Nostr Web Client

That's a bit of a stretch. The only metadata that it actually "leaks" is the frequency of your messages and your IP if you're not using a VPN. The thing is, a VPN can hide the IP easily, the frequency of messages issue is going to happen with any messenger. With Sealed Sender, metadata isn't a concern unless you dox yourself. And if you do that, then that's on you, not on Signal. And even if you do that, sealed sender still makes it impossible for any snoop to actually see where messages are coming from.

Thing is, even with other messengers like Session or SimpleX, if government authorities are paying attention to multiple contacts in the same circle, they're going to know who is actively sending messages, whether it's through Signal or one of those anonymous messengers.

The only advantage to using an anonymous messenger is to speak anonymously with people you don't know in person. If you're talking to people over the internet and you want to stay completely anonymous, then it has a purpose. It's for the same reason that people say you shouldn't sign into accounts on Tor because it immediately de-anonymizes you unless that account is exclusively used on the Tor network. At the end of the day, using an anonymous messenger to keep in contact with people you actually know in person is not any more secure than using Signal.

And that's without diving into the whole subject of SimpleX being run by a for-profit corporation instead of a non-profit organization, which is concerning in and of itself.

Hanshan 1y ago

I understand that they're encrypting the sender information, but they can still do timing analysis on IP addresses and when messages were sent, because it's all flowing through a central server.

So, OK, it's an overstatement to say that they can see who's messaging who and when, my apologies.

also shitting on a company as being for profit ia dumb. it's a valid data point, but you can't say that therefore they're compromised and less trustworthy.

We could just as easy to criticize signal for having WEF members on their board.

Reply to this note

Please Login to reply.

Discussion

Jacob | Five Eye Tea 1y ago

Sure, but that's a flaw with all messengers, even decentralized ones. The reason I see Session as more secure is because of the onion routing. Thrice encrypted and bounced across the world. SimpleX decentralization isn't conducted that way. It's better than nothing but most of the servers are hosted by the company and seizing those servers would get you a lot more metadata.

Also, yes, them being for-profit is completely relevant and concerning. A for-profit corporation has to maximize profits, meaning they aren't quite as trustworthy to host a privacy service. Meanwhile, a non-profit doesn't have to go wild to maximize profits. They actually directly have a necessary reason to do what they claim they're doing or donations will dry up.