@ueeu I think crucial parts is looking at it's components, dependencies, size and for apps permissions.

• Also make shure it uses #OpenStandards, because #OpenSource can be just a "smoke grenade" when it's a #centralized, #proprietary, #SingleVendor & #SingleProvider solution.

#ReproduceableBuilds for example are important, so the actually released source code is what people actually get served as basis.

• Both of the latter points are something that @monocles / #monoclesChat does perfectly and that @signalapp completely fails at!

Plus in terms of #security, choose *real #E2EE with #SelfCustody of all the #Keys!

@Chiquidrakula @COSAntiFascists @iris @Em0nM4stodon @cryptoparty@mastodon.earth @cryptoparty@chaos.social

Now if you don't trust @monocles nor @protonprivacy (which IMHO is fair and correct!) and you can't use @thunderbird or something because you have no private computer with internet access [i.e. only a work-issued laptop you can't use for anything non-work - related] and you can't just boot into @tails_live / @tails / #Tails or a portable #Linux #Desktop distro at all then the real "#GalaxyBrainChair" - level "#BigThink" you can do is go the "#OfflinePGP" route and thus encrypt & decrypt your messages on a different device entirely.

• The main problem may be that you'd then have to get that to the machine from which you can send it, which as we all know from the #MattKC video means you gotta "keep it brief" [as in 2.944 bytes short] if you want to do the webcam & screen method of #airgapping...
  

I just didn't have time to get the "Airgapped Transfer Protocol" done, but setting the *"Barcode Scanner" App into bulk mode makes it less tedious to import stuff to an Android device...

• Again: The nice part with #OpenPGP & #PGP/MIME is that you don't have to trust anyone but yourself and maybe your communication partners' ability to make proper #Keys and get the #Pubkey to you...

@ck @sven222 @kuketzblog problem is @signalapp is a #Centralized, #Proprietary, #SingleVendor & #SingleProvider solution that falls under #CloudAct and demands #PII in the form of #PhoneNumbers.

• So even if we'd agree that #XMPP+#OMEMO as implememented in @monocles / #monoclesChat & @gajim / #gajim is bad (and #PGP/MIME over XMPP isn't good either) there are still better options than #Signal (i.e. @delta / #deltaChat which uses PGP/MIME & #IMAP-Push aka. #eMail) that don't require a #PhoneNumber, allow #SelfHosting and are truly #OpenSource with an #OpebStandard that allows for real #E2EE as in #SelfCustody of all the #Keys.

Cuz all the #advertising of Signal is close to #TrustMeBro and I'd not trust in @Mer__edith to risk jail for users!

• But you do you...

@moh_kohn except @signalapp too is a #centralized, #SingleVendir & #SingleProvider solution that fully falls under #CliudAct and thus CANNOT comply with #GDPR & #BDSG as a matter of principle since this digital rquivalent of #ExtraordinaryRendition is inherently incompatible!

• Use #XMPP+#OMEMO & #PGP/MIME with #SelfCustody if all the #Keys for real #EndToEndEncryption that doesn't rely on a #VC #MoneyBurningParty.

@monocles / #monoclesChat, @gajim / #gajim & @delta / #deltaChat, @thunderbird / #Thunderbird do support that!

@MartinaNeumayer @VixenBlu @thelusciouslibra I do recommend people to encrypt their emails and always exercise #SelfCustody of all the #Keys...

- Never ever rely on a provider to safeguard you or any other users; even if we all do nothing wrong!

https://web.archive.org/web/20240000000000*/https://twitter.com/thegrugq/status/1085614812581715968