They have been around for many years, open source and privacy focused but hard to find any review about them, anybody has used Adamant messenger? I wonder if is there anything that would stop Adamant from being added to the list of recommended software other than being a paid product.
This is a comparison table with other messengers they have made themselves:
So it’s a useless comparison table, since they will always make it seem as if they are the best choice.
Also it is already hard enough to get people to switch to Threema, even though they are well known by now (at least around here), just because it’s a paid messenger app. I guess it’ll be even harder to make someone switch to some kind of cryptobro looking app where it’s
This post is fine, I’ll just move it, but post to Site Development > Tool Suggestions and follow the form in the future.
I’m immediately skeptical of any Web3 or blockchain apps so it’s not a great start.
The table is misleading, doesn’t compare them to most other secure messengers (focusing on outdated or obscure competitors), and focuses on qualities which are not relevant to security or even decentralization. Based on that, I don’t want to bother doing a more technical deep dive because it doesn’t pass the smell test.
If you’re concerned with decentralization and security, stick with Privacy Guides’ recommendations. At the moment, every option except Signal/Molly has some degree of decentralization. Briar is so decentralized that it doesn’t even depend on the (centralized) internet to function.
Storing user data in a blockchain is quite literally the opposite of meaningful privacy.
It is beyond me how one can even operate or think of doing something with blockchain like that. Let’s not pretend data is secure forever and we don’t need retention policies… this is rather dumb.
The comparison table reads like a joke.
The app claims to be a Tor-enabled messaging tool, yet it doesn’t compare itself to any tools with similar functionality like Cwtch, Briar, quiet, Ricochet Next, OnionShare, or TFC.
Dust, never heard. BitMessage hasn’t received a release in seven years. Cryptviser, a company that lied about the cryptographic libraries it uses, wasn’t even spelled right. But even those idiots knew better than to use blockchain to store ciphertexts, and instead, only used it as a public key fingerprint audit log.
ADAMANT Messenger Security Features | by ADAMANT Messenger | ADAMANT states
Message history is never stored on a machine and is directly loaded from the Blockchain
Which is ridiculous. Anything stored on blockchain is obviously notarized by every node, and to have resistance against sybil attacks you need a proof of stake/work.
Bitcoin has speed of 10 minutes per transaction because that’s what the security properties requires. And you’ll need to pay gas fees to upload data (your ledger changes) to the block chain. As per this article, data storage to Ethereum costs 17k USD/GB.
The primitives aren’t bad, X25519 + Salsa20-Poly1305, SHA256/ed25519 signatures.
The code is on GitHub.
This page on Tor states that the privacy is handled by downloading the WebApp from http://adamant6457join2rxdkr2y7iqatar7n4n72lordxeknj435i4cjhpyd.onion/
The problem with all things JavaScript, is that you’re downloading the client from the website every time, and you’ll never know if the server delivers you a tailored client that has it POST your private key to the service. There will be no audit log, your browser won’t store it. So it’s trivial to backdoor and considered an anti-pattern.
Tony Arcieri has a famous piece on this What’s wrong with in-browser cryptography?
Unfortunately, it does not rely on a comprehensive cryptographically secure signature system to determine content is authentic, but instead just trusts whatever is sitting around on the server at the time you access it […] However, this approach just doesn’t work in a browser, as illustrated by the MEGApwn utility for obtaining your MEGA keys. This utility illustrates an important problem with building “Trust No One” services in the browser: anyone who can get JavaScript to run on the same origin as the alleged “Trust No One” service can get access to your encryption keys.
The browser isn’t apparently even delivered a copy of the JavaScript client until you pay for the app so poking around ends here.
Native clients are a vital part of verifiability in computer security, this app has zero chance of competing with sound projects like Cwtch, that don’t ask for your money, and that don’t upload your private messages to a database from which nobody can remove it, even if, and especially if, your private keys are compromised.
tl;dr. Do not use.