Replying to Avatar cactus

pov

>literally fucking about privacy as loud as possibly can

>for many years

>even with such radicalism like "don't use secure emails: SELF-HOST, SELF-HOST CALENDARS, MAPS, READ OPEN SOURCED CODES YOURSELF, CREATE OWN ANDROID BASED OS'

>yet still get called a fed for inviting dawgs into a simplex channel

we shall not forget, that CIA has two ways to track us: creating honeypots / hacking into apps, and blaming too-secure-to-be-hacked-apps as created by CIA, pushing people away from them to using honeypots / hackable apps.

I always think about this, when hear that Tor, Monero, Tails or else is a CIA's honeypot
Avatar
brito 1y ago

You're missing the point: SimpleX is easy to break by governments.

Think for a bit: there is only one realistic way to use SimpleX for normal users and that is through the official app by the original author.

99.9% of those users will open channels on the same servers hosted by the original author.

The original author has received VC funding, large part of it by personalities with a track record of government cooperation. VC-funded companies need to provide return to stockholders, governments tend to pay for access into those apps (e.g. Signal received +30 million per year from the CIA until recently).

Now go back to the first paragraphs: you are using the author app and servers. It is simple to give you a spoofed version of the client app that makes you write in plain text or share those text with some federal agency. It is standard practice to give modified apps to PoI targets like you, and you won't really find the difference.

You should NEVER make it so easy and use the author app nor servers for that exact reason. That is why NOSTR is great, has hundreds of volunteer relays that make difficult to track incoming messages and dozens of different clients to retrieve them that are E2EE without cryptographic doubt.

From an adversarial point of view, NOSTR is 100x more secure than SimpleX. This is obvious to anyone working on that kind of industry.

Reply to this note

Please Login to reply.

Discussion

Avatar
ChipTuner 1y ago

> That is why NOSTR is great, has hundreds of volunteer relays that make difficult to track incoming messages and dozens of different clients to retrieve them that are E2EE without cryptographic doubt.

Most public relays sync notes so private messages are extremely easy to track. You could just connect to one of the larger relays and listen for all notes by and npub hoovering all private dms. That's a massive hit to privacy. Gift wrapping helps, but does not guarantee this information won't get leaked when a single npub keeps requesting certain notes. On top of that if a client is using nip46 and possibly connected via relays, that same hoover can see when you attempted to decrypt a given note. Cloudflare proxying is also used for a majority of big relays. Most users will be connecting via clearnet and standard TLS connections leaking traffic and IP addresses.

We are still working on better ways of improving forward secrecy because I believe there is still a possibility of ciphertext attacks with as much data that is available for a given user.

Speaking as the author of the C reference for nip04 and 44 encryption.

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

plaintext attacks can only be possible if the message nonces are weak

reuse of a nonce is absolutely out, as it enables a plaintext attack

giftwraps already provide forward secrecy if the relay does not provide access to the events without auth proving the client is involved in the message exchange

what we are missing at this point is good support of nip-65 mailbox support and delete event support

Avatar
ChipTuner 1y ago

I'm speaking strictly to ciphertext attacks, where the content is highly predictable, nonce is known because it's public, and 1/2 of the shared key is available, although I doubt that's useful but still worth considering.

Avatar
ᴛʜᴇ ᴅᴇᴀᴛʜ ᴏꜰ ᴍʟᴇᴋᴜ 1y ago

all of those things depend on repeating nonces, or as you mention, repeating pubkeys

these are very easy to avoid, but maybe there is some programming languages that still make it complicated to access a strong CSPRNG

more than a few instances in the history of bitcoin where dodgy entropy led to wallets being cracked and UTXOs stolen

very often, propagandistic, opportunistic, manipulative "study" articles

to avoid being in such a story make sure you understand the mechanisms well enough to know where it has weaknesses

strong entropy, private random number generation is really central to all of the security of these things, just make sure you know the quality of entropy you are using before you inflict this shit on users haha

Avatar
brito 1y ago

There are chances for improving those attack vectors: I2P connections between relays and between clients solves a good chunk, sending random noise every so often makes it even harder to know when to track.

Clients don't need to talk only with main relays, they can ping hundreds for messages from an npub.

What I don't see are realistic ways to improve SimpleX. Where are the hundreds of relays run by volunteers with dozens of relay implementations and dozens of clients?

They don't exist, and won't exist. We both know that. NOSTR is still our best shot that can, and will be improved.

Avatar
ChipTuner 1y ago

I'm speaking to the current situation. Were moving toward a better solution, but out of the box I find it hard to imagine nostr currently, and even in the near future is a more secure solution to PRIVATE messaging than SimpleX and I read the white paper a while ago and don't remember most of it XD

Avatar
brito 1y ago

I've read the protocol of SimpleX too, but maybe my previous posts were not clear enough: I'm not saying the encryption is weak.

I'm saying it is really easy to feed spoofed apps to target users that bypasses completely any algorithm. You don't even need 5 USD.

Avatar
cactus 1y ago

on simplex there are not thousands, but hundreds of unofficial servers. tho you're correct about putting a backdoor into a one mainly-used-by-everyone client is easier, than into a lot of different clients. yet, this has also another side: if the code is open and has only one version, there's more eyes on it than if the eyes are spreaded onto a lot of different clients. it also backslashes: if there's a lot of clients, CIA can make its own — taking its budget into account it will be even easier to make a good looking honeypot than to insert a new backdoor into an already watched app. "just use the serious clients"? yeah let's limit clients to only one trustable, like simplex did.

also, the government funds lots of shit: tor, tails, signal... doesn't mean they're automatically becoming bad apps becos of that (but I bet they hope we think so)

I'm open to change my mind if I'm wrong, so please answer, if you disagree

Avatar
brito 1y ago

There only exist 11 SimpleX servers to choose from, 99% of users are found on those 11 machines.

Where are you reading that exist hundreds? Please show evidence of your claim because even Nostr with a far wider audience and deployments is only between 300 to 700 servers during the day: https://legacy.nostr.watch/

It is an awful approach to have "only one trustable" client. That is what Telegram does, at least learn from that experience. Most of the apps you mention are bad ones because of the funding and origin, reason why they are not really trusted. If you wish, I can detail why but you can also learn about it on your own.