brito on Nostr: Deterministic builds don't help when you are trusting whatever binaries for the ...
Deterministic builds don't help when you are trusting whatever binaries for the client are available on the Play Store (even easier there to target specific users). There is no need to verify relays on our end because the E2EE encrypted messages are not possible to break unless the client on our side is cooperating.
That is why it is VERY dangerous to use the client and server provided by the same supplier.
At NOSTR there is no such thing since servers and clients are plenty from different suppliers. Attention that it isn't impossible to simultaneously bribe Amethyst, Primal and so on as attack vectors, but just 100x more difficult than targetting SimpleX because it is a money-thirsty company that provides the ONLY software option both the client and server at the same time.
That is why it is VERY dangerous to use the client and server provided by the same supplier.
At NOSTR there is no such thing since servers and clients are plenty from different suppliers. Attention that it isn't impossible to simultaneously bribe Amethyst, Primal and so on as attack vectors, but just 100x more difficult than targetting SimpleX because it is a money-thirsty company that provides the ONLY software option both the client and server at the same time.