Oddbean

pov >literally fucking about privacy as loud as possibly can >for many years >even with such radicalism like "don't use secure emails: SELF-HOST, SELF-HOST CALENDARS, MAPS, READ OPEN SOURCED CODES YOURSELF, CREATE OWN ANDROID BASED OS' >yet still get called a fed for inviting dawgs into a simplex channel we shall not forget, that CIA has two ways to track us: creating honeypots / hacking into apps, and blaming too-secure-to-be-hacked-apps as created by CIA, pushing people away from them to using honeypots / hackable apps. I always think about this, when hear that Tor, Monero, Tails or else is a CIA's honeypot

You're missing the point: SimpleX is easy to break by governments. Think for a bit: there is only one realistic way to use SimpleX for normal users and that is through the official app by the original author. 99.9% of those users will open channels on the same servers hosted by the original author. The original author has received VC funding, large part of it by personalities with a track record of government cooperation. VC-funded companies need to provide return to stockholders, governments tend to pay for access into those apps (e.g. Signal received +30 million per year from the CIA until recently). Now go back to the first paragraphs: you are using the author app and servers. It is simple to give you a spoofed version of the client app that makes you write in plain text or share those text with some federal agency. It is standard practice to give modified apps to PoI targets like you, and you won't really find the difference. You should NEVER make it so easy and use the author app nor servers for that exact reason. That is why NOSTR is great, has hundreds of volunteer relays that make difficult to track incoming messages and dozens of different clients to retrieve them that are E2EE without cryptographic doubt. From an adversarial point of view, NOSTR is 100x more secure than SimpleX. This is obvious to anyone working on that kind of industry.

> That is why NOSTR is great, has hundreds of volunteer relays that make difficult to track incoming messages and dozens of different clients to retrieve them that are E2EE without cryptographic doubt. Most public relays sync notes so private messages are extremely easy to track. You could just connect to one of the larger relays and listen for all notes by and npub hoovering all private dms. That's a massive hit to privacy. Gift wrapping helps, but does not guarantee this information won't get leaked when a single npub keeps requesting certain notes. On top of that if a client is using nip46 and possibly connected via relays, that same hoover can see when you attempted to decrypt a given note. Cloudflare proxying is also used for a majority of big relays. Most users will be connecting via clearnet and standard TLS connections leaking traffic and IP addresses. We are still working on better ways of improving forward secrecy because I believe there is still a possibility of ciphertext attacks with as much data that is available for a given user. Speaking as the author of the C reference for nip04 and 44 encryption.

plaintext attacks can only be possible if the message nonces are weak reuse of a nonce is absolutely out, as it enables a plaintext attack giftwraps already provide forward secrecy if the relay does not provide access to the events without auth proving the client is involved in the message exchange what we are missing at this point is good support of nip-65 mailbox support and delete event support

I'm speaking strictly to ciphertext attacks, where the content is highly predictable, nonce is known because it's public, and 1/2 of the shared key is available, although I doubt that's useful but still worth considering.

all of those things depend on repeating nonces, or as you mention, repeating pubkeys these are very easy to avoid, but maybe there is some programming languages that still make it complicated to access a strong CSPRNG more than a few instances in the history of bitcoin where dodgy entropy led to wallets being cracked and UTXOs stolen very often, propagandistic, opportunistic, manipulative "study" articles to avoid being in such a story make sure you understand the mechanisms well enough to know where it has weaknesses strong entropy, private random number generation is really central to all of the security of these things, just make sure you know the quality of entropy you are using before you inflict this shit on users haha

There are chances for improving those attack vectors: I2P connections between relays and between clients solves a good chunk, sending random noise every so often makes it even harder to know when to track. Clients don't need to talk only with main relays, they can ping hundreds for messages from an npub. What I don't see are realistic ways to improve SimpleX. Where are the hundreds of relays run by volunteers with dozens of relay implementations and dozens of clients? They don't exist, and won't exist. We both know that. NOSTR is still our best shot that can, and will be improved.

I'm speaking to the current situation. Were moving toward a better solution, but out of the box I find it hard to imagine nostr currently, and even in the near future is a more secure solution to PRIVATE messaging than SimpleX and I read the white paper a while ago and don't remember most of it XD

I've read the protocol of SimpleX too, but maybe my previous posts were not clear enough: I'm not saying the encryption is weak. I'm saying it is really easy to feed spoofed apps to target users that bypasses completely any algorithm. You don't even need 5 USD. https://image.nostr.build/c1b4cda7ee268680b9cae99543d03b753d13abda18ad09108195248fdfca795c.jpg

on simplex there are not thousands, but hundreds of unofficial servers. tho you're correct about putting a backdoor into a one mainly-used-by-everyone client is easier, than into a lot of different clients. yet, this has also another side: if the code is open and has only one version, there's more eyes on it than if the eyes are spreaded onto a lot of different clients. it also backslashes: if there's a lot of clients, CIA can make its own — taking its budget into account it will be even easier to make a good looking honeypot than to insert a new backdoor into an already watched app. "just use the serious clients"? yeah let's limit clients to only one trustable, like simplex did. also, the government funds lots of shit: tor, tails, signal... doesn't mean they're automatically becoming bad apps becos of that (but I bet they hope we think so) I'm open to change my mind if I'm wrong, so please answer, if you disagree

There only exist 11 SimpleX servers to choose from, 99% of users are found on those 11 machines. Where are you reading that exist hundreds? Please show evidence of your claim because even Nostr with a far wider audience and deployments is only between 300 to 700 servers during the day: https://legacy.nostr.watch/ It is an awful approach to have "only one trustable" client. That is what Telegram does, at least learn from that experience. Most of the apps you mention are bad ones because of the funding and origin, reason why they are not really trusted. If you wish, I can detail why but you can also learn about it on your own.

could you source the 11 server clime? also, please do detail about funding & origin, because, as I said, tor, tails, signal, lots of privacy apps are funded or even originally created by governments — doesn't necessarily mean they're not trustable meanwhile I'll search the source for SimpleX server count.

Go to "Settings" -> "Network & Servers" Count them. Now provide source for your "hundreds of SimpleX servers". Not "lots of apps", signal was specifically receiving tens of million USD per year from CIA. You can inform yourself, this is public info.

So please read again my texts and this time make a different effort to understand them. Sorry, SimpleX isn't really more secure nor private than NOSTR from a government adversary point of view. On the contrary, having a single implementation and realistically only using the author servers while being a for-profit company is just too insecure for anyone who remembers the past.

Sorry, are you confirming to be a fed or trying to prove you're not? Because XMPP was always known for ZERO privacy, reason why even Google (#1 fed friendly) adopted it decades ago. On the other hand, NOSTR messages are truly E2EE and distributed across hundreds of relays. Doesn't get much comfier than here, fren.

I believe you would benefit from the educational materials on our website. And I'm excited to share this knowledge with you. XMPP is the gold standard for the darkweb, known for OMEMO and OTR encryption. Nostr metadata is out in the open. The clients don't all have the gift wrap, only a few do. And the new gift wrap v3 isn't audited last I heard. Also without the gift wrap, there's no rotating keys, so then you might as well use Session which follows a similar model with relays and encryption as identity.

Sincerely don't know anyone still using XMPP today, was used like 15 years ago and died long ago. If there is something like a gold standard, today that would be Telegram. Followed by IRC and plain forum sites for everything else. My preference would be BBS but even that is gone now. NOSTR is more private by default than XMPP, all defects you point the finger are applicable to XMPP when working at federal level. At least NOSTR has room to grow, to use techniques like I2P between server to server communication and then also with clients.