@Pabamiti @Natanox #Threema ist auch nur marginal besser.

ALLE Dienste die #zentralisiert und #SingleVebdir & #SingleProvider sind, sind inhärent unsicher...

Als #Gegenbeispiel kann ich @torproject und @linux nennen:

Wären beide nich #FLOSS und #dezentral, man hätte den Maitainern schon vor Jahren ne Waffe an den Kopf gepresst und diese zur Abschaltung des Netzes (#Tor) und Integration von #Govware (#Linux) gezwungen.

Die Verunmöglichung eines Erfolgs blockierte das.

https://www.youtube.com/watch?v=7gRsgkdfYJ8

@dameoutlaw @blujayfox

And no, the difference is that #BlueSky is a #centralized #SingleVendor / #SingleProvider platform and thus perfectly capable to #moderate and #delete everything.

Whereas :activitypub: as a protocol like #eMail and #HTTPS [the latter one it relies upon] is #decentralized, #MultiVendor / #MUltiProvider and thus the only angle that exists is going after #admins, #hosters and those that keep that shit online!

https://mstdn.social/@dameoutlaw/110934725881870435

@5am also @signalapp is inherently #centralized and like all #SingleVendor / #SingleProvider solutions can't be trusted!

I just don't have any evidence yet that they're an #ANØM-Style #Honeypot but I'd declare every LEA "criminally incompetent" if they didn't already #EncroChat themselves inside and put every phone # of every user on a watchlist.

Or does anyone think the CIA & NSA didn't find a successor operation to #MINERVA?

#Signal is signalling all the wrong vibes to me!

@w I think that #VeraCrypt is more convenient since it's not a #SingleVendor / #SingleProvider "Solution" and works across all relevant Desktop- & Server OSes...

@JessTheUnstill this is why all #Centralized #SingleVendor / #SingleProvider solutions are inherently bad:

Users get the unreliability of poorly managed #SelfHosting with the price tag of #ManagedHosting and a #toxic #LockIn on top!

@luebbermann Fahrraddiebe scannen jedenfalls auch nach AirTags und können diese trivial jammen...

D.h wenn's nen Bike ist dass den Aufwand Wert ist würd' ich nicht auf ne proprietäre #SingleVendor / #SingleProvider - Lösungen setzen...

Ist nen bisschen rückwärts gedacht wenn Mensch erst nen #AirTag kauft und danach erst nach'm Einbau darüber nachdenkt wie der benutzbar ist...

@SarahOestreich I point at #BlueSky because instead of #Moderation they choose to not even fake to care.

I mean, it's one thing if one controls a monolithic #SingleVendor / #SingleProvider system or can only mitigate stuff because bad actors don't reply to abuse reports...

By joining said instances or services (in the case of BlueSky) any user does -knowingly or not - say "This is not a problem I give a damn about!"

Please get rid of excuses to support bad actors!
https://github.com/greyhat-academy/lists.d/issues/35

@fla @lyyn @Seirdy @neurovagrant

Now think about all the ways this can be subverted and compromized with neither recourse nor any warning towards the users.

https://mastodon.social/@fla/110777052572627977

Again, #Centralization is inherently bad, and everything that is a #SingleVendor / #SingleProvider "solution" will inevitably die.

That's why #XMPP & #IRC are alive and kicking whilst #AIM is dead and #ICQ is a #zombie.

#Discord and #Signal will also follow that path that :birdsite: :twitter: is walking ahead...

@neurovagrant @iatendril @Seirdy @vamanimal @itzzenxx

Unlike #SingleVendor / #SingleProvider "solutions" like @signalapp you get to decide who to trust and who not to trust.

Not #Signal...
https://www.youtube.com/watch?v=s7WDbnHlc1E&t=124s

I.e. if you want to recieve all the #Spam in the world, you can on #eMail, because there is no built-in authority that forcibly distrusts you. (tho no idea why you want that anyway...]

@vamanimal @Seirdy @signalapp @neurovagrant

Well, their #Centralized #SingleVendor / #SingleProvider Services will be surveiled.

And as we know from #France that is already enough #Metadata to identify it's users and surveil and subsequently jail them.

https://mstdn.social/@kkarhan/110533134513076980

The only way this would be foolish is if they were #decentralized and full #FLOSS their #backend to the point that you can not only #SelfHost but built your own!

@neurovagrant @fla @Seirdy Relying on a #centralized #SingleVendor / #singleProvider solution like @signalapp / #Signal is even more dangerously naive as equally centralized solutions like #EncroChat or #ANØM:

Or do you naively believe governments that strictly enforce #LawfulInterception will just not care because it's #Signal?
Hell no!

There's a reason #XMPP - #OMEMO and other protocols where users own the keys are still around: Because they work and ain't Single-Vendor/Single-Provider!

@neurovagrant

THE CORE PROBLEM YOU BOTH ( @fla & @Seirdy ) ARE IGNORING IS #CENTRALIZATION!

Because it's a #SingleVendor / #SingleProvider solution they'll be naturally subject to state intervention aka. being forced to integrate #Govware #Backdoors under the threat of getting their shit forcibly unplugged.

The people that work at @signalapp have names and adresses the state knows, and thus they'll be subject to threats by the state.

@Seirdy @neurovagrant so you admit defeat amidst the fact that you refuse to acknowledge the fact that a #centralized #SingleVendor / #SingleProvider solution is impossible to secure against the will of the government it's incorporated under (as per law)...

Not Opensourcing the backend and it's APIs is literally violating #KerckhoffsPrinciple so hard it disqualifies any security claims as fanboyism!

@Seirdy @neurovagrant Stop throwing smoke grenades amd answer a simple question:

Why should I ever trust a #centralized #SingleVendor / #SingleProvider "solution" that is not.only.capable.but entirely willing to enfoce #Cyberfacist "restrictions" against it's users.

Just like Signal did...

Or do you believe Moxie's successor would be walking free or even breathing if #Signal was actually secure against the U.S. government?

They ain't decentralized like #Tor...

@Seirdy @neurovagrant Or to put it simple:

If your #centralized #SingleVendor / #SingleProvider "solution" isn't criminalized to be used in Russia, India, "P.R." China and Saudi-Arabia, then it's #backdoored like #iCloud in the PRC...
https://www.youtube.com/watch?v=Ev9_oDHNf-4

@Seirdy @neurovagrant because when "push comes to shove", admins held at gunpoint will integrate #Govware #Backdoors into the #centralized #SingleVendor / #SingleProvider service...

https://twitter.com/thegrugq/status/1085614812581715968

@Seirdy @neurovagrant problem is that #Signal literally implements #Cyberfacism by restricting functionality based off claimed user location (phone number)...

The fact that they can do that alone is concerning.

Now add #CloudAct to it and you badically have a giant #HoneyPot.

All #Centralized #singlevendor / #SingleProvider solutions are inherently bad from #ITsec, #InfoSec, #OpSec & #ComSec factors alone!

@neurovagrant no, because #Signal is a #proprietary #SingleVendor / #SingleProvider solition that is subject to #CloudAct and thus can't be secure by design.

If you really want #InfoSec, #OpSec, #ComSec & #ITsec, then #SelfHosting everything is key.

But that'll require #TechLiteracy and may not scale well...

IMHO self-hosting a #Zulip Server works good for organizational structures.

@oliphant EXACTLY!

Being able to 100% #SelfHost is a precondition for actual #FLOSS and why I #WontUse #centralized #SingleVendor / #SingleProvider solutions.

@evacide okay, you want it simple?

1. DONT' USE ANY #proprietary #SingleVendor / #SingleProvider and/or #unencrypted comms at all!

2. DON'T TALK TO ANYONE WHO ISN'T LEGALLY FORCED UNDER THREAT OF JAIL AND LIFELONG UNEMPLOYABILITY TO STFU EVEN TOWARDS COPS & JUDGES!

3. STFU!

4. Act plausibly deniable!

5. Don't take anything that can and thus will be used to track you - including any mobile phones - even switched off!

6. Use @torproject #TorBrowser to look up stuff!