@ArneBab Not really, all it does is increase the cost for legitimate users, as spammers and fraudsters just see this as a cost of operation.

• And since @signalapp doesn't seem to have #AbuseReporting ready that means they only use it to collect #PII and thus make it trivial to earmark users for targeted surveillance!

#PhoneNumers are PII because more often than not they require #KYC!

• And it's not always feasible or even possible.to provide users with a fresh & untained number, because inactive numbers get recycled!

Stop the Escalating Commitment to Schemes that fall flat on the face outside of #EliteProjection from #SiliconValley...

• #Signal could use a #WebOfTrust and require invites socthat reputation would be linked...

But that too is a #privacy invasion!

@Mer__edith That's why YOU DON'T DO THAT to begin with!

• Cuz lets be fundamentally clear on this one: There's no "legitimate reason" to mandate #PII like #PhoneNumbers and have #centralized infrastructure so riddled with #SPOF|s that it can't handle a single datacenter outage.

• Seriously, if @signalapp was coded by some freelancer on #Fiverr for like $100 I'd be okay with that. But how many $ did the development and infrastructure cost you (per year)?

To me this is #malpractice!

@Mer__edith No.

The fact that @signalapp CHOSE to host the most expensive way possible at a #US military contrator and in spittibgbditance to #CIA & #NSA is so deliberate, it makes #ANØM aka. #OperationIronside aka. #OperationTrojanShield professional by comparison for taking the time and effort to setup shell companies and servers in #Lithuania.

Or to ask bluntly: What Guarantees are there to prevent the #Trump Regime from taking down #Signal once it outlived it's usefulness at skirting #SubshineLaws and #Accountability and #Recordkeeping laws?

• Even if we assume you and all the coders are willing to "choose death over surrendering the keys" or implementing #Govware #Backdoors (which are wholly unnecessary with you demanding #PII like #PhoneNumbers and #Room641A-Style equipment doing the whole #metadata shit)…

If you don't own and physically control the hardware it's run on, the mere existance of #Signal depends on the goodwill of #JeffBezos!

@cartocalypse @sigmasternchen @pallenberg Gibt zuviele Indizien:

#PII wie #Rufnummer wird abgefragt; Geolokation bzw. Service-Beschränkungen aufgrund dessen erfolgen

• Dienst ist nicht per-se für Nutzer aus #Embargo-Staaten (#ITAR) wie #Kuba, #Iran, #Russland, #Nordkorea, ... gesperrt, was #Sondergenemigung durch #US-Regierung bedarf!

Aus den #USA = #CloudAct greift

• #AWS = #GAFAMs als #Hosting
• Das genutzte Datacenter ist in Spuckweite zu #CIA & #NSA
• Absichtlich #zentralisiert als #SingleVendor & #SingleProvider Lösung.

Struktur und Setup ähnelt #ANØM und "Ausfälle" erinnern an #EncroChat .

• Und diverse weitere Ungereihmtheiten wie Kamerazugriff um es am #PC zu nutzen.
• Keine #SelfCustody und kein #SelfHosting möglich.

Wenn @signalapp so sicher wäre wie beworben dann wären #Moxie und @Mer__edith seit Jahren in #Beugehaft wegen #Missbrauch durch Nutzer*innen.

• Ich kann die ganze Woche weiter machen, aber die Tatsache dass #Signal durch ein AWS-#Datacenter down geht zeugt von schlampiger Infrastruktur und Mehr Geld als Verstand!

Jedenfalls ist es kein deut besser als #CryptoAG - technisch sogar schlechter denn letztere versuchte wenigstens nicht dauerhaft Kritiker*innen zu gaslighten sondern wurde in der #Schweiz hinter ne #Tarnfirma gepackt.

• Wenn #Signal sicher wäre, würde es wie #OnionShare und #XMPP+#OMEMO #dezentral, (über @torproject / #Tor) und #SelfHosting - fähig sein.

Es stinkt jedenfalls wie #OperationIronside aka. #OperationTrøjanShield!

@DarkWebInformer why would anyone use #Telegram instead of #IRC over #Tor?

• Espechally given Telegram being neither #private.nor #secure and in fact collecting #PII in the form of #PhoneNumbers...

Seriously, #Signal / @signalapp is bad and everyone who relies on @Mer__edith et. al. to not break when handed a duely issued warrant (or being held at gunpoint) by #US authorities is as dellusional as the users of #ANØM and #EncroChat!

There's no valid excuse to collect #PII like a #PhoneNumber!

• And Signal being not just able but entirely willing to "restrict services" based off the presumed location of the users is just a big red flag.

If they took #Security seriously, they'd use #XMPP+#OMEMO over #Tor and let users have 100% #SelfCustody of all the keys as well as completely #decentralize, including the ability to #SelfHost on @torproject.

https://www.youtube.com/watch?v=tJoO2uWrX1M&t=887s

@Jerry FOR WHAT FUCKIBG PURPOSE DOES @signalapp EVEN WANT #Location DATA BUT #Spying ON IT'S USERS?

• Also demanding #PII like a #PhoneNumber which at best is pseudonymous amd trivial to #deanonymize IS the #IllicitActivity!

Also it's not even #FLOSS (why else is there no #Signal #App on @fdroidorg ?)

• My verdict is that Signal - like #ANØM - is a #HoneyPot… I don't have evidenye - yet - but so far my track record has been excellent…

@x_cli Funnily all the @signalapp fans always claim they do protect metadata but that will matter diddly-piss when the #US - Government threatens #Signal Staff with jailtime or holds them at gunpoint.

• And whilst @Mer__edith may even be crazy enough to go face jailtime for life for users' actions, I'm convinced the rest of her staff nor the Service Providers that supply #Signal share that longing for martyrdom.

Besides, if they actually cared they'd not collect any data in the first place and instead make shure they can't even collect data like #IPs and #PhoneNumbers by hosting their stuff on @torproject / #Tor and not asking for #PII like a phone # to begin with.

• Not to mention remaining in the #USA post - #CloudAct is a big red flag, cuz even if Signal ain't complicit, all their hosters and their upstreams are and I'm convinced that every single connection gets tracked by the #NSA in realtime and every #Google and #Apple account downloading the #App earmarked as well...

Claiming to "Just download and signup to our App" is a magic silver bullet is dishonest at best and worse than lying by omnission in my book.

• Cuz if it was that simple @cryptoparty@mastodon.earth / @cryptoparty@chaos.social / #CryptoParty events would not exist at all!

@Mer__edith except @signalapp does collect #PII (#Phonenumbers) and demand it alongside camera access to even use it.

• Compare that to @monocles / #monoclesChat and @delta / #deltaChat, which don't demand any personal data nor permissions (beyond internet access and being able to store the login details, obviously!), this is absolutely unreasonable.

Plus unlike #Signal, both offer #realE2EE with #SelfCustody of all the Keys, support @torproject / #Tor for #privacy and don't rely on "Trust me, guys!" advertising and a long-term unsustainable model of donations from billionaires and millionaires to keep running!

@Mer__edith on a different note: Does @signalapp plan to actually increase it's own #privacy and #security by not demanding #PII like a #PhoneNumber, not mandating the garbage #app to have #CameraAccess (which doesn't work on devices without a camera!) and actually #decentralizing onto @torproject / #Tor, mandating real #E2EE with #SelfCustody of all the keys as well as removing the #Shitcoin that is #MobileCoin from it?

• Cuz so far #Signal looks as much to me like a #HoneyPot as #ANØM...

And it's not as if I didn't try it out!

@stman @theruran @50htz @vidak @forthy42 yeah, and because @signalapp demands both #PII in the form of a #PhoneNumber nor #decentralized properly - including putting their #App on @fdroidorg (which would necessitate it to be actually #FLOSS!) - they are making their users vulnerable!

• But @Mer__edith knew that already, didn't she?

@SheHacksPurple you do realize that this may violate #BDSG as 'unnecessary data collection'?

• #NotLegalAdvice but there's a reason one shouldn't collect #PII like #eMails without 'technical necessity'…

@ewolff well, if @Mer__edith and @signalapp card they'd not.just rally their users against "#ChatControl" aka. #cyberfascism but design their systems with #Anonymity and #Privacy in mind.

• That includes moving their infrastructure onto @torproject / #Tor and NIT collecting #PII like #PhoneNumbers.

But since they added #MobileCoin as a #Shitcoin and also selectively restricted availability to it we all know this ain't their goal!

@Uair That's some cold OSINT...

• Ever heard of 33 Thomas Street, #Room641A & "LIthium" ?

As for #Signal, I dispute that even if you want 1:1 voice and video calling...

• There are other options out there that don't collect #PII about users.

OFC we all know that the #BulkSurveillance is not about "#NatSec" or whatever but to have compromizing material on hand when someone becomes a problem.

@alex I think #Signal is a #HoneyPot and people trusting @signalapp or @Mer__edith may sooner than later find themselves in shackles than those that didn't use it (or any other service that demands #PII / #KYC for no valid reason)…

• But that's just me acknowledging that there has never been a valid reason to demand a #PhoneNumber for anything that doesn'f demand the phone network!

https://infosec.space/@kkarhan/114862595629371002