If #Signal and #Gmail are not sufficient for #Republicans to use for #American #Government #Communications, should you use them?
Recent searches
Search options
#centralized
3 posts3 participants0 posts today
Decentralization against AI:
Big Tech's sole interest is to control the narratives through biases, algorithms, #AI.
In the past, they bought newspapers and journalists; now they buy platforms and bots. But without users, they have no value. Underfeeding #centralized networks is the way against AI
️
1/5 
Replied in thread
@signalapp no it's not.
- Otherwise #OrganizedCrime would choose #Signal so hard, you'd be shutdown within weeks by the #FBI and @Mer__edith would be forced to "pull a #LavaBit" and face jailtime for obstruction of justice or snitch on users!
Being a #centralized, #SingleVendor & #SingleProvider solution subject to #CloudAct makes you inherently vulnerable by your own choice and thus trivial to shutdown compared to real #E2EE with #SelfCustody of all the keys and true #decentralization as well as #SelfHosting (i.e. #PGP/MIME [see @delta / #deltaChat et. al.] and #XMPP+#OMEMO [see @monocles / #monoclesChat et. al.]!)
- Plus neither of those shill #Shitcoin-#Scams like #MobileCoin!
And don't even get me started on you collecting #PII (espechally #PhoneNumbers) for no valid reason, (thus violating #GDPR & #BDSG)...
- Not to mention relying ob #charity and being a #VCmoneyBurningParty isn't sustainable to begin with!
But yeah, I'll be patient to shout "#ToldYaSo" to your annoying cult of fanboys!
Replied in thread
@dzwiedziu @fj @signalapp not really, as the #Metadata #FUD cited by #Signal is mitigateable with proper measures.
- You can't even run Signal over @torproject and even if that point is moot when you're forced to quasi-#KYC by virtue of a #PhoneNumber aka. #PII they have neither legitimate interest nor technical reason to demand in the first place!
Every claim that things like #ITsec, #InfoSec, #OpSec & #ComSec can be solved with "Just use Signal!" is "#TechPopulism" at best if not being a "#UsefulIdiot"!
- All #centralized, #SingleVendor & #SingleProbider systems are inherently insecure!
Replied in thread
@pixelcode @taylan that is simply not true.
@signalapp is #centralized and there's no way one can verify the code released for the servers is what they actually run.
Unlike your replies my criticisms ain't founded based off "#TrustMeBro!" but systemic issues I highlight which #Signal refuses to address or take seriously!
MastodonPixelcode 🇺🇦 (@pixelcode@social.tchncs.de)@kkarhan@infosec.space @taylan@feministwiki.org You could have simply clicked on the link to find out that Signal have published the source code of all their apps and of their server, instead of making false claims out of thin air.
There's literally an entire manual on reproducing builds: https://github.com/signalapp/Signal-Android/blob/main/reproducible-builds%2FREADME.md
Also, nothing and no one stops you from self-hosting the Signal server.
Replied in thread
@signalapp It's not #disinfo when one points out that you demand #PII aka. #PhoneNumbers from Users and that is literally a architectural vulnerability, alongside your #proprietary & #Centralized #Infrastructure.
- #Signal being a #SingleVendor & #SingleProvider #Solution is literally the reason why I consider it #insecure.
Not to mention the lack of @torproject / #Tor support with an #OnionService or the willingness to fulfill #cyberfacist "Embargoes" or shilling a #Shitcoin #Scam named #MobileCoin!
- #KYC is the illicit activity!!!
And don't get me started on the #cyberfacism that is #CloudAct.
- If you were secure, criminals would've used your platform so hard, it would've been shutdown like #EncroChat and #SkyECC.
I may nit have allvthe.evidence yet, but #Signal stenches like #ANØM: #Honeypot-esque!
Replied in thread
@ueeu I think crucial parts is looking at it's components, dependencies, size and for apps permissions.
- Also make shure it uses #OpenStandards, because #OpenSource can be just a "smoke grenade" when it's a #centralized, #proprietary, #SingleVendor & #SingleProvider solution.
#ReproduceableBuilds for example are important, so the actually released source code is what people actually get served as basis.
- Both of the latter points are something that @monocles / #monoclesChat does perfectly and that @signalapp completely fails at!
Plus in terms of #security, choose *real #E2EE with #SelfCustody of all the #Keys!
Replied in thread
@petersuber except @signalapp is #commervial as in #VVmoneyBurningParty, #centralized, #proprietary, #SingleVendor & #SingleProvider!
- It really is that simple...
Replied in thread
@licho @osman provide evidence the code @signalapp released is actually being deployed.
- Whereas @monocles has #ReproducibleBuilds to the point that @fdroidorg literally pulls their
gitand builds it from source.
Not to mention pushing a #Shitcoin-#Scam (#MobileCoin) disqualifies #Signal per very design!
https://www.youtube.com/watch?v=tJoO2uWrX1M
- Given the collection of #PII like #PhoneNumbers, the ability to restrict functionality based off those and the fact that #Signal is subject to #CloudAct make it inherently not trustworthy.
And don't even get me started on the fact.it's not sustainable to run it as a #VCmoneyBurningParty!
- As soon as Signal becomes a problem, it will be taken offline, and due to the fact that it is #centralized, #proprietary, #SingleVendor & #SingleProvider that's trivial for authorities.
Same as identifying users: They already got a #PhoneNumber which in many juristictions one can't even obtain without #ID legally, thus making it super easy to i.e. find and locate a user. Even tze cheapest LEAs can force their local M(V)NOs to #SS7 a specific number...
- All these are unnecessary risks, that could've been avoided, but explicitly don't even get remediated retroactively!
Again: Signal has a #Honeypot stench, and you better learn proper #E2EE, #SelfCustody and #TechLiteracy because corporations can't pull the 5th [Amendment] on your behalf!
Replied in thread
@encthenet granted, I'd be wary given the fact that @signalapp is a #proprietary, #centralized, #SingleVendor & #SingleProvider solution.
- Tho you are correct in that this entire fuckup should not have been possible to begin with, but the "Chief Moron" decided to not obey existing rules!
Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@charlesmok@mastodon.online no, it's just a sign of #incompetence re: #InfoSec, #OpSec, #ComSec & #ITsec as this is a *criminally gross violation* of standards that even #POTUS has to abide to.
- There's a reason the #US #MILINTEL have half a dozen different *"secure networks"* for comms ranging from unclassified to top-secret+nofor!
#Trump should've been forced to hand over his personal devices at entry of the #SCIF this was sent from and only allowed on sanctioned and certified systems with vetted contacts only as pre-appointed who themselves are in a [SCIF](https://en.wikipedia.org/wiki/Sensitive_compartmented_information_facility)
- This is such a huge #OpSec failure, it makes #WarThunderForumsLeaks [look](https://en.wikipedia.org/wiki/War_Thunder#Classified_document_leaks) like a minor indiscretion by comparison.
Replied in thread
@Catwoman69y2k @dragonfriend most importantly:
Only with #SelfCustody of all the keys, #SelfHosting of the entire infrastructure and everything being #OpenSource, one can assure (and [let it be] audit[ed] independently) that the #advertised #promises are in fact true.
- All #centralized, #SingleVendor and/or #SingleProvider solutions - and yes that includes @signalapp as well (!!!) - are inherently insecure because they can be forced into "cooperation" - may it be with #Cyberfacism like #CloudAct or listeally a gun to their head...
Cuz not expecting @Mer__edith to break is the same level of "#TrustMeBro!" assurances as #ANØM, #EncroChat, #SkyECC, #WhatsApp etc. do in their #advetising #lies!
Twitterthaddeus e. grugq on Twitter“I’m gonna tell you a secret about “logless VPNs” — they don’t exist. Noone is going to risk jail for your $5/mo
https://t.co/Q2aOQJkG4g”
Replied in thread
Ⓥ
Good luck @weblate ... While @nextcloud talks about FOSS and decentralization, people have been asking them for years about using #Peertube and #Weblate, but it's always crickets and continued exclusive use of #YouTube and #Transifex.
There's virtually never even a response why they exclusively use the closed, #centralized, #proprietary services.
I respect @Karlitschek and @jospoortvliet but the org seems only interested in #FOSS / #Privacy / #decentralization in their own code / marketing.
Replied in thread
@ckrypto if@signalapp@mastodon.world wasn't complying with #CloudAct, @Mer__edith would be in jail.
Not to mention even if Signal keeps their "#OpenSource" code updated - which is doubtful, NOONE can actually #verify that it's the code you actually use - regardless if #backend / #Server or #client / #App!
Also if Signal was designed for #security, it would've been #decentralized as #XMPP+#OMEMO and not demand #PII like #PhoneNumbers which oftentimes cannot be obtained anonymously in many juristictions at all!
- Only #MultiVendor & #MultiProvider standards can be secure, regardless if OMEMO or #PGP/MIME.
By comparison, @delta doesn't require any PII, only an #eMail account, and @monocles isn't a #VCmoneyBurningParty but sustainable due to #subscription and they don't even require any personal details for #payment: #CashByMail and #Monero are accepted.
- Not to mention neither #DeltaChat nor #monoclesChat are pandering #Shitcoin #Scams like #MobileCoin that don't work even for #TechLiterate #CryptoBros!
Again: It's Signal alone who have to evidence they are trustworthy, and all I get are "#TrustMeBro!" replies, which means they are not to be trusted.
- Not to mention, it's just not sustainable to run a #service without #revenue, even if it's run entirely by unpaid volunteers and gets all it's #hosting and #costs donated, someone has to pay for expenses due to #abuse of a service (which is an inevitability come mass adoption)...
Whereas with #XMPP I can completely setup my own server and client, even build my own if I don't trust anyone else and pay someone to audit the code.
- Signal as a #centralized, #SingleVendor & #SingleProvider service is inevitable vulnerable to #RubberhoseCryptoanalysis, and #Meredith will break if not doing so means jail for life until she does!
Whereas with XMPP & PGP/MIME #eMail I can layer @torproject / #Tor over it, make it an #OnionService and keep that thing under my bed with a literal killswitch...
Replied in thread
@tshirtman @mloxton @tarheel @inthehands
agreed. in this regard, #socialMedia can be a force multiplier for good as well as what it is now: a force multiplier for #bigotry and #plutocracy
but that makes our communities a target
so we need something like #mastodon where we can squash the #trolls without the "fReEzEpEaCh!" #bigoted morons and #centralized #corporate social media indifference or tacit support for #ignorance and #hate
we need the #fediverse to grow
Replied in thread
@FediThing @nicoco is not advocating giving up. It's a (heavily veiled) criticism of #centralized services like #Signal, which are a tempting and easy target for coercion and backdoors. People who recognize that, push for #decentralized alternatives like #XMPP.
Replied in thread
@colinstu except #discord is worse than #IRC in every possible way...
- Simply because it's a shitty #SaaS that is #proprietary, #centralized & #SingleVendor / #SingleProvider!
At least IRC allows for #SelfHosting and way more granular control...
Replied in thread
@htwj @Mer__edith yeah, traded one #proproetary, #centralized #SingleVendor & #SingleProvider solution for another.
- Consider #XMPP+#OMEMO (i.e. @monocles / #monoclesChat) and #PGP/MIME (i.e. @delta / #deltaChat) instead...
Replied in thread
Welcome.
It's not perfect here.
Nowhere is.
You'll find many others here in #sanctuary like yourself, and myself.
Together we can take #Mastodon beyond mere sanctuary and grow to kill #centralized #plutocrat #socialMedia.
I know, I know.
One can dream.
I need this dream. Many of us do.
We'll dream together.
Replied in thread
@soatok @jwildeboer I still disagree because it completely ignores @signalapp being #centralized, #SingleVendor & #SinglePrivider, demanding #PII in the form of a #PhoneNumber, being able and willing to restrict functionality based off that and being subject to #CloudAct.
Replied in thread
@pixelschubsi @dalias @puppygirlhornypost2 that doesn't change the inherent issues of @signalapp being #centralized, #SingleVendor & #SingleProvider compared to #XMPP+#OMEMO as in @monocles / #monoclesChat & @gajim / #gajim.
Or des anyone expect #Signal and it's staff to actually resist?
Infosec.SpaceKevin Karhan :verified: (@kkarhan@infosec.space)@lauren@mastodon.laurenweinstein.org no, because @signalapp@mastodon.world is subject to #CloudAct (= incompatible with #GDPR & #BDSG if you ever care!) and collects #PII in the firirm of #PhoneNumbers, which are at best pseudonymous but trivial to track and at most means that people inviting others without their consent comitted an illegal disclosure if PII!
- Use *real #E2EE* with #SelfCustody of all the keys that isn't [a](https://www.youtube.com/watch?v=tJoO2uWrX1M) #proprietary #SingleVendor & #SingleProvider solution that [peddles](https://www.youtube.com/watch?v=0DSGq9FQKU4) a #shitcoin #scam!
Give #XMPP+#OMEMO a shot: @monocles@monocles.social / #monocles & @gajim@fosstodon.org / #gajim.
[1](https://docs.monocles.eu/apps/chat.app/) [2](https://docs.monocles.eu/services/chat.service/) [3](https://docs.monocles.eu/account/account/) [4](https://monocles.eu/more/#account-section) [5](https://monocles.chat/login)