@signalapp I think one of the best change #ios26 brought was to put the search bar at the bottom where it's easier to reach.
I wonder why Signal Messenger doesn't do that? or at least have an option for it?
#signal #apple #ios

Musned

@myself@mastodon.online · 24 hours ago

#selfhosting boosted

spacebug

@spacebug@social.n2.mikronod.se · yesterday

I try to setup mollysocket with my own ntfy-server, but molly keeps giving me a "connection add.. " to https://ntfy.sh instead of my own ntfy-server.

I'm trying to run this in air gappeed mode.

Anyone?

#AskFedi #Molly #Mollysocket #ntfy #Signal #GrapheneOS #SelfHosting

Akkomamikronod

spacebug

@spacebug@social.n2.mikronod.se · yesterday

Akkomamikronod

🏳️‍⚧️ Christin Löhner 🏳️‍🌈

@christin@lsbt.me · 2 days ago

Es gibt Entscheidungen, die man trifft, weil man keine andere Wahl mehr sieht. Und es gibt Entscheidungen, die man trifft, weil man endlich klar genug hingeschaut hat, um die Konsequenzen zu ziehen. Der Abschied von Facebook, Youtube, Twitter, Instagram und WhatsApp war für mich beides.

https://www.christin-loehner.de/soziale-medien

#DiDay #DigitaleSouveränität #Linux #OpenSource #FOSS #Privacy #Datenschutz #BigTech #FuckBigTech #DeGoogle #BoycottAmazon #BoycottGoogle #BoycottMicrosoft #KaufLokal #Widerstand #DigitalResistance #FairTech #RightToRepair #Signal #Mastodon #Nextcloud #Firefox #BraveBrowser #SelfHosted #Cybersecurity

Soziale Medien - Christin Löhner - Portfolio und Blog

Christin ist nicht mehr auf Twitter, Instagram oder WhatsApp zu finden – und das ist eine bewusste Entscheidung. Hier erfährst du, warum sie die großen Plattformen verlassen hat und wo du ihr im freien, dezentralen Fediverse folgst.

https://lsbt.me/tags/DigitaleSouver%C3%A4nit%C3%A4t

#selfhosting boosted

Kevin Karhan :verified:

@kkarhan@infosec.space · 3 days ago

Kevin Karhan :verified:

@kkarhan@infosec.space · 7 months ago

My reservations and criticism re: #Signal are not just valid, but the reality is even worse than I thought:

The fact that @signalapp requires not only their shitty #Android #App, and a #PhoneNumber but literally won't allow people to use their shitty #Desktop-App unless they have an Android device with a camera pointed at it makes it utterly unuseable for certain users who don't have a fucking #camera in their Android…

Seriously, do they expect folks to deal with that shit?

It's already worse in terms of #UX than #telegram and #discord and that too makes #XMPP+#OMEMO clients like @monocles / #monoclesChat & @gajim / #gajim easier and faster to onboard #TechIlliterates onto.
Whichever asshole decided that a replacement for #SMS should mandate #PII like a #PhoneNumber & not be natively cross-platform should be banned from doing any #tech in their life. Trying to circumvent this shit and helping folks with it makes me so fucking angry that I'm now explicitly refusing to support it!

FIX THAT SHIT, @Mer__edith, and if it means you need to kick some devs in their crouch then consider this a necessary "investment"…

#sarcasm #TechSupport #TapesFromTechSupport #Enshittifucation #SignalSucks #TelegramSucks #Messengers

@lackthereof no, it's not because unlike #Phones and #PhoneNumbers, #eMail is not necessarily traceable by circumstances.

Because a Phone "Line" (regardless of whether it's POTS, ISDN, VoIP, GSM, VoLTE, …) and #telephony in general are designed for realtime communication, they inherently necessitate an active, ongoing connection.
- Even if it's just some App/PBX/… to connect to the provider and constantly state "I am on the network and able to recieve calls!" (with PSTN networks, there a physical line that gets assumed to have a phone connected)…

Whereas with eMail (and any #asynchronous #communication) you don't have that requirement.

So unless the provider is being taken over or otherwise "cooperative" there's no means for a sender to know where, when and how a message was retrieved unless the recipient wants the sender to know of it!
- Besides, even if you don't have an eMail provider like cock.li which natively supports @torproject / #Tor useage with an #OnionService, unless said provider explicitly prevents you from doing so, you can use not just Tor but also other techniques to make it extremely hard (not necessarily impossible, but at least unfeasible at scale!) to get tracked down.
- In fact, you could even use #Sneakernet - Style distribution through " #MeatProxies" and #DeadDrops (aka. #dr0p) to further twart tracing attempts.

Or to put it simple:

You can ring up someone and thus circumstantially verify the chain of #PhoneNumber -> #IMSI -> #ICCID -> #SIM -> #IMEI -> Device -> Location -> Owner quite quickly.
- Whereas you can't positively verify whether an eMail address and/or #XMPP+ #OMEMO account belongs to me unless I want you to know that it does!

So either way a phone number is just a horrible means of doing that.

And don't even get me started on the fact that legally speaking noone truly owns their number.
- Because even if you got some spechal case number (like UPT was) you still depend on neither regulators nor telcos to not block or otherwise interfere with it. Which is in contrast to say an OnionService which can only be shutdown effectively by sabotage aka. (more or less figurately) "unplugging" it.

I mean, it's not as if I didn't gave @signalapp a fair chance.

I wanted #Signal to be good - honestly...
- But I'm old enough that things rarely are that simple as #TechPopulism & #Propaganda claim it to be.
- Just like 5th grade #SexEd is not a substitute for Endocrinology, Gynecology and Andrology and actually licensed, medical professionals.

So any #Messenger service that requires a #Phone Number for signup and/or useage is truly not a real replacement and inherently makes PROVEN WRONG assumptions [i.e. that it is legal and possible to obtain a phone number anonymously at someone's juristiction] about it's customers' ability to shield their privacy…

Cuz all the " #Metadata" claims of Signal are complete #MarketingLies by virtue of them storing a Phone Number and not just being (as per admission by @Mer__edith) 'hard locked-in' with #aws but also subject to #CloudAct.
They certainly are nit deploying real #E2EE cuz you neither get #SelfCustody nor #SelfHosting and have to blindly trust them (aka. " #TrustMeBro!") that what they release as #SourceCode is actually what they deploy.
- It's like all those " #VPN" shillings which one cannot verify to be true or false!

THIS is why I am going fucking ballistic on #TechPopulism aiming at #TechIlliterates because it's spreading a "false sense of #security" whilst completely disregarding absolute fundamentals when it comes to the underlying systems.

And I don't mean shit like #Govware of the #SS7 kind, but absolute basics in #ITsec, #InfoSec, #OpSec & #ComSec that every @cryptoparty@chaos.social / @cryptoparty@mastodon.earth / #CryptoParty worth it's name touches on.
- Signal can't and won't save peoples' asses and the sooner we realize that "complex problems are hard to fix" the less we waste Resources on #HoneyPots that stench like #CrytpoAG & #ANØM!

Universal Personal Telecommunications - Wikipedia

Persönliche Rufnummer – Wikipedia

Dead drop - Wikipedia

Sneakernet - Wikipedia

https://infosec.space/tags/AN%C3%98M

The Lack Thereof :v_bi:

@lackthereof@beige.party · 3 days ago

@kkarhan
Email is, in practice, a privacy shit show equal to or greater than phone numbers. Either you self-host, which means you have an isp and a DNS provider at minimum who can reveal your identity on their whims, even if you lie on a whois record. Or you use one of the mega free providers with all their conflicts of interest and data mining. Or you use a paid provider which opens up all the payment chain to trace back to you on top of everything else

To get a phone number I can walk to the corner convenience store and, with cash payment and no ID, purchase a prepaid SIM card. I can pay cash to refill it every month.

Kevin Karhan :verified:

@kkarhan@infosec.space replied · 3 days ago

Kevin Karhan :verified:

@kkarhan@infosec.space · 7 months ago

My reservations and criticism re: #Signal are not just valid, but the reality is even worse than I thought:

The fact that @signalapp requires not only their shitty #Android #App, and a #PhoneNumber but literally won't allow people to use their shitty #Desktop-App unless they have an Android device with a camera pointed at it makes it utterly unuseable for certain users who don't have a fucking #camera in their Android…

Seriously, do they expect folks to deal with that shit?

It's already worse in terms of #UX than #telegram and #discord and that too makes #XMPP+#OMEMO clients like @monocles / #monoclesChat & @gajim / #gajim easier and faster to onboard #TechIlliterates onto.
Whichever asshole decided that a replacement for #SMS should mandate #PII like a #PhoneNumber & not be natively cross-platform should be banned from doing any #tech in their life. Trying to circumvent this shit and helping folks with it makes me so fucking angry that I'm now explicitly refusing to support it!

FIX THAT SHIT, @Mer__edith, and if it means you need to kick some devs in their crouch then consider this a necessary "investment"…

#sarcasm #TechSupport #TapesFromTechSupport #Enshittifucation #SignalSucks #TelegramSucks #Messengers

@lackthereof no, it's not because unlike #Phones and #PhoneNumbers, #eMail is not necessarily traceable by circumstances.

Because a Phone "Line" (regardless of whether it's POTS, ISDN, VoIP, GSM, VoLTE, …) and #telephony in general are designed for realtime communication, they inherently necessitate an active, ongoing connection.
- Even if it's just some App/PBX/… to connect to the provider and constantly state "I am on the network and able to recieve calls!" (with PSTN networks, there a physical line that gets assumed to have a phone connected)…

Whereas with eMail (and any #asynchronous #communication) you don't have that requirement.

So unless the provider is being taken over or otherwise "cooperative" there's no means for a sender to know where, when and how a message was retrieved unless the recipient wants the sender to know of it!
- Besides, even if you don't have an eMail provider like cock.li which natively supports @torproject / #Tor useage with an #OnionService, unless said provider explicitly prevents you from doing so, you can use not just Tor but also other techniques to make it extremely hard (not necessarily impossible, but at least unfeasible at scale!) to get tracked down.
- In fact, you could even use #Sneakernet - Style distribution through " #MeatProxies" and #DeadDrops (aka. #dr0p) to further twart tracing attempts.

Or to put it simple:

You can ring up someone and thus circumstantially verify the chain of #PhoneNumber -> #IMSI -> #ICCID -> #SIM -> #IMEI -> Device -> Location -> Owner quite quickly.
- Whereas you can't positively verify whether an eMail address and/or #XMPP+ #OMEMO account belongs to me unless I want you to know that it does!

So either way a phone number is just a horrible means of doing that.

And don't even get me started on the fact that legally speaking noone truly owns their number.
- Because even if you got some spechal case number (like UPT was) you still depend on neither regulators nor telcos to not block or otherwise interfere with it. Which is in contrast to say an OnionService which can only be shutdown effectively by sabotage aka. (more or less figurately) "unplugging" it.

I mean, it's not as if I didn't gave @signalapp a fair chance.

I wanted #Signal to be good - honestly...
- But I'm old enough that things rarely are that simple as #TechPopulism & #Propaganda claim it to be.
- Just like 5th grade #SexEd is not a substitute for Endocrinology, Gynecology and Andrology and actually licensed, medical professionals.

Cuz all the " #Metadata" claims of Signal are complete #MarketingLies by virtue of them storing a Phone Number and not just being (as per admission by @Mer__edith) 'hard locked-in' with #aws but also subject to #CloudAct.
They certainly are nit deploying real #E2EE cuz you neither get #SelfCustody nor #SelfHosting and have to blindly trust them (aka. " #TrustMeBro!") that what they release as #SourceCode is actually what they deploy.
- It's like all those " #VPN" shillings which one cannot verify to be true or false!

And I don't mean shit like #Govware of the #SS7 kind, but absolute basics in #ITsec, #InfoSec, #OpSec & #ComSec that every @cryptoparty@chaos.social / @cryptoparty@mastodon.earth / #CryptoParty worth it's name touches on.
- Signal can't and won't save peoples' asses and the sooner we realize that "complex problems are hard to fix" the less we waste Resources on #HoneyPots that stench like #CrytpoAG & #ANØM!

Universal Personal Telecommunications - Wikipedia

Persönliche Rufnummer – Wikipedia

Dead drop - Wikipedia

Sneakernet - Wikipedia

https://infosec.space/tags/AN%C3%98M

Kevin Karhan :verified:

@kkarhan@infosec.space · 3 days ago

Kevin Karhan :verified:

@kkarhan@infosec.space · 7 months ago

My reservations and criticism re: #Signal are not just valid, but the reality is even worse than I thought:

The fact that @signalapp requires not only their shitty #Android #App, and a #PhoneNumber but literally won't allow people to use their shitty #Desktop-App unless they have an Android device with a camera pointed at it makes it utterly unuseable for certain users who don't have a fucking #camera in their Android…

Seriously, do they expect folks to deal with that shit?

It's already worse in terms of #UX than #telegram and #discord and that too makes #XMPP+#OMEMO clients like @monocles / #monoclesChat & @gajim / #gajim easier and faster to onboard #TechIlliterates onto.
Whichever asshole decided that a replacement for #SMS should mandate #PII like a #PhoneNumber & not be natively cross-platform should be banned from doing any #tech in their life. Trying to circumvent this shit and helping folks with it makes me so fucking angry that I'm now explicitly refusing to support it!

FIX THAT SHIT, @Mer__edith, and if it means you need to kick some devs in their crouch then consider this a necessary "investment"…

#sarcasm #TechSupport #TapesFromTechSupport #Enshittifucation #SignalSucks #TelegramSucks #Messengers

@lackthereof it's not a "strange complaint", but a massive problem, because it creates dependency on a proven insecure network that is more often than not controlled if not run by hostile actors…

Also #eMail, like #XMPP+ #OMEMO, is based around #OpenStandards so you ain't forced to use any provider that is subject to #CloudAct nor known to snitch on customers without a valid domestic warrant…
- And if you trust noone, you can just host your eMail Server on a Rasberry Pi at home. It'll certainly be less convenient and more expensive but the you also get all the benefits of it being not possible to seize it without breaking into your home.

@signalapp mandating #PhoneNumners is a huge red flag because at best any #PhoneNumber is pseudonymous like a #Shitcoin-Wallet and that any #privacy is broken the moment it has any (even remotely circumstantial) connection to someone.

Because even if you ain't forced into #SelfDoxxing to obtain a #Prepaid - #SIM (aka. " #KYC") and/or Phone Number it is still a bad design.
- Not to mention that this conpletely twarts their " #Metadata - #FUD" completely.

Not to mention #Signal's #App is a huge shitshow…

Kevin Karhan :verified:

@kkarhan@infosec.space · 3 days ago

@ExcelAnalytics @signalapp not only that, the entire concept of demaning a #PhoneNumber to use #Signal is inherently and irredeemably wrong to begin with!

Signal

@signalapp@mastodon.world · 3 days ago

To protect people from such phishing, Signal actively warns users against sharing their SMS code and PIN.

We also want to emphasize that Signal Support will *never* initiate contact via in-app messages, SMS, or social media to ask for your verification code or PIN. If anyone asks for any Signal related code, it is a scam. We make this clear when users receive their SMS code during initial signup.

Kevin Karhan :verified:

@kkarhan@infosec.space replied · 3 days ago

Kevin Karhan :verified:

@kkarhan@infosec.space · 3 days ago

@signalapp those attacks.would've not.been successful if you weren't a #proprietary, #centralized, #SingleVendor / #SingleProvider "solution" that doesn't do #SelfCustoy of all the.keys nor allows for #SelfHosting nor demands #PII like #PhoneNumbers that can be leveraged for that.

You know what I need to use @monocles / #monoclesChat or @gajim / #XMPP+ #OMEMO?
- Internet connection and an account on any server.

Can't #phish if one doesn't have credentials for #phishing attacks ffs!

Can't get #phished if noone demands, stores, process or even demands such details in the first place!

Also which #Government is that incompetent to not be able to setup their own comms?

@signalapp THERE IS NO LEGITIMATE REASON FOR #Signal TO DEMAND A #PhoneNumber (= #PII by circumstances if not mandatory doxxing to the governments aka. " #KYC")…

so yes I do blame Signal because this attack vector is unique to #Signal's shittyness and would not exist with @monocles / #monoclesChat or even cock.li of all places…

𝘄𝗲𝘀𝘁𝘀𝗶𝗯𝗲

@westsibe@mastodon.social · 5 days ago

@Mer__edith , many countries around the world don't receive an activation code from #Signal. In Russia, for example, almost all instant messengers are blocked, except for Signal, Jabber and DeltaChat, and Signal could well have become #1 in Russia if not for this problem with the SMS codes. There is also the problem with SMS activation codes in Nigeria, Pakistan, Ecuador, Myanmar, etc. (Please see at https://github.com/signalapp/Signal-Android/issues/)

Apple-feed boosted

Ultimo :verified:

@vforvendetta@mastodon.uno · 6 days ago

Sarebbe bello usare l’app di #Messaggi di #Android e #iMessage di #Apple per chi ha un #iPhone se solo entrambe potessero comunicare direttamente con #WhatsApp , #Telegram , #Signal , #WeChat …I protocolli #RCS cambieranno le cose?

Ultimo :verified:

@vforvendetta@mastodon.uno · 6 days ago

Martin Nadal

@muimota@tldr.nettime.org · 7 days ago

Today I met up with a friend and I didn't use #signal or #whatsapp, I communicated via #sms. Could this be the most private, least #US tech-dependent way? And in most cases is for free #bringSMSbaxk

#selfhosting boosted

🏳️‍⚧️ Christin Löhner 🏳️‍🌈

@christin@lsbt.me · 7 days ago

Die zerbrechlichen Ketten der Bequemlichkeit

Ein Plädoyer für die digitale Emanzipation Europas

Wir haben unsere digitale Freiheit gegen Komfort eingetauscht. Microsoft, Amazon, Google und Meta bestimmen, wie wir kommunizieren, arbeiten und denken. Der CrowdStrike-Schock war kein Unglück, er war eine Ansage. Es ist Zeit, die Ketten zu sprengen. Ein Plädoyer für die digitale Emanzipation Europas. [Mehr lesen...]

https://www.christin-loehner.de/blog/die-zerbrechlichen-ketten-der-bequemlichkeit

#DigitaleSouveränität #DigitalSovereignty #Linux #OpenSource #FOSS #FreieSoftware #Datenschutz #Privacy #BigTech #FuckBigTech #DeGoogle #DeleteGoogle #DeleteFacebook #BoycottAmazon #BoycottMicrosoft #BoycottApple #Überwachungskapitalismus #SurveillanceCapitalism #Fediverse #Mastodon #Dezentralisierung #Decentralization #PublicMoneyPublicCode #ÖffentlichesGeld #RightToRepair #Fairphone #Framework #SelfHosted #Nextcloud #Signal #Tor #VPN #CrowdStrike #CloudAct #DSGVO #GDPR #Hetzner #EuropeFirst #TechSovereignty #DigitalRights #DigitaleRechte #Netzpolitik #CCC #ChaosComputerClub #ByeByeElon #QuitX #LeaveX #SaveSocial #Ecosia #Startpage #uBlockOrigin #LibreWolf #Firefox #FediTips #EuropäischeWerte #EuropeanValues #TechEthics #Nachhaltigkeit #Sustainability #GeplantéObsoleszenz #PlannedObsolescence #KaufLokal #LocalFirst #Widerstand #DigitalResistance #PolitischeTech #TechForGood #KI #AI #OpenSourceAI #ZenDiS #PublicCode #Libre #GNU #Debian #Fedora #PopOS #ZorinOS #NixOS #AntiColonialism #DigitalerKolonialismus #Cloudflare #AWS #AzureAlternative #EUTech #MadeInEurope