If you think that Signal is an op and totally backdoored, my recommendation is that you should plan all of your crimes over Telegram group chat.
Discussion
Loading...
Post
Do you have any real advice for people who have good reasons not to trust US-based cloud services?
If this was coming from some fedi rando being snarky I wouldn't bother to ask, but you're Director of Cybersecurity at the EFF...
@abortretryfail If you're asking this because you have heard that Signal leaks metadata to AWS, I can tell you that this is nonsense.
No, I asked because people who live outside the US may have well founded concerns that Signal (a US-based nonprofit) or the trusted app stores from Google & Apple (US-based corporations) which exclusively distribute the clients could be compelled by (extra)legal means to bug an endpoint by the US government.
It'd be nice to know what the serious alternatives actually are since not everyone in this thread was onto the joke...
What jurisdiction do you imagine would a platform have to be in in order to be completely immune from all government pressures?
No clue. I'm not a lawyer and likely neither is a user in the EU who sees what is happening in the US and thinks "I shouldn't be trusting a US-based platform"
If you don't have any good recommendations just say so. I don't, which is why I asked.
@abortretryfail I'm trying to better understand what threat you are trying to mitigate against so that I can give you the advice that you asked for, but you do you.
@evacide I don't think it's an op but that Signal relies so heavily on AWS has me concerned.
@jeremiah I am familiar with the article that tries to make this case and it is absolute nonsense.
@evacide I haven't read or seen the article you're referring to that makes that case.
Where I am coming from is that I saw that they were also impacted by the AWS outage and I found myself surprised at that dependency and just concerned because I've watched every tech company kiss Trump's ring and don't think Amazon would take a principled stand if pressured to knock a specific customer offline.
Perhaps there is evidence to counter that initial reaction but I haven't come across it and don't know where to find a good rundown for why it's not an issue.
@evacide none of us in our nation use Signal. They have all been using @whatsapp and @telegram, now more push to their local alternative @arattai for data storage/control in our local regions.
WhatsApp and Telegram are foreign Messengers and every nation hesitate to send their services' user data to any foreign authorities.
@evacide I almost snorted my morning coffee out my nose.
@evacide I still prefer writing down all my misdemeanours with pen and paper and posting them to the authorities. It’s actually pretty good opsec as no one can read my handwriting.
Telegram's secret chats are E2E, but default isn't. Signal's solid for privacy.
@evacide What did the Louvre Gang use?
The replies to your posts since the AWS outage have been an amazing source of 'Signal has a flaw and therefore we should ignore the dozens of fundamental design flaws in {other thing} and use it instead' posts.
The mindset of 'X is not perfect, therefore we should use Y, which is strictly worse in almost every way but lacks this one problem of X' never ceases to amaze me.
@david_chisnall
Man. I think you missed irony here.
@evacide
Does Telegram run on AWS too?
@evacide just don't forget to invite a journalist.
@evacide yeah, telegram is so much more "secure" 😈
@evacide have we learned nothing from Signalgate? Signal has the glaring security flaw that if you carelessly add a journalist to a Signal chat where you're planning (war) crimes, they can then report on the chat.
@evacide or you could start a password protected IRC server over i2p... or a tor email server
@evacide
I think simpleX is a better choice for planning crimes, yet i am still looking for something that uses onion routing by default.
How about https://keet.io instead ?
Or maybe https://cabal.org ?
They are both powered by the dat stack @dat_ecosystem also known as the `hyper-*` stack which is currently mostly maintained by the "Holepunch" organization, which also works on cross platform js runtimes to make it easy to build p2p apps and cli tools 🙂
It is extremely battle tested and mature and the messenger supports text/audiocall/videoconferencing/filesharing/etc...
@serapath @overflo @evacide @dat_ecosystem This is proprietary software, why would anyone ever trust this over Matrix or Signal for their communications?
@gsprs @overflo @evacide @dat_ecosystem
keet is proprietary UI, but the p2p stack underneath is open source
@serapath @overflo @evacide @dat_ecosystem Yes, so why would anyone trust it over Matrix or Signal?
@gsprs @serapath @overflo @evacide @dat_ecosystem
Sera, i have no words for devs who cant see the bigger picture and how p2p helps out everybody and using resources that we already have.
I had got similar question on advocating keet, all i can say is keep using the centralized services and worry about expenses 😂😂😂
I see benefits of p2p stack since i have been playing around with...
@serapath @overflo @evacide @dat_ecosystem if someone thinks about planning their crimes peer-to-peer, i have bad news for them: network analisys
peer to peer is not about crimes and whether it is AWS outages or backdoors, having an open source battle tested peer to peer stack - have fun trying to analyze the network in this case 🤷
in general, peer to peer is more about having an empowered civil society instead of authoritarianism - but if you have a problem with that, i guess it's clear where you stand
i am not entirely sure that is true anymore.
especially in a TOR setup where random delays are part of the protocol to make sure timing analysis is VERY HARD to impossible.
the internets traffic is not compareable to what it was 10 years ago..
and it was HUGE 10 years ago..
1 more replies (not shown)
calm yourselves.
i am sure there is NO reason to assume anyone in this thread is/was trying to be mean in the first place..
@serapath @overflo @evacide @dat_ecosystem
Dude. Learn to read the room.
@evacide if a member of a gang would propose to set up their own private XMPP chatserver for chat, the others would probably think she plans to sell them to the police.
That is why they now all use telegram 🤔
I think all books cybercrime-for-dummies should mandatory have a chapter on how to send encrypted message with smoke signals 🤣
Did anyone remember the numbers stations?
@evacide Or maybe on mastodon, but fail to use the DM functionality.
If you use Telegram as a news aggregator rather than a messenger, it's great. And now there's a mini app with retro games. Bobby Carrot is great!
*involuntary chuckle*
bonfire.cafe
A space for Bonfire maintainers and contributors to communicate
Automatic federation enabled