Jacob | Five Eye Tea on Nostr: Okay, first off, yes: they can get loads of metadata from secret chats on Telegram. ...
Okay, first off, yes: they can get loads of metadata from secret chats on Telegram. As far as I'm aware, nothing but the messages themselves are encrypted on Telegram secret chats; this is a similar flaw to Matrix. Sure, keeping the messages encrypted is supremely important, and yes, I think both Telegram and Matrix have plenty of valid use cases. However, metadata is very important as well, and Telegram doesn't encrypt much of it (if any). Signal encrypts pretty much everything they can possibly encrypt. Moreover, Telegram's encryption standard is widely panned by cryptographers and security experts due to various flaws; there's literally zero reason for an app to not use the Signal protocol or a fork of it. Durov just wanted to be different, as his recent slander of Signal proves.
Regarding SimpleX, I'm not discrediting it. I'm simply expressing valid concerns over it. I'm not against it, I use it too (though not much, because it's slow and janky at this point). I'm just not sold on this idea that it's somehow the perfect, maximum privacy encrypted messenger. Signal is almost universally accepted by security pros and cryptographers as the best, or at least one of the best options for secure messaging. Again, if the most wanted man by the three-letter agencies of the United States (Edward Snowden) feels comfortable using Signal for his messaging, then random, average joes on Nostr have no excuse for hating on it because none of you are even remotely as important to intelligence agencies as whistleblowers like him. Preference is fine, don't get me wrong: you're 100% free to use what messenger you like best and I think that's great! However pretending like Signal is some honeypot or heavily flawed because you think you know better than the people who study these topics as a career it really does make y'all look like you're talking out of your backsides. Now, on to the individual points.
1) Signal verifies with a phone number, usernames make it so you never even have to reveal that number to anyone. This is the same as Telegram except, unlike Telegram, Signal actually keeps all of that metadata encrypted. SimpleX does have unique IDs for each conversation, which is nice for privacy, but it can also easily lead to abuse on the network. Session, which has cryptographic IDs, proves this is more than a possibility; earlier this year, Session's open groups were unusable and the entire network slowed to a crawl, all because some dork in his mommy's basement ran a massive DDoS attack mass-spamming ads for a group that he claimed was a CSAM group. Signal having phone number verification means that you don't see quite that level of abuse on the network or its bandwidth. Decentralization is great and all, but if you're combining decentralization with unlimited user IDs, that's a recipe for disaster, and a messenger that is incredibly slow and non-responsive is not useful in any way.
2) I'll give you this much: I do wish Signal was decentralized or, at the very least, offered a hybrid decentralization (basically, running off of volunteer nodes unless the network is overwhelmed, during which it'd hop to cloud providers). However, I also can't blame them for not doing that since it'd likely require a total rewrite of the code and really, all the decentralization gives to an encrypted messenger is that you have less likelihood of downtime.
SimpleX decentralization is a thing, but it's only "decentralized" in the sense that it has various nodes, a majority of which are run by -- you guessed it -- the corporation developing SimpleX.
3) The only metadata Signal "leaks" is the same kind that other messengers leak. If a hostile force obtained the servers that SimpleX is routing messages through, they can still get that metadata. You can't stop this, the only way to get around it is to use a VPN or Tor. In fact, if you're using an "anonymous" messaging app without a VPN or Tor (one or the other; don't mix for a single user ID), you're essentially putting all your eggs in one basket.
4) I mean, disappearing messages are pretty important. The fact that the "ultimate privacy messenger" doesn't have a very basic feature of private messaging is questionable at best. That said, can't individual groups set a timeout for messages on SimpleX?
5) Self-hosting is a great concept but in practicality, very few people can or even want to self-host. Moreover, the fact remains that the overwhelming majority of SimpleX nodes are hosted by the company, not volunteers.
6) Security by obscurity is important. If only a handful of people use SimpleX, then you're not as private or anonymous as you would believe, because as I said, metadata like your IP is still present. If you're not using a VPN/Tor, anyone watching the network can see you're using Signal... OR SimpleX. The difference is that Signal is massively popular, meaning you blend in with millions of other users around the world, whereas SimpleX is newer and less populated meaning you have risk of being singled out by ISPs or government snoops.
Not sure why you felt the need to go with an AI-generated reply but I figured I'd address the things you're trying to present as alleged issues with Signal, regardless of the AI reply.
Regarding SimpleX, I'm not discrediting it. I'm simply expressing valid concerns over it. I'm not against it, I use it too (though not much, because it's slow and janky at this point). I'm just not sold on this idea that it's somehow the perfect, maximum privacy encrypted messenger. Signal is almost universally accepted by security pros and cryptographers as the best, or at least one of the best options for secure messaging. Again, if the most wanted man by the three-letter agencies of the United States (Edward Snowden) feels comfortable using Signal for his messaging, then random, average joes on Nostr have no excuse for hating on it because none of you are even remotely as important to intelligence agencies as whistleblowers like him. Preference is fine, don't get me wrong: you're 100% free to use what messenger you like best and I think that's great! However pretending like Signal is some honeypot or heavily flawed because you think you know better than the people who study these topics as a career it really does make y'all look like you're talking out of your backsides. Now, on to the individual points.
1) Signal verifies with a phone number, usernames make it so you never even have to reveal that number to anyone. This is the same as Telegram except, unlike Telegram, Signal actually keeps all of that metadata encrypted. SimpleX does have unique IDs for each conversation, which is nice for privacy, but it can also easily lead to abuse on the network. Session, which has cryptographic IDs, proves this is more than a possibility; earlier this year, Session's open groups were unusable and the entire network slowed to a crawl, all because some dork in his mommy's basement ran a massive DDoS attack mass-spamming ads for a group that he claimed was a CSAM group. Signal having phone number verification means that you don't see quite that level of abuse on the network or its bandwidth. Decentralization is great and all, but if you're combining decentralization with unlimited user IDs, that's a recipe for disaster, and a messenger that is incredibly slow and non-responsive is not useful in any way.
2) I'll give you this much: I do wish Signal was decentralized or, at the very least, offered a hybrid decentralization (basically, running off of volunteer nodes unless the network is overwhelmed, during which it'd hop to cloud providers). However, I also can't blame them for not doing that since it'd likely require a total rewrite of the code and really, all the decentralization gives to an encrypted messenger is that you have less likelihood of downtime.
SimpleX decentralization is a thing, but it's only "decentralized" in the sense that it has various nodes, a majority of which are run by -- you guessed it -- the corporation developing SimpleX.
3) The only metadata Signal "leaks" is the same kind that other messengers leak. If a hostile force obtained the servers that SimpleX is routing messages through, they can still get that metadata. You can't stop this, the only way to get around it is to use a VPN or Tor. In fact, if you're using an "anonymous" messaging app without a VPN or Tor (one or the other; don't mix for a single user ID), you're essentially putting all your eggs in one basket.
4) I mean, disappearing messages are pretty important. The fact that the "ultimate privacy messenger" doesn't have a very basic feature of private messaging is questionable at best. That said, can't individual groups set a timeout for messages on SimpleX?
5) Self-hosting is a great concept but in practicality, very few people can or even want to self-host. Moreover, the fact remains that the overwhelming majority of SimpleX nodes are hosted by the company, not volunteers.
6) Security by obscurity is important. If only a handful of people use SimpleX, then you're not as private or anonymous as you would believe, because as I said, metadata like your IP is still present. If you're not using a VPN/Tor, anyone watching the network can see you're using Signal... OR SimpleX. The difference is that Signal is massively popular, meaning you blend in with millions of other users around the world, whereas SimpleX is newer and less populated meaning you have risk of being singled out by ISPs or government snoops.
Not sure why you felt the need to go with an AI-generated reply but I figured I'd address the things you're trying to present as alleged issues with Signal, regardless of the AI reply.