For a more private and secure communication experience, we have options like Briar. However, SimpleX is too complex and advanced, lacking a user-friendly interface similar to Signal or WhatsApp, which is a crucial.
and also if a security issue is there in signal that can be resolved, it doesn’t make sense to use simpleX as we need to convince other users to install it and it is hard as the ui / ux not that good they will eventually switch back. We’re not criminals, and we don’t need complete anonymity. What we need is a way to chat, talk, and make video calls without our data being collected or our privacy being invaded. like meta whatsapp skype …
In most cases, privacy issues originate from the phone itself rather than the protocol or technology. we should focus on making our phones more secure.
there is nothing fanboy you can have your own protocol to chat even you can use your own gpg chat just exchange public key to your recipient and send messages and photos manually.
try to understand.
No. Briar does not conceal your identity from your contacts. It provides unlinkability but not anonymity. This means nobody else can discover who your contacts are, but your contacts may be able to discover who you are.
For example, Briar shares your Bluetooth address with your contacts so they can connect to you via Bluetooth. Your contacts could use this information to confirm a guess about your identity. Your Bluetooth address is shared even if you add a contact remotely by exchanging briar:// links.
Other device information shared with contacts in order to connect with them:
The five most recent IPv4 LAN addresses and ports for the Wi-Fi interface
The most recent IPv6 link-local address for the Wi-Fi interface (on some Android devices the IPv6 link-local address is based on the hardware MAC, so it has similar privacy issues to the Bluetooth address)
The address of Briar’s Tor onion service
None of this should reveal anything about your location or identity on its own, but it could be used to confirm a guess about your identity (e.g. “network logs showed that the suspect’s laptop received address 192.168.0.222 from the router in the cafe, which is consistent with the LAN IP address we received from the anonymous whistleblower”).
User experience and a small userbase are the two main problems. The user experience is rapidly improving, and let’s hope that the userbase will expand too.
If we stick just to the mobile app, is Signal secure and retrieves little metadata as promised while providing end-to-end encryption? The answer is yes.
It’s easy to criticise Signal by pointing out various flaws, but overall it’s very good.
If SimpleX falls in popularity like Signal, the same pattern will repeat itself and various flaws will be found (there always are) and what will we have to do, advise yet another application that doesn’t have any? There’s no such thing
If you read both the Reddit post and the paper that I linked, you would see that Signal has the technical ability to compromise E2EE via a simple man-in-the-middle attack and that their sealed sender, which is used to protect the metadata, is flawed.
The problem here is that without an identifier you will always need to communicate beforehand. It’s even very painful to switch people from wapp to Signal, so I can’t imagine simplex. I had simplex, session and a bunch of other apps, but after a few weeks I came to the conclusion that it does not matter if your circle does not use it.
Btw, unless you are a person of interest I don’t think those vulnerabilities will matter too much.
This feels like as good a time as any to disclose another critical Signal vulnerability I found. TLDR is that prior to mid 2021, Signal didn’t delete disappearing messages after they “disappeared.” So say you had a message from 2016 that you thought disappeared years ago, nope!
No matter what, those messages wouldn’t disappear. I thought maybe just my install was broken due to some edge case bug, did a fresh install, still the same issue. I emailed the signal vulnerability email (which oddly is a Gmail instead of something secure like protonmail)
Signal has:
No bug bounty as far as I can tell
No proper public disclosure after critical vulnerabilities are fixed
Uses weirdly insecure email that governments can likely read for their vuln inbox
On (at a minimum their desktop app), messages weren’t deleted for years
I don’t know why you replied to me with those links. But, here is the facts about this fear mongering. There might be problems with Signal. I acknowledge. But exaggerating the situation will make people afraid and to what platform they’ll go; Telegram, or WhatsApp?
Additionally, all things mentioned above are problems about the desktop app and your machine should be infected. If you have some kind of malicious problems in your computer then Signal won’t be your first concern.
Besides, please stop citing Elon. If he is serious, he should make the twitter DM more private with E2EE and metadata protection.
As I said, session, Simplex or others will be niche messengers with little user base. That’s why PG is hesitant to recommend Threema. So, you can barely use them as daily driver.
Good luck with fearmongering and undermining the only popular privacy friendly messenger we have.
That seems to be the implicit intent of many of the latest batch of fearmongerers, which in my eyes discredits those people (considering all the flaws with Telegram)
It seems to be a combination of ideology/culture war virtual-signaling (Musk, and various others courting regressive political ideologies), competitors with their own self-interested financial incentives (Telegram’s CEO, possibly some others), and Maximalists that want nth degree security or anonymity (which can be valid) but ignore that that is out of scope for many/most threat models (which is a problem) and tend to inflate (treat in black and white terms) marginal shortcomings, and/or theoretical problems.
If he is serious, he should make the twitter DM more private with E2EE and metadata protection.
Ironically, I recall Musk claimed to be working on this, and was going to use the Signal Protocol, but his ego got bruised after he publicly implied he was working with the Signal Foundation on implementing E2E in twitter DMs and Signal said they’d never heard from him or worked with him. And now apparently Musk doesn’t like Signal anymore… I’m sure for purely technical reasons totally unrelated to this…