How do we know there isn't a backdoor in signal already? #cybersec
Discussion
We don't. That's why I don't use it.
We are all worried about backdoors, but then ignore the frontdoor (keyboard, screen touches, screen capturing)
What can we use? Simplex?
Nostr with NIP-17. I control my relays and my client.
Running SimpleX on their servers is not that different than running Signal.
and in the end is not different then running nostr nip-17 from a privacy perspective (?)
No, because you can move your messages to new clients and new relays. You can't do that with SimpleX or Signal because 1 they don't have a lot of other options and 2 you already told everyone which server you are using. You would have to restart all chats when changing servers, which would be similar to having to use a new nostr key Everytime you switch a server.
thanks, very useful! Will study nip-17.
About "using everytime a new key" is, in some way, great for private messages because it consent forward secrecy and in the context of nostr it could be useful to hide who is my chat peer/when I sent messages.
How about use nostr npubs/nsecs just for discoverability and then exchange an secret on every message used to derive a new key for the next message (a new npub where deliver the event, specifically). At this point, only a network analisys from relays could try assemble the puzzle.
If I rotate relays over tor at this point theres perfect privacy (the only leak is the first event to "request" the private chat).
If the messages use E2EE from a trusted protocol, what's the problem?
Both servers can track when you connect to them. Even if the messages are encrypted, they know when and from where you are sending them.
Nostr relays can also track. But the cost of migrating to a new relay is a lot easier than to migrate all your chats to new SimpleX or Signal servers.