Recent searches
Search options
Administered by:
Where I speak some advantages Signal has over the bigger richer rest of tech:
“We don’t have to be full of shit. We’re not a surveillance company. I’m not trying to pretend Facebook is good. I don’t have to toe a party line that is divorced from reality”
https://restofworld.org/2023/signal-president-meredith-whittaker-messaing-privacy/
@Mer__edith Personally, @signalapp still collects way too much data and IMHO still has the same issues as all #centralized #SingleVendor & #SinlgeProvider solutions.
And considering #CloudAct and the ability as well as willingness of #Signal to enforce #Embargos, I'd just not trust it at all!
In fact, I'd call the #NSA and #FBI as "criminally incompetent" if they didn't place people within Signal...
@kkarhan @Mer__edith @signalapp Signal is still collecting too much data? Could you please list them?
And what do you mean by "collect" exactly, plain or encrypted?
@fla @kkarhan @Mer__edith @signalapp signal end to end encrypts the actual content of your messages, yes, but it doesn't encrypt the metadata of your messages — including who sends each message, who receives it, what date and time the message was sent on, whether it was received, and stuff like that, which can be used to do all kinds of analysis (in fact metadata is all that the surveillance agencies in the US even use when just passively surveilling people cuz you can actually figure out a fuck ton from just metadata). Not to mention the fact that it requires you to have a phone number for your account and that isn't encrypted either so each account is linked to your legal identity unless you have a burner phone. Signal has been promising they will set up usernames instead of phone numbers for accounts for something like 5 years now and maybe they'll release it soon but it's still a problem in the meantime.
Don't get me wrong, I use Signal to talk to my friends, but that doesn't mean that it isn't important to recognize the flaws that it does have
@anarchopunk_girl @fla @Mer__edith @signalapp
Also #Signal collects #PhoneNumbers which are hard if not illegal to obtain anonymously depending on one's juristiction and those ain't even #TechnicallyNecessary unlike #Apps that do #E2EE with #OpenPGP on #SMS where it makes sense to offer people the convenience of a #Keyserver offered by the maintainers.
Personally, #Signal has a stench closer to #ANØM / #OperationIronside / #TojanShield than #EncroChat IMHO...
https://en.wikipedia.org/wiki/ANOM
@kkarhan@mstdn.social@anarchopunk_girl @fla @Mer__edith @signalapp
#Signal also doesn't provide value to me beyond what #XMPP + #OMEMO & #eMail + #PGP/MIME can offer for decades now.
Instead it creates shitty dependencies to #Google - #APIs that have no legitimate reason to exist and their unwillingness to allow #SelfHosting makes it worse than a default #Zulip installation in terms of #InfoSec, #OPsec, #ComSec & #ITsec.
https://zulip.com/why-zulip/
@kkarhan @fla @Mer__edith @signalapp the thing is that signal is way easier to use then whatever crusty outdated xmpp app you found (this isn't meant to be an attack) lol. Session is good tho.
@anarchopunk_girl @fla @Mer__edith @signalapp
Which is why I deployed #Zulip for several clients as they've to comply with #GDPR, #BDSG, #GoBD & #HGB and that means having full control and auditability of all electronic communications.
Whereas with #Signal I can neither be shure of the integrity of said data nor provide auditors access to said comms if ordered by a court to do so - which is something one must evidence per documentation to be capable of doing!