@walkinglampshade @jrredho @fj It's basic #InfoSec, really:

• @signalapp has no "#LegitimateInterest" to demand #PII like a #PhoneNumber and they use and abuse that to restrict functionality of their App (it doesn't matter that they merely claim "comply with #sanctions" [their #MobileCoin #Shitcoin #Scam disqalifies them even more!] because they have the tech to distinguish and discriminate users)...

Thus #Signal fails at protevting #Journalists and theor sources because they do have that data and can be #subopena'd for it if they don't already provide #BulkSurveillance & #LawfulInterception #API|s to comply with #CloudAct. (Or are you guys so naive and believe @Mer__edith will risk dying of old age in jail for non-paying users?)

• This entire "thread vector" just doesn't exist with #XMPP+#OMEMO nor #PGP/MIME!

And if you believe "this won't ne used/abused me because I'm from 'Murica!" and point at #ANØM as an example, then you really ignored all tze #Cyberfacism since 9/11…

@Avitus @lispi314 @lauren

#TLDR: @signalapp HAS NO "#LegitimateInterest" TO DEMAND A #PhoneNumber (or any #PII for that matter) TO BEGIN WITH!

• #BDSG literally bans such unnecessary data collection per law!

@lispi314 @lauren Not.only.that, but with a #PhoneNumber it makes it trivial to get details from @signalapp targeting a known individual.

• And with the prevalence of #Govware and the fact that there is literally no #LegitimateInterest since #Signal abandoned #TextSecure, it's yet another design flaw that is beibg intentionally kept instead of fixing it at all!

@tauon

1) #CloudAct is just #CyberFacism, look it up!
https://en.wikipedia.org/wiki/CLOUD_Act

• And with #Trumpism ravaging the #USA must be considered as #hostile as #Russia and the "P.R." #China by anyone who takes #OpSec, #InfoSec & #ComSec seriously!

-

2) @signalapp 's #Server code is proprietary and since it's centralized we can't trust that the code they release is what's running on their backend!

• Plus their #App doesn't allow #ReproducibleBuilds (if Signal was #FLOSS it would be on @fdroidorg / #Fdroid) but alas it isn't!

-

3) #Signal still demands #PhoneNumbers which are #PII either by association (#Number => #ICCID = #SIM = #IMSI => #IMEI => Location Data as I explained beforetwice) or mandatory #KYC / #ID requirements (even on prepaid cards), which an increasing amount of juristictions do...

• They have no "#LegitimateInterest" demanding said #PersonallyIdentifyingInformation to begin with!

-

But don't take my word for it.
https://www.youtube.com/watch?v=tJoO2uWrX1M

• Ask yourself if you'd trust someone peddlibg #Shitcoin #Scams like #MobileCoin with your data!

@frodo @evacide @monocles

I don't compromise on #ITsec, #InfoSec, #OpSec and #ComSec.

If I were to use #Signal or #Threema or #Telegram or #SimpleX or whatever shit messenger is trendy, I'd indirectly vouch for it and endorse it.

• Which I won't given ample of examples like Telegram, #EncroChat, #ANØM aka. #OperationIronside aka. #OperationTrøjanShield and all the garbage that #CryptoAG released.

Trust must be earned, and @signalapp didn't even bother to do basic design considerations:

• All their "but #Metadata" #FUD is horseshite when they demand #PII like a #PhoneNumber and are openly able and willing to discriminate and/or restrict service solely based off said info they have NO "#legitimateInterest" in demanding at all!

@privacyint Furthermore your website contains #Cloudflare #Cookies & [malicious per concept] #JavaScript, which has no "#LegitimateInterest" to be there.

• There are no legitimate reasons to use #ClownFlare and other enablers and supporters of #StochasticTerrorism, espechally when there are better alternatives on the market!

Please reconsider your #TechStack AND the opening, cuz 40k p.a. won't get you a legal consultant except #remote or part-timer...

@GrapheneOS @thomas @wonka Also I think the issues usually outweigh the benefits - at least when we look at individuals & devices owned by consumers vs. corporate #ITsec where locking down devices is seen as desireable!

• It should be the sole discretion of the devices' owners whether or not such a feature should be used or accessible and it shpuld be disallowed to coerce people into "consenting" under threat of denied access.

Because for every "#LegitimateInterest" (i.e. #2FA #Authenticator) I can find a dozen reasons this "functionaloty" should be discontinued and considered malware.