Please, please, please consider organising off Facebook. Really. It's not snobbery. It's really dangerous to people who use their legal names to use Facebook for organising.

@h what do you mean by organizing? Posting or using i.e. the groups for coordinating things? What is the worst case you see, if staying engaged? And what about Twitter?

@Manuela @h By organizing on Facebook or Twitter, anyone with sufficent cash or at a federal agency can issue a single subpoena and get a total view of the conversations, IP addresses and potentially full identity of the participants, in the case of federal agencies they don't even need court approval or oversight for an administrative subpoena.

A mailing list provides more anonimity and makes it harder to get a total view (due to multiple mail providers), let alone organizing on Signal or Mastodon.

@Manuela @h if you're doing political organizing, then Nazis could take the member list and use it to find addresses. Data brokers will give anyone lots of personal info, and voter registration lists are open in some states. This could be dangerous to members.

@h
We all know what the issues are, though. Facebook has the user base, features like events, etc. Organizing is best done offline, but there is no better platform for boosting that I'm aware of rn

@derpayatz Facebok is not "best' at anything other than making rich people richer.

@h
Ok, not best, but adequate. Like I said, organizing offline is best, but do you have suggestions for platforms that can replicate the functionality of Facebook for organizing purposes?

@derpayatz There is no single ideal system, but here's a couple of ideas:

1. Riseup.net (their services can be used for free, but you are encouraged to support the hard work they do)

2. Self-hosted Loomio (You're still at mercy of your ISP of choice, but *you* have a choice)

Even though I don't recommend it, and it's clearly also potentially dangerous, organising via Twitter has been ten times safer over the years than Facebook.

Using FB is the absolute worst of the worst. ** Really **

@h
Have we been using different definitions of organizing? I use Signal, and I've used Riseup for some things. I use mailing lists (and oh boy are those easy to compromise). But what should I use to, for example, publicize a fundraiser? Aside from word of mouth, flyering, etc, which I also use? I know literally zero people locally who are on Mastodon, and I need to be able to reach mass audiences.

@derpayatz And please, don't insist with 'adequate'. I'm not interested in any more excuses for Facebook.

If you're genuinely interested, please read all toots in this thread and please do your best to acquire a more informed belief. Thank you.

@h @tbeckett @mastodan @Gin @artemist

Thanks for all the detaills. I also try use signal, mailing listes, owncloud, etc. and more recently mastadon, and in some cases even only face to face conversation. but I am still connected with most people via facebook and I want to stay connected to this crowd. so I still keep doing announcements on facebook, but internal organizing, discrete stuff on channels more aligned with my values. though I wonder, if they are really much safer...

@h @tbeckett @Gin @artemist @Manuela The goal is to mitigate the threat model of a bad actor compromising one central host to gain a total view of a group that's being organized. With Signal, you'd have to compromise most endpoints, Mastodon would require compromising the federated servers, and email has muxh the same threat model as Mastodon. Best to organize on Signal with disappearing messages if possible.

@mastodan As others have pointed out, there's a list of problems with Whisper Systems's Signal. But yes, by ranking on a scale of 1 to 10, Facebook is still zero, and Signal maybe it's an 8, or 7 according to others.

@Manuela @artemist @Gin @tbeckett

@tbeckett @Gin @artemist @Manuela @mastodan

The Wire app is very similar to Signal but it's important that it's really open source, and SMS authentication is optional with Wire. Signal forces you to authenticate using SMS when you sign up, which in turn is operated by another US corporation, Twilio.

Wire still has some other problems, and it could be bettter if it were audited and if it supported a decentralised model, but at least we can peek into their code.

@mastodan @Manuela @artemist @Gin @tbeckett

For that reason, in my view, the Wire app still ranks a bit better than Whisper Systems' Signal.

@tbeckett @Gin @artemist @Manuela @mastodan

Other considerations from a legal point of view: The Wire application services are operated by a German company under EU law. Whisper Systems' Signal is from San Francisco and governed by US and California laws. Your protection and defensibility will greatly depend on the availability of legal resources to you under your particular jurisdiction.

Unless you're outside both the US and the EU, in which case you're probably fucked no matter what.

@h @mastodan @Manuela @artemist @Gin @tbeckett My working assumption is that the US government has the full social graph of Signal users. So if your organizing involves something which is oppositional to the US government then Signal may not be the best tool.

But it was originally designed for cyberdissidents outside of the US, so Signal may still be better than other things, like mailing lists or Facebook groups.

@bob
In the case of a number of people, their act of breathing is oppositional to the US government, so your mileage may vary.

@tbeckett @Gin @artemist @Manuela @mastodan

@bob @h @mastodan @Manuela @artemist @Gin @tbeckett I realize I might sound like a broken record, but what we need is more stable XMPP clients and servers with full OMEMO functionality and interoperability (compliance with all relevant extensions) for all platforms.

@Manuela @bob @h @mastodan @artemist @Gin @tbeckett If you and your contacts are on Android (not implying an Android phone is a secure platform), I'd probably recommend using Conversations, ideally with carefully chosen servers.

conversations.im

Server options:
conversations.im/compliance/

@Manuela there's not one single "most secure tool", and they're definately isn't a "best tool". It's going to depend on:

Who you are communicating with: if they aren't extremely technically competent, then if they can't figure something out, they're going to switch to something very insecure, like SMS

Who your attacker is: the NSA can do a lot, annoying teens, not so much

How much the attacker cares: the NSA might not care about what you're doing more than anything else

Sign in to participate in the conversation
social.coop

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!