this is frankly really scary. if you’re in a socialist org, please make sure that they’re not so lax with security like this. also, why the actual fuck are they using google products. we are fucking doomed here in the west man. To be clear I think this is probably more on the local chapter of your org than the national org, but even then I really think national orgs need to be giving out a lot more training about this kind of thing, and quite frankly booting out the leadership of local chapters if they’re lax like this.

tweet text here

PSL security culture: I left almost a year ago, their members locally know I don’t like them, but I’m still in some shared folder where I can see sensitive event and recruiting information

I highly recommend to the people joining orgs to take serious steps and ask questions around security. What if this got into the wrong hands? Out of courtesy I’m censoring the names. I have plenty more screenshots of events in case they try to refute this but I recommend they just hold this L quietly

*4 images showing proof

  • Imnecomrade@lemmygrad.ml
    link
    fedilink
    English
    arrow-up
    4
    ·
    edit-2
    8 months ago

    Even Matrix isn’t perfect. I would consider Signal and Matrix to be pretty secure and recommended for activist organization, until the US decides to force Signal to open a backdoor into its end-to-end encryption. Signal only provided the account number, last connection date, and account creation date (in unix time format, lol) when the California grand jury issued a subpoena. Signal has also threatened to leave the US and the UK if they passed their anti-encryption bills.

    Signal is not without criticism, though, considering their controversial cryptocurrency project.

    • Muad'Dibber@lemmygrad.ml
      link
      fedilink
      arrow-up
      5
      ·
      edit-2
      8 months ago

      Its illegal for Signal to tell you if they have a backdoor, because of US key disclosure laws. Check out the EFF’s article on NSLs, and why every US-based service can’t be trusted.

      The data signal gives to state governments, is likely different from the info it gives to the federal goverment.

      Signal also has an especially sus history.

      • Imnecomrade@lemmygrad.ml
        link
        fedilink
        English
        arrow-up
        3
        ·
        edit-2
        8 months ago

        Very resourceful links! Thanks! I wasn’t doubting there are issues regarding Signal, especially considering its ties to the US, as I saw a video regarding its controversies. My point I wanted to make is there is no 100% secure application, and there will be bugs and vulnerabilities among applications we think we can trust. I believe Signal is still a major improvement regarding security, at least compared to Discord, but I would prefer XMPP, Matrix, etc. if I had the choice. Though I understand if an encrypted system is compromised, it’s just as a good as being unencrypted, so if it turns out the US is getting sufficient information from Signal through a backdoor and the subpoena I mentioned was just for show, I hope PSL would consider migrating to Matrix or something more trustworthy. Then again, when the going gets tough, we may have to abandon our phones and electronics to stay safe and find ways to make revolutionary change under a police state.

        • Muad'Dibber@lemmygrad.ml
          link
          fedilink
          arrow-up
          3
          ·
          8 months ago

          For sure, and thank you for doing this work for your branch. Enough people need to push for the use of more secure platforms, (esp getting off google), and I hope that eventually becomes a mandatory directive, not just for PSL, but all parties.