stf on Nostr: some of my friends are pushing me to use #simplex - which undeniably has some fresh ...
some of my friends are pushing me to use #simplex - which undeniably has some fresh and exciting ideas. however the implementation is a huge supply-chain disaster to be discovered. it is >2G of haskell deps. my threatmodel currently can handle some deanonymization and even plaintext leakage, what it cannot is malicious code execution. simplex trades privacy for hostile takeover of your hosts. until there is a clean implementation that can be reviewed completely in <10days i'm not touching this.
Published at
2024-12-14 13:08:03Event JSON
{
"id": "fc488129b1fa902379c8e52ae5e54ec46e8c43dd1b2ebe7bb0c3aedaefaa4878",
"pubkey": "b887bffcf63863763c712604944ba34cf6b4674aba9d9ad586fda383be9f07c8",
"created_at": 1734181683,
"kind": 1,
"tags": [
[
"t",
"simplex"
],
[
"proxy",
"https://chaos.social/users/stf/statuses/113651330793127842",
"activitypub"
]
],
"content": "some of my friends are pushing me to use #simplex - which undeniably has some fresh and exciting ideas. however the implementation is a huge supply-chain disaster to be discovered. it is \u003e2G of haskell deps. my threatmodel currently can handle some deanonymization and even plaintext leakage, what it cannot is malicious code execution. simplex trades privacy for hostile takeover of your hosts. until there is a clean implementation that can be reviewed completely in \u003c10days i'm not touching this.",
"sig": "84a163d9878fa28778840d5ce9e15d2405c6ffb14c556bc675e59252c4ecc19f3eb9119be7d46fc82dbacbfd8615e0ec0a9fb237cd2e095928c43e4241dfc703"
}
