Why? 

 This is fuckery I can approve of lol 

 what are the best resources to learn about these vunerabilities?

nostr:note1qqqy29072nvdvlqvx58wusuzd3uqekrtm74d8pprfqackeur78nqjzyta3  

 stop thinking of them as vulnerabilities. trust. 

 The only metadata they can get from Signal is frequency of messages and the size of the message files. Everything else is encrypted. There's a feature with Signal called Sealed Sender, it makes it so anyone looking at the data being exchanged can't know who messages came from. This means that unless you and your contact are both active targets of the government, they really can't do much with that minimal metadata... Or, at least, nothing they can't do with other options. 

Now, if you need total anonymity due to being a whistleblower or something like that, I'd definitely recommend Session instead, as it's anonymous, has almost no visible metadata and is onion routed. It's not great for a daily option, however, thus why Signal is the best option for the average person. 

 Or @simplex 

 If people enjoy SimpleX, more power to them, but I just don't find it to be a good experience at this point in time. There are also some valid concerns over its security that I'm also questioning myself.

That said, nothing about it is inherently bad, just not for me haha 

 Fair enough 😁 Would you care to point me to some security concerns? 

 The biggest is definitely the fact that a vast majority of its relays are run by the company, which is a for profit company that kinda just showed up out of nowhere. The tech itself seems solid but it's concening to me that the relays are overwhelmingly run by the company. 

Also, unlike Session, itd be incredibly easy for governments to set up honeypot relays. If I'm not mistaken, there isn't any onion routing in SimpleX, meaning they wouldn't even need to do a sybil attack to know metadata like your IP.  

 Thanks, that’s very informative. I saw that @Start9 has a @simplex server package on their marketplace which means other people could run servers. But that is an issue in itself as you state in your second point 🙂 

 You can run your own relay and that should be pretty easy.

Compare that to Signal where there is only one relay that everybody should use and it's already a honeypot. 

 Simplex is better imo 

 I agree 

 Really, though? It's more anonymous for sure, but it's really slow if you have more than one or two populated groups, most of its 'decentralized' architecture is hosted by them and they're backed by a for-profit corp.

It's cool if you prefer it but I'm not sure how well it actually holds up under scrutiny.  

 whhat about keet? 

 There is some nuance here. If I'm not mistaken Signal knows that communication between two parties was established due to the authentication token, but sealed sender prevents them from knowing the content or frequency of communication between two parties. 

 I believe frequency is unavoidable with any messaging app, though, right?  

 According to Signal (...) the sealed sender functionality prevents them from knowing the frequency.  

 If they were serious about it they wouldn't require a phone number for sign up and would allow truly open-source clients. 

 https://www.youtube.com/watch?v=QcXEGCmCNcI 

 Don't disagree 

 Who made that quote? 

 Interesting: If you view this post in Amethyst, it says "edited". And when you click on "edited" multiple times, it plays an animation of two white balls bouncing around on a black space. 

 Yeah. It's nostr:nprofile1qqsrhuxx8l9ex335q7he0f09aej04zpazpl0ne2cgukyawd24mayt8gprfmhxue69uhhq7tjv9kkjepwve5kzar2v9nzucm0d5hszxmhwden5te0wfjkccte9emk2um5v4exucn5vvhxxmmd9uq3xamnwvaz7tmhda6zuat50phjummwv5hsx7c9z9 protesting about edits.
Abuse is a great way to force changes. Just look at the spam wars. 

 It is like he wants to damage his own invention, his own protocol. 

 How long will it take those Bitcoiners to understand that Bitcoin IS the metadata.

If you swap Monero for Bitcoin, you are at risk..


nostr:nevent1qqsqqqz9zhl9fkxk0sxr2rhwgwpxc7qvmp4al2knss35swutv7plrespz3mhxue69uhkummnw3ezummcw3ezuer9wcpzqwlsccluhy6xxsr6l9a9uhhxf75g85g8a709tprjcn4e42h053vaqvzqqqqqqyx2e5e8 

 What's the point of this spam?  

 "This design prevents leaking any users' metadata on the application level. To further improve privacy and protect your IP address you can connect to messaging servers via Tor."

https://simplex.chat/#how-simplex-works 

 Ive been thinking, the only truly private way to send a message is Owl Post. We must all buy owls and train them.