IE like Crypto AG:
In 2020, it was revealed that the Swiss company, Crypto AG, which provided secure communications services to ~120 governments throughout the 20th century, was secretly ran by the CIA and West German Intelligence. The CIA and later NSA were able to read encrypted communications for many countries such as Saudi Arabia, Iran, Italy, Indonesia, Iraq, Libya, Jordan and South Korea.
Most likely all free vpns
Israeli actually, like express VPN
Be careful of accepting some of the criticism of Signal in this thread. For most of us, we have to make choices about secure comms from subject matter experts. Almost all the criticism I see of Signal comes from anonymous or otherwise random users online. If you believe in such a thing as expertise, please seek it out when evaluating something like this.
It is absolutely irrelevant who makes the criticism, what needs to be addressed is the criticism itself. If somebody gives you advice to simply trust people blindly then you should be very suspicious of their motivations.
Who are the experts, and who pays their salaries? Crypto AG wasn’t lacking in experts.
You’ll have to make your own determinations I guess, but be careful if you find yourself dismissing expertise in favor of opinion or motivated reasoning.
Maybe not a honeypot, but definitely too large for my taste by now: Proton. With Mail, VPN, password manager, file storage, AI and whatnot, it’s one ginormous basket to put all of your eggs into, hopping it’ll hold.
the owner is fine with fascism because fascism makes his product more lucrative
beyond the obvious ones? signal.
Dating apps.
Probably various VPNs on the market
Especially Israeli owned VPNs. Which seems to be most of them lately.
Oh yeah definitely
Especially the ones aggressively marketed, or noted as independent when they cannot give concrete evidence for whence their finances and ownership come. Always question and investigate, and make sure trusted people know you do so.
I always assume the more popular it is, the more likely it is of being compromised.
I have no idea if it’s the case, but I switched away from mullvad after seeing billboards and ads of it everywhere, even on city infrastructure like trains and buses.
Mullvad is very likely one of the few good ones. I’d suggest reevaluating it.
If the company is owned by “Kape” its ikely a Israeli honeypot:
https://medium.com/illumination/vpns-the-privacy-trap-4aef67f39634
Kape’s portfolio includes ExpressVPN, acquired in 2021 for $936 million; CyberGhost, purchased in 2017; Private Internet Access, bought in 2019 for $127 million; and ZenMate.
Together, these services account for three of the six most popular VPN products globally, serving approximately 7.4 million paying subscribers.
Kape also owns VPNMentor and Wizcase, review platforms that rank VPN services — including Kape’s own products — for consumers seeking expert guidance.
Most people only use vpn providers for streaming location hopping, torrenting, p*rn and on public networks. For day to day 24/7 use you are just trusting your VPN provider not to spy on your traffic instead of your ISP.
I know your example is the opposite, but any service that is run and hosted in the US.
It’s one of the major issues with Signal.
You got that right.
Not to mention Graphite and Pegasus, Israeli spyware.
When parliaments have to inquire their own spy services, it’s a sign that these spy services must be disbanded, as they are becoming a deep state of their own, intimidating and harassing politicians. After all, if you can’t trust your own politicians, whom can you? And that’s problematic.
Disbanding those services and prohibiting any secret services from ever forming, would also regain a great deal of trust of society in each other. And that trust in turn, can foster society to advance for mankind.
Sometimes I think that DNS providers could be, like NextDNS (I use them).
I wish there was a possible way to run an authoritative DNS yourself. The best I can do is a recursive server blah.
Yeah, that would be perfect. I thought some time ago about doing a DoT port -> nginx -> pihole -> unbound inside a cloud VM for the outside world , like this, but that would be too much work and maybe insecure.
You can tunnel your DNS requests via wireguard to your pihole server. If it has good bandwidth even the full traffic. Why would that be insecure?
Yeah, using a VPN would be good enough, but I want it to be open to the internet, without any port/config restriction, so I can access it from any device and anywhere, so the only remaining thing would be to host and open the port on a VM, only DoT and DoH, no :53 open (that would really be insecure, as DDoS insecure).
Signal I think. I don’t mean that the end2end algorithm or messaging itself are itself unsafe, the algo has been shown to be secure. This is what people usually rebuke this with, with the reminder of Signal’s OSS nature.
The issue the servers and the social networking data that can be harvested. The server code only partially exists in public and we just have to trust that that is actually what is running on whatever AWS server without tampering and self hosting is nearly impossible in practice if technically possible and nobody does it. The social network data (who talks to who) is more valuable than the actual messages logs, which give a massive, but mainly useless datasets. Until LLMs, like 10-15 years ago they were basically impossible to parse for any useful info without using large quantities of eye pairs. Basically if you are an organizer, criminal, government, part of a hunted opposition, you will leak the whole core group structure of your org with attached phone numbers. Whoever with that data can then target their devices and persons with other means. Plus it’s literally built on top of CIA money. I think signal is totally safe and adequate for friends and family type of use, but not much else, but then all in all so is whatsapp, mostly since signal and Whattsapp share the same end to end algorithm.
Signal is def one, otherwise US government orgs like RFA and OTF wouldn’t be defending and pushing for it so hard in western privacy spaces, nor fund it.
Have a look at Deltachat
Its starting to make headway: FOSS, Decentralised and anyone who is tech inclined can setup their own Relay.
It’s funny how every poster who criticizes Signal inevitably makes a technical error. In your case, the claim that “Basically if you are an organizer, criminal, government, part of a hunted opposition, you will leak the whole core group structure of your org with attached phone numbers” entirely lacks basis. The Signal client - the OSS part we can and do control - does not divulge phone numbers.
You have this theory that Signal’s servers are storing communication records. (While there is no evidence to support this, it’s valuable to consider what they could do.) So the data that would be captured here is a network of hashed phone numbers and literally undecryptable messages. It’s impossible for the adversary to determine any phone numbers they don’t already know this way.
And since you can make a Signal account with a burner phone and create a “username”, even a known phone number becomes useless against targets who don’t want to be identified.
All speculation. You gave them your phone number (which also means your real identity), so you should assume they have it. And because its a US-based company, it must adhere to US laws including key disclosure laws, which make it illegal for any signal employee to tell you that any US government has asked for this information.
https://en.wikipedia.org/wiki/National_security_letter
So the data that would be captured here is a network of hashed phone numbers and literally undecryptable messages
With this data you can build social networking graphs: who is talking to who, and when.
Also this is all the more suspect when you consider that US military / government agencies like OTF fund signal, and constantly try to push signal in privacy spaces.
The point is that they could. We are discussing honeypots here. They don’t advertise the fact if they are.
Be the phone numbers hashed/encrypted or not they will still get your ip. They are not routing anybody’s messages otherwise. Phone number is just more directly tied to a personal details, unless it’s a burner, but with burners you lose the account if you need to log in. Also you can set your phone number public, so it probably can be seen by the signal servers at some point. And what about discovery through phone number and like the actual sending of the signal confirmation code? How is any that suppose to work if the servers don’t know your actual phone number? And your anonymity trick only works if everybody you talk to does it, which they don’t. If they want to profile you they can profile you directly or through the people you talk with. If the people you are trying to hide from don’t care about getting message logs and just association with some group is punishable or can lead to punishment or death then tough luck.
And you miss the main point. practically speaking you cant self host a signal server, therefore you can’t trust it fully (in a way ‘fully’ matters anyway). if you do it’s unsupported and not recommended and you probably need a custom client to access it. That added with it being under American jurisdictions, and Signal starting as a spook project should really set off alarm bells.
Bitcoin.
Hell, monero is the only crypto I think isn’t a honeypot, since so many exchanges refuse to list it. That could just be how the government wants us to think though 🤔
It’s not even that Bitcoin is a honeypot, it’s that it isn’t actually private at all, and through good ol detective work a wallet can be connected to a person, as well as their inflows and outflows and what wallets they’re sending or receiving money from.
yeah, the whole point of Bitcoin is literally everyone sees your transaction on there. not very cryptic if you ask me
Bluesky
Bluesky is like the furthest thing from a privacy app, which it doesn’t even claim to be.
Look what autocratic(ising) governments don’t do shit against. And what their opposing governments tell about the autocrat(ising) ones.
Those are more likely to be honeypots imho, as they claim to be one thing but likely work for another.
COINTELPRO (or as I’d rather label it, SOWTERROR), showed that the US government heavily opposed mutual aid and class solidarity, and combatted the Black Panthers, by defaming them, inserting gun control laws once they started police watching, bombing their homes and so on.
That said… let’s take an example. Correct me if I’m wrong, I’m working from my memory here.
DeepSeek is open-source, while ChatGPT isn’t. DeepSeek does however, participate in censorship (which Muskrat’s models also do, just in a different direction). DeepSeek is much more efficient, threatening Western models.
And imho, the latter is why many Western governments oppose using it. They say it’s spyware, but how can we be sure ChatGPT isn’t? It’s proprietary shit.
But both models are honeypots, just in their own ways. Sure, DeepSeek is open-source as it claims. But it also censors itself to unnecessary extents. Then there’s ChatGPT, which claims to be secure… but how can we know that when it’s proprietary and we cannot crosscheck its source code?
DeepSeek the service censors, but you can run it yourself uncensored.
