Hey everyone!
-
@[email protected] fucking #windowsRecall
If you're using self destructing messages, probably... god, what a mess that "feature" is. Definitely not purpose built for surveillance :rolls_eyes: -
propapanda :verified:replied to Asta [AMP] last edited by
@aud that's for my pretty much single user instance ^^
-
Asta [AMP]replied to propapanda :verified: last edited by
@[email protected] OH! Goddamn.
So... so many instances... -
Lawrence Pritchard Waterhousereplied to Asta [AMP] last edited by
@aud Signal is *not* your "friend". It is a US-based "Limited Liability Company" (Signal Messenger LLC) & "501(c)(3) nonprofit organization" (Signal Foundation, formerly Open Whisper Systems), with a centralized server infrastructure. There have also been software freedom and transparency issues (Phone numbers as id, reproducible builds, server source code, etc.). It is *likely* the most secure chat app, but please don't trust it blindly, good OPSEC is *still* a good idea.
-
Asta [AMP]replied to Lawrence Pritchard Waterhouse last edited by
@[email protected] Yeah, I was trying to phrase it in a polite way quickly upon seeing some discussions that were maaaaaybe best not to have on social media, but yes. context is everything here.
-
@aud It’d probably be safest if Signal discontinued the desktop app for Windows. But putting screenshots in your threat model makes things _very_ complicated…
-
Cassandra Granade 🏳️⚧️replied to Asta [AMP] last edited by
@aud @lpwaterhouse Perhaps a practical takeaway, but have fallback networks. Matrix has a lot of problems (cop shit being one of them), but can make a decent failsafe should Signal go the worst way.
-
Asta [AMP]replied to schrotthaufen last edited by [email protected]
@[email protected] I wonder how apps trigger the DRM subsystem in windows? Wonder if that can be taken advantage of. Not that someone wouldn't try to work around it but...
(EDIT: since apparently it can't screenshot stuff that's playing back DRM "protected" content because oh my god) -
@aud Widevine + HDCP to defeat Recall & co is exactly my kind of “use their own rules against them”
-
@[email protected] right?! Is Signal using electron? Would that work...?
-
@schrotthaufen @aud screenshots can also be faked, and the signal protocol includes plausible deniability. I hear of so many people having Signal apps used against them in court and I know it's just because they don't realize they can deny having sent the message.
-
@aud Signal is a US organisation with servers in the US and operating under US wiretapping laws and officially only works on US-controlled operating systems. It's a lot better than Facebook messenger and certainly better than fediverse DMs (where's that E2E encryption AP extension?), but I think taking their word for what is accessible the US security state is naive in the extreme.
-
@[email protected] as far as wiretapping goes, the encryption (assuming it is robust, correctly implemented, and also not trivially cracked) make that pointless unless I’m mistaken, right? Without access to the key, they’d just get noise. Definitely, though, the “US controlled operating systems” is a weak link for sure, particularly if there’s a method of obtaining said key.
I think it’s probably wise to assume no encryption will help you stave off the eye of Sauron when it’s aimed directly at you, but if you want to make sure you don’t catch it by accident signal is probably a good choice.
Do you have any suggestions for communication programs not entirely controlled by US entities? (this is a genuine question but because I’m tired it reads as sarcastic to me so I’m writing this to make it clear it’s something I’m genuinely curious in!) -
@[email protected] it would be nice if some signal servers existed outside the U.S… or if they could be totally eliminated.
-
@[email protected] @[email protected] alright, I just went and read up on that and that is cool as shit.
-
@aud
I run https://www.optoutproject.net/ with lots of tips
