Post Aa8aLkohMMVUnk0G48 by seanm@infosec.exchange
 (DIR) More posts by seanm@infosec.exchange
 (DIR) Post #Aa84nW3GeUY2aF0nQ0 by dangillmor@mastodon.social
       2023-09-25T11:36:37Z
       
       0 likes, 0 repeats
       
       I use Signal for texting because it's secure -- and because the people behind it are fighting governments' campaign against strong encryption. One of the most eloquent is Signal CEO @Mer__edith and you should follow her. Here's one example of why: https://mastodon.social/@Mer__edith@mastodon.world/111125416511375564
       
 (DIR) Post #Aa84nWolnsXsxZEjSa by Adam@social.lein.us
       2023-09-25T15:09:49Z
       
       0 likes, 0 repeats
       
       @dangillmor It's centralized though which means it won't always be benevolent. In 2021, they added a closed-source component so they can do things without being audited by the community. Plus it depends on phone numbers which are controlled by other centralized dictatorships (not the community). I'm afraid Signal is designed for enshittification just like the others. https://pocketnow.com/stop-being-naive-when-it-comes-to-things-like-whatsapp-telegram-signal-etc/
       
 (DIR) Post #Aa859wioArgrfb8b9E by theBurn@mastodon.social
       2023-09-25T13:03:31Z
       
       0 likes, 0 repeats
       
       @dangillmor @Mer__edith So frustrating, that so many people however are not reachable via Signal, but only via WhatsApp 😔Have tried to communicate only via Signal and iMessage, but did not succeed…
       
 (DIR) Post #Aa859xaKxqVaLcBLaC by Adam@social.lein.us
       2023-09-25T15:13:53Z
       
       0 likes, 0 repeats
       
       @theBurn I guarantee everyone who has WhatsApp or Signal also has the two other personal messaging systems that those already depend on; SMS to activate them, and Email to download them from the app stores. SMTP (email) CAN do everything WhatsApp, Signal, and iMessage can do in a more freedom-friendly sustainable manner, so why not just use that? https://bookofadamz.com/the-smartest-messaging-method-is-not-a-segregated-mess-of-whatsapp-signal-telegram-sms-slack-teams-facebook-instagram-wechat-etc/
       
 (DIR) Post #Aa8aLkohMMVUnk0G48 by seanm@infosec.exchange
       2023-09-25T21:03:23Z
       
       0 likes, 0 repeats
       
       @Adam @theBurn SMTP is not a replacement for Signal (and other Signal-type encrypted apps).In general I do agree with:1. SMS/MMS is insecure.2. Phone numbers are not ideal.3. Email is ubiquitous and decentralized.4. Centralized services are a risk.However, your suggestion to use SMTP is not the solution to why Signal (and its ilk) is heavily recommended: security.1. Email security does not scale well. You can use ProtonMail, Tutanota, etc but those are still siloed for built-in encryption in that it isn't easy to send encrypted emails between services. How do you easily and in a scalable manner provide E2EE with email that a non-technical person can use?2. Current email security products such as PGP don't provide perfect forward secrecy (PFS). How do you provide PFS with email security options?Email is great for many usage scenarios and communication but it doesn't address the usage cases that Signal and others have been built around.