Oddbean new post about | logout
iefan 🕊️ | 1 months ago (raw) | export | reply | flag +12 
 End of Ghosh Chat | Important Story, Lesson & Realization | Warning for Threema & Session Users!

It looks like Australian government agencies have compromised Ghosh Chat, an anonymous & encrypted messaging service.

Context: Ghosh Chat was an anonymous messaging platform where you could send messages without requiring an email or phone number. It was partially open-source but controlled by a single company. In terms of user experience, company structure, and governance, it was very similar to Threema and Session.

But like any company, they had a headquarters. Ghosh Chat’s HQ was based in Sydney. Until yesterday, it was generally trusted for anonymity and encryption. It was used daily by many criminals across the world and had been battle-tested, although it also had plenty of regular users.

The Scary Part: It turns out Ghosh Chat had been compromised for quite some time. Today, police started making arrests across Australia. Authorities have all the chat logs and are now using them to incriminate users.

The site is still live, but it’s compromised.

So, what went wrong? Ghosh Chat wasn’t just any app—it was OG, battle-tested, and encrypted. But it had the same fundamental problem as Session and Threema—and it’s a dangerous one.

The issue is the single point of failure. When one company has full control over the underlying protocol, the app/website, and the encryption implementations, it becomes incredibly easy to introduce backdoors, compromise the entire network, or even take it down altogether.

Nostr now has a huge opportunity to solve the private communication problem once and for all. It’s the only decentralized, permissionless, and anonymous communication protocol that exists right now.
https://image.nostr.build/d3b46df9cd1ae846cef75e149c413d48e99b9c7f162cae6cb95cbee4419c51ec.jpg
in30days | 1 months ago (raw) | root | parent | reply | flag 
 What are the best alternatives?
nami | 1 months ago (raw) | root | parent | reply | flag 
 what about matrix?
iefan 🕊️ | 1 months ago (raw) | root | parent | reply | flag 
 I haven't really worked on it myself, but from what I understand, it has end-to-end encryption. If you self-host the servers, you can make it quite secure. It does have a metadata issue, but if you're self-hosting, that shouldn't be a problem. You can also use Tor.

But you can also do same with nostr by hosting your own relay. In fact new gift-wrap dm has better metadata protection.
nami | 1 months ago (raw) | root | parent | reply | flag 
 Yeah it is ok i think too. It is heavier than other choices for self hosted communications though. Now matrix 2 is out. We will see soon about that
Smee again... | 1 months ago (raw) | root | parent | reply | flag 
 Partly open source and controlled by a company, based in Australia of all places? OG my ass! That was a royal honeypot.
KevinR | 1 months ago (raw) | root | parent | reply | flag 
 It’s been quite clear that the Australians are living in an open air prison.
GHOST | 1 months ago (raw) | root | parent | reply | flag 
 This... 👇
nostr:nevent1qqspxf0cem2zxlyxjd9v8uk7qrtw7r0v3xwwn247tyaq82s98avl6kgpz4mhxue69uhhyetvv9ujuerpd46hxtnfduhsygxx7urh795e65x0j25k22l7hlavqh7xss4eacu3pzwetxu26h2gl5psgqqqqqqsne6yt2
atori | 1 months ago (raw) | root | parent | reply | flag 
 Any info on how they compromised a end to end encrypted app?