Hey everyone!
-
There are no secure DMs in the fediverse; this is basically the equivalent of walking onto a street and chatting with a friend. Whether anyone hears you is just about whether or not they're listening.
So! The safest data is the data that never existed. So don't rely too much on DMs; switch to something else!
#activityPub #fediverse -
@[email protected] I would say this is more about "privacy" than "security", unfortunately/fortunately. Even without knowing the specifics of when and how data might be sent to external servers, there's already no silver bullet. There's always 0 days for both Signal and the various OS it's running on to begin with. I mean, if you're running the app on a computer, screenshot tools can also void the security idea.
Still, social media as it stands today is an especially poor 'private' medium for communication. Admins can read your shit, etc. And also the nature of federation means that message is going a lot of places. -
If you want things private, you should... probably be careful about using the Signal app on, say, a machine with auto-screenshot capabilities built right in, too.
#windows11 #windowsRecall -
@aud tell that to the journalist who said to their chinese source "yes yes signal is secure, no one will know" and a couple weeks later the source is gone.
The only spicy thing one should speak about on signal with a phone default virtual keyboard is their grandma chili recipe. -
Asta [AMP]replied to gkrnours last edited by [email protected]
@[email protected] I don't mean to suggest you're not being helpful or that you're wrong but could you please try and provide a constructive suggestion? My nerves are absolutely fucking frayed at the moment and I don't want people broadcasting shit they don't need broadcasted and I'm definitely not at fucking fault for the state control of resources in China. Do I think the US telecom industry ISN'T compromised? No, we know it is. Does that mean you can't say something "fuck trump" on signal? No, no it does not. So please keep the perspective here.
"Don't say anything too spicy through ANY messenger" is a good constructive one, for instance. There are levels of "spiciness" and there are bad ideas, better ideas, and worse ideas.
I am not happy. I am trying to be proactive to help people AVOID talking themselves into trouble. My patience for your tone is short. I had nothing to do with that. Anyway, if I'm wrong, great, please provide another way or discuss some of the things people need to keep in mind or ANYTHING. The situation w/ regard to people being disappeared by the feds here in the US isn't at that level currently, so this suggestion should be taken with that in mind. But don't fucking snark at me at the moment. -
@aud oh, I assumed by spicy you meant stuffnlike taking inspiration from critically acclaimed video game final fantasy VII. Nevermind.
f-droid have a collection of open source virtual keyboard
-
@[email protected] ah, no. Well, I am being somewhat vague on purpose because I don't want people to be like, "look, she's advocating for ||redacted||!", so, I can definitely see how it comes across that way.
I guess maybe the best blunt advice would be, "say spicy shit on Signal, and don't say incriminating stuff at all" but. I think it's safe to say that people shouldn't be taking advice from me about blatantly illegal suggestions. cough.
Sorry for the going all spicy mode on you, for that matter. I'm tired and wasn't sure why you were hitting that point so strongly. I see why now, though. -
@[email protected] I'm worried, a lot, about someone saying something dramatic that will be taken the wrong way (definitely the time people might do it and definitely not the time be broadcasting it), or even planning legal protests or civil disobedience measures in public because law enforcement gives 0 shit that it's legal and will happily monitor open channels and twist it to fit their whatever. Plus I doubt I trust all 11,000 admins enough to be think that keeping copies of that kind of stuff in their database is a good thing.
So... that's more of where I'm coming from. -
@aud
I honestly think signal + an open source virtual keyboard is safe.
I'm worried because I fear signal + a keyboard shipped by manufacturer is a recipe for self incrimination. -
Cassandra Granade 🏳️⚧️replied to Asta [AMP] last edited by
@aud Also spicy: planning on or helping with getting an abortion.
Also spicy: DIY HRT.
Also spicy: who the fuck knows what's about to become spicy, so it's awesome to have defenses set up well in advance.
-
Asta [AMP]replied to Cassandra Granade 🏳️⚧️ last edited by
@[email protected] When it comes to data that is stored indefinitely, you're always fighting against not just the technology and laws of today, but the technology and laws of the future.
-
@aud The only moderately secure DMs on the Fediverse would be either separately end-to-end encrypted, or sent strictly between single-user instances. (And even in the latter case, anyone with access to the hosting technically *could* look.)
Any privacy on the Fediverse is based on a gentleman's agreement not to peek.
If you treat it as such, then you won't be disappointed.
-
@[email protected] Agreed! Plenty of absolutely fine things to say via DM, so long as you don't mind the admin peeking in. They're not particularly private by nature, and they are definitely not secure, but that's all you need for a lot of stuff.
-
propapanda :verified:replied to Asta [AMP] last edited by
@aud yup
-
@aud Most people hopefully already know this, but: Signal has self-destructing messages. Use them, but beware people can still screenshot.
-
Asta [AMP]replied to propapanda :verified: last edited by
@[email protected] ... wait, I'm federating with half the fucking fediverse on my single user instance?
alright, well, one, props to the API for being surprisingly low bandwidth, all things considered, despite the degree of federation, and two that's a lot of copies of my shitposts in a lot of databases. -
@[email protected] fucking #windowsRecall
If you're using self destructing messages, probably... god, what a mess that "feature" is. Definitely not purpose built for surveillance :rolls_eyes: -
propapanda :verified:replied to Asta [AMP] last edited by
@aud that's for my pretty much single user instance ^^
-
Asta [AMP]replied to propapanda :verified: last edited by
@[email protected] OH! Goddamn.
So... so many instances... -
Lawrence Pritchard Waterhousereplied to Asta [AMP] last edited by
@aud Signal is *not* your "friend". It is a US-based "Limited Liability Company" (Signal Messenger LLC) & "501(c)(3) nonprofit organization" (Signal Foundation, formerly Open Whisper Systems), with a centralized server infrastructure. There have also been software freedom and transparency issues (Phone numbers as id, reproducible builds, server source code, etc.). It is *likely* the most secure chat app, but please don't trust it blindly, good OPSEC is *still* a good idea.
