Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://dumbfuckingweb.site/@silhouette" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>silhouette</span></a></span> <span class="h-card" translate="no"><a href="https://vmst.io/@richi" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>richi</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>signalapp</span></a></span> <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>torproject</span></a></span> </p><p><code>1.</code> You <a href="https://dumbfuckingweb.site/@silhouette/statuses/01JVYFY14DGHQ1GRSV6H8DZ2HX" rel="nofollow noopener" target="_blank">completely miss the points!</a> There is no <em>"<a href="https://infosec.space/tags/TechnicalNecessity" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechnicalNecessity</span></a>"</em> to demand <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PII</span></a> like a <a href="https://infosec.space/tags/PhoneNumber" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>PhoneNumber</span></a> - espechally for a <em>"<a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>privacy</span></a>"-focussed messenger</em>!</p><p><code>2. &amp; 3.</code> <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Signal</span></a> is able and willing to comply with <a href="https://infosec.space/tags/Cyberfacism" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Cyberfacism</span></a> and pushing a <a href="https://infosec.space/tags/Shitcoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Shitcoin</span></a> (<a href="https://infosec.space/tags/MobileCoin" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>MobileCoin</span></a>) makes it trivial to criminalize the App for <em>"illegal &amp; unregilated banking"</em>. If <a href="https://infosec.space/tags/Moxie" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Moxie</span></a> or <span class="h-card" translate="no"><a href="https://mastodon.world/@Mer__edith" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>Mer__edith</span></a></span> cared they'd yeet that thing (or didn't even integrate it to begin with!) to avoid the attention. And yes Signal does restrict the App functionality when using a phone number from <a href="https://infosec.space/tags/Russia" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Russia</span></a> &amp; <a href="https://infosec.space/tags/Iran" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Iran</span></a> (among other nations), thus affecting not only those in need of safe comms but by sending a verification code to them, earmarking them for police &amp; intelligence. Which bings.me to the 1st agrument. </p><p><code>4.</code> <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Tor</span></a> has a stellar record in terms of stability, integrity and censorship circumvention. DIY'ing something instead if following almost two decades of solid progress is absurd and violates <em>"don't roll your own crypto"</em> as a rule!</p><p><code>5.</code> Only with <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>SelfCustody</span></a> can you protect your own data. Or do you really expect Staff from Signal to not talk <a href="https://web.archive.org/web/20220112020000/https://twitter.com/thegrugq/status/1085614812581715968" rel="nofollow noopener" target="_blank">when facing lifetime in jail?</a> If they have the keys, they can decrypt it, thus their <a href="https://infosec.space/tags/E2EE" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>E2EE</span></a> is just a <em>"<a href="https://infosec.space/tags/TrustMeBro" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TrustMeBro</span></a>!"</em> concept. I mean, what prevents them from being forced into <a href="https://en.m.wikipedia.org/wiki/National_security_letter" rel="nofollow noopener" target="_blank">backdooring all comms</a> to <span class="h-card" translate="no"><a href="https://mastodon.social/@icij" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>icij</span></a></span> as per <a href="https://infosec.space/tags/NSL" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>NSL</span></a>? Any <a href="https://dumbfuckingweb.site/@silhouette/statuses/01JVYFYWQSWJNYY7ZT4S7E2G0J" rel="nofollow noopener" target="_blank"><em>"guarantee"</em></a> without self-custody is worthless by virtue of being unenforceable!</p><p>Signal pushing <a href="https://infosec.space/tags/TechPopulism" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>TechPopulism</span></a> instead of teaching folks that their <a href="https://infosec.space/tags/ComSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ComSec</span></a> is worth <em>diddly-piss</em> wothout.<a href="https://infosec.space/tags/OpSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>OpSec</span></a>, <a href="https://infosec.space/tags/InfoSec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>InfoSec</span></a> &amp; <a href="https://infosec.space/tags/ITsec" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ITsec</span></a> is dangerous!</p><ul><li>And yes claiming <em>"JuSt UsE sIgNaL!"</em> is dangerous in the era of <a href="https://infosec.space/tags/Trump" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>Trump</span></a>'s <a href="https://infosec.space/tags/cyberfacist" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>cyberfacist</span></a> regime acting as it does (like with the <a href="https://infosec.space/tags/ICC" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>ICC</span></a>)!</li></ul><p>Not to mention there are better options that don't do that shite (i.e. demand PII) and just work. <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>monocles</span></a></span> / <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>monoclesChat</span></a> &amp; <span class="h-card" translate="no"><a href="https://chaos.social/@delta" class="u-url mention" rel="nofollow noopener" target="_blank">@<span>delta</span></a></span> / <a href="https://infosec.space/tags/deltaChat" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>deltaChat</span></a> for example can adapt way better to said risks and ain't run by a <a href="https://infosec.space/tags/VCmoneyBurningParty" class="mention hashtag" rel="nofollow noopener" target="_blank">#<span>VCmoneyBurningParty</span></a>!</p>