I agree. Their comment is probably one of the more useless comments I’ve encountered on the subject.

I think the story of Whatsapp should’ve taught people that capitalist fuckery and living long enough to become the villain are bigger threats than people give credit for, and Signal is just as vulnerable to this as WhatsApp was. They’ve also fought against any ways that it could be mitigated, they fought and are still fighting unofficial clients (moxie himself went around harassing people to stop), they fought any form of decentralization or interoperability with other servers and self-hosting.

All things that could make signal a bit more resistant towards something like what happened with WhatsApp, yet they’ve all been rejected in favor of exclusive control on the app (and for a long time it was GMS tied on the PlayStore) and exclusive control of the the network. Two things that don’t exactly bode well for the future.

Remember kids, if someone makes a centralized app or messaging claiming to be a savior of privacy and security, you should be skeptical of them and their integrity. Really you should be skeptical of anyone making grand promises of privacy and security, especially boastful ones. Though decentralized services are less risky than centralized ones, and that’s why I recommend people use Matrix instead of Signal.

Matrix still has problems but it being decentralized eliminates many of the corruption issues by simply using a server not affiliated with the creators.

I agree with what other people are saying, the whole phone number requirement of Signal isn’t great since, for the most part phone numbers are intended to link to your real world identity. That means they are a very big weak link.

Also let us not forget that Signal is a centralized service run by one company. They have been very resistant in the past to the idea of decentralization and interoperability. I’m already very skeptical of people who claim to be a savior or hero of Privacy and security lie this, even more so when it’s a centralized service. You do know that WhatsApp started out like Signal did right? Look where they are now. You cannot trust a centralized service like Signal, especially one that forces you to provide real world identification. Signal can just as easily be sold and backdoored like WhatsApp was, decentralized services are much more resilient to that kind of thing.

Or, you know, obvious astroturfing as an excuse to promote alternatives is against the rules.

The irony of that statement is that it ultimately seems like they are the ones astroturfing here.

Everyone conviently forgets about MAC address spoofing. Some operating systems let you set a Random MAC address on each connection. It’s great.

How is it that there are people still unaware of this?

So do it anyway, not like they could ever know. It’s not a very enforceable thing is it.

And the name is derived from an awful slur too. The history of that is really messed up.

Obligatory Goldberg link since lots of people these days are still unaware that SteamWorks DRM is easily bypassed these days (you don’t even need to patch the files, you can just bypass it).

You can play Minecraft using custom Launchers that don’t check for account premium status, unless you play on big servers which require premium accounts it’ll work basically the same, and if you wish to play online you can find plenty of servers which support playing online without premium status.

Matrix could be a good solution, though that only works if the services actually support it for activation and verification.

Which ultimately is the problem with any alternative to email, they need to be supported by other services to be any useful.

There are solutions and ultimately it’s up to you to ensure that you have access to your account not because services are mean and want to hurt you, but because you’re a big boy. They give you security tools and how you use them is up to you.

Are you really sitting here trying to argue that big tech companies like Google and Microsoft somehow has our best interests at heart on a dbzer0 community about privacy where it’s abundantly clear to us that they don’t? Especially in cases of forced 2FA/MFA adoption with texting.

You know the only worthwhile thing you said was about software based 2FA which @[email protected] already mentioned in a far more civilized manner that made me more willing to listen to him, while also not kissing up to big tech companies who really actually mandate it to make their lives easier and who couldn’t care less if you lose access to your account.

The irony is that “to ensure that you have access to your account” isn’t really accurate when it comes to the hardware solutions, it would be more accurate to say “to ensure if access is lost, it’s lost forever”, and I’m never going going to agree or be okay with that because ultimately the person gets screwed over with no loss to the company trying to mandate that. Which is what I was expressing and why I lack any desire or drive to use them, and also my knowledge of how big tech companies operate is ultimately one of the reasons I’m not willing to delude myself into thinking they have my back when they actually don’t.

I strongly dislike 2FA and MFA solutions and really they seem to be to be a way for services to protect themselves than to protect me, since if I lose the device they’re connected to then I get locked out myself. If they function poorly like Lemmy’s early implementation of them, they can lock you out even if you have everything in order.

So when companies try and force 2FA or MFA solutions as mandatory in online applications where there’s no additional recovery methods I’m not going to delude myself or go along with the notion they’re doing it to protect me, and not themselves. Since those solutions make it likely to lose my account at no loss or harm to them.

Maybe this seems harsh but I’ve seen how big tech companies handle this aspect and talk about it and I know none of the other things they do come out of legitimate care for their users and I know this isn’t ultimately any different.

Maybe recursive DNS will become much more popular. I’d love to see faith and compliance with ICANN and IANA erode at least a little bit. Centralized DNS is the Achilles heel of the open internet, and yes that extends to activitypub based platforms which federate via domains.

You’re not missing something, a lot of this is FUD, Fear, Uncertainty, and Doubt. Same as the Intel ME conspiracy theories which largely lose all their bite when given even the least bit of scrutiny. It’s one of those things to make people afraid for attention and clicks but ultimately contains a lot of vague points, and possibly even misinformation. If you feel worried just install the placeholder, but a lot of what’s shared in the article about bypassing permissions when it’s not even a system app is FUD and ultimately misinformation, since as pointed out it isn’t a system app and has no permissions declared.

I think @[email protected] hasn’t yet been enlightened by the fact that one can block Mozilla’s URLs and IPs to escape it. TOS for software is dumb and made to be broken, don’t let anyone argue with you otherwise.

Glad someone else is thinking of the technical solutions. Rules and terms of service for software are meant to be broken and spat on.

I’m not saying it isn’t important all, I just think that it’s equally important to work to defeat systems and encourage people to take said action, as opposed to just trying to spread fear and despair. Which is what a lot of films about privacy and surveillance end up doing. There’s a name for that, it’s called fearmongering. Obviously we can’t stop the media from doing that but we should at least not do it ourselves.

And for any useful idiots who try and whine about how breaking those technological measures violates Terms of Service, terms of service in software that was handed to you is as worthless as the agreement at the bottom of my other comment. You need technological or practical enforcement of it for it to make sense. Like on this site the Terms of service are enforced with a ban if you don’t follow them. On the other hand software terms of use have no such enforcement, as anyone who participates in [email protected] would understand.

One thing you’ll find about self-hosting is that you find yourself on the other side of the spam shield very often, and getting your server to a point where other servers won’t block or filter you can be a challenge, especially if your IP or domain is on more aggressive lists like Spamhaus.

Besides that it’s not really that much different from hosting another Federated service, which you seem to have experience with.

It does seem that way sometimes, though mostly I was talking about stupid people online who claim to be open-source enthusiasts but still say that.