Meredith Whittaker
Where I speak some advantages Signal has over the bigger richer rest of tech:
“We don’t have to be full of shit. We’re not a surveillance company. I’m not trying to pretend Facebook is good. I don’t have to toe a party line that is divorced from reality”
https://restofworld.org/2023/signal-president-meredith-whittaker-messaing-privacy/
novatorine 🏴🏳️⚧️
@fla @kkarhan @Mer__edith @signalapp signal end to end encrypts the actual content of your messages, yes, but it doesn't encrypt the metadata of your messages — including who sends each message, who receives it, what date and time the message was sent on, whether it was received, and stuff like that, which can be used to do all kinds of analysis in fact metadata is all that the surveillance agencies in the US even use when just passively surveilling people cuz you can actually figure out a fuck ton from just metadata). Not to mention the fact that it requires you to have a phone number for your account and that isn't encrypted either so each account is linked to your legal identity unless you have a burner phone. Signal has been promising they will set up usernames instead of phone numbers for accounts for something like 5 years now and maybe they'll release it soon but it's still a problem in the meantime.
Fla
@kkarhan @Mer__edith @signalapp Signal is still collecting too much data? Could you please list them?
And what do you mean by "collect" exactly, plain or encrypted?
Kevin Karhan :verified:
@Mer__edith Personally, @signalapp still collects way too much data and IMHO still has the same issues as all #centralized #SingleVendor & #SinlgeProvider solutions.
And considering #CloudAct and the ability as well as willingness of #Signal to enforce #Embargos, I'd just not trust it at all!
In fact, I'd call the #NSA and #FBI as "criminally incompetent" if they didn't place people within Signal...
Kevin Karhan :verified:
@anarchopunk_girl @fla @Mer__edith @signalapp
Also #Signal collects #PhoneNumbers which are hard if not illegal to obtain anonymously depending on one's juristiction and those ain't even #TechnicallyNecessary unlike #Apps that do #E2EE with #OpenPGP on #SMS where it makes sense to offer people the convenience of a #Keyserver offered by the maintainers.
Personally, #Signal has a stench closer to #ANØM / #OperationIronside / #TojanShield than #EncroChat IMHO...
https://en.wikipedia.org/wiki/ANOM
novatorine 🏴🏳️⚧️
@kkarhan @fla @Mer__edith @signalapp the thing is that signal is way easier to use then whatever crusty outdated ugly looking xmpp app you found lol. Session is good tho.
Kevin Karhan :verified:
@anarchopunk_girl @fla @Mer__edith @signalapp
#Signal also doesn't provide value to me beyond what #XMPP + #OMEMO & #eMail + #PGP/MIME can offer for decades now.
Instead it creates shitty dependencies to #Google - #APIs that have no legitimate reason to exist and their unwillingness to allow #SelfHosting makes it worse than a default #Zulip installation in terms of #InfoSec, #OPsec, #ComSec & #ITsec.
https://zulip.com/why-zulip/
novatorine 🏴🏳️⚧️
@jabberati @kkarhan @fla @Mer__edith @signalapp I like Session bc it explicitly focuses on not leaking metadata, including using a decentralized onion router network to hide who you're talking to
jabberati
@anarchopunk_girl @kkarhan @fla @Mer__edith @signalapp I have contacts in the age range (8-86) using Conversations without trouble. I just helped them with the installation of F-Droid and the creation of an XMPP address. It paid off, since now I don't promote any walled gardens like Signal anymore.
novatorine 🏴🏳️⚧️
@kkarhan @fla @Mer__edith @signalapp @protonmail
When did ProtonMail capitulate?
Fla
@anarchopunk_girl @kkarhan @Mer__edith @signalapp
This is perfectly wrong, especially the "who sends each message". The only metadata you can get from a phone number is, does it have a Signal account, when was this account created, and when was the last time this account logged in. That's it. Nothing else.
Signal is state of the art. 10 times more secure than anything else, including XMPP + OMEMO mentioned below. The only problem it has is, it's centralized.
Kevin Karhan :verified:
@fla @anarchopunk_girl @Mer__edith @signalapp
1. I doubt the security claims as #Signal refuses to allow people to make #ReproduceibleBuilds and provide the #Backend as #FLOSS.
That #Centralization makes it #vulnerable and just like @protonmail before, Signal will bow before pressure by authorities regardless if #CloudAct or whatever.
DO NOT TRUST ANYONE - NEITHER ME NOT THEM!!!
98e028dw
@kkarhan @anarchopunk_girl @fla @Mer__edith @signalapp @torproject
Do not trust #signal ? For some people #SimpleX may be an option.
https://simplex.chat
Kevin Karhan :verified:
@anarchopunk_girl @fla @Mer__edith
After all, @signalapp does in fact comply with #Cyberfacist demands of the U.S. government and restricts #Signal's functionality based of "striclty unnecessary" data like #PhoneNumbers!
Whereas @torproject is specifically designed to be incapable of doing so, even if all their maintainers were simultaneously held at gunpoint.
Cuz that's basic #OpSec to the point that every small #FinTech / #PaymentProcessor in Germany has to get that #contingency in place!
Kevin Karhan :verified:
@anarchopunk_girl @fla @protonmail
Do you think I like that situation?
NO!
I wished I was wrong but I guarantee you the moment @Mer__edith or anyone from @signalapp is being threatened by LEAs with jailtime if they don't rat out a user [which don't even pay them a dime, let's be honest!] they'll all cave in...
After all, why should they not do so?
https://twitter.com/thegrugq/status/1085614812581715968
Kevin Karhan :verified:
@anarchopunk_girl @fla @protonmail
@Mer__edith @signalapp
More often than enough.
And in some cases without a warrant...
Case in point: #Signal has the same stench as #ProtonMail and #ANØM and in the end I'll be correct - just as I've always been with EVERY 👏 #SingleVendor 👏 AND 👏 #SingleProvider 👏 "SOLUTION"!
Aral Balkan
tastyraspberry
@voorstad @Mer__edith See this video: https://www.youtube.com/watch?v=a26zI7xCjy0
Eelco Mulder :mastodon:
Good and honest interview! But no words about the consequences for #EU citizens in relation to #chatcontrol (https://edri.org/our-work/why-chat-control-is-so-dangerous/).
Any thoughts on that, perhaps?
Matti Järvinen
@dexternemrod @truls46 @voorstad @EU_Commission you can host the UI as a web page.
So how to block it?
They probably haven't even thought of banking and government data handling.
Matti Järvinen
@dexternemrod @truls46 @voorstad @EU_Commission but then there's open source projects like Matrix.
How could they fight against federated e2ee communications?
dexternemrod
@truls46 @voorstad @EU_Commission
Maybe force the Appstores to take the apps down for the region or on the end ... make it a crime to use it.
I wonder if they thought about business communications like remote teams or different branches using e2ee-services?
Truls
I wonder what "leave the EU" technically means? Will the app be removed from the AppStore/PlayStore if the phone number is identified to be a European one? Will existing installations refuse to work?
But in the end I hope this won't happen and the @EU_Commission does not follow China's and Russia's example on how to spy on their citizens.
dexternemrod
As far as I know it is possible for publishers to limit the regions in the appstore ... but sideloading and forks like #mollyim should not be impacted. Not sure if signal will use barriers in the app/server itself.
Eelco Mulder :mastodon:
Wow....!
So #signal will eventually leave the EU if the EU Parliament approves #chatcontrol (mass surveillance of private communications).
https://www.youtube.com/watch?v=a26zI7xCjy0
@tastyraspberry @Mer__edith @signalapp
@arnoudwokke @bert_hubert @patrick_breyer_mep
GNU social JP is a social network, courtesy of GNU social JP管理人. It runs on GNU social, version 2.0.2-dev, available under the GNU Affero General Public License.
All GNU social JP content and data are available under the Creative Commons Attribution 3.0 license.