #PII. Makes them look like chinese MMORPGs that demand ID card numbers for account signups, thus #paywalling the ability to use their service anonymously...

@signalapp I disagree because your platform is #proprietary, #SingleVendor, #SingleProvider and doesn't allow for #SelfHosting, #SelfCustody of all the Keys and you demand #PII in the form of a #PhoneNumber which can be used.to track users down!

• If #Signal was as secure as claimed, it would've been shut down like #EncroChat, #SkyECC & others...

@walkinglampshade @jrredho @fj It's basic #InfoSec, really:

• @signalapp has no "#LegitimateInterest" to demand #PII like a #PhoneNumber and they use and abuse that to restrict functionality of their App (it doesn't matter that they merely claim "comply with #sanctions" [their #MobileCoin #Shitcoin #Scam disqalifies them even more!] because they have the tech to distinguish and discriminate users)...

Thus #Signal fails at protevting #Journalists and theor sources because they do have that data and can be #subopena'd for it if they don't already provide #BulkSurveillance & #LawfulInterception #API|s to comply with #CloudAct. (Or are you guys so naive and believe @Mer__edith will risk dying of old age in jail for non-paying users?)

• This entire "thread vector" just doesn't exist with #XMPP+#OMEMO nor #PGP/MIME!

And if you believe "this won't ne used/abused me because I'm from 'Murica!" and point at #ANØM as an example, then you really ignored all tze #Cyberfacism since 9/11…

@nemo Except #Signal demanding #PII like a #PhoneNumber, being subject to #CloudAct an shilling #MobileCoin, a blatant #Shitcoin #Scam disqualifies them!

@licho @osman provide evidence the code @signalapp released is actually being deployed.

• Whereas @monocles has #ReproducibleBuilds to the point that @fdroidorg literally pulls their git and builds it from source.

Not to mention pushing a #Shitcoin-#Scam (#MobileCoin) disqualifies #Signal per very design!
https://www.youtube.com/watch?v=tJoO2uWrX1M

• Given the collection of #PII like #PhoneNumbers, the ability to restrict functionality based off those and the fact that #Signal is subject to #CloudAct make it inherently not trustworthy.

And don't even get me started on the fact.it's not sustainable to run it as a #VCmoneyBurningParty!

• As soon as Signal becomes a problem, it will be taken offline, and due to the fact that it is #centralized, #proprietary, #SingleVendor & #SingleProvider that's trivial for authorities.

Same as identifying users: They already got a #PhoneNumber which in many juristictions one can't even obtain without #ID legally, thus making it super easy to i.e. find and locate a user. Even tze cheapest LEAs can force their local M(V)NOs to #SS7 a specific number...

• All these are unnecessary risks, that could've been avoided, but explicitly don't even get remediated retroactively!

Again: Signal has a #Honeypot stench, and you better learn proper #E2EE, #SelfCustody and #TechLiteracy because corporations can't pull the 5th [Amendment] on your behalf!

@soatok @jwildeboer I still disagree because it completely ignores @signalapp being #centralized, #SingleVendor & #SinglePrivider, demanding #PII in the form of a #PhoneNumber, being able and willing to restrict functionality based off that and being subject to #CloudAct.

• And with #Trump's regime going apeshit, the #USA are more and more a #risk factor!

@Avitus @lispi314 @lauren

#TLDR: @signalapp HAS NO "#LegitimateInterest" TO DEMAND A #PhoneNumber (or any #PII for that matter) TO BEGIN WITH!

• #BDSG literally bans such unnecessary data collection per law!

@Avitus @lispi314 @lauren THE REQUIREMENT FOR A #PhoneNumber BY @signalapp IS LITERALLY THE PROBLEM!

• #KYC IS THE ILLICT ACTIVITY!!!

If you gonna say "JuSt GeT aN iMpOrTeD #SIM / #eSIM!" then you obviously expect people to have way more #financial means and #TechLiteracy than is needed to get absolute N0obs setup withb#XMPP+#OMEMO and pay for @monocles / #monoclesChat!

@lispi314 @lauren Not.only.that, but with a #PhoneNumber it makes it trivial to get details from @signalapp targeting a known individual.

• And with the prevalence of #Govware and the fact that there is literally no #LegitimateInterest since #Signal abandoned #TextSecure, it's yet another design flaw that is beibg intentionally kept instead of fixing it at all!

@lispi314 @dalias @lauren

Not only that, but @signalapp being.located in #Trumpist #USA means they gotta have to follow said laws and that means if flexed upon using #FOSTA & #SESTA or god forbid made-up claims to commit #TransGenocide and prosecute #Trans minors and/or their parents and/or medical professionals, THIS WILL BLOW UP IN THEIR FACES like a grenade used as ball gag and fuse pulled!

• It's absolutely trivial to abuse #Govware #Backdoors and thus track people down. #Signal by design and architecture WILL BE COMPLICIT IN IT!

For comparison: @monocles doesn't demand #PII like a #PhoneNumber or anything at all and if you don't trust them either (which is fair - never trust anyone, neither Signal nor #monocles nor me!) you can not only choose from various providers but literally #SelfHost your own (even as an #OnionService on @torproject / #Tor) and thus have full control of all the comms.

• And I'd rather recommend @micahflee 's #OnionShare over Signal just because that's even simpler and basically "fully decentralized" and "#serverless" that it's even more flexible.https://onionshare.org

@lauren I disagree as @signalapp requires a #PhoneNumber = #PII & cost barrier and they restrict access based off #PhoneNumbers.

• Plus it's illegal in an increasing number if juristictions to gmeven attempt to acquire a phone number or SIM anonymously.

Whereas it's so easy and fast to get #TechIlliterates setup with #XMPP+#OMEMO (which uninke #Signal doesn't demand PII!) that I'd challenge you to a #speedrun with step-by-step documentation for every #TechIlliterate to follow along to setup Signal from scratch vs. me doing #XMPP+#OMEMO on @monocles @gajim.

• Cuz I did that on @cryptoparty / #CryptoParty / #CryptoParties quite often.

Also #Signal being #centralized makes it as vulnerable as any other #SingleVendor & #SingleProvider solution!

• Whereas even if #monocles were to shutdown, one could easily switch over to any other provider or #SelfHosting.

I'd not count on the #Trump-Regime not flexing #CloudAct against anyone they deem undesireable!

@Beggarmidas @Em0nM4stodon personally, I do consider #Smartphones an attack vector and recommend everyone to use @tails_live / @tails / #Tails or at least @torproject / #Tor via @guardianproject / #Orbot and ideally open, #PublicWiFi like @freifunk / #freifunk.

Fortunately, @monocles / #monoclesChat integrates Orbot Support so it's just a few taps to get everything tunned through Tor!

https://docs.monocles.eu/apps/torify.app/

If @signalapp cared, they would've #decentralized and put their backend on Tor and not demand #PII like a #PhoneNumber.

@ck @sven222 @kuketzblog problem is @signalapp is a #Centralized, #Proprietary, #SingleVendor & #SingleProvider solution that falls under #CloudAct and demands #PII in the form of #PhoneNumbers.

• So even if we'd agree that #XMPP+#OMEMO as implememented in @monocles / #monoclesChat & @gajim / #gajim is bad (and #PGP/MIME over XMPP isn't good either) there are still better options than #Signal (i.e. @delta / #deltaChat which uses PGP/MIME & #IMAP-Push aka. #eMail) that don't require a #PhoneNumber, allow #SelfHosting and are truly #OpenSource with an #OpebStandard that allows for real #E2EE as in #SelfCustody of all the #Keys.

Cuz all the #advertising of Signal is close to #TrustMeBro and I'd not trust in @Mer__edith to risk jail for users!

• But you do you...

@mortn @kyleirl @Andres@mastodon.hardcoredevs.com @spycrab @shipwreckt @Mer__edith

#FACT:

• @signalapp / #Signal is subject to #CloudAct and thus inherently incompatible with #GDPR & #BDSG!

• Signal demands #PII in the form of a #PhoneNumber!

• Signal to this day peddles a #Shitcoin named #MobileCoin!

• If Signal didn't have a #Govware #Backdoor, it would've been banned and shut down just like #EncroChat and #SkyECC.

• Signal is as secure as #ANØM aka. #OperationIronside aka. #OperationTrøjanShield and #CryptoAG aka. #MINEROVA aka. #Rubikon.

#ToldYaSo guys!

#ProTip: Use #XMPP+#OMEMO!
https://infosec.space/@kkarhan/113932376762056036