@Fr333k @FritzAdalis propably...

Whatever floated #NSA's #cyberfacist boat back then (or today, cuz #PRISM never really ended. It merely got transfered over and legalized (see #CloudAct)...

@pixelcode @taylan @signalapp the #centralization, espechally without means to hide it's traffic via @torproject / #Tor makes it trivial to detect and track @signalapp / #Signal users.

• Add to that the fact that Signal has #PhoneNumbers = #PII on them and the fact they are incorporated in the #USA, thus subject to #CloudAct and it's not a matter if they snitch on users but how many thousands if not millions got subopena'd to this day.

And with no self-custody of keys it's trivial to #Room641A the users if the devs get "motivated" under threat of spending the rest of theor lives in jail.

@bsi
Eine originelle Methode für den #ITGrundschutz ist die Zusammenarbeit mit google im Bereich Cloud, während Europa zunehmend um Souveränität von BigTech bemüht ist. #unplugtrump

""Die BSI-Google Zusammenarbeit ist ein potenzieller Booster für digitale Abhängigkeit und Erpressbarkeit Deutschlands von den USA", schreiben die GI-Arbeitskreise für digitale Souveränität, Open Source sowie Datenschutz und IT-Sicherheit in einer am Donnerstag veröffentlichten Analyse. Google sei aufgrund der Rechtslage in den USA gar nicht dazu in der Lage, einen souveränen Dienst im hierzulande erforderlichen Sinne anzubieten. US-Präsidenten wie aktuell Donald Trump könnten "immer das Licht ausschalten". Weitere Kritikpunkte sind fehlende Transparenz, etwa im Umgang mit dem Cloud Act, und eine Wettbewerbsverzerrung mit Benachteiligung europäischer Firmen durch einen "TÜV-Stempel"."
https://www.heise.de/news/Erpressbarkeit-Informatiker-gegen-Cloud-Kooperation-zwischen-BSI-und-Google-10324992.html

CLOUD Act:
https://de.wikipedia.org/wiki/CLOUD_Act

@signalapp It's not #disinfo when one points out that you demand #PII aka. #PhoneNumbers from Users and that is literally a architectural vulnerability, alongside your #proprietary & #Centralized #Infrastructure.

• #Signal being a #SingleVendor & #SingleProvider #Solution is literally the reason why I consider it #insecure.

Not to mention the lack of @torproject / #Tor support with an #OnionService or the willingness to fulfill #cyberfacist "Embargoes" or shilling a #Shitcoin #Scam named #MobileCoin!

• #KYC is the illicit activity!!!

And don't get me started on the #cyberfacism that is #CloudAct.

• If you were secure, criminals would've used your platform so hard, it would've been shutdown like #EncroChat and #SkyECC.

I may nit have allvthe.evidence yet, but #Signal stenches like #ANØM: #Honeypot-esque!

@alwayscurious @froge @fj #CloudAct alone not, but it's just the tip of the iceberg.

• I bet you that @signalapp & @Mer__edith will comply with even the most illegal and cyberfacist orders when facing "rubberhose cryptoanalysis", which is a valid and likely risk factor in the #USA...

Again: The only #security is #decentralization!

• This is why @torproject is still up and running: It cannot be shutdown even when all maintainers are being held at gunpoint.

#Signal is as vulnerable as #EncroChat if it's not a #Honeypot like #ANØM!

@walkinglampshade @jrredho @fj It's basic #InfoSec, really:

• @signalapp has no "#LegitimateInterest" to demand #PII like a #PhoneNumber and they use and abuse that to restrict functionality of their App (it doesn't matter that they merely claim "comply with #sanctions" [their #MobileCoin #Shitcoin #Scam disqalifies them even more!] because they have the tech to distinguish and discriminate users)...

Thus #Signal fails at protevting #Journalists and theor sources because they do have that data and can be #subopena'd for it if they don't already provide #BulkSurveillance & #LawfulInterception #API|s to comply with #CloudAct. (Or are you guys so naive and believe @Mer__edith will risk dying of old age in jail for non-paying users?)

• This entire "thread vector" just doesn't exist with #XMPP+#OMEMO nor #PGP/MIME!

And if you believe "this won't ne used/abused me because I'm from 'Murica!" and point at #ANØM as an example, then you really ignored all tze #Cyberfacism since 9/11…

@froge @fj I'm not replacing @signalapp with "random tools" but good options.

Like @delta & @thunderbird as well as @monocles / #monoclesChat & @gajim which work flawlessly over @torproject / #Tor using @tails / @tails_live / #Tails and @guardianproject / #Orbot respectably.

• Also these allow not only #SelfHosting but just work and I'd highly recommend #monocles as a hoster which finances iself by users paying and allows #anonymous accoubts & payments including not just #Monero but also #CashByMail!

Considering the costs of even acquiring and upkeeping an #anonymous #SIM, I'd rather pay €2 p.m. for #XMPP+#OMEMO and #PGP/MIME-supported #eMail with the option of self-custody than $2,50+ p.m. just to keep a phone number.

• Plus I don't run around with a #tracking device that could be used to #deanonymize me any second...

Or is anyone here expecting @Mer__edith to risk jail for life amd not comply with #CloudAct?

• If #Signal was as secure as advertised, it would've been shutdown like #EncroChat and #SkyECC!

It stenches like #ANØM, because NOTHING IS FOR FREE and running a #VCmoneyBurningParty is expensive...

@fj I still think @signalapp has fundamental flaws like demanding #PII (#PhoneNumbers can't be obtained anonymously around the globe and are trivial to track down to devices and thus users), being subject to #CloudAct as an unnecessary & 100% avoidable risk as well as #Shitcoin-#Scam shilling (#MobileCoin) and it's #proprietary, #SingleVendor & #SingleProvider nature that makes it inferior to real #E2EE with #SelfCustody like #PGP/MIME & #XMPP+#OMEMO!

@nemo Except #Signal demanding #PII like a #PhoneNumber, being subject to #CloudAct an shilling #MobileCoin, a blatant #Shitcoin #Scam disqualifies them!

@licho @osman provide evidence the code @signalapp released is actually being deployed.

• Whereas @monocles has #ReproducibleBuilds to the point that @fdroidorg literally pulls their git and builds it from source.

Not to mention pushing a #Shitcoin-#Scam (#MobileCoin) disqualifies #Signal per very design!
https://www.youtube.com/watch?v=tJoO2uWrX1M

• Given the collection of #PII like #PhoneNumbers, the ability to restrict functionality based off those and the fact that #Signal is subject to #CloudAct make it inherently not trustworthy.

And don't even get me started on the fact.it's not sustainable to run it as a #VCmoneyBurningParty!

• As soon as Signal becomes a problem, it will be taken offline, and due to the fact that it is #centralized, #proprietary, #SingleVendor & #SingleProvider that's trivial for authorities.

Same as identifying users: They already got a #PhoneNumber which in many juristictions one can't even obtain without #ID legally, thus making it super easy to i.e. find and locate a user. Even tze cheapest LEAs can force their local M(V)NOs to #SS7 a specific number...

• All these are unnecessary risks, that could've been avoided, but explicitly don't even get remediated retroactively!

Again: Signal has a #Honeypot stench, and you better learn proper #E2EE, #SelfCustody and #TechLiteracy because corporations can't pull the 5th [Amendment] on your behalf!

@osman, no because @signalapp is a #proprietary, #centealized, #SingleVendor & #SingleProvider solution that demands #PII like #PhoneNumbers for no valid reason, is subject to #CloudAct and only continues to exist because it's convenient as a means to fo #BulkSurveillance and mark it's users as #PeopleOfInterest.

• I'd rather donate to @ccc for running http://jabber.ccc.de and buy a @monocles #subscription instead!

@timixretroplays JFC for that money you get a better deal at @monocles & @Stuxhost !

And unlike #Microsoft365 they won't feed your data to Ubcle Sam (#GDPR) as they are not subject to #CloudAct...

@700Sachen @Bingenberger @groso dann doch lieber auf #XMPP+#OMEMO über #Tor migrieren, weil da funzen Sprachnachrichten nicht statt #NSAbook mit extea #Stimmdaten zu füttern.die dank #CloudAct US-Regierungseigentum werden und/oder dann für #Deepfakes genutzt werden können.

• Glaubste nicht? Lies die AGBs!

https://infosec.space/@kkarhan/114212474481198096

@hudelwick #CloudAct macht 99,99% aller #Cloud-Anbieter illegal nach #DSGVO & #BDSG!

• @noybeu et.al. hatten jediglich noch keine Zeit dagegen erfolgreich zu klagen!

https://de.wikipedia.org/wiki/CLOUD_Act

@Catwoman69y2k @dragonfriend most importantly:

Only with #SelfCustody of all the keys, #SelfHosting of the entire infrastructure and everything being #OpenSource, one can assure (and [let it be] audit[ed] independently) that the #advertised #promises are in fact true.

• All #centralized, #SingleVendor and/or #SingleProvider solutions - and yes that includes @signalapp as well (!!!) - are inherently insecure because they can be forced into "cooperation" - may it be with #Cyberfacism like #CloudAct or listeally a gun to their head...

Cuz not expecting @Mer__edith to break is the same level of "#TrustMeBro!" assurances as #ANØM, #EncroChat, #SkyECC, #WhatsApp etc. do in their #advetising #lies!

• Remember: Corporations/Foundations/non-profits/... don't have a right to be silent , only individuals, and even then there are certain juristictions that have #KeyEscrow laws (i.e. #France, #Russia, #KSA, #China, #India, #UK , ...) in the books!

@cmccullough @LetsRoc also #Microsoft is not only a #PRISM collaborator, but subject to #CloudAct aka. "#Datacenter in #Ireland" isn't even a #figleaf!

https://en.wikipedia.org/wiki/CLOUD_Act

@Mik3y @samhainnight @karlauerbach @alex_p_roe @Nonilex not to mention all the #GAFAMs and #TechBros who get to know that #CloudAct means they'll have to integrate more #Govware #Backdors and enable #BulkSurveillance or get shut down & jailed faster than they can say #EncroChat or #SkyECC...

• #NSAbook / #StasiBook automatically snitches DMs to #CPB!