Back

@joelanman Signal is centralised and was nearly backdoored by the uks online safety bill and saved by signal threatening to walk. Matrix *is decentralised but with no quantum secure e2ee like signal nor its metadata privacy or secret group chats. SimpleX has the best of both worlds and more. more decentralised than matrix. quantum-secure e2ee, metadata privacy, ip protection, tor support, no persistent id basically "a burner phone for every contact" dms need invites so less spam than matrix

@ambiguous_yelp @joelanman This is false and outright FUD. Signal was not "nearly backdoored". Their position has always been that if UK or anyone tried to mandate backdoors they'd be treated like any other rogue state needing circumvention. Centralization is only minimally relevant because the central servers have no access to any information beyond minimal metadata. Any attempt to subvert would have to be via shipping malicious clients, and the clients are all open source and under heavy scrutiny, and there's no mandate to update client until long after there's been time to review/inspect new version.

@dalias @joelanman So Signal is safe because if the UK tries to backdoor it they will withdraw from the UK leaving the vast majority of UK activists that rely on it high and dry? Also you're trusting Signal LLC that theyll stick to their principles and leave entire markets, its a bit naive, SimpleX users don't have to worry about it at all. Yes signals open source and you could check if they added a backdoor, but that wouldnt negate the network effect, how long would it take to remigrate?

@dalias @joelanman If simplex gets backdoored you can just swap the client for a fork and the network ie contacts and usergroups can remain pretty much unchanged because its a trustless decentralised model. You cannot make a decentralised signal bc it has a single point of failure, signals servers. As for signal only collecting "minimal data" I explained in the thread how correlation of contacts is performed and SimpleX protects against this.

@dalias @joelanman I literally know someone whos friends got arrested bc their signal group chat was leaked by the initial arresstee exposing everyone elses phone numbers

@dalias @joelanman Now you're just trusting that a centralised organisation wont leak your phone number when pressured by authorities

@ambiguous_yelp @joelanman Well trusting that they didn't store it. Things will be better when you can finally create account without phone number.

@dalias @joelanman Any form of centralised/unique persistant id can be used to trivially correlate your contacts provided the surveillance apparatus is in place on the backend even if those conversations themselves are encrypted, such surveillance is impossible on simplex bc there are no user ids

@ambiguous_yelp @dalias @joelanman why not cwtch?

@mu @ambiguous_yelp @joelanman Yes why not? Cwtch is what you want but made with a positive mission of consent & personal autonomy rather than a mission of enabling crypto scam planning, hiring hits, CSAM, evading child support, fascist insurrection, etc. like SimpleX.

@dalias @mu @joelanman cwtch is very good I considered it for a time but it does not have PQ encryption only Signal and SimpleX have that so far, and cwtch has persistant unique ids which could be used to correlate your contacts if one of your contacts is compromised

@ambiguous_yelp @dalias @joelanman I guess it depends on your threat modelling. Good to have thought it through, though.

@jenkinse @ambiguous_yelp @joelanman No, they've said it's a hard problem because it's the only throttle they have against DoS levels of account creation.

@dalias @ambiguous_yelp @joelanman

Ok your right they probably phrase it that way, but it seems such a weak excuse to me, when multiple other messaging platforms and social media do fine without phone numbers. So I read this as "don't want to fix, won't fix".

It follows a pattern of excuses and gaslighting users, for example:
Signal: We can't implement Unified Push or Firebase alternatives because it destroys your battery
Users who use said alternatives: Um, no it doesn't
Signal: Yes it does!