4:48 yeah, a proponent of censorship, looks bad… Not sure what “apparent” intelligence connections means, but paired with supporting censorship, could be really bad. “Free service” has tended to mean we, (our data) is the product.

@@TrggrWarning Agreed. Sure, the code is the code, but Signal's leadership were the ones who decided that phone number are still required. Signal has a huge trust problem. Also, Durov has a valid point: Signal doesn't have reproducible builds on iOS. Telegram does. And Meredith Whittaker, who worked 10 years for Google before she realized that surveillance capitalism is a problem, lies about this and claims that Apple prevents Signal from having reproducible builds.

I agree that criticism from anyone regarding a widely used e2ee protocol ought to be corroborated by evidence. But then again, much of the criticism on Telegram relies on its protocol, mtproto, being "homebrew", or the company founder being Russian, or its creators not being world-famous cryptographers. A few minor flaws on Telegram have been proven in the past, they were acknowledged and readily patched by Telegram, and bounties paid. It's not as technically secure or private as Signal, to be sure, but I think Telegram has another paradigm and focuses on a different risk profile. It's much more like Discord, and way better in every respect.

I'm more concerned about the NSA and Clearview AI, since they've collected the data of almost everyone in the world.

The rumours that fly around online about supposedly dodgy applications can sometimes be instigated by the government whenever it decides it doesn't fit in with their agenda for control......no privacy allowed. I think we need to do some research of our own before deciding which applications are safe to use, and not rely too much on hearsay, as well as ensuring that we set up and use our systems with the best possible security and privacy.

That makes sense.

@@JohnTurner313 the fact it is open source says otherwise.

Only the client unfortunately

how about Signal handling messages of Tucker Carlson to the alphabet agencies? Signal is broken, they all are. Don't be naive.

And as it's said, the security is only as good as the user. If you're messaging someone on Signal and that person gets arrested and that person gives up their code to get into the app, then all your messages are there if they don't delete them or aren't on a timer. It's the same thing with iMessage; it's end to end encrypted, but once someone has the passcode to your phone, it doesn't really matter anymore.

But there's still need for personal OPSEC!

​@@AllThingsSecured - Best to delete the recovery email and store the encryption keys locally on an encrypted storage. imo

@@ForAndroid101 Operational Security = everything you do or dont to maintain your anonimity including physical things besides online. And about paying, there's no other way i imagine. They dont accept crypto as far as i know.

yes of course, they accept crypto

Whats your view on NPU that bypass E2E encryption? Watch Rob Braxman Tech new video.

Exactly 👏

one of the things that can end this is, for example, a law that the EU wants to approve, which prohibits encrypted communication, so services like Proton and the like could have a serious problem :/ of course, there are a lot of other options, but every other option takes away "comfort"

Lavabit shut down their company rather than give out information

@@matejkuka797are you serious? They got USB-C & now they want to HTTP all the things? 💀

Not so

Agreed 👍🏻

I love proton mail and tutanota

Tutanota.

Well even if you self host a secure service. If the gov asks you to hand over data, you either comply or go to jail and get your servers taken by force. So.... yeah... let's be reasonable here.

ha! I know, right?

@@AllThingsSecured I don't remember where I read it but a while back I saw someone posting something like this: "the Internet is down at the moment so I went out into the real world. Here I'm shouting to everyone I see how I'm feeling, what I just did, what I got for breakfast and so on. So far it's going great - I've already got three followers, a doctor from a psych ward and two police officers".

​@@henrik2117hilarious and so true but I'm concerned that the US wouldn't be able to care for homeless influencers if the Internet ever really did break

💯🙌

Being in Switzerland doesn't make it safe or immune! The main offices for Eurojust are there and have the power to inspect data and records.

@@OH2023-cj9ifBeing headquartered in Switzerland means they are protected by Swiss laws, and Switzerland has some of the most privacy focused consumer protection laws in the world.

Thanks 🙏

That would require actually thinking for themselves and making a personal opinion - not sure the majority of people are ready for that.

Thanks 🙏

So Proton only provides email addresses of terrorists & draws the line on “for targeted ads” scanning. Folks pay for some of their products, which helps everyone bypass ads. Also, for a good percentage of users are “free” which tends to mean they, their data, is still the product. So, your phrasing leaves a lot to the imagination, providing email addressees, merely addresses? Sure seems pointless. If they are scanning, but NOT for ad placement, why? To find email addresses of terrorists? Lol wat?

Confusing comment. Please stay on one topic for goodness sake. What makes you say that Proton is scanning? Where are you getting this?

@AllThingsSecured read his comment again more carefully. You're misinterpreting what he said about scanning. He's not claiming that proton scans emails. He was referring to how crazy it was... that he saw somebody complaining about Proton not scanning emails.

One groups “terrorist” is another groups freedom fighter. So yeah, privacy is privacy…….

Very true.

It's not as opensource as you think some years back a fork called librasignal appeared which removed a dependency on some Google services components which some folks felt could reveal metadata. The client was banned from the signal servers due to 'load concerns' the authors of the fork offered to run and pay for their own servers if they could federated onto the signal network, federation was expressly denied as it would limit the speed of new features. This is documented in github issues on the signal client. Last time I looked certain backend components are not opensourced (admittedly several years ago) so I do not believe its possible to run a parallel network. I still use signal, as that's certain friends comm tool of choice. I'm just pointing out this wouldn't be the first 'smell' around signal, and as per the video practice opsec. One final thought how do we know the apk from the Google store is built from the public code?

This was Tucker Carlson's issue, they got to his private signal messages through his phone's vulnerabilities (possibly deliberate) not through Signal itself.

True.

This only applies to VPN. Everything on there web servers, mail servers, and database servers is logged. You can access Proton's website through tor. But, you can no longer create a proton account through tor which means the account is linked to you. Personally, the only VPN I trust is Mullvad.

Maybe, but Proton was funded by the EU and are funding nefarious projects. The company you keep says a lot about you...

​@@imFruzzythis argument holds very little water. The tour project used to get DOD funding but they are very clearly not a Honeypot. There has been plenty of actual court cases that have proved that the US government cannot abuse that Network in fact, the US government uses Tor and I'm pretty certain the same situation exists with the EU and proton. The EU probably pays proton a little bit of money because the EU uses proton. Also saying that proton is funded by the EU is a little bit stupid because proton is not a donation-driven company. They are funded by their users. They may have gotten a few EU grants, but that's very different from being funded by the EU

PIA was purchased buy some mossad bros

Github code may be secure but if you take closer look in 0:18, it says Signal doesn't allow researchers to verify the app deployed in iPhone is the same as the code in Github 😅

Thanks for sharing.

Telegram CEO is referring to Tucker Carlson, TC interviewed Pavel Durov last month, Tucker claims his Signal was compromised

@@NomadKev it's a claim based on no evidence, I also say the US bank was compromised. People seem to forget Signal is competition to Telegram, he has everything to win by saying that baseless claim.

@@NomadKev it's a baseless claim.

Thanks! 🙏

Thanks for watching and commenting 🙏

People should always be finding sources and verifying. Seems like if people even see something at all that they just share it without validity as a thought at all even afterthought. I mean its ridiculous. On the other end not everything can be verified so i dont believe only speaking about verified stuff especially with the ACT checkers... People need to look at who would benefit from each thing... Possible motives... Credibility... Then it could be clearly seen when people are being put in a situation to discredit themselves and others in the long term by not considering these things. The long term is more important.

Absolutely 👍🏻

Thanks 🙏

Very interesting thought on the journaling. Thanks for sharing.

You could just write your journal using a local app on your laptop and make sure the drive is encrypted. Or there are ways to create encrypted "files" which can contain multiple files, folders, etc. You decrypt it, update your journal, and re-encrypt it.

@@Ck87JF I hear you, but in terms of UI & UX it's not practical. I want a specific app designed for journaling. And those exist, but they're not end-to-end encrypted (E2EE). I have heard of DayOne, which is a promising E2EE journaling app, but they are not natively E2EE so I have some reservations. That said, the biggest hurdle for this magnificent app is that it's only available for Mac and I use Windows. They said they are working on a Windows app though, but I suspect that will take forever as they seem more dedicated to Mac users.

well, that's exactly the point. If your threat model includes big govt/big tech, using a proprietary mainstream OS already invalidates every action you take further - which was more or less confirmed in 2013 by Ed and hasn't changed since, more or less gotten worse. Everything you do in that OS can and is being recorded, the OS can take and does make screenshots for example. Some people don't realize this, but as long as you don't know what the OS underneath is doing, no E2EE, Signal or Protonmail is gonna help. These solutions only make sense if the threat model is 3rd parties and ad companies.

If you are concerned about that you can always use a privacy-respecting fork of Android like GraphineOS or CalyxOS.

@@PvtAnonymous makes sense, but in that case signal shouldn’t make itself seem “encrypted” because if the operating system can and does use the info you type then it may as well not be encrypted, I personally don’t give a damn about ad traffic or anything along those lines, the entire point of using signal is for encrypted messaging, which if that’s undoable via a normal Android/iphone shouldn’t be available on the App Store/play store

​@@WaturDzn for an app to work like that you'd never be able to read anything except the encrypted data and would have to manually run the decryption math by hand to get the message. If you want anything other than a long hash string to appear on your device screen it needs to be decrypted and stored somewhere on your device to do so

No, most don’t.

Why even pst this comment? Of course, most people dont.

In general, the TOS is full of legal jargon that is difficult for the average user to decipher, and it is also usually as long as the LOTR.

​@@Physis_88exactly the TOS can take literally hours to comb through. Who actually has time to read through it?

Ignorance or sarcasm?

I don't think your privacy has to connect in any way to law enforcement finding a dangerous criminal. It's simply how we handle our own data, not expecting a company to do everything for us.

@@AllThingsSecured👍🏼

Great point 🫡

Exactly my take away. If you are using Protonmail for "anonymity" there is a flaw in your threat model long before email services come into play.

Feel free to jump over to Odysee for those who don’t want to use a Google app!

Odysee and rumble are good alternatives to this.

Sad but true.

I read recently that Signal now allows a username instead of the phone number. I haven't tried it,so I don't know how it works.

I launched Signal the other day, and it offered me a brand new feature: that I create a username, so it could be used in addition to the phone I'd provided. Done. Then went to the settings and switched the toggles to not show my number to anyone. Only the contacts that have already added me still can see it. Plus, you can buy a virtual phone number, like Google Voice or Vyke, and attach your Signal to it.

I’m glad it was helpful!

Awesome, thank you!

You seem to be colossally confused. You’re mixing up two different issues here. And if you watched the video, you know that EVERY company must live under the rules of the country in which it is based. I’m curious what you expect the companies to do?

I don't understand how your final statement is a question. 😂

All I know is they should be banned for cultural pollution and dumbing down a whole nation

You don't understand the message of the video. There are companies like Proton Mail, who don't have the content of your emails (un encrypted) , so they can't give them. But is up to you to use an Email address or recovery method that protects your anonymity. And about TikTok, the USA politicians don't care about your data being taken by China. They want to censor you, want to have total control over the app, don't care for its users information, they want to exploit and totally control them

As always. Thanks for watching and commenting.

And also not using encryption by default, giving people a false sense of security because they "have" end-to-end encryption... But the so called "Secret Chat" function only works mobile-to-mobile.

@@APIAlchemist and it's not even advertised as much, considering that's the only encrypted chat

@@blackpurple9163 Besides, isn't Telegram closed source? How can we even verify it's end-to-end? If we try to sniff for the packages sent, they will all be encrypted in transit so it would be very hard to decode to try and find out, especially since they use a proprietary encryption algorithm called MTProto that they won't open source even if they do give a detailed description of how it works (and it was analised by a few people, it has several security flaws too). And the same encryption is used to send regular messages and end-to-end to their servers. We should just assume that they don't have the key to decrypt the secret chats too?

Most people don't, but you can be sure that it is being reviewed by people who are looking for bug bounties at the very least.

Have you compiled the Signal Android app source code by source? to verify for yourself? Some Apps have PGP keys to verify if the compiled application is Signed to verify if the file is correct.

Interesting

My pleasure! Thanks for watching and commenting.

That is correct, but we have to use the tools we are provided, and we have to trust those that are more knowledgeable than us. Simply because building our own secure tools is mostly a braindead idea. No homegrown solution will be as secure and as foolproof as tools created by professionals. I am using both Proton and Signal and I would much rather trust these two companies with minimal (if any) security problems in the past than most other apps that are out there somewhere. And having said that, if there are security problems, they'll most likely stem from my own stupidness or the people I communicate with.

@@stephanhuebner4931 Indeed, I was just reminding that even with open-source software, when it is hosted somewhere there is always uncertainty and one can never be sure 100% of the full confidentiality of the data.

I prefer open-source software over Proprietary software

That’s impressive, but beyond the ability of most people to set up.

@@AllThingsSecured I agree, indeed....

Correct, but you can also use a virtual number for that.

My pleasure!

Will you use Linux Instead of Windows?

@@TCKRDefense I've been using Linux for months now actually. I made the change because a friend of mine helped me get initially into it, and I started dual booting. Then I stopped dual booting after hearing about Co Pilot and now am an 100% Linux user.

Yea, I get that. But now I have to get all my friends and family to use Session too. Not going to happen.

@@AllThingsSecured Yes, it is a problem. But the point I was trying to make is that Using Signal instead of ProtonMail gains nothing with respect to hiding a person's identity from government.

@@hypothebai4634 : Why compare Signal and Proton? Proton doesn’t offer a standalone messaging app.

Convincing regular people to use some obscure solution, no matter how secure it is, is absolutely unrealistic. And there's another viewpoint to this: The fact that you are one of potentially very few people who use said obscure solution makes you and those people an easier approachable target, as you stand out from the countless numbers of people using some other, widely more popular solution.

@@stephanhuebner4931 My starting point is that all new solutions initially come from the pool of obscure solutions. And initially convincing regular people to use Solution A rather than solution B is just as hard as convincing them to use solution C rather than solution B. I agree that using, for instance, Session over Signal does not allow a user to hide in the long grass. But the thing about systems such as Session is that it is very hard to determine that anybody is using it at all. And Session leaks so little info that who cares if somebody is watching.

I tried to explain it. Proton is a single company with multiple apps - the issue here is related to the base account, so talking about a particular Proton service or app isn't relevant.

desing lol

Pidgeon2Pidgeon

​@@SuperM00bhahahahaha

That's one way to look at it.

I love how you share this with such conviction despite it being completely false. This is why videos like this exist - people love to spout off “facts” without any proof to back them up.

ProtonMail and Encryption Encryption Keys on Servers: ProtonMail uses end-to-end encryption (E2EE) for emails, meaning that your emails are encrypted on your device before being sent to ProtonMail's servers. The private encryption key, used to decrypt your emails, is typically encrypted with your password and stored on their servers. This design is intended to balance usability and security. Vulnerability to Password Guessing: The comment mentions that if someone gains access to your ProtonMail account (e.g., through guessing your password), they could potentially decrypt your emails. While ProtonMail does have brute-force protection (rate-limiting attempts to guess passwords), if your password is weak, this could be a vulnerability. Server-Side Code: ProtonMail's server-side code is not open-source, which means users cannot independently verify that there are no backdoors or vulnerabilities in their servers. This is a valid concern for those who prioritize full transparency. Signal and Encryption Centrally Stored Keys: Signal stores the encryption keys used for message decryption on the user's device, not on a central server. However, Signal does use centralized servers to route messages, which some critics argue could be a potential point of surveillance or attack. Rate Limiting: Signal also has rate-limiting mechanisms to prevent brute-force attacks on encryption keys. However, if an attacker gains physical access to your device or your passphrase is compromised, they could potentially decrypt your messages.

👍🏻👍🏻

A one-time pad is an encryption mechanism consisting of combining a stream of key material with the data to encrypt, using a reversible operation; this combination can be very simple, and even doable by hand (without a computer), and still retain security as long as the key material (the "pad") is as long as the data ...Feb 8, 2016

Do you see any backdoors in Signal's source code?

@@TCKRDefense Apparently no one can see the source code in the Signal app running on their phones. At least that's what I got from the quote I shared. So if you can't see the code you can't check for back doors.

@@linsqopiring6816 You can check the github and compile the source code into a APK I don't think the same can be done with Iphone as I don't have a MacBook and don't know how IOS applications are compiled. Have you ever Compiled a Android application from source code? next With the APK version of signal you can decompile it with Ghidar which is a Reverse engineering software and do something with that. My point is their are ways to solve your problem. I installed signal and yes it did require a number but they allow usernames and I can disallow the invisability of my number so People can only search for me using my username. Signal is better then Telegram I can even recommend other applications that you can install on Phone and computer that are open source. sorry for my grammar mistakes.