Oddbean new post about | logout
 I don’t think you can equate the amount of metadata available to Matrix and Signal servers with what is available to SimpleX servers - it’s actually less than what is available to Nostr relays users connect to. Putting them in one list, however flattering, implies a similar amount of metadata available, which is very far from reality and is misleading. 
 I agree, they are not the same. SimpleX is more private than Signal and Matrix for sure. But the protocol still grants a lot of info to the server. 

While Nostr relays also have a lot of info from users, especially if you mix private and public events, a fully private client can make it so that the relay doesn't even know if the computer connecting to them is a user or a proxy. The relay doesn't know if a DM is new or not because date/times are all random. In fact, many GiftWrapped DMs transfers are different encryptions of the same message (or any other private Nostr event), all from random accounts, being broadcasted by bots to generate noise. It fact, that same private client can just transfer directly in P2P if the two phones are online and relays won't even know about it (which is my main use right now) 
 I love this, thank you for giftwrap pilling me, I thought it's just a type of DHKE and symmetric encryption  
 I think GiftWraps are more like individual Tor messages that can include DMs inside them. 

They have the "next node" address that is visible (a pubkey which can be the real one, an alias or a new key every time), but everything else is either random or encrypted. 

The GiftWrap event can encrypt other GiftWrap events that together assemble be a full onion route with the benefit being that the final node is the client, not the relay. It would be like never hiting an exit node in Tor.

But we are on early days. I am still wanting for a real cryptographer to make sure our thinking doesnt have any holes in it.  
 Is there a fully private #nostr client, @Vitor Pamplona, as you talked about? 
 Not yet  
 Another curiosity, @Vitor Pamplona. Is the info Signal servers receive not encrypted? They say they store no metadata in their server. Is not that true in reality. Why is then Signal so much celebrated in the infosec community?

I'll be very obliged if you take your precious time to enlighten us. 

Thank you. 
 Technically nothing prevents them from storing metadata on servers - only contents of messages are encrypted, same with Matrix. So, you have to trust Signal servers.
They also know your phone number 😅. 
Signal is so much celebrated because it has great UX, large userbase, battle-tested encryption (WhatsApp is based on the Signal protocol) and it was the first. 



 
 Why don't they do this then?! 
 Yay @simplex