@Pabamiti @Natanox @nomain @netzpolitik_feed Und selbst #Threema ist wegen der Zentralisierung unsicher, weil da reicht es einfach den Traffic zu deren Systemen aufzuzeichnen ..

Nur kompett dezentralisierte Systeme die komplett #SelfHosting-fähig sind (#eMail mit PGP/MIME & #XMPP-#OMEMO) können sicher sein, wenn diese korrekt aufgesetzt und konfiguriert sind - bei allen Beteiligten.

@kino @HistoPol @smallcircles reading about Threema is similar to signal in terms like the server is close source and not #decentrilized / #federated like #XMPP or #Matrix

@HistoPol
@smallcircles
No sure about #Threema but #Signal is a centralized service that use Google Api and doesn't allow redistribute/publish is free service such as #FDroid, what about #XMPP or #Matrix ?

je suis en train de tester xmpp avec une personne qui n'est pas geek. Il faut 1 demander de créer un compte c'est ok
2. Usage de movim mais je trouve perso que c'est pas tout simple
3. Une appli je propose #atalk

Je trouve que les app libres sont toujours trop compliqué. Il y a plein d'options incompréhensible y compris par moi
Et le plus dur c'est l'encryptage.

Bon j'ai réussi à échanger quelques mot uncrypted. Est-ce une victoire?

#xmpp

@yassie_j kinda.

But instead of a #D20 you'll likely want to have you #GnuPG / #OpenPGP #Pubkey and #XMPP messenger handy.
https://mstdn.social/@kkarhan/110887300475915234

@jz @nblr Eeyupp...

All shit that #monoclesChat or any other #XMPP+#OMEMO or #PGP/MIME - compatible client just doesn't do.

@signalapp in my eyes is at best begging to be infiltrated like #EncroChat if not outright a #HoneyPot like #ANØM!

DON'T USE IT!
DON'T ADVOCATE FOR IT!
TELL OTHERS TO DO THE SAME!
https://mstdn.social/@kkarhan/110864976153746039

@jz also @signalapp 's #Centralization and #DataCollection as well as #Capability to enforce #Sanctions (as they collect #PhoneNumber|s) is inherently bad.

Thus #XMPP+#OMEMO is still the best option!

@autonomysolidarity

1. Alle #Datenträger vollverschlüsseln!
2. Keine #Backdoor|ed #Govware nutzen [#Windows, #macOS].
3. Alle #Kommunikation korrekt Ende-zu-Ende verschlüsseln [PGP/MIME für #eMail & #XMPP - #OMEMO für #Chats]
4. Sichere Passwürter nutzen!
5. Passwordmanager nutzen um sichere Passwörter zu sichern!

Das ist so simpel dass ich das bei diversen #TechIlliterates deployed hab mit 5-15min Einarbeitung der User*innen.

@mhalila I guess then.that's a sufficient quality filter - just lime refusing to use trash like #WhatsApp and using #IRC & #XMPP is bsneficial IMHO...

@socialhack technisch gesehen ist es dann ein Verstoß gegen #Netzneutralität wenn #WhatsApp entdrosselt wird aber z.B. #XMPP, #IRC oder #Zulip nicht.

#NotLegalAdvice aber ich würd's wegen dem postfaktischen #SecurityTheater eh nicht kaufen...

#Prepaid miss IMHO #anonym verfügbar bleiben!

@roywig @thatandromeda @leak it is "good enough", cuz we ain't 15 years ago where eberything needed archaic commands.

#Thunderbird integrates #OpenPGP / #GnuPG out of the box for some time.
#Gaijim & #MonoclesChat do support #XMPP - #OMEMO and #PasswordManagers like #Enpass are so easy, it literally took me 5 minutes to explain the use and setup a complete #Noob in it.

People aren't stupid, they are lazy and get groomed into being #TechIlliterate #Consoomers...

That is the problem!

@fla @lyyn @Seirdy @neurovagrant

Now think about all the ways this can be subverted and compromized with neither recourse nor any warning towards the users.

https://mastodon.social/@fla/110777052572627977

Again, #Centralization is inherently bad, and everything that is a #SingleVendor / #SingleProvider "solution" will inevitably die.

That's why #XMPP & #IRC are alive and kicking whilst #AIM is dead and #ICQ is a #zombie.

#Discord and #Signal will also follow that path that :birdsite: :twitter: is walking ahead...

@vamanimal @Seirdy @neurovagrant @iatendril @itzzenxx

Then why does @signalapp even have a Server?

Why is it not #decentralized like #BitMessage and why can't you #SelfHost like #Zulip or #XMPP?

WHY SHOULD I TRUST THEM IF THEY DONT TRUST ME?
https://mstdn.social/@kkarhan/110777008020587665

@neurovagrant @iatendril @Seirdy @vamanimal @itzzenxx

Very simple: Whilst there are very large Servers for #XMPP and #eMail, it's not as if there's only one provider for each...

Unlike say @signalapp which is as centralized as #MicrosoftTeams, #Slack, #Zoom and #WhatsApp...

With XMPP - #OMEMO and #PGP/MIME you own the keys and have 100% self-custody, so on proper #E2EE you are in control.

You can decide whom to trust and whom not.

You can do #KeyExchange the way you see fit & verify them.

@itzzenxx @Seirdy @vamanimal @neurovagrant OFC, but what do you think scales easier?

Tracking down @signalapp users or having to literally check every connection if it's #XMPP-#OMEMO and even then it would be trivial to just start a new server or move it onto #Tor / behind a #VPN or otherwise make it indistinguishable and unblockable.

It's like trying to ban #eMail vs. #GMail...

Again: Users get identified by making single HTTP(S) requests daily.

https://mstdn.social/@kkarhan/110776925103918489

@vamanimal @Seirdy @signalapp @neurovagrant @itzzenxx

- Phone Number
- IP adresses
- All the Data Packets sent to and from Signal

That alone is way too much, and the only move would be to fully decentralize stuff like #eMail and #XMPP is.

They chose not to and instead run the same "business model" that #EncroChat & #ANØM did, except they'd not even get paid by the users...

Do you even know how expensive an operation like that is to run?

#Signal is just another #CryptoAG!

@neurovagrant @fla @Seirdy Relying on a #centralized #SingleVendor / #singleProvider solution like @signalapp / #Signal is even more dangerously naive as equally centralized solutions like #EncroChat or #ANØM:

Or do you naively believe governments that strictly enforce #LawfulInterception will just not care because it's #Signal?
Hell no!

There's a reason #XMPP - #OMEMO and other protocols where users own the keys are still around: Because they work and ain't Single-Vendor/Single-Provider!

Has anyone seen info on where #XMPP stands on supporting #MLS?

#messaging #infosec #privacy

https://www.rfc-editor.org/rfc/rfc9420

@elr @neurovagrant @Seirdy because #Signal can't be #SelfHosted (unlike #XMPP and even #Zulip) I can't recommend or use it any professional capacity because I've to comply with #GDPR & #BDSG and that includes evidently having control over data and being able to comply with #auditability and #datadeletion requests in any organization.

Also #Signal does collect #PhoneNumbers and enforces #Cyberfacist embargos.

@Seirdy @neurovagrant that is irrelevant for the problem.

If I were to control a PBX, then encrypting your calls only buys your time at best if not allow me to literally MITM stuff since, #NotYourKeysNotYourControl!

Whereas I can exchange keys in #PGP / #MIME and #XMPP - #OMEMO via other ways and actually verify shit instead if #TOFU!