@colinstu except #discord is worse than #IRC in every possible way...
At least IRC allows for #SelfHosting and way more granular control...
@erebion @inaruck es gibt soviele Gründe weshalb Mensch nicht @signalapp vertrauen sollte.
Aber um es nochnal klar zu erklären:
#Signal verlangt #Telefonnummer = #PII (Persönlich identifizierbare Informationen). [Und nein, sich irgendwo zwielichtig ne Nummer als Ausrede greift nicht!]
Signal ist zentralisiert & #SingleVendor sowie #SingleProvider!
Signal fällt wegen Sitz in den #USA unter #CloudAct = inhärent mit #DSGVO & #BDSG inkompatibel!
Signal erlaubt keine #SelfCustody aller Keys und ist deshalb für Einige Angriffsmethoden offen!
Nur echte #Dezentralisierung wie bei #XMPP+#OMEMO kann #Datenschutz, #Informationssicherheit und #Vertraulichkeit sicherstellen.
Die strukturellen Probleme von Signal machen es angesichts einer #gleichgeschaltet|en #USA ein absolut unnötiges #Risiko, denn ich garantiere @Mer__edith wird für keine*n User*in lebenslange #Beugehaft riskieren!
Und #Signal ist sehr wohl in der Lage #Govware - #Backdoors zu integrieren, denn sonst wären die wegen #ITAR bereits geknastet worden, weil diese #Nutzer*innen aus #Kuba, #Nordkorea und #Russland haben!
@dalias I sincerely disagree because none of my claims got debunked and no evidence against #XMPP+#OMEMO have come up to me as of today.
I hope to be proven wrong, but up until now I've always been at the position of saying #ToldYaSo!
@lauren I disagree as @signalapp requires a #PhoneNumber = #PII & cost barrier and they restrict access based off #PhoneNumbers.
Whereas it's so easy and fast to get #TechIlliterates setup with #XMPP+#OMEMO (which uninke #Signal doesn't demand PII!) that I'd challenge you to a #speedrun with step-by-step documentation for every #TechIlliterate to follow along to setup Signal from scratch vs. me doing #XMPP+#OMEMO on @monocles @gajim.
Also #Signal being #centralized makes it as vulnerable as any other #SingleVendor & #SingleProvider solution!
I'd not count on the #Trump-Regime not flexing #CloudAct against anyone they deem undesireable!
@lauren no, because @signalapp is subject to #CloudAct (= incompatible with #GDPR & #BDSG if you ever care!) and collects #PII in the firirm of #PhoneNumbers, which are at best pseudonymous but trivial to track and at most means that people inviting others without their consent comitted an illegal disclosure if PII!
Give #XMPP+#OMEMO a shot: @monocles / #monocles & @gajim / #gajim.
@ck @sven222 @kuketzblog problem is @signalapp is a #Centralized, #Proprietary, #SingleVendor & #SingleProvider solution that falls under #CloudAct and demands #PII in the form of #PhoneNumbers.
Cuz all the #advertising of Signal is close to #TrustMeBro and I'd not trust in @Mer__edith to risk jail for users!
@rysiek @agturcz that's not how you fix #TechIlliteracy, espechally since things changed for the better.
@monocles / #monoclesChat & @gajim / #gajim are quite easy, whereas @signalapp / #Signal demands #PII in the form of a #Phone number which is more often than not not legally obtainable without "#KYC" aka. "forced #SelfDoxxing" all whilst being an extremely #centralized, #SingleVendor & #SingleProvider solution that falls under #CloudAct ant thus cannot adhere to #GDPR & #BDSG!
"JuSt UsE sIgNaL !" won't fix #TechIlliteracy but rather provide false sense of security to #TechIlliterates when the correct solution is to teach proper #TechLiteracy like @cryptoparty@chaos.social / @cryptoparty@mastodon.earth / #CryptoParty does...Otherwise we'd only perpetuate the #Enshittification-#Lifecycle as has happened with #AIM, #ICQ, #BBM and so many more...
If #Signal and @Mer__edith actually cared, they would've setup their system truly decentralized as an #OnionService over @torproject / #Tor!
@moh_kohn except @signalapp too is a #centralized, #SingleVendir & #SingleProvider solution that fully falls under #CliudAct and thus CANNOT comply with #GDPR & #BDSG as a matter of principle since this digital rquivalent of #ExtraordinaryRendition is inherently incompatible!
@monocles / #monoclesChat, @gajim / #gajim & @delta / #deltaChat, @thunderbird / #Thunderbird do support that!
@MastoDenunzianten EXAKT DAS ist die FALSCHE VORSTELLUNG!
#XMPP+#OMEMO & #PGO/#MIME sind dagegen offene #Standards die anders als #Threema, #Signal, #WhatsApp, #Telegram & Co. komplett auditierbar sind und KEINE #PII (Personen-Identifizierbaren Informationen) verlangen.
Vertraust nicht @monocles / monocles chat als Betrieiber? Keib Problem: Gibt drölfzig andere und kannst #SelfHosting machen!
Vertraust nicht #moniclesChat oder @gajim / #Gajim als Clients? Auch hier gibt's diverse Alternativen und wenn der #Aluhut zu eng ist, bauste halt alles selbst.
Wohingegen der #BND & #CIA berühmt sind für die Faktischer Eigentümerschaft und Unterwanderung einzelner Hersteller die #proprietär|e #SingleVendor & #SingleProvider-Lösubgen verkaufen.
@zdl @evacide that any the fact that @signalapp is incorportated in the #USA, making them susceptible to #GDPR & #BDSG-incompatible #cyberfacist bs like #CloudAct.
Remember: #KYC IS THE ILLICIT ACTIVITY when it comes to #Communication!
Compare that to @monocles / #monoclesChat which don't demand any PII or KYC and allow people to pay for their services with #Monero and #CashByMail besides #SEPA #WireTransfer, #Stripe & #PayPal whilst supporting both decentralization (#XMPP is not a #SingleVendor / #SingleProvider solution!), implementing real #SelfCustody (#OMEMO, #OTR & #PGP is supported out of the box) for all the keys, and proper #Anonymitiy (using @torproject / #Tor & @guardianproject #Orbot for #privacy), so in case they ever get a duely sumitted warrant by a court they'd have to comply with, they'll most likely have no data whatsoever on clients that could allow identification.
Also having no PII is a matter of reducing #liability in the sense of #DataProtection: All data requested and by #monocles is the bare minimum mandated for #accounting (i.e. only linking a payment like a #TxID / Transaction-ID to an account and then adding up validity/activation period).
@rolle that's because it is not a #Centralized #SingleVendor & #SingleProvider solution that rewards #SEO, #RageBait & #Clickbait but demands honest interactions!
@bastibayer nein, weil #Threema ne #proprietär|e +#SingleVendor & #SingleProvider) Lösung ohne #SelfCustody der Keys ist, und damit inhärent unsicher (#KerckhoffsPrinciple)...
Meine Empfehlung ist @monocles / #monoclesChat & @gajim für #XMPP+#OMEMO, ducht gefolgt.von @delta / #deltaChat für echte #E2EE!
@ClickyMcTicker @pearl @geerlingguy
From scratch should (and would) be possible if said #configuration isn't just proprietary bs but actually following a documented syntax akin to any proper #configuration.
Not to mention #vendors prefer #siloing amd #Enshittifying products, so having #InterchangeableFormats goes against their primary #commercial interests.
Sadly it's more #unrealistic to see such standardization to happen than #YAML being replaced by #YADL...
@pixelcode @frumble IMHO ist #BlueSky auch nur #Twitter für Leute mit #StockholmSyndrom...
@halva @lynn @signalapp @deilann
The problem is one needs to literally acquire a phone number and have access to it, and the demand of a phone number itself is bad. This makes it unnecessarily complex and expensive compared to using @monocles / #monoclesChat.
(Cuz if I've to pay to communicate, I might just choose a provider that isn't a #VC #MoneyBurningParty but a long-term sustainable solution based off #OpenStandards!)
Still, #Signal doesn't allow #SelfCustody of all the keys & #SelfHosting, which makes it vulnerable as a #proprietary #centralized, #SingleVendor & #SingleProvider solution.
And with #CloudAct on one hand and #Trump wanting to "Speedrun Hitler", I'd not rely on Signal.
@itwillbefine @solstice @FediThing @copdeb @magicalmilly not really, as simplex@mastodon.social - like @signalapp - is also a #centralized, #SingleVendor & #SingleProvider solution.
No seriously, only if you have #SelfHosting and #SelfCustody are you in control, cuz nothing prevents the admins of #SimpleX from siphoning all comms and they will do so if the alternative is jailtime!
@estelle well,
@signalapp is a #proprietary, #SingleProvider, #SingleVendor, solution that collects #PII in the form of #PhoneNumbers and is not only extremely #centralized but subject to #CloudAct.
The only #secure comms are those with real #E2EE and #SelfCustody of all the keys.
Everything else is just baiting #TechIlliterates to a #VC #MoneyBurningPit that is is #Signal.
THIS is where I disagree...
You may think it's elitist, but if people are too lazy to learn even fundamentals like how to use #Tails then maybe they should just not do #tech at all?
I'll gladly teach #TechIlliterates but I won't waste my time on people that spread disinfo...
It's 2024: @tails_live / @tails has been out for over a decade and there are a shitload of guides ranging from written documentation to Zoomer-friendly TikTok-Style shorts on how to get started.
I don't expect people to do #airgapped pffline-PGP but with @thunderbird including #Enigmail and not requiring any external dependencies like the god-awful #GPG4Win stuff's easier than ever.
Same with #mobile: #Appls like @monocles / #monoclesChat are so easy, I've been able to onboard literal tech-illiterates remotely with few steps and simple instructions.
FOR THE LAST TIME:
*STOP MAKING EXCUSES TO JUSTIFY ESCALATING COMMITMENT TO EVIDENTLY BAD SOLUTIONS!"
Whereas with #SelfCustody of all the keys as well as #ReproduceableBuilds and real #decentralization, this would be evidently impossible even if all the devs wanted to comply honestly and not just because they could be held at gunpoint.
Compare that to #monocles where you do pay like €2 p.m. but in return get #standard #protocols like #IMAP, #SMTP & #XMPP and can pay anonymously and not have to provide any PII whatsoever!
Make of that what you will, but just like allowing flatearthers to roam freely without caretaker supervision doesn't make the world less round, so won't the facts change about #ITsec, #InfoSec, #OpSec & #ComSec.
Because all #centralized, #SingleVendor & #SingleProvider solutions are bad, and if they don't even allow for #SelfCustody then they are just a #grift to #scam tech-illiterates that don't know and/or don't care!
@samueljohn @ditol @linuzifer @Mer__edith @signalapp I disagree cuz in both cases they demand #PII for no legitimate reason AND they are still #centralized, #SingleVendor & #SingleProvider solutions where #Security is "#TrustMeBro!" level re: #Backend!
Seriously, it's 2024 and there's no valid reason to not use like @monocles / #monoclesChat + @torproject / #Orbot & @tails_live / @tails / #Tails + @gajim / #Gajim for #secure & #anonymous #comms!
@renan nodds in agreement
Tho #SimpleX, like #Threema, is also a #centralized, #proprietary, #SingleVendor & #SingleProvider solution with neither #SelfCustody of keys nor any means to #SelfHost and have #reproduceableBuilds.