Hey everyone!
-
Asta [AMP]replied to Lawrence Pritchard Waterhouse last edited by
@[email protected] Yeah, I was trying to phrase it in a polite way quickly upon seeing some discussions that were maaaaaybe best not to have on social media, but yes. context is everything here.
-
@aud It’d probably be safest if Signal discontinued the desktop app for Windows. But putting screenshots in your threat model makes things _very_ complicated…
-
Cassandra Granade 🏳️⚧️replied to Asta [AMP] last edited by
@aud @lpwaterhouse Perhaps a practical takeaway, but have fallback networks. Matrix has a lot of problems (cop shit being one of them), but can make a decent failsafe should Signal go the worst way.
-
Asta [AMP]replied to schrotthaufen last edited by [email protected]
@[email protected] I wonder how apps trigger the DRM subsystem in windows? Wonder if that can be taken advantage of. Not that someone wouldn't try to work around it but...
(EDIT: since apparently it can't screenshot stuff that's playing back DRM "protected" content because oh my god) -
@aud Widevine + HDCP to defeat Recall & co is exactly my kind of “use their own rules against them”
-
@[email protected] right?! Is Signal using electron? Would that work...?
-
@schrotthaufen @aud screenshots can also be faked, and the signal protocol includes plausible deniability. I hear of so many people having Signal apps used against them in court and I know it's just because they don't realize they can deny having sent the message.
-
@aud Signal is a US organisation with servers in the US and operating under US wiretapping laws and officially only works on US-controlled operating systems. It's a lot better than Facebook messenger and certainly better than fediverse DMs (where's that E2E encryption AP extension?), but I think taking their word for what is accessible the US security state is naive in the extreme.
-
@[email protected] as far as wiretapping goes, the encryption (assuming it is robust, correctly implemented, and also not trivially cracked) make that pointless unless I’m mistaken, right? Without access to the key, they’d just get noise. Definitely, though, the “US controlled operating systems” is a weak link for sure, particularly if there’s a method of obtaining said key.
I think it’s probably wise to assume no encryption will help you stave off the eye of Sauron when it’s aimed directly at you, but if you want to make sure you don’t catch it by accident signal is probably a good choice.
Do you have any suggestions for communication programs not entirely controlled by US entities? (this is a genuine question but because I’m tired it reads as sarcastic to me so I’m writing this to make it clear it’s something I’m genuinely curious in!) -
@[email protected] it would be nice if some signal servers existed outside the U.S… or if they could be totally eliminated.
-
@[email protected] @[email protected] alright, I just went and read up on that and that is cool as shit.
-
@aud
I run https://www.optoutproject.net/ with lots of tips
