@aussie55

Charlee Fraser

Photo: Isa Sanchez

#cloudflareFree unlike #minds, which is yet another #fediverse server controlled by #cloudflare. #mitm #insecure #PII #infosec #censorship

• Stay away from CrimeFlare https://kb.mypdns.org/articles/MTX-A-73
• Fundamental Human Rights and Online Privacy https://kb.mypdns.org/articles/MPDNS-A-2

@signalapp no it's not.

• Otherwise #OrganizedCrime would choose #Signal so hard, you'd be shutdown within weeks by the #FBI and @Mer__edith would be forced to "pull a #LavaBit" and face jailtime for obstruction of justice or snitch on users!

Being a #centralized, #SingleVendor & #SingleProvider solution subject to #CloudAct makes you inherently vulnerable by your own choice and thus trivial to shutdown compared to real #E2EE with #SelfCustody of all the keys and true #decentralization as well as #SelfHosting (i.e. #PGP/MIME [see @delta / #deltaChat et. al.] and #XMPP+#OMEMO [see @monocles / #monoclesChat et. al.]!)

• Plus neither of those shill #Shitcoin-#Scams like #MobileCoin!

And don't even get me started on you collecting #PII (espechally #PhoneNumbers) for no valid reason, (thus violating #GDPR & #BDSG)...

• Not to mention relying ob #charity and being a #VCmoneyBurningParty isn't sustainable to begin with!

But yeah, I'll be patient to shout "#ToldYaSo" to your annoying cult of fanboys!

@dzwiedziu @fj @signalapp not really, as the #Metadata #FUD cited by #Signal is mitigateable with proper measures.

• You can't even run Signal over @torproject and even if that point is moot when you're forced to quasi-#KYC by virtue of a #PhoneNumber aka. #PII they have neither legitimate interest nor technical reason to demand in the first place!

Every claim that things like #ITsec, #InfoSec, #OpSec & #ComSec can be solved with "Just use Signal!" is "#TechPopulism" at best if not being a "#UsefulIdiot"!

• All #centralized, #SingleVendor & #SingleProbider systems are inherently insecure!

@Andromxda @pixelcode How can you claim something you can't evidence?

• Pretty shure if it's not @signalapp themselves, then their centralized architecture and unwillingness to even have an #OnionService on @torproject makes it trivial to pull a #Room641A on them.

It makes you look like one of those folks shilling #VPN|s that ain't logless after all...

• I don't believe in #marketing #lies and #Signal can't (and won't) be able to evidence that they don't log shit.

At least they should be honest about things and not claim bs, cuz demanding a #PhoneNumber is just #KYC with extra steps like demanding any #SSN or other #PII. Makes them look like chinese MMORPGs that demand ID card numbers for account signups, thus #paywalling the ability to use their service anonymously...

@Andromxda @mollyim no it's not bs and fanboying @signalapp isn't going to change that.

If #Signal was secure it would be the #1 comms tool of organized crime...

• Yet I've only seen #TechIlliterates shill it.

Real professionals use #SelfHosting capable, fully #FLOSS'd solutions like #PGP/MIME & #XMPP+#OMEMO.

• Again: Demanding #PII like #PhoneNumbers and shilling a #Shitcoin-#Scam (#MobileCoin) makes Signal literally untrustworthy and if it doesn't for you then maybe your standards are just too low...

It's just me reading the room: Cuz #ComSec isn't done woth "JuSt UsE sIgNaL!" and everyone who claims so without pointing out #OpSec, #InfoSec & #ITsec is BSing hard.

• The cold hard truth is that #TechLiteracy is irreplaceable and the only solution to it is to actually teach normies how to "get gud" with stuff like PGP.

Fortunatelty, @thunderbird and @tails_live / @tails / #Tails and many other tools make that easier than ever before.

• So rather than vomiting insults against my intellect in my mentions, go to the next @cryptoparty@mastodon.earth / #Cryptoparty / @cryptoparty@chaos.social and lend a hand.

@pixelcode @taylan @signalapp the #centralization, espechally without means to hide it's traffic via @torproject / #Tor makes it trivial to detect and track @signalapp / #Signal users.

• Add to that the fact that Signal has #PhoneNumbers = #PII on them and the fact they are incorporated in the #USA, thus subject to #CloudAct and it's not a matter if they snitch on users but how many thousands if not millions got subopena'd to this day.

And with no self-custody of keys it's trivial to #Room641A the users if the devs get "motivated" under threat of spending the rest of theor lives in jail.

@taylan @pixelcode also add tocthe fact that @signalapp collects and stores #PII like #PhoneNumbers...

@signalapp It's not #disinfo when one points out that you demand #PII aka. #PhoneNumbers from Users and that is literally a architectural vulnerability, alongside your #proprietary & #Centralized #Infrastructure.

• #Signal being a #SingleVendor & #SingleProvider #Solution is literally the reason why I consider it #insecure.

Not to mention the lack of @torproject / #Tor support with an #OnionService or the willingness to fulfill #cyberfacist "Embargoes" or shilling a #Shitcoin #Scam named #MobileCoin!

• #KYC is the illicit activity!!!

And don't get me started on the #cyberfacism that is #CloudAct.

• If you were secure, criminals would've used your platform so hard, it would've been shutdown like #EncroChat and #SkyECC.

I may nit have allvthe.evidence yet, but #Signal stenches like #ANØM: #Honeypot-esque!

@signalapp I disagree because your platform is #proprietary, #SingleVendor, #SingleProvider and doesn't allow for #SelfHosting, #SelfCustody of all the Keys and you demand #PII in the form of a #PhoneNumber which can be used.to track users down!

• If #Signal was as secure as claimed, it would've been shut down like #EncroChat, #SkyECC & others...

@jrredho @walkinglampshade @fj

Don't 'splain me, m8!

Their figleaf exuses are not legitimate and @signalapp's @Mer__edith knows that...

• After all, @monocles doesn't require any #PII at all and they are in fact sustainable as in not requiring #donations, since they are user-financed (subscription)...

Read criticisms before commenting...
https://www.youtube.com/watch?v=tJoO2uWrX1M

• #KYC (of any kind, including #PhoneNumbers) IS THE ILLICIT ACTIVITY!*

@walkinglampshade @jrredho @fj It's basic #InfoSec, really:

• @signalapp has no "#LegitimateInterest" to demand #PII like a #PhoneNumber and they use and abuse that to restrict functionality of their App (it doesn't matter that they merely claim "comply with #sanctions" [their #MobileCoin #Shitcoin #Scam disqalifies them even more!] because they have the tech to distinguish and discriminate users)...

Thus #Signal fails at protevting #Journalists and theor sources because they do have that data and can be #subopena'd for it if they don't already provide #BulkSurveillance & #LawfulInterception #API|s to comply with #CloudAct. (Or are you guys so naive and believe @Mer__edith will risk dying of old age in jail for non-paying users?)

• This entire "thread vector" just doesn't exist with #XMPP+#OMEMO nor #PGP/MIME!

And if you believe "this won't ne used/abused me because I'm from 'Murica!" and point at #ANØM as an example, then you really ignored all tze #Cyberfacism since 9/11…

@fj I still think @signalapp has fundamental flaws like demanding #PII (#PhoneNumbers can't be obtained anonymously around the globe and are trivial to track down to devices and thus users), being subject to #CloudAct as an unnecessary & 100% avoidable risk as well as #Shitcoin-#Scam shilling (#MobileCoin) and it's #proprietary, #SingleVendor & #SingleProvider nature that makes it inferior to real #E2EE with #SelfCustody like #PGP/MIME & #XMPP+#OMEMO!

@nemo Except #Signal demanding #PII like a #PhoneNumber, being subject to #CloudAct an shilling #MobileCoin, a blatant #Shitcoin #Scam disqualifies them!

@licho @osman provide evidence the code @signalapp released is actually being deployed.

• Whereas @monocles has #ReproducibleBuilds to the point that @fdroidorg literally pulls their git and builds it from source.

Not to mention pushing a #Shitcoin-#Scam (#MobileCoin) disqualifies #Signal per very design!
https://www.youtube.com/watch?v=tJoO2uWrX1M

• Given the collection of #PII like #PhoneNumbers, the ability to restrict functionality based off those and the fact that #Signal is subject to #CloudAct make it inherently not trustworthy.

And don't even get me started on the fact.it's not sustainable to run it as a #VCmoneyBurningParty!

• As soon as Signal becomes a problem, it will be taken offline, and due to the fact that it is #centralized, #proprietary, #SingleVendor & #SingleProvider that's trivial for authorities.

Same as identifying users: They already got a #PhoneNumber which in many juristictions one can't even obtain without #ID legally, thus making it super easy to i.e. find and locate a user. Even tze cheapest LEAs can force their local M(V)NOs to #SS7 a specific number...

• All these are unnecessary risks, that could've been avoided, but explicitly don't even get remediated retroactively!

Again: Signal has a #Honeypot stench, and you better learn proper #E2EE, #SelfCustody and #TechLiteracy because corporations can't pull the 5th [Amendment] on your behalf!

@osman, no because @signalapp is a #proprietary, #centealized, #SingleVendor & #SingleProvider solution that demands #PII like #PhoneNumbers for no valid reason, is subject to #CloudAct and only continues to exist because it's convenient as a means to fo #BulkSurveillance and mark it's users as #PeopleOfInterest.

• I'd rather donate to @ccc for running http://jabber.ccc.de and buy a @monocles #subscription instead!

@cmccullough that being said I can recommend @monocles which do not require any #PII wjatsoever and allow #anonymous payment via #Monero & #CashByMail!
https://monocles.eu/more/#payment-section

Another option may be @Stuxhost ...

In an interview Fri, Dudek argued that the judge’s ruling was *overly broad* & that a reference to “DOGE affiliates” could apply to all employees who access personally identifiable info, or #PII, because they are obligated to cooperate w/ #DOGE.

Dudek said the agency plans to file an affidavit as soon as Fri asking Hollander to clarify language in her ruling….

“Everything in this agency is PII. Unless I get clarification, I’ll just start to shut it down. I don’t have much of a choice here.”