Oddbean new post about | logout
 Maybe you could ask them to get in contact so I can actually have some money in my life. Heh, that's a joke. But the truth is you can talk to anybody, especially people who actually are professionals in the sphere, and they'll tell you the exact same thing as what I'm saying. You're free to use whatever platform you want, but don't pretend to have superior security just because you don't trust the "mainstream" platform as if Signal is somehow mainstream.

Again, if somebody with the literal full force of the U.S. government against him is okay with using Signal, then I think you can use Signal. 
 if someone with the literal full force of the US government doesnt have a problem with Signal, then Im not convinced.

Why did they have a problem with telegram and not with signal?  because they were worried about you becoming a victim of the mTpro encryption?  lol

yeah this is a little beneath me, sorry. 
 What a weird convo 🤨

The encryption that's Signal uses is open source and nobody should have a problem with it.
It's pretty much universally acknowledged that it's the industry standard.

including simplex, which uses the same encryption. 
Until very recently, anyway when they added on quantum resistance to exactly the same algorithm.
But the starting point is the same.


And Monero is good, actually. 
 They are both good tools and you should use both.

There's absolutely no reason to think that either of them are compromised in any way. 
 I dont have a problem with open source, but i do have a problem with Signal using open source software to grain trust and simultaneously including proprietary code to leverage and exploit that same open source software against users.

stick to yoga and meditation, you're probably good at that. 
 show your work or GTFO

talk is cheap 
 exhaustive discussion on what has/hasn't happened with their code, their tradeoffs and design here

its only like one if the most looked at and audited open source projects in the world... 🙄

https://news.ycombinator.com/item?id=26715223 
 shitcoiner 
 demonstrating an intellect like yours,

please excuse if I dont think your opinion is relevant 
 You're misreading what I'm saying. Edward Snowden is one of the most hunted men by the US government, and yet he uses Signal, so that's all you really need to know about that part. If the government had access to Signal, they wouldn't need to hunt him so hard. They'd just get access to his information. It's not backdoored and that's proof.

And no, the reason why they went after Telegram was because there was information that they could easily get from Telegram. They can't do that from Signal. They've tried and they failed. Again, if the government thought that they could get anything out of Signal, they would be doing the exact same thing they're doing to Telegram right now, but they realize they can't, so they don't waste their time. Instead, they redirect their efforts to compromising individuals opsec. That's the real threat to Signal: poor opsec. Detractors commonly point to the Tucker Carlson "hack" but that wasn't a hack or a flaw of Signal, that was a flaw in his own personal opsec. 
 What can they get from end to end encrypted secret chats in telegram?

nothing. not even with Durov in custody.

That doesnt make me a supporter of Durov or telegram, just stating the facts.

Since you insist on discrediting Simplex while glorifying Signal, here are some more facts for u...


1. User Identification

Signal: Uses phone numbers and usernames for identification.
SimpleX: Does not use phone numbers or usernames. Instead, it generates randomized user IDs for each conversation, which are sent via QR code or link.
2. Server Control

Signal: Has a centralized server structure, with a single entity controlling the infrastructure.
SimpleX: Offers decentralized servers, allowing users to self-host or participate in public servers. However, SimpleX still controls which servers are integrated into the network.
3. Metadata Protection

Signal: Has a strong reputation for protecting metadata, but some users may still be concerned about the centralized architecture.
SimpleX: Touted as having stronger metadata protection due to its decentralized design and use of one-way queues to mitigate communication correlation.
4. Disappearing Messages

Signal: Offers disappearing messages (ephemeral messaging).
SimpleX: Does not have this feature.
5. Self-Hosting

Signal: Not designed for self-hosting.
SimpleX: Allows users to self-host servers, providing greater control over data and infrastructure.
6. Popularity

Signal: More widely recognized and used, with a larger user base.
SimpleX: A newer, less well-known application, but gaining popularity among privacy-conscious users.
Conclusion

Signal and SimpleX cater to different user needs and priorities. Signal’s centralized architecture and familiar UX make it a good choice for those already invested in the ecosystem. SimpleX, with its decentralized design and focus on metadata protection, appeals to users seeking greater control and anonymity. Ultimately, the choice between Signal and SimpleX depends on individual requirements and preferences regarding privacy, security, and usability.
 
 GPT generated.

so lazy
but its an accurate assessment. 
 Wow you're so smart to have detected that amazing!

Yes got gpt effort for responses needed for people like you.  Less energy wasted on newbies..   Efficient not lazy.

Butit didn't expect someone of your IQ level to understand.. 
 if your main source of data is fucking AI and you think you're informed

you're an idiot 
 https://m.primal.net/LWJg.png  
 so triggered bro ❤️ 
 I will be replying to this in-depth later. 
 Okay, first off, yes: they can get loads of metadata from secret chats on Telegram. As far as I'm aware, nothing but the messages themselves are encrypted on Telegram secret chats; this is a similar flaw to Matrix. Sure, keeping the messages encrypted is supremely important, and yes, I think both Telegram and Matrix have plenty of valid use cases. However, metadata is very important as well, and Telegram doesn't encrypt much of it (if any). Signal encrypts pretty much everything they can possibly encrypt. Moreover, Telegram's encryption standard is widely panned by cryptographers and security experts due to various flaws; there's literally zero reason for an app to not use the Signal protocol or a fork of it. Durov just wanted to be different, as his recent slander of Signal proves.

Regarding SimpleX, I'm not discrediting it. I'm simply expressing valid concerns over it. I'm not against it, I use it too (though not much, because it's slow and janky at this point). I'm just not sold on this idea that it's somehow the perfect, maximum privacy encrypted messenger. Signal is almost universally accepted by security pros and cryptographers as the best, or at least one of the best options for secure messaging. Again, if the most wanted man by the three-letter agencies of the United States (Edward Snowden) feels comfortable using Signal for his messaging, then random, average joes on Nostr have no excuse for hating on it because none of you are even remotely as important to intelligence agencies as whistleblowers like him. Preference is fine, don't get me wrong: you're 100% free to use what messenger you like best and I think that's great! However pretending like Signal is some honeypot or heavily flawed because you think you know better than the people who study these topics as a career it really does make y'all look like you're talking out of your backsides. Now, on to the individual points.

1) Signal verifies with a phone number, usernames make it so you never even have to reveal that number to anyone. This is the same as Telegram except, unlike Telegram, Signal actually keeps all of that metadata encrypted. SimpleX does have unique IDs for each conversation, which is nice for privacy, but it can also easily lead to abuse on the network. Session, which has cryptographic IDs, proves this is more than a possibility; earlier this year, Session's open groups were unusable and the entire network slowed to a crawl, all because some dork in his mommy's basement ran a massive DDoS attack mass-spamming ads for a group that he claimed was a CSAM group. Signal having phone number verification means that you don't see quite that level of abuse on the network or its bandwidth. Decentralization is great and all, but if you're combining decentralization with unlimited user IDs, that's a recipe for disaster, and a messenger that is incredibly slow and non-responsive is not useful in any way.

2) I'll give you this much: I do wish Signal was decentralized or, at the very least, offered a hybrid decentralization (basically, running off of volunteer nodes unless the network is overwhelmed, during which it'd hop to cloud providers). However, I also can't blame them for not doing that since it'd likely require a total rewrite of the code and really, all the decentralization gives to an encrypted messenger is that you have less likelihood of downtime.

SimpleX decentralization is a thing, but it's only "decentralized" in the sense that it has various nodes, a majority of which are run by -- you guessed it -- the corporation developing SimpleX.

3) The only metadata Signal "leaks" is the same kind that other messengers leak. If a hostile force obtained the servers that SimpleX is routing messages through, they can still get that metadata. You can't stop this, the only way to get around it is to use a VPN or Tor. In fact, if you're using an "anonymous" messaging app without a VPN or Tor (one or the other; don't mix for a single user ID), you're essentially putting all your eggs in one basket.

4) I mean, disappearing messages are pretty important. The fact that the "ultimate privacy messenger" doesn't have a very basic feature of private messaging is questionable at best. That said, can't individual groups set a timeout for messages on SimpleX?

5) Self-hosting is a great concept but in practicality, very few people can or even want to self-host. Moreover, the fact remains that the overwhelming majority of SimpleX nodes are hosted by the company, not volunteers.

6) Security by obscurity is important. If only a handful of people use SimpleX, then you're not as private or anonymous as you would believe, because as I said, metadata like your IP is still present. If you're not using a VPN/Tor, anyone watching the network can see you're using Signal... OR SimpleX. The difference is that Signal is massively popular, meaning you blend in with millions of other users around the world, whereas SimpleX is newer and less populated meaning you have risk of being singled out by ISPs or government snoops.

Not sure why you felt the need to go with an AI-generated reply but I figured I'd address the things you're trying to present as alleged issues with Signal, regardless of the AI reply. 
 not really worth continuing it but I admire your resilience.

worth noting that you can spin up a Simplex relay in a few commands
a few more to get it accessible through Tor

if the attitude is just "people will never run their own infrastructure"
then sure, no network will ever be decentralized and metadata will be available in some way.

Simplex is noteworthy because it makes it easy to decentralize.
I have my own relays and therefore, I have reliable encrypted comms on my own infrastructure.

you can't do that with Signal.

 
 As I said, I'm not against SimpleX. I just have plenty of concerns (and it's painfully slow/sluggish and janky) that keep me from using it much. I'm also skeptical of how everyone seems to be rushing to sing its praises; that should raise eyebrows, especially with a community that tends to be skeptical of changing software when the previous option works. 
 i'm just gonna repeat myself endlessly about this until people fully grasp how simple it is

p2p messaging is only possible with inbound routing, and the establishment has dragged its feet about allowing this and deploying ipv6 that would enable people to run servers on their home computers easily

a workaround that is really simple is to use reverse proxies and have the protocol use http/s and people can run servers on VPS that connect to their relays via wireguard

nostr goes further with teh outbox model and already, clients that support outbox can directly connect to relays their friends set as their inboxes and drop their DMs straight in them

this can even be done on mobile devices

what it doesn't give you is asynchronous messaging but what it does give you is metadata privacy and full control of your own data