@pixelcode @taylan Your nonchalant "So what?" gets people publicly murdered by the state in many juristictions...

• Which is why there is no substitute to teaching proper #TechLiteracy ffs!

If things were so easy as in "JuSt UsE sIgNaL!" then @signalapp would be shut down.

• Or do you really think that in a world where multi-year long sting ops like #ANØM / #OperationIronside / #OperationTrøjanShield get greenlit that @Mer__edith would risk dying of old age in jail for non-paying users?

If you do think so then you should really get some professional help, cuz you seem rather lost...

• #Signal doesn't even bother to have an #OnionService, much less to provide means to use their service without self-doxxing with a #PhoneNumber, which at best is pseudonymous and requires money to attain and maintain...

It's #centralization is an absolute nightmare and mist be deemed as criminally neglectful!

@Andromxda @pixelcode How can you claim something you can't evidence?

• Pretty shure if it's not @signalapp themselves, then their centralized architecture and unwillingness to even have an #OnionService on @torproject makes it trivial to pull a #Room641A on them.

It makes you look like one of those folks shilling #VPN|s that ain't logless after all...

• I don't believe in #marketing #lies and #Signal can't (and won't) be able to evidence that they don't log shit.

At least they should be honest about things and not claim bs, cuz demanding a #PhoneNumber is just #KYC with extra steps like demanding any #SSN or other #PII. Makes them look like chinese MMORPGs that demand ID card numbers for account signups, thus #paywalling the ability to use their service anonymously...

@signalapp It's not #disinfo when one points out that you demand #PII aka. #PhoneNumbers from Users and that is literally a architectural vulnerability, alongside your #proprietary & #Centralized #Infrastructure.

• #Signal being a #SingleVendor & #SingleProvider #Solution is literally the reason why I consider it #insecure.

Not to mention the lack of @torproject / #Tor support with an #OnionService or the willingness to fulfill #cyberfacist "Embargoes" or shilling a #Shitcoin #Scam named #MobileCoin!

• #KYC is the illicit activity!!!

And don't get me started on the #cyberfacism that is #CloudAct.

• If you were secure, criminals would've used your platform so hard, it would've been shutdown like #EncroChat and #SkyECC.

I may nit have allvthe.evidence yet, but #Signal stenches like #ANØM: #Honeypot-esque!

@froge @forthy42 @fj to me, @signalapp being centralized and not even doing tue absolute minimum of supporting @torproject / #Tor and having at least an #OnionService as #API-Endpoint makes them #UsefulIdiots.

It's several things like that that rubvme the wrong way and that make it uncomfortable.

@ckrypto if@signalapp@mastodon.world wasn't complying with #CloudAct, @Mer__edith would be in jail.

Not to mention even if Signal keeps their "#OpenSource" code updated - which is doubtful, NOONE can actually #verify that it's the code you actually use - regardless if #backend / #Server or #client / #App!

• #Signal is as secure as #ANØM, otherwise it would've been shutdown ages ago.

Also if Signal was designed for #security, it would've been #decentralized as #XMPP+#OMEMO and not demand #PII like #PhoneNumbers which oftentimes cannot be obtained anonymously in many juristictions at all!

• Only #MultiVendor & #MultiProvider standards can be secure, regardless if OMEMO or #PGP/MIME.

By comparison, @delta doesn't require any PII, only an #eMail account, and @monocles isn't a #VCmoneyBurningParty but sustainable due to #subscription and they don't even require any personal details for #payment: #CashByMail and #Monero are accepted.

• Not to mention neither #DeltaChat nor #monoclesChat are pandering #Shitcoin #Scams like #MobileCoin that don't work even for #TechLiterate #CryptoBros!

Again: It's Signal alone who have to evidence they are trustworthy, and all I get are "#TrustMeBro!" replies, which means they are not to be trusted.

• Not to mention, it's just not sustainable to run a #service without #revenue, even if it's run entirely by unpaid volunteers and gets all it's #hosting and #costs donated, someone has to pay for expenses due to #abuse of a service (which is an inevitability come mass adoption)...

Whereas with #XMPP I can completely setup my own server and client, even build my own if I don't trust anyone else and pay someone to audit the code.

• Signal as a #centralized, #SingleVendor & #SingleProvider service is inevitable vulnerable to #RubberhoseCryptoanalysis, and #Meredith will break if not doing so means jail for life until she does!

Whereas with XMPP & PGP/MIME #eMail I can layer @torproject / #Tor over it, make it an #OnionService and keep that thing under my bed with a literal killswitch...

@CppGuy @fesshole the only thibg you can do is force Google to nuke history and take it as lession to use #DuckDuckGo's #OnionService on @torproject / #TorBrowser instead.

@Natanox @ccc@anonsys.net @chaosupdates @CCC@social.bau-ha.us @ccc@chaos.social @ccchh leider ist m2ylflyeak6i6o4hsfwcrfwcq2bbjxk6nf2rnmm7fu6qiuu3hybenzid.onion / http://jabber.ccc.de #OnionService immernoch down!

@truls46 #facehoof

• Deshalb schaut mensch vorher sich um.

Ich empfehle nur Server die ich selbst getestet habe, außerdem hilft @torproject / #Tor & @guardianproject / #Orbot dabei, diese idealerweise als #OnionService zu erreichen.

• Wo keine #PII wie #Telefonnummer oder #IPs verlangt, abgefragt, übermittelt oder gespeichert werden, können diese auch nicht ausgehändigt werden.

@lispi314 @lauren @pixelschubsi yes, but we canbagree that very #centralized servers like those of @signalapp are way more susceptible to that compared to any halfassed #OniomService because it's trivialbto hust shove some #GlimmerGlass box on the fiber between a datacenter and their #upsream(sl and just "#bullrun" the selectively captured traffic...

With @torproject / #Tor it's much cheaper to actually attack and take down a #Server / #Service.

For an organization like #Signalcthat that gets their fans to #FUD about "#Metadata" it's shocking to see they didn't do an #OnionService to this day!

@lispi314 @dalias @lauren

Not only that, but @signalapp being.located in #Trumpist #USA means they gotta have to follow said laws and that means if flexed upon using #FOSTA & #SESTA or god forbid made-up claims to commit #TransGenocide and prosecute #Trans minors and/or their parents and/or medical professionals, THIS WILL BLOW UP IN THEIR FACES like a grenade used as ball gag and fuse pulled!

• It's absolutely trivial to abuse #Govware #Backdoors and thus track people down. #Signal by design and architecture WILL BE COMPLICIT IN IT!

For comparison: @monocles doesn't demand #PII like a #PhoneNumber or anything at all and if you don't trust them either (which is fair - never trust anyone, neither Signal nor #monocles nor me!) you can not only choose from various providers but literally #SelfHost your own (even as an #OnionService on @torproject / #Tor) and thus have full control of all the comms.

• And I'd rather recommend @micahflee 's #OnionShare over Signal just because that's even simpler and basically "fully decentralized" and "#serverless" that it's even more flexible.https://onionshare.org

@delta also the whole "BuT #mEtAdAtA?" Discussion is completely blown out of proportions by #Signal fanboys.

• Whereas #deltaChat and #XMPP+#OMEMO are truly #decentralized, #MultiVendor & #MultiProvider #OpenStandards that allow for full #SelfCustody off all the keys and comms.

In fact, I'm convinced someone already made a #delta #chat #server as an #OnionService over @torproject / #Tor just for the lulz.

• The biggest Advantage for Delta Chat is that it doesn't require yet another server but instead just uses #IMAP + #SMTP and can even be integrated in #corporate communications that require #archival and #indexing by merely feeding the private keys to said #eMail archival software [i.e. #benno #MailArchiv], which makes it possible to comply with regulations like #GoBD & #HGB where applicable.

Not that this is something the average user encounters, but it is a big bonus for larger organizations!

@rysiek @agturcz that's not how you fix #TechIlliteracy, espechally since things changed for the better.

@monocles / #monoclesChat & @gajim / #gajim are quite easy, whereas @signalapp / #Signal demands #PII in the form of a #Phone number which is more often than not not legally obtainable without "#KYC" aka. "forced #SelfDoxxing" all whilst being an extremely #centralized, #SingleVendor & #SingleProvider solution that falls under #CloudAct ant thus cannot adhere to #GDPR & #BDSG!

• Sorry, but "#TechPopulism" alike "JuSt UsE sIgNaL !" won't fix #TechIlliteracy but rather provide false sense of security to #TechIlliterates when the correct solution is to teach proper #TechLiteracy like @cryptoparty@chaos.social / @cryptoparty@mastodon.earth / #CryptoParty does...

Otherwise we'd only perpetuate the #Enshittification-#Lifecycle as has happened with #AIM, #ICQ, #BBM and so many more...

• Mark my words, cuz I've been proven correct up to this point.

If #Signal and @Mer__edith actually cared, they would've setup their system truly decentralized as an #OnionService over @torproject / #Tor!

@agturcz @rysiek Use @torproject or better yet, #XMPP+#OMEMO with an #OnionService aka. #Server on a .onion domain...

• Then you don't have to trust anyone else...https://infosec.space/@kkarhan/113868473221719432