@photovince anyone who doesn't trust a.#centralized, #proprietary #SingleVendor & #SingleProvider solution that demands #PII for no valid reason like @signalapp does!

@artfulmodder last time I checked @signalapp still demanded #PII in.the form of a #PhoneNumber, still peddled the #MobileCoin #Shitcoin #Scam and didn't move out of the #Cyberfacist #USA despite #CloudAct being nothing new!

• Not to mention #Signal is both able and willing to discriminate against users based off said PII. Just because they do it for "#Sanctions #Compliance" diesn't mean they ain't gonna change that nor that @Mer__edith (or anyone else at Signal) could be bribed or threatened to do so.

They are #centralized #SingleVendor & #SingleProvider and are thus a #SinglePointOfFailure per design!

• Unlike @delta (which is #PGP/MIME in a different UI) or #XMPP+#OMEMO (which you can use via @torproject / #Tor and connect to a Server that is an #OnionService.

IMHO "memory tagging" is the least of Signal's problems. To me they stench "#ControlledOpposition" just as hard as #ANØM and incompetence as hard as #EncroChat!

@mit_scharf the problem with "threat scenarios" is that they tend to change quickly, non-consensual and without warning.

• Demanding any #PII [even by virtue of being correlateable through circumstances] to be able to use a service is inherently bad, espechally since there is no "legitimate interest" for that.

"#KYC" is the illicit activity! and #Signal acts as a controlled opposition by virtue of being a #proprietary, #centralized, #SingleVendor & #SingleProvider "solution" that subjects itself to a juristiction that has 0 #privacy laws and only #cyberfacism (see #CloudAct ) to boot...

• I find it more fatiguing and also expensive to try to workaround shite than to migrate folks to secure standards because that's a one-time investment that I'm willing to take vs. having to jump through hoops and paywalls to acquire a working #SIM (or #eSIM) anonymously and maintaining it.

It's just not in the cards TBH!

@ciourte @netopwibby Needless to say I've only heard of some Spanish low-cost #MVNO offering one device only in a #prepaid #bundle when #FirefoxOS was unveiled at the #MWC in #Barcelona based off coverage in @ct_Magazin at the time.

• Cuz I remember #WebDevs like @fuchsiii really loving it because it was the then hot & fresh #HTML5 + #JS6 + #CSS3 combo to make it super-easy to do #Apps. All one needs to build an app was #Firefox as Browser and the ability to basically zip' it.

Alas @Mozilla deciding on purpose to literally splinter the market by letting #MNO|s and MVNOs run their #AppStore|s instead of a #centralized model, making the situation worse than in the "P.R." #China where there are several vendor-independent #AppStores for #Android.

• "Conspiracy Theorists" even suggested that this was deliberate self-sabotage to benefit #Google and #Android, tho needless to say Firefox OS aimed at devices & specs that were too low for Android.

Still, I'm #StillMad at #Mozilla for faceplanting Firefox OS cuz it had the easiest way to get started and a good architecture being every #App is just a #WebApp and all the system calls were standard #HTML5 permissions and nothing fancy.

• Basically #PSvita - Syndrome, but worse as in #OpenMoko #Freenunner:

https://www.youtube.com/watch?v=p76exsJn7SU

@dgar Love the variety of synonyms for "died"

Lessons to be learned -
• Boycott #proprietary software - use #FreedomRespecting software (a.k.a. #Libre / #OpenSource / #FreeSoftware) which is free of corporate control, and
• Boycott #centralized services - use #federated services so you aren't locked into one service.

#XMPP is still around, and thriving.
https://contrapunctus.codeberg.page/the-quick-and-easy-guide-to-xmpp.html

@stormii @debby okay.

Still a #centralized, #SingleVendor & #SingleProvider service that snitches on users if it ain't yet another #Honeypot like #ANØM...

@debby #Mumble, #IRC, #XMPP (+OMEMO = @gajim / #monoclesChat) & #Linphone (#SIP / #VoIP) are the better options. #NextcloudTalk also exist and @monocles as well as @Stuxhost offer that.

• #Signal and #Session are #proprietary, #centralized, #SingleVendor & #SingleProvider solutions!

• And #Matrix is just a shittier #XMPP+#OMEMO. Give @delta / #DeltaChat a try instead.

OfC #JitsiMeet and #WebCall are also great!

https://webcall.timur.mobi

@adisonverlice I think that's dangerous disinfo as @torproject actively works against attempts to fingerprint and track #Tor users.

• I do consider Tor more private than any #VPN simply becaise they can neither ban users nor identify them.

In fact, Tor has been designed with the explicit goal to circumvent #Firewalls and #InternetCensorship methods like #DeepApcketInspection.

• Which is why #OnionShare by @micahflee works so great!

As a matter of principle I'd never vouch for any #centralized, #SingleVendor and/or #SingleProvider solution of any kind, including #Session.

• Tor is sufficiently decentralized in that it is not only completely #OpenSource but has proven to not have SPOFs in the form of maintainers and is able to yeet proplematic folks (unlike #WikiLeaks!)…

@lukadjo @ApAlun @Crispius @fedilore @freeagent @vfrmedia

just an idea

(not an original one):

the problem with #algorithms on #centralized #socialMedia is that they can be manipulated

on the #fediverse why not have a menu of #openSource algorithms that anyone can write (audited so they are genuinely manipulation-free)?

people can freely choose one, and they can sink into their #algorithm stupor

if that's what they want

is there harm in that?

i'm not saying they *have* to do that

@adisonverlice it's not just re: #Governments (tho #Project2025 explicitly endorses unsactioned comms to twart attempts at #FIOA or any #accountability for that matter), but individuals or any organization:

• If a system is #centralized as in #SingleVendor and/or #SingleProvider, it's inherently vulnerable.

And if #EncroChat got pwned, who's gonna guarantee @signalapp won't if it's actually secure or isn't an #InsideJob like #ANØM.

After all, both #Signal's Organization and key people like @Mer__edith are known to the authorities by more than just their legal name.

• What's gonna prevent #Trump from doing a "bag&drag" on her or getting his goons to put a gun on,the developers' heads and force them to,#d0x all users and #backdoor everything (if they didn't already got forced to have some "#LafwulInterception" gear in a closet like #Room641A...

After all, Signal can't pull the 5th and refuse to comply!

@bob_zim yeah. Seen it. in the writeup by @micahflee ...

I just hope to find any that ain't #NetLock'd / #SimLock'd to #Verizon and that these support more than #US-#LTE bands...

• Not shure if it needs a valid #SIM or just an #ICCID + #Ki on a #SIM to get going (cuz in #Germany it's hard [imported #SIM] to illegal [domestic SIMs] to get an anonymous SIM since 07/2017.

I just wish @eff wouldn't expect everyone to use #centralized, #SingleVendor & #SingleProvider services like @signalapp in the age of #CloudAct, cuz neither I nor anyone I'd trust would submit #PII to them like a #PhoneNumer as a matter of principle!

@signalapp no it's not.

• Otherwise #OrganizedCrime would choose #Signal so hard, you'd be shutdown within weeks by the #FBI and @Mer__edith would be forced to "pull a #LavaBit" and face jailtime for obstruction of justice or snitch on users!

Being a #centralized, #SingleVendor & #SingleProvider solution subject to #CloudAct makes you inherently vulnerable by your own choice and thus trivial to shutdown compared to real #E2EE with #SelfCustody of all the keys and true #decentralization as well as #SelfHosting (i.e. #PGP/MIME [see @delta / #deltaChat et. al.] and #XMPP+#OMEMO [see @monocles / #monoclesChat et. al.]!)

• Plus neither of those shill #Shitcoin-#Scams like #MobileCoin!

And don't even get me started on you collecting #PII (espechally #PhoneNumbers) for no valid reason, (thus violating #GDPR & #BDSG)...

• Not to mention relying ob #charity and being a #VCmoneyBurningParty isn't sustainable to begin with!

But yeah, I'll be patient to shout "#ToldYaSo" to your annoying cult of fanboys!

@dzwiedziu @fj @signalapp not really, as the #Metadata #FUD cited by #Signal is mitigateable with proper measures.

• You can't even run Signal over @torproject and even if that point is moot when you're forced to quasi-#KYC by virtue of a #PhoneNumber aka. #PII they have neither legitimate interest nor technical reason to demand in the first place!

Every claim that things like #ITsec, #InfoSec, #OpSec & #ComSec can be solved with "Just use Signal!" is "#TechPopulism" at best if not being a "#UsefulIdiot"!

• All #centralized, #SingleVendor & #SingleProbider systems are inherently insecure!

@pixelcode @taylan that is simply not true.

@signalapp is #centralized and there's no way one can verify the code released for the servers is what they actually run.

Unlike your replies my criticisms ain't founded based off "#TrustMeBro!" but systemic issues I highlight which #Signal refuses to address or take seriously!

@signalapp It's not #disinfo when one points out that you demand #PII aka. #PhoneNumbers from Users and that is literally a architectural vulnerability, alongside your #proprietary & #Centralized #Infrastructure.

• #Signal being a #SingleVendor & #SingleProvider #Solution is literally the reason why I consider it #insecure.

Not to mention the lack of @torproject / #Tor support with an #OnionService or the willingness to fulfill #cyberfacist "Embargoes" or shilling a #Shitcoin #Scam named #MobileCoin!

• #KYC is the illicit activity!!!

And don't get me started on the #cyberfacism that is #CloudAct.

• If you were secure, criminals would've used your platform so hard, it would've been shutdown like #EncroChat and #SkyECC.

I may nit have allvthe.evidence yet, but #Signal stenches like #ANØM: #Honeypot-esque!

@ueeu I think crucial parts is looking at it's components, dependencies, size and for apps permissions.

• Also make shure it uses #OpenStandards, because #OpenSource can be just a "smoke grenade" when it's a #centralized, #proprietary, #SingleVendor & #SingleProvider solution.

#ReproduceableBuilds for example are important, so the actually released source code is what people actually get served as basis.

• Both of the latter points are something that @monocles / #monoclesChat does perfectly and that @signalapp completely fails at!

Plus in terms of #security, choose *real #E2EE with #SelfCustody of all the #Keys!