Kevin Karhan :verified:<p><span class="h-card" translate="no"><a href="https://mastodon.online/@zdl" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>zdl</span></a></span> <span class="h-card" translate="no"><a href="https://hachyderm.io/@evacide" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>evacide</span></a></span> that any the fact that <span class="h-card" translate="no"><a href="https://mastodon.world/@signalapp" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>signalapp</span></a></span> is incorportated in the <a href="https://infosec.space/tags/USA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>USA</span></a>, making them susceptible to <a href="https://infosec.space/tags/GDPR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>GDPR</span></a> & <a href="https://infosec.space/tags/BDSG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BDSG</span></a>-incompatible <a href="https://infosec.space/tags/cyberfacist" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cyberfacist</span></a> bs like <a href="https://infosec.space/tags/CloudAct" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CloudAct</span></a>.</p><ul><li>If <a href="https://infosec.space/tags/Signal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Signal</span></a> cared, they'd completely <a href="https://infosec.space/tags/OpenSource" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OpenSource</span></a> <a href="https://infosec.space/tags/backend" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>backend</span></a> and <a href="https://infosec.space/tags/frontend" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>frontend</span></a> as well as <a href="https://infosec.space/tags/decentralize" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>decentralize</span></a> and refuse to collect any <a href="https://infosec.space/tags/PII" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PII</span></a> (like <a href="https://infosec.space/tags/PhoneNumers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PhoneNumers</span></a>) <em>at all</em>!</li></ul><p>Remember: <a href="https://infosec.space/tags/KYC" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>KYC</span></a> <em>IS</em> THE ILLICIT ACTIVITY when it comes to <a href="https://infosec.space/tags/Communication" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Communication</span></a>!</p><ul><li>To me Signal has a stench like <a href="https://infosec.space/tags/CryptoAG" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CryptoAG</span></a> (aka. <a href="https://infosec.space/tags/MINERVA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MINERVA</span></a> / <a href="https://infosec.space/tags/RUBIKON" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RUBIKON</span></a>), <a href="https://infosec.space/tags/EncroChat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EncroChat</span></a> and espechally <a href="https://infosec.space/tags/AN%C3%98M" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ANØM</span></a> (aka. <a href="https://infosec.space/tags/OperationIronside" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OperationIronside</span></a> / <a href="https://infosec.space/tags/OperationTr%C3%B8janShield" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OperationTrøjanShield</span></a>)...</li></ul><p>Compare that to <span class="h-card" translate="no"><a href="https://monocles.social/@monocles" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>monocles</span></a></span> / <a href="https://infosec.space/tags/monoclesChat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>monoclesChat</span></a> which don't demand any PII or KYC and allow people to pay for their services with <a href="https://infosec.space/tags/Monero" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Monero</span></a> and <a href="https://infosec.space/tags/CashByMail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CashByMail</span></a> besides <a href="https://infosec.space/tags/SEPA" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SEPA</span></a> <a href="https://infosec.space/tags/WireTransfer" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WireTransfer</span></a>, <a href="https://infosec.space/tags/Stripe" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Stripe</span></a> & <a href="https://infosec.space/tags/PayPal" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PayPal</span></a> whilst supporting both decentralization (<a href="https://infosec.space/tags/XMPP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>XMPP</span></a> is not a <a href="https://infosec.space/tags/SingleVendor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SingleVendor</span></a> / <a href="https://infosec.space/tags/SingleProvider" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SingleProvider</span></a> solution!), implementing real <a href="https://infosec.space/tags/SelfCustody" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>SelfCustody</span></a> (<a href="https://infosec.space/tags/OMEMO" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OMEMO</span></a>, <a href="https://infosec.space/tags/OTR" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>OTR</span></a> & <a href="https://infosec.space/tags/PGP" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PGP</span></a> is supported out of the box) for all the keys, and proper <a href="https://infosec.space/tags/Anonymitiy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Anonymitiy</span></a> (using <span class="h-card" translate="no"><a href="https://mastodon.social/@torproject" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>torproject</span></a></span> / <a href="https://infosec.space/tags/Tor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Tor</span></a> & <span class="h-card" translate="no"><a href="https://social.librem.one/@guardianproject" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>guardianproject</span></a></span> <a href="https://infosec.space/tags/Orbot" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Orbot</span></a> for <a href="https://infosec.space/tags/privacy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>privacy</span></a>), so in case they ever get a <em>duely sumitted warrant</em> by a court they'd have to comply with, they'll most likely have no data whatsoever on clients that could allow identification.</p><ul><li>And that <em>is</em> a good thing, because whilst <em>very unlikely</em>, one cannot exclude the non-zero chance of i.e. <a href="https://infosec.space/tags/MLAT" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>MLAT</span></a>|s being filed with knowingly false information by 3rd countries.</li></ul><p>Also having no PII is a matter of reducing <a href="https://infosec.space/tags/liability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>liability</span></a> in the sense of <a href="https://infosec.space/tags/DataProtection" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>DataProtection</span></a>: All data requested and by <a href="https://infosec.space/tags/monocles" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>monocles</span></a> is the bare minimum mandated for <a href="https://infosec.space/tags/accounting" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>accounting</span></a> (i.e. only linking a payment like a <a href="https://infosec.space/tags/TxID" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>TxID</span></a> / Transaction-ID to an account and then adding up validity/activation period).</p><ul><li>And since running a <a href="https://infosec.space/tags/Service" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Service</span></a> <em>costs money</em>, the low <a href="https://infosec.space/tags/subscription" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>subscription</span></a> to their <a href="https://infosec.space/tags/Services" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Services</span></a> makes them independent from <a href="https://infosec.space/tags/ads" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ads</span></a>, <a href="https://infosec.space/tags/crawling" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>crawling</span></a> / <a href="https://infosec.space/tags/espionage" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>espionage</span></a> against <a href="https://infosec.space/tags/customers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>customers</span></a> and depending on <a href="https://infosec.space/tags/grants" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>grants</span></a> and <a href="https://infosec.space/tags/donations" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>donations</span></a> to keep the lights on, making it a <a href="https://infosec.space/tags/sustainable" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>sustainable</span></a> <a href="https://infosec.space/tags/business" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>business</span></a>...</li></ul>