@Paul_Harts @techlore that depends...

Also Dubai ain't the only juristiction in the MENA region that allows for hiding assets.

• Remember #CryptoAG? Cuz Liechtenstein still exists and hasn't changed stuff at all... People still hide assets there...

https://www.youtube.com/watch?v=uNz1xYb3hWE

Whereas the Netherlands do demand KYC...

@dalias @lauren
@pixelschubsi

Also the blatant dismissal of absolitely basic #OpSec & #ComSec is just flabberghasting.

• It's inherently wrong to put all eggs in one basket and #Signal being not shut down like #SkyECC & #EncroChat makes it just as sus as #ANØM / #OperationIronside / #OperatioTrøjanShield and #CryptoAG / #MINERVA / #RUBIKON.

Only #decentralized, #OpenSource & #OpenStandards can actuall survive long-term and remain #secure.

• Otherwise we'd all gaslight ourselves into ignoring the hard lessions we learned that bought us to the #Fediverse and why we ain't on #Shitter or #tumblr or #BrownSky or #NSAbook (any more)!

It's the same reasons we use #PGPG/MIME & #SSH and not #X400 & #X25!

• Unlike with @signalapp one doesn't has to trust the provider or app. #XMPP+#OMEMO works regardless if you use @monocles or @gajim or do #SelfHosting and only trust code you wrote yourself...

IOW: Think "How can you weaponize Signal?" and see what you csn do just holding key people in contempt...

• And I'm not even talkibg about #Govware - #Backdoors and #MassSurveillance alike #Room651A, but just duely submitted warrants that @Mer__edith will comply with...

The less #info a provider has, the less they can be forced to snitch upon customers.

• So even if you don't give a shit that #CloudAct makes this a "#CantUse & #WintUse" (out of US-centrist privilegue to not comply #GDPR & #BDSG) for many, it's still dishonest.

"#JustUseSgnal!" is a form of dangerous "#TechPopulism" aimed at bamboozling #TechIlliterates who don't know better, abusing information asymetry to pull rank instead of investing the time and effort to *explain "how" and "why" this is indeed a good or bad idea.

• There's a reason why @tails_live / @tails / #Tails doesn't include #Signal and why I'll say it again that XMPP+OMEMO over @torproject / #Tor is the gold standard in terms of #privacy and #security when it comes to #ComSec that isn't #airgapped aka. "Airgapped PGP".

The only ones that have a chance to beat that are @delta / #deltaChat but that's just #PGP/MIME #eMail in a nice UI...

• You may now laugh at me and think my "#TinfoilHat sits too tight" but I'm shure sooner or later I'll be evidenced as correct...

@mortn @kyleirl @Andres@mastodon.hardcoredevs.com @spycrab @shipwreckt @Mer__edith

#FACT:

• @signalapp / #Signal is subject to #CloudAct and thus inherently incompatible with #GDPR & #BDSG!

• Signal demands #PII in the form of a #PhoneNumber!

• Signal to this day peddles a #Shitcoin named #MobileCoin!

• If Signal didn't have a #Govware #Backdoor, it would've been banned and shut down just like #EncroChat and #SkyECC.

• Signal is as secure as #ANØM aka. #OperationIronside aka. #OperationTrøjanShield and #CryptoAG aka. #MINEROVA aka. #Rubikon.

#ToldYaSo guys!

#ProTip: Use #XMPP+#OMEMO!
https://infosec.space/@kkarhan/113932376762056036

@wmd Instead of using #ProtonMail which is as "#Swiss Secure" as #CryptoAG aka. #MINERVA / #RUBIKON or * Swiss Banks since #FATCA*...

Personally, I can recommend @monocles / #monoclesMail...

@sylv_a personally, I'd recommend #XMPP+#OMEMO (and #PGP/MIME - encrypted #eMail) for real #E2EE with #SelfCustody of Keys as well as actual #decentralization.

• All #SingleVendor and/or #SingleProvider solutions are inherently insecure, if not due to #TechStack (i.e. using a #CDN like #ClownFlare for app assets with no valid reason), #PII (demaning a #PhoneNumber which oftentimes cannot be obtained anonymously for no valod reason!) or lack of #DataProtection #Laws (i.e. #CloudAct is inherently incompatible with #GDPR & #BDSG), it's due to the inherent risks of #centralization.

Cuz I noone's gonna risk jailtime for (non-paying!) users - it at all…

• Not even @Mer__edith !

In fact I'd call U.S. MIL/INTEL as "criminally incompetent" if they didn't manage to plant multiple people inside @signalapp / #Signal or any other single-vendor / single-provider messenger.

• Cuz if Signal wasn't #NOBUS, they would've been shutdown/taken down/criminalized/hacked like #EncroChat and #SkyECC.

Personally, solutions like Signal & #Threema have a stench like #CryptoAG / #MINERVA / #Rubikon and #ANØM / #OperationIronside / #OperationTrøjanShield.

By contrast: #OpenStandards like XMPP+OMEMO & PGP/MIME are independently verifyable and not dependent on on a single individual/organization for maintenance/survival/implementation/development.

• Also not depending on #GAFAMs and/or #VCmoneyBurningParties is way more sustainable long-term...

Personally I'd still recommend @monocles / #monocles with #monoclesChat & #gajim...

@rysiek *yet another reason why I think @signalapp is just a successor to #CryptoAG aka. #M'INERVA / #RUBIKON...

#CryptoLeaks 2.0 - when?

@zdl @evacide that any the fact that @signalapp is incorportated in the #USA, making them susceptible to #GDPR & #BDSG-incompatible #cyberfacist bs like #CloudAct.

• If #Signal cared, they'd completely #OpenSource #backend and #frontend as well as #decentralize and refuse to collect any #PII (like #PhoneNumers) at all!

Remember: #KYC IS THE ILLICIT ACTIVITY when it comes to #Communication!

• To me Signal has a stench like #CryptoAG (aka. #MINERVA / #RUBIKON), #EncroChat and espechally #ANØM (aka. #OperationIronside / #OperationTrøjanShield)...

Compare that to @monocles / #monoclesChat which don't demand any PII or KYC and allow people to pay for their services with #Monero and #CashByMail besides #SEPA #WireTransfer, #Stripe & #PayPal whilst supporting both decentralization (#XMPP is not a #SingleVendor / #SingleProvider solution!), implementing real #SelfCustody (#OMEMO, #OTR & #PGP is supported out of the box) for all the keys, and proper #Anonymitiy (using @torproject / #Tor & @guardianproject #Orbot for #privacy), so in case they ever get a duely sumitted warrant by a court they'd have to comply with, they'll most likely have no data whatsoever on clients that could allow identification.

• And that is a good thing, because whilst very unlikely, one cannot exclude the non-zero chance of i.e. #MLAT|s being filed with knowingly false information by 3rd countries.

Also having no PII is a matter of reducing #liability in the sense of #DataProtection: All data requested and by #monocles is the bare minimum mandated for #accounting (i.e. only linking a payment like a #TxID / Transaction-ID to an account and then adding up validity/activation period).

• And since running a #Service costs money, the low #subscription to their #Services makes them independent from #ads, #crawling / #espionage against #customers and depending on #grants and #donations to keep the lights on, making it a #sustainable #business...

@therainingmonkey IMHO #Signal is jist another #HoneyPot like #ANØM / #OperationIronside/ #OperationTrøjanShield and #CryptoAG / #MINERVA / #Rubikon before it.

• Why else do you think they are incorporated in the #USA despite #CloudAct, run as #VC #MoneyBurningParty & ain't forced to yeet all Phone Numbers from #Russia, #NorthKorea, #Iran and "P.R." #China?

@signalapp is good.

• It's so good that it scratches that part of my mind that doesn't allow good to exist without precondition....

So I'd never count on anyone not talking, espechally @Mer__edith when faced with lifetime in jail for not doing so.

@DavittoKun @landley Also minimalism and simplicity and reproduceability as well as auditability are IMHO long overdue qualities and should be the norm for critical systems.
https://www.youtube.com/watch?v=MkJkyMuBm3g&t=11m55s

Cuz I don't feel comfortable seeing #Windows of all things being used anywhere near #CriticalInfrastructure, espechally given how stuff like #Conti and #NotPetya can not just cripple entire nations but literally be weaponized to kill people (You don't want to see #MedicalIT, it's a nightmare that makes you want to ban everything more complex than a light switch!) - and that alone should be sufficient reason.

For anything I'd want to get done with it later it's better to have a something that can be easily reproduced and maintained than going the lazy route, espechally if one ever intents to win customers/users with transparency and not some "pay-to-loose" type of certification badge that doesn't say anything about the actual security (like those done by the @bsi) but only about how deep the pockets of the one trying to sell it to others are.

If I don't comply with fundamentals like Kerckhoff's Principle why should you even trust me on other fundamentals like how the weather is?
https://en.wikipedia.org/wiki/Kerckhoffs%27s_principle

I mean, don't trust me at all, these other projects are stubs as of now for a reason:
https://github.com/KBtechnologies/PocketCrypto
https://github.com/KBtechnologies/Cryptofon

But you'd likely agree that "#TrustMeBro" died with the inception of #MINERVA / #RUBIKON & #PRISM / #BULLRUN...
https://en.wikipedia.org/wiki/Crypto_AG

@talon @Purple so no, don't trust snitches eve if they waive a Swiss flag.

See Operations #MINERVA / #RUBIKON:
https://mstdn.social/@kkarhan/110523395468184213