The first section about honey pot and silent collection of data reek of traditional Russian projection. Telegram is the poorly E2EE solution amassing user data that for some weird reason manages to stay afloat without ever disclosing it’s financials. Only a Russian intelligence OP would operate like this.
SimpleX’s infrastructure could facilitate backdoor access for intelligence agencies.
Yeah that requires defeating the always on E2EE.
tracking connections, IPs
Yeah this is a legitimate issue with how SimpleX is marketed as a metadata resistant application. But it’s closer to incompetence and marketing fluff than malice.
The absence of independent audits
Passed audits are poor metric for assessing security. Failed audits are decent metric to direct dev time.
opaque funding
Not an indicator of anything malicious if the tech actively protects the user, which it in terms of content-privacy, does.
some noting reliance on single providers like Linode (owned by Akamai)
Nope, there’s two vendors, runonflux, and Akamai. Not saying that’s enough for a decentralized system, but I’m not a fan of factual inaccuracies. SimpleX handles Tor with much higher grace than Telegram, which requires buying a burner, a pre-paid SIM, and a lot of careful OPSEC to not deanonymize your TG account.
users express inability to fully trust the platform’s privacy assertions due to potential third-party access to encrypted data.
That’s hilarious. Default metadata-privacy of SimpleX should be criticized but these morons are not that nuanced in their assessments.
SimpleX absolutely deserves flak for a) how it up-sells its lack of identifiers when in reality it means it doesn’t add additional identifiers, and b) that it does f*** all about protecting the user’s IP-address like Tor-based messengers like Cwtch or Ricochet do. For more on that I’d refer readers to this thread: SimpleX vs. Cwtch, who is right?
But the article OP shared isn’t the critique SimpleX deserves. It reads as way too far reaching speculation without proposals for proper solution (Signal, or Cwtch depending on threat model), promoted on Telegram which is extremely likely an FSB/SVR honeypot, or the very least, a ridiculously lucrative target for them to hack to read all those unencrypted group chats.
What about the Privacy Not A Crime platform?
This post from under three weeks ago: Telegram: View @PrivacyNotACrime praises Telegram and Durov’s commitment to protect users ignoring the lack of E2EE, ignoring Durov’s background in the Russian disinformation unit during his service in the army, ignoring Durov’s claimed exile being absolute horse shit: Pavel Durov Has Visited Russia More Than 50 Times Since His “Exile” in 2014
Given how universally disliked Telegram is in the actual privacy bubble with professional cryptographers like Matt Green, Schneier, djb, JPA, and major non-profits like ACLU, EFF, and all the other researchers and activists, the post reads like propaganda, which completely undermines the channel’s legitimacy.