Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://cyberplace.social/@GossiTheDog" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>GossiTheDog</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> it merely prevents <a href="https://infosec.space/tags/Screenshots" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Screenshots</span></a> by claiming it's <a href="https://infosec.space/tags/DRM" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>DRM</span></a>'d content.</p><ul><li><p>It's a mere <em>ask</em> and <a href="https://infosec.space/tags/Microsoft" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Microsoft</span></a> could specifically close that <a href="https://infosec.space/tags/API" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>API</span></a> and make it subject to contractual agreements (as they did with their <a href="https://infosec.space/tags/Antivirus" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Antivirus</span></a> API calls to disable <a href="https://infosec.space/tags/WindowsDefender" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>WindowsDefender</span></a>!) if they decide this is against their wishes.</p></li><li><p>It also doesn't prevent the <a href="https://infosec.space/tags/Keylogger" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Keylogger</span></a> nor works against the <a href="http://github.com/kkarhan/windows-ca-backdoor-fix" rel="nofollow noopener" target="_blank">known</a> <a href="https://infosec.space/tags/CryptoAPI" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CryptoAPI</span></a> <a href="https://infosec.space/tags/backdoor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>backdoor</span></a> affecting all <a href="https://infosec.space/tags/Browsers" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Browsers</span></a> (except <a href="https://infosec.space/tags/Firefox" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Firefox</span></a> and <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/TorBrowser" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TorBrowser</span></a>) which can be triggered by a single <a href="https://infosec.space/tags/HTTPS" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>HTTPS</span></a> request.</p></li></ul><p>The correct solution for <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Signal</span></a> would be to alert all their users and specifically block <a href="https://infosec.space/tags/Windows" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows</span></a> in general or at least <a href="https://infosec.space/tags/Windows11" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Windows11</span></a> simply because it is a <a href="https://infosec.space/tags/Govware" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Govware</span></a> and <em>empirically cannot be made private or secure</em>.</p><p>But that would require them to actually give a shit, which thed don't, cuz otherwise they would've stopped demanding <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> like a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a> and moved out of juristiction of <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>CloudAct</span></a>.</p><ul><li>I mean, what's gonna prevent the <a href="https://infosec.space/tags/Trump" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Trump</span></a>-Regime from threatening <span class="h-card" translate="no"><a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Mer__edith</span></a></span> et. al. with lifetime in jail for not kicking the <a href="https://infosec.space/tags/ICC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ICC</span></a> (or anyone else he and his fans dislike) from <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Signal</span></a>'s infrastructure?</li></ul><p>Since they are highly centralized.they certainly <em>are capable</em> to comply with <em>"<a href="https://infosec.space/tags/Sanctions" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Sanctions</span></a>"</em> (or whatever bs he'll claim!)...</p>