"Ich bitte nicht um eine Hintertür, ich erwarte die Vordertür!"
- Catherine de Bolle, #EUROPOL-Leiterin.
Damit ist alles zur #Verfassungsfeindlichkeit von "#Strafverfolgern" wie Europol gesagt!
"Ich bitte nicht um eine Hintertür, ich erwarte die Vordertür!"
Damit ist alles zur #Verfassungsfeindlichkeit von "#Strafverfolgern" wie Europol gesagt!
#Signal was as secure as claimed, it would've been shut down like #EncroChat, #SkyECC & others...
Just stop the BS. EncroChat was specifically built and marketed for criminals. It wasn't shut down by law enforcement, it was hacked by the French police, after which they decided to shut the service down themselves.
Signal is open source (and the issue regarding reproducible builds is known, but it doesn't impact the security of the app. It is caused by a navigation library that causes some race condition during the build process, the result of which is dependent on CPU speed. They are aware of the issue, and are working to fix it. It is tracked here: https://github.com/signalapp/Signal-Android/issues/13565). If you don't trust the official build, you can compile it yourself. There are also forks like Signal-FOSS or @mollyim available if you prefer that.
The server is also open source (of course you can't verify if they are actually running that code, but that's gonna be the case for every application with a client/server architecture. Your point regarding Signal being "proprietary SaaS" is, again, total BS.
@signalapp It's not #disinfo when one points out that you demand #PII aka. #PhoneNumbers from Users and that is literally a architectural vulnerability, alongside your #proprietary & #Centralized #Infrastructure.
Not to mention the lack of @torproject / #Tor support with an #OnionService or the willingness to fulfill #cyberfacist "Embargoes" or shilling a #Shitcoin #Scam named #MobileCoin!
And don't get me started on the #cyberfacism that is #CloudAct.
I may nit have allvthe.evidence yet, but #Signal stenches like #ANØM: #Honeypot-esque!
@signalapp I disagree because your platform is #proprietary, #SingleVendor, #SingleProvider and doesn't allow for #SelfHosting, #SelfCustody of all the Keys and you demand #PII in the form of a #PhoneNumber which can be used.to track users down!
@froge @fj I'm not replacing @signalapp with "random tools" but good options.
Like @delta & @thunderbird as well as @monocles / #monoclesChat & @gajim which work flawlessly over @torproject / #Tor using @tails / @tails_live / #Tails and @guardianproject / #Orbot respectably.
Considering the costs of even acquiring and upkeeping an #anonymous #SIM, I'd rather pay €2 p.m. for #XMPP+#OMEMO and #PGP/MIME-supported #eMail with the option of self-custody than $2,50+ p.m. just to keep a phone number.
Or is anyone here expecting @Mer__edith to risk jail for life amd not comply with #CloudAct?
It stenches like #ANØM, because NOTHING IS FOR FREE and running a #VCmoneyBurningParty is expensive...
@osman If your #OpSec, #InfoSec, #ComSec and/or #ITsec relies on @signalapp and/or @Mer__edith risking jail or worse, you fucked up!
Seriously, to me #Signal stenches #Honeypot like #ANØM & #CryptoAG.
That's why I get people setup with it!
@Catwoman69y2k @dragonfriend most importantly:
Only with #SelfCustody of all the keys, #SelfHosting of the entire infrastructure and everything being #OpenSource, one can assure (and [let it be] audit[ed] independently) that the #advertised #promises are in fact true.
Cuz not expecting @Mer__edith to break is the same level of "#TrustMeBro!" assurances as #ANØM, #EncroChat, #SkyECC, #WhatsApp etc. do in their #advetising #lies!
@Mik3y @samhainnight @karlauerbach @alex_p_roe @Nonilex not to mention all the #GAFAMs and #TechBros who get to know that #CloudAct means they'll have to integrate more #Govware #Backdors and enable #BulkSurveillance or get shut down & jailed faster than they can say #EncroChat or #SkyECC...
@erebion @inaruck genau das ist der Falsche Ansatz, da Threat Models sich ständig verschieben und nicht ausgegangen werden kann, dass es dabei bleibt.
Keine*r deloyed drölfzig Messenger oder migriert bedarfsweise User*innen umher.
Also the blatant dismissal of absolitely basic #OpSec & #ComSec is just flabberghasting.
Only #decentralized, #OpenSource & #OpenStandards can actuall survive long-term and remain #secure.
It's the same reasons we use #PGPG/MIME & #SSH and not #X400 & #X25!
IOW: Think "How can you weaponize Signal?" and see what you csn do just holding key people in contempt...
The less #info a provider has, the less they can be forced to snitch upon customers.
"#JustUseSgnal!" is a form of dangerous "#TechPopulism" aimed at bamboozling #TechIlliterates who don't know better, abusing information asymetry to pull rank instead of investing the time and effort to *explain "how" and "why" this is indeed a good or bad idea.
The only ones that have a chance to beat that are @delta / #deltaChat but that's just #PGP/MIME #eMail in a nice UI...
USpol, #Trump, Cyberfacism
@compl4xx @Layer8 @nick @kuketzblog @marcel @mspro
Meine Rede...
Oder um es einfach zu erklären: Warum gibt es #HTTP(S) & #HTML sowie #eMail ( #IMAP & #SMTP) bis heute und keiner nutzt mehr #AOL, #MSN, #ICQ?
Wenn @signalapp / #Signal wegen #CloudAct geflipped wird wie #EncroChat, #ANØM & #SkyECC dann stehen Leute alternativlos in der shice ubd die ganzen "Sicherheitsversprechen" lösen sich in "#TrustMeBro!" und #Lügen auf.
Ich nutze meinen XMPP-Account seit Ewigkeiten und habe drölfzig Clients durch. Aber Kontakte erreichen mich darüber Problemlos!
@silvan @nakal @kuketzblog #Threema hat dieselben Probleme wie #EncroChat, #SkyECC & #ANØM:
@mortn @kyleirl @Andres@mastodon.hardcoredevs.com @spycrab @shipwreckt @Mer__edith
@signalapp / #Signal is subject to #CloudAct and thus inherently incompatible with #GDPR & #BDSG!
Signal demands #PII in the form of a #PhoneNumber!
Signal to this day peddles a #Shitcoin named #MobileCoin!
If Signal didn't have a #Govware #Backdoor, it would've been banned and shut down just like #EncroChat and #SkyECC.
Signal is as secure as #ANØM aka. #OperationIronside aka. #OperationTrøjanShield and #CryptoAG aka. #MINEROVA aka. #Rubikon.
#ToldYaSo guys!
#ProTip: Use #XMPP+#OMEMO!
https://infosec.space/@kkarhan/113932376762056036
@sylv_a personally, I'd recommend #XMPP+#OMEMO (and #PGP/MIME - encrypted #eMail) for real #E2EE with #SelfCustody of Keys as well as actual #decentralization.
Cuz I noone's gonna risk jailtime for (non-paying!) users - it at all…
In fact I'd call U.S. MIL/INTEL as "criminally incompetent" if they didn't manage to plant multiple people inside @signalapp / #Signal or any other single-vendor / single-provider messenger.
Personally, solutions like Signal & #Threema have a stench like #CryptoAG / #MINERVA / #Rubikon and #ANØM / #OperationIronside / #OperationTrøjanShield.
By contrast: #OpenStandards like XMPP+OMEMO & PGP/MIME are independently verifyable and not dependent on on a single individual/organization for maintenance/survival/implementation/development.
Personally I'd still recommend @monocles / #monocles with #monoclesChat & #gajim...
@anelki the only ones that believe in "#SecureEmail" after #DNMX, #SkyECC, #EncroChat, #ANØM aka. #OperationIronside aka. #OperationTrøjanShield are #TechIlliterates!
Use #OfflinePGP-Method or @tails_live / @tails / #Tails or don't even bother!!!
@bkastl ob legal oder illegal ist leider in der Praxis shiceegal.
Nach der Logik von #EUROPOL müsste #Audi auch für #Geldautomatensprengungen in Regress genommen werden.
Unabhänig davon ob deren Produkt gut ist!
War es wieder der Geheimdienst der Gendarmerie?
Nach #SkyECC und #EncroChat haben Frankreich und Niederlande mit #Matrix wieder verschlüsselten Messenger gehackt, bieten abgehörtes Material europaweit für Ermittlungen an:
https://www.europol.europa.eu/media-press/newsroom/news/international-operation-takes-down-another-encrypted-messaging-service-used-criminals
#Exclu #Ghost
(Edit: Weil es Missverständnisse gab: es geht nicht um das föderierte Matrix-Protokoll das staatlich gehackt wurde, sondern ein gleichnamiger Crypto-Messenger.)
@forceofhabit @kuketzblog IMHO #Signal, like #Telegram, #EncroChat #ANØM, #SkyECC & #CryptoAG before feels like a giant-ass sting op.
People will likely call me crazy or paranoid for that, but so far I've been proven correct time and time again...