Nostr Web Client

Privacy Ranked:

I’m going to rank these least private to most, and explain why on each step.

Discord

Why: Discord is as bad as it gets. It's not only completely unencrypted, but they maliciously sell your data and have such huge restrictions on VPN IPs and SMS VoIP verification.

SMS

Why: It’s going naked over the phone lines, but isn't heavily sold in such a rotten way as Discord.

VoIP

Why: VoIP is just as horrible as SMS, but separates your real physical location from the cell tower

Why: Unlike VoIP, it does have end-to-end encryption, but only on mobile. And with weak encryption that they made up, that hasn’t been properly reviewed [Source: Madaidans of Whonix]

Signal

Why: Telegram has no metadata protection, while as Signal has sealed sender. Signal’s encryption is stronger and more thoroughly peer reviewed. Also Signal has a good legal track record and isn’t strict on crypto VoIP burners like Telegram. Having phone numbers isn't that big a deal if I paid $1 of crypto for a random VoIP burner in Cambodia without restrictions on Tor. Btw, my Signal # is Cambodian: +855 68 504 905

Matrix

Why: Tucker Carlson’s Signal was hacked. Also, academic papers have shown Signal’s sealed sender has flaws. If you self-host Matrix, that's much more control than trusting Amazon's AWS, which is a CIA contractor. Many open source projects use Matrix rooms.

Session

Why: Most Matrix users use Matrix.org which is Cloudflare with Gmail verifying the emails. Setting up a Matrix server is more expensive and complex than just opening Session and hitting "create account". Session’s onion routing, non-location based DNS, and decentralization is stronger than Matrix's Cloudflare-dominated network.

SimpleX

Why: Session lacks (by default) rotating keys and multiple identities. You can manually rotate keys using your blockchain name, and manually get multiple accounts at once via enabling it on Linux, but most won’t want to do this just to avoid government domain names (which most SimpleX users use). Session is better for censorship of servers, SimpleX is better for end users being invisible.

Self-hosted Tor XMPP

Why: SimpleX is hiding from servers, but if you control the server, that’s stronger. Even a self-hosted SimpleX server only picks half the conversation. Also, XMPP has a longer proven track record, which is more eyes on the code. Now if you DON'T self-host XMPP, it's way up on the list next to Matrix.

Self-hosted Tor XMPP w/ OTR

Why: OTR nukes the conversation when it’s done. It literally destroys the encryption keys. Game over bro.

Conclusion:

Anything is better than Discord. Now, let's play a game, pick a communication method I did not mention, and you tell me where you think it should rank on the list. Then, we'll discuss.

H 1y ago

Thoughts on briar?

Reply to this note

Please Login to reply.

Discussion

epicshitposter 1y ago

as far as I know, 'leaks' IMEI and bluetooth addresses, no ios support, no Post-quantum encryption, no multiple accounts/profiles, no audio/video share(only images), no calls and you can't use it on multiple devices (in addition to mobile device).

I only use briar over bluetooth .

want something else (p2p): TOX or CWTCH

H 1y ago

The bluetooth leak is necessary for bluetooth comms, I'm not aware of the IMEI leak but sounds concerning. Do you have a link?

CWTCH looks good too (no IOS app either but who cares LOL)

Not touching TOX with a 10 foot clown pole.

epicshitposter 1y ago

I'm sorry, the "IMEI leak" is not correct

that's what happens when I trust random people online and don't check what they say :/

I will edit my post

I know that the sharing of BT addresses are needed, but briar still shares them with online(over tor) contacs!

epicshitposter 1y ago