Be nice to have sources. I’ve been able to find nothing on the clear net, and the onion address goes to an anon post with no sources.
This is from TGs official website. This claim would run counter to their entire privacy philosophy, you’d imagine there would be a single sourced thing out there.
https://nostrcheck.me/media/public/nostrcheck.me_2514508607651839981689172550.webp
https://nostrcheck.me/media/public/nostrcheck.me_4821660024417009561689172555.webp
under section 5.2 of their privacy policy they say they collect metadata such as your ip address and can store it until 12 months 🤦🏽♂️
I read that. Not for advertising purposes, which was the original point. Almost every service on the internet collects IP addresses for security.
Right. That makes sense.
Do you know if SimpleX collects IP addresses ? From what I’ve read, they don’t seem to collect anything
I don’t have direct knowledge of whether they do or not. I do want to point out that it would be trivial for someone to do so, if simplex grows and more people start running simplex relays - similar to how relay ops could do so on Nostr.
Is it a better choice than telegram - privacy wise I mean ?
My answer is always the same:
Depending on your threat profile and how you use the app.
Telegram makes communications more secure while maintaining a feature set that is conducive to reliable and enjoyable. They have a strong privacy policy, the app (although not the server, which is indeed sad) is open source under GPLv3, and they have submitted themselves to multiple independent audits. They use phone numbers for signup in order to reduce spam (there are multiple ways around giving them your number) and for those who want a simple transition for family and friends to discover one another on Telegram. You can choose who to share that number with.
SimpleX is a decentralized messaging protocol that has also been subjected to audit. (https://github.com/simplex-chat/simplex-chat/blob/stable/blog/20221108-simplex-chat-v4.2-security-audit-new-website.md) It addresses novel issues not with the privacy of message contents per-se, but with meta-data leakage. They require no number to sign up, and the addressing system makes it quite resilient to spam.
Your IP address is still exposed to the relays you connect to. Whether they log those IP addresses breaks down to a case of "trust me bro" the same way it does with any web service. On my Nostr relay, I do not retain any IP data, but how would *you* the savvy user verify that?
Using multiple redirections, there is possible additional security from very advanced forms of traffic profiling, such as timing attacks.
The tradeoffs are a more complex messenger, very unreliable notifications, difficulty in establishing connections with new contacts, and a more limited feature set.
----
My honest opinion:
The best messenger for privacy is the one your contacts will use, and has the feature set you require. Getting my friends and family to sign up for Telegram was very low friction, and now 90% or better of my comms have a decent level of security vs. none before.
If I am concerned with privacy from a state actor, I would not use Telegram. I would also not use Nostr without a privacy preserving client that disabled all media fetching, etc. I *might* use SimpleX.
For 99.99% of users, using *any* e2e messenger + a VPN is extremely private compared to any other option.
Obligatory Disclaimer:
These are my opinions, and I have no intention of shitting on any messenger. Individuals should use what fits their threat profile and they can get their contacts to cooperate in using. Sensitive information should not be shared on the Internet, period.
Interesting. So VPN no matter which one you use 🤝
Thanks for sharing your opinion
A solid VPN like mullvad or Proton is always a good first layer of defense. I'm a Proton guy, but recent news from Mullvad was very impressive.
what news?
They got raided by the police and had nothing to give them. Have to admit, it's made me consider parting with some sats.
https://www.pcmag.com/news/mullvad-vpn-hit-with-search-warrant-in-attempted-police-raid
I’ve been using mullvad for a little bit. Very satisfied with it
I think they're in a good place politically as well.
