Nostr Web Client

Privacy Ranked:

I’m going to rank these least private to most, and explain why on each step.

Discord

Why: Discord is as bad as it gets. It's not only completely unencrypted, but they maliciously sell your data and have such huge restrictions on VPN IPs and SMS VoIP verification.

SMS

Why: It’s going naked over the phone lines, but isn't heavily sold in such a rotten way as Discord.

VoIP

Why: VoIP is just as horrible as SMS, but separates your real physical location from the cell tower

Why: Unlike VoIP, it does have end-to-end encryption, but only on mobile. And with weak encryption that they made up, that hasn’t been properly reviewed [Source: Madaidans of Whonix]

Signal

Why: Telegram has no metadata protection, while as Signal has sealed sender. Signal’s encryption is stronger and more thoroughly peer reviewed. Also Signal has a good legal track record and isn’t strict on crypto VoIP burners like Telegram. Having phone numbers isn't that big a deal if I paid $1 of crypto for a random VoIP burner in Cambodia without restrictions on Tor. Btw, my Signal # is Cambodian: +855 68 504 905

Matrix

Why: Tucker Carlson’s Signal was hacked. Also, academic papers have shown Signal’s sealed sender has flaws. If you self-host Matrix, that's much more control than trusting Amazon's AWS, which is a CIA contractor. Many open source projects use Matrix rooms.

Session

Why: Most Matrix users use Matrix.org which is Cloudflare with Gmail verifying the emails. Setting up a Matrix server is more expensive and complex than just opening Session and hitting "create account". Session’s onion routing, non-location based DNS, and decentralization is stronger than Matrix's Cloudflare-dominated network.

SimpleX

Why: Session lacks (by default) rotating keys and multiple identities. You can manually rotate keys using your blockchain name, and manually get multiple accounts at once via enabling it on Linux, but most won’t want to do this just to avoid government domain names (which most SimpleX users use). Session is better for censorship of servers, SimpleX is better for end users being invisible.

Self-hosted Tor XMPP

Why: SimpleX is hiding from servers, but if you control the server, that’s stronger. Even a self-hosted SimpleX server only picks half the conversation. Also, XMPP has a longer proven track record, which is more eyes on the code. Now if you DON'T self-host XMPP, it's way up on the list next to Matrix.

Self-hosted Tor XMPP w/ OTR

Why: OTR nukes the conversation when it’s done. It literally destroys the encryption keys. Game over bro.

Conclusion:

Anything is better than Discord. Now, let's play a game, pick a communication method I did not mention, and you tell me where you think it should rank on the list. Then, we'll discuss.

🇵🇸 whoever loves Digit 1y ago

Corrected version (not rearranged) -

All of these things listed below: software only, not capable of having end to end encryption

Discord: you're pretty much right except it is encrypted "in a way," just not in the way that matters (end to end - not possible in software)

SMS: again you're kinda pretending end-to-end encryption is the only encryption

VoIP: no it doesn't separate you from a cell tower. To separate from cell towers you have to actually separate from them, using VoIP over cell data does nothing. It separates your location from an area code for caller ID maybe

Signal: same as discord, not end to end encrypted (software-only)

Matrix: not end to end encrypted (it's only software, like signal and discord) but with track record for waiting before revealing MITM attacks (unlike signal and discord who have been open about their MITM attacks on users)

Session: no end-to-end encryption (software-based), not sure about track record

SimpleX: no end-to-end encryption (software-based), not sure about track record

Self-hosted Tor XMPP w/ OTR: no end-to-end encryption (no specific hardware mentioned), track record probably better than discord

Conclusion:

Anything is better than Discord.

Additional communication method not in the original:

Encrypted hand-written letters - hardware solution, end-to-end encrypted

Reply to this note

Please Login to reply.

Discussion

PlasmaGuardian 1y ago

What do you mean by software based? How else are you going to do encryption?

🇵🇸 whoever loves Digit 1y ago

You can do end-to-end encryption by hand or with electronics, but it's very hard to run this type of software without electronic hardware. Electronic end-to-end encryption requires implementation at the hardware level, you can't write a piece of software that magically stops anything from running it maliciously or modifying it to run maliciously.

SimplifiedPrivacy.com 1y ago

There’s a lot to digest in your points. Let’s start with VoIP since it’s the easiest to explain.

If I have JMP.chat linking an XMPP account to a SMS phone number. The SMS carrier does not know my physical location where I’m standing if using VPNs/Tors. We outlined this here:

simplifiedprivacy.com/voip

Are you disputing this?

🇵🇸 whoever loves Digit 1y ago

No, I was disputing what you put in your post after it popped up in a feed on primal or iris. Nothing to do with that webpage

SimplifiedPrivacy.com 1y ago

I am saying that the post has the same content as the website:

VoIP lets you do SMS with Tor/VPN, so it COULD separate physical location from the SMS.

Are you disputing this? Perhaps I should have used the word “could”

🇵🇸 whoever loves Digit 1y ago

Using "could" would help, or not saying "your location" - the distinction I'm seeing is important for some people, for example any leet haxxor who thinks their burner phone doesn't know who they are because they use VoIP over WiFi or something (cell phone can still be tracked by cell towers without cell service)