Oddbean new post about | logout
Aurora | 5 months ago (raw) | root | parent | reply | flag 
 Signal is Open-Source...?

I think you wanted to say something federated 🤷
nicnym | 5 months ago (raw) | root | parent | reply | flag 
 how are they going to add a back door then
Aurora | 5 months ago (raw) | root | parent | reply | flag +1 
 Well that's what the EU wants to happen, Signal won't do it :P
🦄Onigirl🐹🐉 | 5 months ago (raw) | root | parent | reply | flag 
 Nor sessions
Aurora | 5 months ago (raw) | root | parent | reply | flag 
 Session still suffes from inferior cryptography ever since they've switched away from double ratchet.
🦄Onigirl🐹🐉 | 5 months ago (raw) | root | parent | reply | flag 
 The app is different from the oxen crypto.It's works a lot like nostr with nsec/npub keys
Aurora | 5 months ago (raw) | root | parent | reply | flag +1 
 if suffers from the fact that libsodium (their encryption library) is inherently weaker than something that implemebts the Double Ratchet encryption algorithm. The most notable deficiency is that it doesn't to Perfect Forward Secrecy, meaning if *one* of a chat's keys leak, your entire chat history leaks, not just one message.

These are important things that they've failed to address.
nicnym | 5 months ago (raw) | root | parent | reply | flag +1 
 What is yall’s opinion of SimpleX ?
Aurora | 5 months ago (raw) | root | parent | reply | flag 
 I use it and I like it.

Uses double-ratchet from Signal + some neat quantum resistance stuff, uses user-selected relays to send messages and doesn't use persistent user identifiers. Lots of metadata privacy to be had :)
sansubr | 5 months ago (raw) | root | parent | reply | flag 
 Is it good for day-to-day use like to talk to my family, for example?
nicnym | 5 months ago (raw) | root | parent | reply | flag +1 
 I would say yes, just make sure you select the kind of notifications you want
Aurora | 5 months ago (raw) | root | parent | reply | flag 
 generally yeah, unless you're looking for some more fun social features (stickers for instance)
sansubr | 5 months ago (raw) | root | parent | reply | flag 
 If a public key can be found using a private key, is there a possibility that institutions with the best mathematicians cannot reverse engineer it and apply that as an algorithm depending on the type of encryption?
🦄Onigirl🐹🐉 | 5 months ago (raw) | root | parent | reply | flag 
 Libsodium? Its a swarm system. Everything is hidden, metadata and identity n you can put a delete message timer within a time frame.
Aurora | 5 months ago (raw) | root | parent | reply | flag +1 
 yes, libsodium, the encryption library they use.

https://getsession.org/faq#libsodium
🦄Onigirl🐹🐉 | 5 months ago (raw) | root | parent | reply | flag 
 Thanks will ask a friend to look into