Back

@Mer__edith Personally, @signalapp still collects way too much data and IMHO still has the same issues as all #centralized #SingleVendor & #SinlgeProvider solutions.

And considering #CloudAct and the ability as well as willingness of #Signal to enforce #Embargos, I'd just not trust it at all!

In fact, I'd call the #NSA and #FBI as "criminally incompetent" if they didn't place people within Signal...

@kkarhan @Mer__edith @signalapp Signal is still collecting too much data? Could you please list them?
And what do you mean by "collect" exactly, plain or encrypted?

@fla @kkarhan @Mer__edith @signalapp signal end to end encrypts the actual content of your messages, yes, but it doesn't encrypt the metadata of your messages — including who sends each message, who receives it, what date and time the message was sent on, whether it was received, and stuff like that, which can be used to do all kinds of analysis (in fact metadata is all that the surveillance agencies in the US even use when just passively surveilling people cuz you can actually figure out a fuck ton from just metadata). Not to mention the fact that it requires you to have a phone number for your account and that isn't encrypted either so each account is linked to your legal identity unless you have a burner phone. Signal has been promising they will set up usernames instead of phone numbers for accounts for something like 5 years now and maybe they'll release it soon but it's still a problem in the meantime.

Don't get me wrong, I use Signal to talk to my friends, but that doesn't mean that it isn't important to recognize the flaws that it does have

@anarchopunk_girl @kkarhan @Mer__edith @signalapp

This is perfectly wrong, especially the "who sends each message". The only metadata you can get from a phone number is, does it have a Signal account, when was this account created, and when was the last time this account logged in. That's it. Nothing else.

Signal is state of the art. 10 times more secure than anything else, including XMPP + OMEMO mentioned below. The only problem it has is, it's centralized.

@fla @anarchopunk_girl @Mer__edith @signalapp

1. I doubt the security claims as #Signal refuses to allow people to make #ReproduceibleBuilds and provide the #Backend as #FLOSS.

That #Centralization makes it #vulnerable and just like @protonmail before, Signal will bow before pressure by authorities regardless if #CloudAct or whatever.

DO NOT TRUST ANYONE - NEITHER ME NOT THEM!!!

https://www.youtube.com/watch?v=QCx_G_R0UmQ

https://twitter.com/thegrugq/status/1085614812581715968

@kkarhan @fla @Mer__edith @signalapp @protonmail

When did ProtonMail capitulate?

@anarchopunk_girl @fla @protonmail
@Mer__edith @signalapp
More often than enough.

And in some cases without a warrant...

Case in point: #Signal has the same stench as #ProtonMail and #ANØM and in the end I'll be correct - just as I've always been with EVERY #SingleVendor AND #SingleProvider "SOLUTION"!

https://www.youtube.com/watch?v=IeXaYR4ed9c

@anarchopunk_girl @fla @protonmail

Do you think I like that situation?
NO!

I wished I was wrong but I guarantee you the moment @Mer__edith or anyone from @signalapp is being threatened by LEAs with jailtime if they don't rat out a user [which don't even pay them a dime, let's be honest!] they'll all cave in...

After all, why should they not do so?
https://twitter.com/thegrugq/status/1085614812581715968