fsebugoutzone.org:9999

       Post B2eZYPFyXpVsYuIPKK by lxo@snac.lx.oliva.nom.br
 (DIR) More posts by lxo@snac.lx.oliva.nom.br
 (DIR) Post #B2eZYOLxu4i5lC5g1Y by dennyhenke@social.coop
       2026-01-23T19:24:13Z
       
       0 likes, 0 repeats
       
       @benjamim @briar @Em0nM4stodon Yes, but your comment and others in this thread seem to be missing the point that the alternatives to Signal are not easily adoptable. In the current moment, people organizing against #ICE, we need something people can actually sign-up for and use.This isn&#39;t about the most pure, ideal selfhosted messaging that nerds might love. This is about getting non-tech people who are fighting ICE on the streets set-up to use a cross platform, encrypted messaging app.
       
 (DIR) Post #B2eZYPFyXpVsYuIPKK by lxo@snac.lx.oliva.nom.br
       2026-01-24T20:51:55Z
       
       0 likes, 0 repeats
       
       what good is an encrypted messaging app if the enemy controls the computer it runs on?CC: @benjamim@social.lol @briar@fosstodon.org @Em0nM4stodon@infosec.exchange
       
 (DIR) Post #B2eZYPwA0zG0fk2652 by dennyhenke@social.coop
       2026-01-24T20:58:22Z
       
       0 likes, 0 repeats
       
       @lxo @benjamim @briar @Em0nM4stodon The people in Minneapolis have been using Signal daily to coordinate their efforts on the streets to protect each other against ICE. I think they would say that it&#39;s been very good and useful in their self defense efforts in recent weeks.  The fact that Signal uses AWS doesn&#39;t negate the usefulness  of the app. The communications are encrypted. The only exploit is a FED getting my unlocked device or targeting me with Zero click malware.
       
 (DIR) Post #B2eZYQnKpHn9KeuYxk by lxo@snac.lx.oliva.nom.br
       2026-01-24T21:10:27Z
       
       1 likes, 0 repeats
       
       when the enemy controls the device on which the app runs, the encryption the app applies afterwards offers no more than an illusion of security, because the enemy gets to see the plaintext as it is entered into the device, or as it is displayed to users.  the enemy can also unlock the device, and use the plaintext as evidence in fake trials.  if you need actual security, something that demands you to start your use by generating your keys on a remotely-controlled device is not it.  it&#39;s like building a castle on foundations of sand.CC: @benjamim@social.lol @briar@fosstodon.org @Em0nM4stodon@infosec.exchange
       
 (DIR) Post #B2eZYRMmhU9F6bUsDY by dennyhenke@social.coop
       2026-01-24T21:16:26Z
       
       0 likes, 0 repeats
       
       @lxo @benjamim @briar @Em0nM4stodon I don&#39;t think you&#39;re talking about Signal. Or, if you are, it seems like you do not understand how Signal works.  You can read more about it at the link attached. As long as my device is physically secure and the person/device I am communicating with has a secured device, the Feds cannot access the communication. End-to-end encryption.https://en.wikipedia.org/wiki/Signal_Protocol
       
 (DIR) Post #B2eZYRwEZgVKsY5BTM by lxo@snac.lx.oliva.nom.br
       2026-01-24T21:23:38Z
       
       1 likes, 0 repeats
       
       you don&#39;t seem to understand the concept of using a remotely-controlled device that gets access to the plaintext before it gets encrypted, and that can be user to deliver targeted malware to specific users besides the malware it&#39;s loaded with from the factory.  the loss of security takes place before and regardless of the protocol, because the device is compromised.a compromised device is a bit like the so-called analog hole, except it&#39;s digital, and it stands between you and the presumed-secure app, potentially leaking to its master any piece of plaintext you enter onto the device, or view on the device&#39;s screen, if not more.CC: @benjamim@social.lol @briar@fosstodon.org @Em0nM4stodon@infosec.exchange
       
 (DIR) Post #B2eZqOwOSQxOnLiWkC by dennyhenke@social.coop
       2026-01-24T21:30:47Z
       
       0 likes, 0 repeats
       
       @lxo @benjamim @briar @Em0nM4stodon No, I get that. You&#39;re suggesting that Signal cannot protect if the phone, mine or the recipient&#39;s is compromised. Agreed. In that case not much can protect  the communications. That&#39;s not a fault or flaw with Signal.The vast majority of people&#39;s phones have not been compromised and in those  cases Signal&#39;s encryption is what is needed and can be trusted. Your original point isn&#39;t very helpful given that fact.
       
 (DIR) Post #B2eZqPwmiSrduquLzc by lxo@snac.lx.oliva.nom.br
       2026-01-24T21:42:36Z
       
       1 likes, 0 repeats
       
       all phones ship from the factory already compromised, and under remote control by multiple parties, including universal backdoors to enable the controlling parties to further their control over them.signal&#39;s fundamental flaw is demanding users to start their use on such compromised devices.  it all starts on a compromised foundation.  regaining any security or privacy after that initial misstep, through which the remote controller of the device gains full access to your credentials and control over your account, is hard for me to believe.  I&#39;d be happy to be proven wrong, i.e., that if the user switches to another secure device afterwards, and terminate access from the compromised device, they can have assurance of exclusive control to their account from the secure device.  but that&#39;s hardly relevant since most people keep on using signal from compromised devices controlled by the enemy.CC: @benjamim@social.lol @briar@fosstodon.org @Em0nM4stodon@infosec.exchange
       
 (DIR) Post #B2eZqQvl3ldYxxR320 by dennyhenke@social.coop
       2026-01-24T21:57:13Z
       
       0 likes, 0 repeats
       
       @lxo @benjamim @briar @Em0nM4stodon So, don&#39;t use any mobile phone by any manufacturer because it is 100% certain that it is compromised from the factory? Or is there some process to make one secure?  What would you recommend as a solution? Is there a solution for a &quot;normal user&quot; who does not have deep knowledge of this?
       
 (DIR) Post #B2eZqRj26Z3JQmUOps by lxo@snac.lx.oliva.nom.br
       2026-01-24T22:10:26Z
       
       1 likes, 0 repeats
       
       you need a secure computer.  all smartphones are tracking devices designed for surveillance and remote control.  that tracking device in your pocket is not your friend, and it doesn&#39;t serve you.the keys you hold on it are as secure as bitlocker keys, or whatsapp keys for that matter.  even if you don&#39;t choose to upload the keys to the vendor, the device is compromised and it has full access to them.  it&#39;s not at all a solid foundation for security or privacy, because the keys that your security or privacy would depend on have been leaked to the remote controller of the device the moment they were generated.that sucks, but people have been fooled into mistaking universally-backdoored, remotely-controlled devices into sources of security and privacy.  we need devices and systems that serve users to get that, and we pretty much don&#39;t have any of that, because such possibilities have been actively taken away from us for various reasons.  and now that we need them, we can&#39;t have them, with extremely rare exceptions using ancient hardware with which signal won&#39;t allow you to start using it.CC: @benjamim@social.lol @briar@fosstodon.org @Em0nM4stodon@infosec.exchange