It's not impossible: they can add a key logger in the client.
This is why we Nostr. Because if a client does this you can just stop using it to use another one. If the relay does this, you can just move to a new relay.
Discussion
Yes, was copying the header text. I also think it's possible. Signal said they would rather leave the EU than adding any kinds of backdoors but who knows. Or maybe they will. Decentralizing communication is the path forward.
But if there is a key logger in your app, you can't guarantee "IT Security in your service" anymore, right? Even if "only the police knows the encryption keys, they could abuse them or (even worse) lose them in a hack 🤯
How to know if a client is conform with EU devil regulation?
They are in the appstore after devil regulation is in place.
I wonder if this will not be implemented at the hardware level …
How do we know there isn't a backdoor in signal already? #cybersec
We don't. That's why I don't use it.
We are all worried about backdoors, but then ignore the frontdoor (keyboard, screen touches, screen capturing)
What can we use? Simplex?
Nostr with NIP-17. I control my relays and my client.
Running SimpleX on their servers is not that different than running Signal.
and in the end is not different then running nostr nip-17 from a privacy perspective (?)
No, because you can move your messages to new clients and new relays. You can't do that with SimpleX or Signal because 1 they don't have a lot of other options and 2 you already told everyone which server you are using. You would have to restart all chats when changing servers, which would be similar to having to use a new nostr key Everytime you switch a server.
thanks, very useful! Will study nip-17.
About "using everytime a new key" is, in some way, great for private messages because it consent forward secrecy and in the context of nostr it could be useful to hide who is my chat peer/when I sent messages.
How about use nostr npubs/nsecs just for discoverability and then exchange an secret on every message used to derive a new key for the next message (a new npub where deliver the event, specifically). At this point, only a network analisys from relays could try assemble the puzzle.
If I rotate relays over tor at this point theres perfect privacy (the only leak is the first event to "request" the private chat).
If the messages use E2EE from a trusted protocol, what's the problem?
Both servers can track when you connect to them. Even if the messages are encrypted, they know when and from where you are sending them.
Nostr relays can also track. But the cost of migrating to a new relay is a lot easier than to migrate all your chats to new SimpleX or Signal servers.