@ciourte @netopwibby Needless to say I've only heard of some Spanish low-cost #MVNO offering one device only in a #prepaid #bundle when #FirefoxOS was unveiled at the #MWC in #Barcelona based off coverage in @ct_Magazin at the time.

• Cuz I remember #WebDevs like @fuchsiii really loving it because it was the then hot & fresh #HTML5 + #JS6 + #CSS3 combo to make it super-easy to do #Apps. All one needs to build an app was #Firefox as Browser and the ability to basically zip' it.

Alas @Mozilla deciding on purpose to literally splinter the market by letting #MNO|s and MVNOs run their #AppStore|s instead of a #centralized model, making the situation worse than in the "P.R." #China where there are several vendor-independent #AppStores for #Android.

• "Conspiracy Theorists" even suggested that this was deliberate self-sabotage to benefit #Google and #Android, tho needless to say Firefox OS aimed at devices & specs that were too low for Android.

Still, I'm #StillMad at #Mozilla for faceplanting Firefox OS cuz it had the easiest way to get started and a good architecture being every #App is just a #WebApp and all the system calls were standard #HTML5 permissions and nothing fancy.

• Basically #PSvita - Syndrome, but worse as in #OpenMoko #Freenunner:

https://www.youtube.com/watch?v=p76exsJn7SU

@dgar Love the variety of synonyms for "died"

Lessons to be learned -
• Boycott #proprietary software - use #FreedomRespecting software (a.k.a. #Libre / #OpenSource / #FreeSoftware) which is free of corporate control, and
• Boycott #centralized services - use #federated services so you aren't locked into one service.

#XMPP is still around, and thriving.
https://contrapunctus.codeberg.page/the-quick-and-easy-guide-to-xmpp.html

@stormii @debby okay.

Still a #centralized, #SingleVendor & #SingleProvider service that snitches on users if it ain't yet another #Honeypot like #ANØM...

@debby #Mumble, #IRC, #XMPP (+OMEMO = @gajim / #monoclesChat) & #Linphone (#SIP / #VoIP) are the better options. #NextcloudTalk also exist and @monocles as well as @Stuxhost offer that.

• #Signal and #Session are #proprietary, #centralized, #SingleVendor & #SingleProvider solutions!

• And #Matrix is just a shittier #XMPP+#OMEMO. Give @delta / #DeltaChat a try instead.

OfC #JitsiMeet and #WebCall are also great!

https://webcall.timur.mobi

@adisonverlice I think that's dangerous disinfo as @torproject actively works against attempts to fingerprint and track #Tor users.

• I do consider Tor more private than any #VPN simply becaise they can neither ban users nor identify them.

In fact, Tor has been designed with the explicit goal to circumvent #Firewalls and #InternetCensorship methods like #DeepApcketInspection.

• Which is why #OnionShare by @micahflee works so great!

As a matter of principle I'd never vouch for any #centralized, #SingleVendor and/or #SingleProvider solution of any kind, including #Session.

• Tor is sufficiently decentralized in that it is not only completely #OpenSource but has proven to not have SPOFs in the form of maintainers and is able to yeet proplematic folks (unlike #WikiLeaks!)…

@lukadjo @ApAlun @Crispius @fedilore @freeagent @vfrmedia

just an idea

(not an original one):

the problem with #algorithms on #centralized #socialMedia is that they can be manipulated

on the #fediverse why not have a menu of #openSource algorithms that anyone can write (audited so they are genuinely manipulation-free)?

people can freely choose one, and they can sink into their #algorithm stupor

if that's what they want

is there harm in that?

i'm not saying they *have* to do that

@adisonverlice it's not just re: #Governments (tho #Project2025 explicitly endorses unsactioned comms to twart attempts at #FIOA or any #accountability for that matter), but individuals or any organization:

• If a system is #centralized as in #SingleVendor and/or #SingleProvider, it's inherently vulnerable.

And if #EncroChat got pwned, who's gonna guarantee @signalapp won't if it's actually secure or isn't an #InsideJob like #ANØM.

After all, both #Signal's Organization and key people like @Mer__edith are known to the authorities by more than just their legal name.

• What's gonna prevent #Trump from doing a "bag&drag" on her or getting his goons to put a gun on,the developers' heads and force them to,#d0x all users and #backdoor everything (if they didn't already got forced to have some "#LafwulInterception" gear in a closet like #Room641A...

After all, Signal can't pull the 5th and refuse to comply!

@bob_zim yeah. Seen it. in the writeup by @micahflee ...

I just hope to find any that ain't #NetLock'd / #SimLock'd to #Verizon and that these support more than #US-#LTE bands...

• Not shure if it needs a valid #SIM or just an #ICCID + #Ki on a #SIM to get going (cuz in #Germany it's hard [imported #SIM] to illegal [domestic SIMs] to get an anonymous SIM since 07/2017.

I just wish @eff wouldn't expect everyone to use #centralized, #SingleVendor & #SingleProvider services like @signalapp in the age of #CloudAct, cuz neither I nor anyone I'd trust would submit #PII to them like a #PhoneNumer as a matter of principle!

@signalapp no it's not.

• Otherwise #OrganizedCrime would choose #Signal so hard, you'd be shutdown within weeks by the #FBI and @Mer__edith would be forced to "pull a #LavaBit" and face jailtime for obstruction of justice or snitch on users!

Being a #centralized, #SingleVendor & #SingleProvider solution subject to #CloudAct makes you inherently vulnerable by your own choice and thus trivial to shutdown compared to real #E2EE with #SelfCustody of all the keys and true #decentralization as well as #SelfHosting (i.e. #PGP/MIME [see @delta / #deltaChat et. al.] and #XMPP+#OMEMO [see @monocles / #monoclesChat et. al.]!)

• Plus neither of those shill #Shitcoin-#Scams like #MobileCoin!

And don't even get me started on you collecting #PII (espechally #PhoneNumbers) for no valid reason, (thus violating #GDPR & #BDSG)...

• Not to mention relying ob #charity and being a #VCmoneyBurningParty isn't sustainable to begin with!

But yeah, I'll be patient to shout "#ToldYaSo" to your annoying cult of fanboys!

@dzwiedziu @fj @signalapp not really, as the #Metadata #FUD cited by #Signal is mitigateable with proper measures.

• You can't even run Signal over @torproject and even if that point is moot when you're forced to quasi-#KYC by virtue of a #PhoneNumber aka. #PII they have neither legitimate interest nor technical reason to demand in the first place!

Every claim that things like #ITsec, #InfoSec, #OpSec & #ComSec can be solved with "Just use Signal!" is "#TechPopulism" at best if not being a "#UsefulIdiot"!

• All #centralized, #SingleVendor & #SingleProbider systems are inherently insecure!

@pixelcode @taylan that is simply not true.

@signalapp is #centralized and there's no way one can verify the code released for the servers is what they actually run.

Unlike your replies my criticisms ain't founded based off "#TrustMeBro!" but systemic issues I highlight which #Signal refuses to address or take seriously!

@elduvelle #Signal is #centralized - just like #Twitter, #WhatsApp, #Telegram, #Threema, etc - and therefore exactly as vulnerable to #enshittification. Its popularity also makes it a tempting target for backdoors.

I urge people to use #XMPP instead, which is #federated like the Fediverse and has no single point of failure. It uses the same end-to-end encryption algorithm as Signal.

1/

@signalapp It's not #disinfo when one points out that you demand #PII aka. #PhoneNumbers from Users and that is literally a architectural vulnerability, alongside your #proprietary & #Centralized #Infrastructure.

• #Signal being a #SingleVendor & #SingleProvider #Solution is literally the reason why I consider it #insecure.

Not to mention the lack of @torproject / #Tor support with an #OnionService or the willingness to fulfill #cyberfacist "Embargoes" or shilling a #Shitcoin #Scam named #MobileCoin!

• #KYC is the illicit activity!!!

And don't get me started on the #cyberfacism that is #CloudAct.

• If you were secure, criminals would've used your platform so hard, it would've been shutdown like #EncroChat and #SkyECC.

I may nit have allvthe.evidence yet, but #Signal stenches like #ANØM: #Honeypot-esque!

@ueeu I think crucial parts is looking at it's components, dependencies, size and for apps permissions.

• Also make shure it uses #OpenStandards, because #OpenSource can be just a "smoke grenade" when it's a #centralized, #proprietary, #SingleVendor & #SingleProvider solution.

#ReproduceableBuilds for example are important, so the actually released source code is what people actually get served as basis.

• Both of the latter points are something that @monocles / #monoclesChat does perfectly and that @signalapp completely fails at!

Plus in terms of #security, choose *real #E2EE with #SelfCustody of all the #Keys!

@petersuber except @signalapp is #commervial as in #VVmoneyBurningParty, #centralized, #proprietary, #SingleVendor & #SingleProvider!

• It really is that simple...

@licho @osman provide evidence the code @signalapp released is actually being deployed.

• Whereas @monocles has #ReproducibleBuilds to the point that @fdroidorg literally pulls their git and builds it from source.

Not to mention pushing a #Shitcoin-#Scam (#MobileCoin) disqualifies #Signal per very design!
https://www.youtube.com/watch?v=tJoO2uWrX1M

• Given the collection of #PII like #PhoneNumbers, the ability to restrict functionality based off those and the fact that #Signal is subject to #CloudAct make it inherently not trustworthy.

And don't even get me started on the fact.it's not sustainable to run it as a #VCmoneyBurningParty!

• As soon as Signal becomes a problem, it will be taken offline, and due to the fact that it is #centralized, #proprietary, #SingleVendor & #SingleProvider that's trivial for authorities.

Same as identifying users: They already got a #PhoneNumber which in many juristictions one can't even obtain without #ID legally, thus making it super easy to i.e. find and locate a user. Even tze cheapest LEAs can force their local M(V)NOs to #SS7 a specific number...

• All these are unnecessary risks, that could've been avoided, but explicitly don't even get remediated retroactively!

Again: Signal has a #Honeypot stench, and you better learn proper #E2EE, #SelfCustody and #TechLiteracy because corporations can't pull the 5th [Amendment] on your behalf!

@encthenet granted, I'd be wary given the fact that @signalapp is a #proprietary, #centralized, #SingleVendor & #SingleProvider solution.

• Tho you are correct in that this entire fuckup should not have been possible to begin with, but the "Chief Moron" decided to not obey existing rules!

@Catwoman69y2k @dragonfriend most importantly:

Only with #SelfCustody of all the keys, #SelfHosting of the entire infrastructure and everything being #OpenSource, one can assure (and [let it be] audit[ed] independently) that the #advertised #promises are in fact true.

• All #centralized, #SingleVendor and/or #SingleProvider solutions - and yes that includes @signalapp as well (!!!) - are inherently insecure because they can be forced into "cooperation" - may it be with #Cyberfacism like #CloudAct or listeally a gun to their head...

Cuz not expecting @Mer__edith to break is the same level of "#TrustMeBro!" assurances as #ANØM, #EncroChat, #SkyECC, #WhatsApp etc. do in their #advetising #lies!

• Remember: Corporations/Foundations/non-profits/... don't have a right to be silent , only individuals, and even then there are certain juristictions that have #KeyEscrow laws (i.e. #France, #Russia, #KSA, #China, #India, #UK , ...) in the books!