Replying to Avatar brito

You're missing the point: SimpleX is easy to break by governments.

Think for a bit: there is only one realistic way to use SimpleX for normal users and that is through the official app by the original author.

99.9% of those users will open channels on the same servers hosted by the original author.

The original author has received VC funding, large part of it by personalities with a track record of government cooperation. VC-funded companies need to provide return to stockholders, governments tend to pay for access into those apps (e.g. Signal received +30 million per year from the CIA until recently).

Now go back to the first paragraphs: you are using the author app and servers. It is simple to give you a spoofed version of the client app that makes you write in plain text or share those text with some federal agency. It is standard practice to give modified apps to PoI targets like you, and you won't really find the difference.

You should NEVER make it so easy and use the author app nor servers for that exact reason. That is why NOSTR is great, has hundreds of volunteer relays that make difficult to track incoming messages and dozens of different clients to retrieve them that are E2EE without cryptographic doubt.

From an adversarial point of view, NOSTR is 100x more secure than SimpleX. This is obvious to anyone working on that kind of industry.
Avatar
cactus 1y ago

on simplex there are not thousands, but hundreds of unofficial servers. tho you're correct about putting a backdoor into a one mainly-used-by-everyone client is easier, than into a lot of different clients. yet, this has also another side: if the code is open and has only one version, there's more eyes on it than if the eyes are spreaded onto a lot of different clients. it also backslashes: if there's a lot of clients, CIA can make its own — taking its budget into account it will be even easier to make a good looking honeypot than to insert a new backdoor into an already watched app. "just use the serious clients"? yeah let's limit clients to only one trustable, like simplex did.

also, the government funds lots of shit: tor, tails, signal... doesn't mean they're automatically becoming bad apps becos of that (but I bet they hope we think so)

I'm open to change my mind if I'm wrong, so please answer, if you disagree

Reply to this note

Please Login to reply.

Discussion

Avatar
brito 1y ago

There only exist 11 SimpleX servers to choose from, 99% of users are found on those 11 machines.

Where are you reading that exist hundreds? Please show evidence of your claim because even Nostr with a far wider audience and deployments is only between 300 to 700 servers during the day: https://legacy.nostr.watch/

It is an awful approach to have "only one trustable" client. That is what Telegram does, at least learn from that experience. Most of the apps you mention are bad ones because of the funding and origin, reason why they are not really trusted. If you wish, I can detail why but you can also learn about it on your own.