Thanks for reaching out, We've covered this here:
https://simplifiedprivacy.com/degoogledphones/index.html
Also about to post a sweet special on the Pro 9
> Calyx also has a great built in Firewall app to cut off apps from the internet
Datura Firewall is a fancy frontend for the leaky LineageOS network toggles. They don't block indirect network access like the GrapheneOS network permission toggles. Can be bypassed by apps using DownloadManager. It also has other features it claims to provide which it can't.
We could have an endless debate about theoretical hardware backdors, but what I wrote above can be proven.
AI is a nonsense generator.
GrapheneOS and CalyxOS are very different. GrapheneOS is a hardened OS with substantial privacy/security improvements:
https://grapheneos.org/features
CalyxOS is not a hardened OS. It greatly reduces security vs. AOSP via added attack surface, rolled back security and slow patches.
Compatibility with Android apps is also much different. GrapheneOS provides their sandboxed Google Play compatibility layer:
https://grapheneos.org/usage#sandboxed-google-play
Can run vast majority of Play Store apps on GrapheneOS, but not CalyxOS with the far more limited and less secure microG approach.
Https://eylenburg.github.io/android_comparison.htm is a third party comparison between different alternate mobile operating systems. It could include many more privacy/security features but it's a good starting point.
https://privsec.dev/posts/android/choosing-your-android-based-operating-system/ is an article with more long form comparisons between OSes.
AI is a nonsense generator.
GrapheneOS and CalyxOS are very different. GrapheneOS is a hardened OS with substantial privacy/security improvements:
https://grapheneos.org/features
CalyxOS is not a hardened OS. It greatly reduces security vs. AOSP via added attack surface, rolled back security and slow patches.
Compatibility with Android apps is also much different. GrapheneOS provides their sandboxed Google Play compatibility layer:
https://grapheneos.org/usage#sandboxed-google-play
Can run vast majority of Play Store apps on GrapheneOS, but not CalyxOS with the far more limited and less secure microG approach.
Https://eylenburg.github.io/android_comparison.htm is a third party comparison between different alternate mobile operating systems. It could include many more privacy/security features but it's a good starting point.
https://privsec.dev/posts/android/choosing-your-android-based-operating-system/ is an article with more long form comparisons between OSes.
GrapheneOS are the only ones developing a hardened OS. DivestOS is far more similar to GrapheneOS and uses some of their patches, but aims for broader device support by being based on LineageOS. DivestOS removed a lot of the mentions of GrapheneOS and even directly recommending it, due to the libel spread about GrapheneOS' developers. CalyxOS is putting users at risk by pretending to provide features it can't like it's firewall app which is just marketing fluff for the faulty LineageOS network toggles. It's on the same level as Freedom Phone. CalyxOS isn't similar at all and it's a misconception in the privacy-oriented Bitcoin and Monero community that they're making similar things. PureOS is just desktop Linux with a mobile UI. It comes along with all the issues of what it's based on.
Signal does not have access to messages as they are end-to-end encrypted. Signal servers could access metadata (who's talking to who and when) but historically they have a good track record: https://signal.org/bigbrother
Simplex Chat is very popular in the Nostr community; whenever someone posts a note asking which chat app is secure, many people recommend Simplex Chat. We also think Simplex Chat is a great app.
So, many people ask what is the difference between Keychat and Simplex Chat? Is Keychat's security as good as Simplex Chat's? Is it really possible to create a chat app as secure as Simplex Chat on Nostr? Why not just use Simplex Chat? Why reinvent the wheel?
A common misconception in the Nostr community is that Nostr is not suitable for private things.
"Nothing about any of the protocols we’ve developed requires centralization; it’s entirely possible to build a federated Signal Protocol-based messenger, but I no longer believe that it is possible to build a competitive federated messenger at all." — Signal Founder Moxie https://signal.org/blog/the-ecosystem-is-moving%C2%A0
This is because the encryption process is completed on the client side, and relays only pass the encrypted messages.
Keychat and Simplex Chat both use the Signal protocol to encrypt messages, so both meet the following security requirements 1-4:
Anti-Forgery
Anti-Forgery ensures that the sender of a message is verifiable and the message has not been tampered with.
End-to-End Encryption
End-to-end encryption ensures that only the sender and receiver can decrypt and read the message content, protecting it from unauthorized access by servers or other network devices.
Forward Secrecy
Forward secrecy ensures that even if the current key is compromised, historical messages cannot be decrypted, since each message uses a new encryption key, which is deleted after use.
Break-in Recovery
Break-in Recovery ensures that if the current key is compromised, future messages cannot be decrypted, and the system can recover from the attack. This feature is also known as backward secrecy.
Metadata Privacy
Protecting the privacy of communication involves more than just protecting the content of messages; it also includes protecting the identities of the communication parties and other data.
Regarding the fifth point, metadata privacy. The designs of Keychat and Simplex Chat are different.
Simplex’s metadata privacy protection scheme
"Simplex chat is the first messenger without user IDs."
“To deliver messages, instead of user IDs used by all other platforms, SimpleX uses temporary anonymous pairwise identifiers of message queues, separate for each of your connections — there are no long term identifiers.”
“Temporary anonymous pairwise identifiers
SimpleX uses temporary anonymous pairwise addresses and credentials for each user contact or group member.
It allows to deliver messages without user profile identifiers, providing better meta-data privacy than alternatives.”
We can understand this mechanism as, if a Simplex Chat user has 10 friends, they have 10 IDs, using different IDs with different friends?
Keychat’s metadata privacy protection scheme
Current chat applications and email have forgotten that an address is not the same as an ID, treating the ID as the address. Emails and current chat applications send messages as [from: Alice's ID to: Bob's ID]. Regardless of how your geographical address changes, when Alice sends an email to Bob, it’s always [from: Alice's ID to: Bob's ID]. This compromises metadata privacy.
However, letters work differently; they are [from: Alice's current geographical address to: Bob's current geographical address].
Keychat separates the receiving address and sending addresses from the ID, and the receiving address and sending addresses are also different. Keychat messages are [from: Alice's one-time sending address to: Bob's almost one-time receiving address]. This makes it difficult for outsiders and relay administrators to determine who is sending messages to whom.
Which scheme do you think is easier to understand and better protects metadata privacy?
Finally, Keychat also uses ecash sat as a stamp for messages, with relays funded by stamp revenue to sustain operations.
SimpleX also has separate sending and receiving addresses. That's why it's called simplex: https://www.geeksforgeeks.org/transmission-modes-computer-networks/
I love Amethyst, although I'm really excited for Notedeck (Damus) to be released on Android. I managed to build the desktop version a while back and it's great.
YES, YOU
Yep, but this ones claimimg to fight off Pegasus spyware...
On iOS it literally notifies you instantly when there's a system update rather than waiting longer due to staged rollouts. On Android it scans installed apps for known malicious APK hashes. I think you can also send DNS requests through it via VPN service. Not that useful at all and can be achieved for free via other means (Google Play has Play Protect so it does the same thing), definitely not fighting off Pegasus spyware.
It's simply not possible with the way Android and iOS apps work (app sandbox). The author of that article is complaining about the fact that Apple/Google don't give security software special access (so they can't sell their scam as easily). The real attack surface comes from highly privleged EDR software like CrowdStrike (and iVerify if they gkt the access they wanted), not mobile phones.
This is hilarious to read, they're claimimg to have detected Pegasus spyware via a mobile app 🤣 https://iverify.io/blog/why-i-joined-iverify
Discord is rolling out end-to-end encryption,
Do you trust it?
Before you rush to say no,
It's designed and audited by the same auditors that SimpleX uses (Trail of Bits)
So do you trust Trail of Bits to say SimpleX is secure, but not design Discord's encryption?
You know I actually wrote Trail of Bits to ask on pricing to audit my own app (which isn't a messenger btw). They use Gmail, so I used PGP.
The guy at Trail of Bits apologized that he didn't have his PGP key anymore, since he never gets encrypted emails. Aren't you guys supposed to be receiving code to audit or emergency 0-day flaws? That's going naked over Gmail? So he directed me to a web browser app that had third party Google JavaScript and claimed it was end-to-end encrypted. This might be true, but he has no idea what that JavaScript was doing.
So without even looking at the details of Discord's new thing, I can tell you they don't give a rat's ass about privacy. All this is doing is trying to remove legal liability in a post Telegram-legal world. But we can remove legal liability for them, by not using Discord.
Source: https://discord.com/blog/meet-dave-e2ee-for-audio-video
Trail of Bits lost credibility since iVerify: https://xcancel.com/GrapheneOS/status/1828651999300124796
? I loaded the fdroid version of the app around a year ago. #simplex #asknostr #grapheneosSwitch to the simplex.apk (64 bit) GitHub release and keep it updated via Obtainium: https://github.com/ImranR98/Obtainium
If you were using f-droid.org release then you'll need to export database and uninstall the app first as they have different signing key, if you were using app.simplex.chat repo then it's the same and the GitHub release will install over it.
Signal is end-to-end encrypted by default, Telegram only has optional secret chats for 1:1 chats. They can access most of the messages.