1) it is pretty lame that aws going down takes down signal with it, the outage earlier was a few hours
2) since signal is end to end encrypted there is no trust required in amazon on the privacy side regardless
Discussion
So what you’re really saying is we need a NOSTR version of signal right?
nostr:nprofile1qqs8t4ehcdrjgugzn3zgw6enp53gg2y2gfmekkg69m2d4gwxcpl04acppemhxue69uhkummn9ekx7mp0qythwumn8ghj7un9d3shjtnswf5k6ctv9ehx2ap0l2sp3z will fix this but its still very early
White noise fixes the messaging focused issue, unless I’m misunderstanding. It doesn’t fix the cloud infrastructure centralization issue. Are there any projects addressing the broader issue?
Relays don't depend on any particular cloud infrastructure
Yes, nostr relays don’t depend on particular infrastructure. How about complex apps that may use databases, require redundancy, must be performant, need fault tolerance, etc, that want to use nostr protocol and provide edge locations around the world? Where do those run?
Very good or the best solutions for all of that exist as open source. The AWS value-add is convenience.
Yeah, that makes sense. It’s just degrees of friction. I can have my company’s data centers built out in different regions and run my own hardware, middleware and software. It’s just a lot more difficult than someone coming up with a decentralized version of “Amazon” and me using that. Providers would sell excess hardware capacity to users like is done in Akash Network, which is not on bitcoin payment rails. Someone could possible take Akash open source solution, rip out the shitcoinery and use lightning or cashu payments…. Maybe.
Relays ultimately don't scale, reduce privacy and speed. The fediverse has tried this. You will never get enough servers to scale because the barrier to running and using them is too great. P2P solves this by completely removing that barrier and making essentially every app install a server keet.io
Look all of us here get a hard-on for p2p, but the point is that we also realize it just does not work. To quote the innitial post on Nostr by fiatjaf:
"It doesn't rely on any trusted central server, hence it is resilient; it is based on cryptographic keys and signatures, so it is tamperproof; it does not rely on P2P techniques, therefore it works."
Now i don't understand why you would compare a federated system with Nostr, because they are different. I also don't understand what you mean when you effectively say that webservers don't scale, that seems to be a demonstrably false notion.
I don't think you actually understand what the idea behind Nostr/relays is, combined with a remaining fetish for p2p (we get it, we have all been there, and to some extend part of us will always remain there).
Maybe it will click for you one day, maybe not. Have a nice day
Oh PS. Insofar the discussion is about private messaging specifically; everything sucks, there is no sollution, talk to eachother in person.
But P2P does work it works very well, Keet has proven this. P2P is superior than client server
Fiatjaf made assumptions (wrong) based on existing P2P tech, Keet did not exist
Both nostr and federated systems used a client server model. Nostr is a bit more efficient but the limitations of the servers still exist
Webservers don't scale when you look at it from startups and free services like in the fediverse or nostr. Servers cost money, big money when you get lots of users. Providing for them ultimately if you are to scale to WhatsApp involves becoming a megacorp that sells data like meta is, like telegram is. You don't get from signals 70million users to WhatsApps 3500million users without finding at least a few billion dollars per year which comes with many conditions
The fediverse has hit numerous server issues, nostr too, servers get over loaded, go down, censor and ultimately when users hit some level the server pool and utilisation just does not cope. Nostr has mitigated some of these issues by truly decentralizing content but it still has not solved servers
P2P solves servers, BitTorrent proved this, kazaa and Napster proved this, it however is quite different from server client, more difficult in some ways but also more easier. One particular way P2P is difficult is to collect data, monetize it and control it, so from that perspective you might see reasons big corp and tech have rarely gone down this path. So until now never has a really serious well funded effort been made into p2p, but that has now changed. We are literally just months away from having an app that has more features and better UX than WhatsApp that can also go from its current maybe 50k users to 4 billion in literally 1 day if people wanted, all with no extra costs, no downtime, no scaling issues
Keet is truly the first app that looks like it will and can displace bigtech. It is already technically capable to scale there, scale to everyone on the planet using it, it just lacks enough features to get the adoption, but already it has some features better than apps like WhatsApp and telegram
Yes I am a rabib fanboy, but dive into the app and tech, watch every video and read everything on it and see if you are not the same
Why am I saying this on nostr? Because audience matters, nostr is certainly cool, very cool indeed but it hasn't solved servers
I vibe-coded an app using MLS/MDK (ie. the library that White Noise is based) on, and I included Cashu via the Cashu Dev Kit.
I'm not saying my app is any good, it's just a fun side project to get me into privacy tech 😀. But I found it quite easy because they (the White Noise Folks and the Cashu folks) made libraries that are reasonably easy to use.
And my app "should" be compatible with other apps using the same protocol. So I'm very optimistic that some of these apps will take off sooner or later
Demo video here: https://youtu.be/DGtZrOkbe5U
PWA app here: https://chat.satsandsports.cash/
That doesn't event work
I've made 3 accounts within white noise itself but could not talk or message between them or my existing account no matter what relays I used 🤷
To be fair, one, sent a couple of messages but then stopped and never recovered.
They're valid npubs cause I login to keychat and amethyst and primal with those accounts just fine.
I check on every update, no worky🤷
nostr:npub1h0uj825jgcr9lzxyp37ehasuenq070707pj63je07n8mkcsg3u0qnsrwx8 is already that.
nevent1qyt8wumn8ghj7un9d3shjtnwdaehgu3wvfskueqqyzcv7d3h7ufflcvrg29aucngqnayh0v9zgepyrg423jmy24x8x29qaldpux
Still needs servers so will never scale. Only P2P can compete with bigtech keet.io
i'll try but e can't find the source code, can you send the URL?
Keet is not fully open source yet but about 90% of their code is here https://github.com/holepunchto
MMMM this is a problem for a super private chat app.... but i'll try
I just watched a few talks at PlanB from Paolo and Mafintosh the guys in charge of Keet and they are both committed to open source to make sure this stuff remains free. It's stated to exit beta next year and was always stated to be fully open source once out of beta
Either way it's still remarkable technology and that bit is already opensource
Yes!
Water is also wet btw
Keet.io
Was super excited about this when it first dropped but the app was so buggy and almost a pain to use. Has it improved since then?
The problem I had was that its peer to peer nature means everyone you communicate with gets your real IP
That's definitely bad for privacy, is there a workaround that can be deployed or it's infeasible with its current architecture?
Wait, really?🤣
Not exactly as data usually relays, but use a VPN if you are worried. Tbh people that raise this point are you not worried about other apps too? and already use a VPN?
Also are you not concerned ips are not being logged at the network level up stream from signal because that is literally what the NSA does
I'm sorry I thought hole punching bypasses VPN but apparently it doesn't.
You can use split tunneling if you want anything to bypass a vpn
Hole punching is for opening ports thru nat and firewalls
I can't completely visualize how it works with a VPN in the middle, or whether the VPN provider needs to (not) do anything to allow it to work. i just need to try it out.
The VPN just relays all your traffic including keet, keet is designed so you don't need to do anything for it to work, if you did it would be too difficult for people to adopt
Keet has a process of hole punching to make connections which is the key to its success and why they named the company holepunch
This is a great video on the tech and hole punching https://www.youtube.com/watch?v=QWWHKLyCFTU
There is connections that are more compatible with keet and they show as green in the keet profile page, there is yellow connections which require other peers to help but obviously still work
in the privacy sections of settings is a toggle for indirect calls. Routes them over signal servers
Yes in my opinion
Yup. Can't wait for nostr:nprofile1qqs8t4ehcdrjgugzn3zgw6enp53gg2y2gfmekkg69m2d4gwxcpl04acppemhxue69uhkummn9ekx7mp0qythwumn8ghj7un9d3shjtnswf5k6ctv9ehx2ap0l2sp3z adoption.
BTW, I like Signal, but no matter who made the shitcoin (Moxie apparently?), it's almost 2026 and MobileCoin is still part of the app, instead of Bitcoin.
I will start donating to Signal on a monthly basis the day this is addressed. I won't be the only one.
I’ll probably be called a shit coiner for this, but there are going to be a handful of projects out there that provide value beyond the bitcoin ecosystem. Could they be implemented atop bitcoin? Perhaps and they may be eventually. But Akash Network (on Cosmos) is decentralized cloud infrastructure that allows rapid deployment of Kubernetes apps on 50+ providers across the globe. No vendor lock in - google, azure, Amazon, etc. You can fund with bitcoin on Akash, but they do use their own token within the ecosystem. Is something like this being built that would be considered bitcoin native?
One of these days Ill figure out how this works https://github.com/signalapp/Signal-Server
Network effects are a huge bitch. Signal is the only security app I have ever moved a large group of friends and family too. Simplex, white noise, keet,etc. I am trying with them all but those damn network effects
The good part, though, is that Signal’s end to end encryption keeps your chats private—Amazon’s servers nly handle the message delivery, not the content..... Even during downtime, there’s zero trust required in AWS for user privacy since messages are always encrypted before reaching the cloud..
NSA say they kill based on metadata.
Still enjoy Signals metadata in the hands of AWS/NSA?
😨 😨
the signal server only knows when you are connected, not who you are messaging
pretty strong metadata privacy
I want to believe.
Do we have an actual way to proof this? In SimpleX we do know exactly how it works. So if in doubt I'dcalways vouch for SimpleX.
Signal/Molly is what I use as a backup network.
Signal Messenger is Open Source as SimpleX, more over, both have upgraded their encryption to level of quantum resistant...
This matters, most believe that if you are using a service that is e2ee you are good, but you are not.
Why?
Cyber Criminals and I will assume most three letter agencies are collecting all raw data they can from centralized services/servers and storing them for future decryption, clearly, if your cloud service is not upgraded or your messenger service is not resistant, all the data will be open for cyber criminals and agencies to look at...
I keep advising family, friends and clients, stay away from centralized services if possible and if not, verify they are upgraded if they use encryption
Problem with decentralized messengers is that now that data lives on MULTIPLE sources. And openly accessible ones.
So E2EE messages in 1 location are still more secure than in multiple locations, if both have the same encryption level.
The most safe is messages stored on zero servers: P2P.
P2P should be every messengers aspiration.
Signal is too centralised.
Meanwhile, my private comms server was up, I was able to hop on a call with my crew and play, and then video-call my family.
Impressive! What do you use?
Element Server Suite, on the Matrix Network.
Until Nostr is ready and capable for these use-cases, it'll be our go to, and has been for the past 4 years since we moved our Gaming community off Discord and family off other chat apps.
Hosting a server is super easy now, and in just a year it's night and day compared to just a year ago as they nail in the spec for Matrix 2.0 - https://github.com/element-hq/ess-helm
We federate with other Matrix servers and communities.
Signal is honeypot, use matrix or anything that you can host yourself
signal is not perfect but offers a pretty awesome tradeoff balance: great ux, reliable, strong privacy guarantees
matrix does not have auto delete messages and the apps are shit
simplex is solid but reliability and ux could be better
keet is not open source
whitenoise is promising but early
Keet is cooler and will be open source, and on desktop you can already grab all the code
Keet is also getting disappearing messages in about a month
Keychat is dope.
I have never successfully started at KC chat with anyone except nostr:npub1h0uj825jgcr9lzxyp37ehasuenq070707pj63je07n8mkcsg3u0qnsrwx8
i use the KC browser everyday but I think you need your counterparty to be on their relay with sats in the ecash wallet to actually chat
I have no problems whatsoever, but the counter party has to use Keychat too. Any relay I think even though why not use theirs
And the best thing, push notifications properly work. All the time.
Oddly, even with an empty Keychat wallet and no access to the Keychat relay, messages are still routed through other free relays. The other user must be on Keychat.
You can also install Keychat Desktop, create a new ID, and add that ID to your phone’s Keychat to test.
I'll double check my counterparties are using it
Element X works kind of nice, but yeah, I am missing a better UX overall on desktop and anywhere outside Element X for matrix.
For me it is the best option though. Open source, decentralised, and I get to guard my own key to messages.
Apps… not great but usable. To me, my daily use tool. What do you pick for secure private chatting? nostr:npub1qny3tkh0acurzla8x3zy4nhrjz5zd8l9sy9jys09umwng00manysew95gx
Deltachat is interesting.
its Openpgp and not Signal encryption.
so no perfect forward secrecy
but e2ee chats over email?!
Not Another Protocol™ ?
and its extremely easy to spin of an email server
so you can have your selfhosted strong encrypted messages and hide metadata without dealing with Simplex relays and usability.
I’ve been using simplex for some time and I’m very happy with it. Has tradeoffs? Yes. But also way better privacy
Signal without phone number would also be something to consider for better UX
I thought they open sourced keet, no?
Session.
So freaking usable. No PFS but it's Anon so good enough. At least it works.
nostr:nprofile1qqsqfjg4mth7uwp307nng3z2em3ep2pxnljczzezg8j7dhf58ha7ejgpzemhxue69uhhyetvv9ujuurjd9kkzmpwdejhgqgewaehxw309aek2mnyd96zumn0wdnxcctjv5hxxmmdqyv8wumn8ghj7urjv4kkjatd9ec8y6tdv9kzumn9wsz3yzjv you are damn it right. People out there want to keep it simple, reliable and functional.
Easy. Give them what they want in a profitable way.
It really isn't a honeypot. You are just trying to spread FUD to make yourself feel smarter than everyone else.
Signal is not a privacy app. Look at all the permissions required : https://play.google.com/store/apps/details?id=org.thoughtcrime.securesms&hl=en-US
Signal = complete honeypot.
Simplex doesn't even require a phone number.
I'm also looking into whitenoise.
Keet.io is not a honeypot
I'll be able to recommend them as soon as they become open source.
Your page is probably different than mine because I can't see a list.
How many people have been arrested because they participated in this "honey pot?"
Seems that people forget what encryption means. I don't love that it is hosted on aws but does it really matter that much?
Elon using the AWS outage to FUD signal is poor form
you're wrong
https://blog.jauhar.dev/blog/2025/07/30/x3dh-making-sense-of-signals-key-exchange/
how many security checks did you make with your contacts?🤡
