Reasonable. But we have 5% of Mullvad budget I think, and no - it’s not a counsel on retainer - we pay for the advice as and when needed.
Thanks for the links. I will think about some opsec advice page on the site.
On the face of it, the “overview” doc seems to make wide ranging claims about “trust”, and so talking about IPA as publicly doesn’t seem out of place, tbh.
This doc should remain purely technical, what you want belongs elsewhere - probably linked to Transparency page.
Since point of SimpleX is its superior protocol+cryptography, which if it can be backdoored (or whatever IPA allows for, I don’t know), makes it useless to at least a section of your userbase, if not for everyone.
That’s not correct, as compromised servers do not allow establishing who talks to whom, unless it’s coordinated compromise across multiple operators.
The primary focus is on minimizing trust to servers. Making them trustworthy is a secondary focus.
Unsure if it means what I think it means (you mean like Linux and Tor?), but it can’t be the only answer? May be you’ve thought about this deeply than I have.
By jurisdictional decentralization I mean two things:
- having different parts of SimpleX organization established as legal entities in different jurisdictions - it is an ongoing effort.
- having different operators preconfigured in the app also in different jurisdictions - also an ongoing effort.