Skip to content

securitybrahh/secure-messaging

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

28 Commits
 
 
 
 
 
 

Repository files navigation

https://proton.me/support/encryption-lock-meaning

https://dev.gajim.org/gajim/gajim/-/merge_requests/995

Normal calls are encrypted as PSTN is outdated.

jmp.chat calls are encrypted for all I know.

RCS/imessage maybe encrypted, depends on client implementations and the future.

Simplex uses a lot of client RAM.

servers only relay on SimpleX afaik. so a relay won't cost much to a cloud provider, and can be done on "good will"

VC shit - get money coz you have distribution, no biz model.

fear-mongering privacy narrative pushing donations?

https://x.com/kaepora/status/1811454454232694847

dumb servers, Wise clients.

https://github.com/simplex-chat/simplex-chat/blob/stable/docs/rfcs/2024-04-26-commercial-model.md

https://github.com/simplex-chat/simplex-chat/blob/stable/blog/20240814-simplex-chat-vision-funding-v6-private-routing-new-user-experience.md

Secure Messaging

software is free speech, lobbying for privacy is what it takes it seems.

so it was nostr after all?

https://signal.org/docs/specifications/doubleratchet/#recovery-from-compromise

xmpp or matrix? not really. but signal maybe, but how to do tg topics & groups?

HOW does even signal EARNS?? How will SimplexChat earn??? <I don't endorse or like simplexChat rn but may change in the future>

signal was given a 50$ mil loan by Brian Acton for some reason.

donations from ppl because "its bankrupting", recent desktop bug fiasco shown that its not!

Simplex plan to make a "stamp" (not a coin), users will be able to donate to 3rd party hosters wirh legally binding / build verifiable directly.

XMPP?

https://web.archive.org/web/20211215132539/https://infosec-handbook.eu/articles/xmpp-aitm/

TL;DR

  • Server-side parties (e.g., administrators, attackers, law enforcement) can transparently modify, log, and monitor nearly everything when communicating via XMPP---independent of end-to-end encryption. "Transparently" means your XMPP client doesn't learn about these server-side actions; showing no warnings in most cases.
  • Contrary to claims, law enforcement can easily detect and block XMPP traffic. Furthermore, many XMPP servers are physically centralized, hosted by a small number of hosting companies.
  • Federation, decentralization, encryption, and "use Tor" don't solve these issues as XMPP processes data in cleartext and produces tons of metadata.

Matrix?

https://telegra.ph/why-not-matrix-08-07

Matrix linked Amdocs found tapping South African cell phones - https://archive.ph/iFJ0n

Matrix Metadata Leaks? - https://web.archive.org/web/20210202175947/https://serpentsec.1337.cx/matrix

XMPP?

I feel pgp >> s/meme or omemo

pgp relies on curcle of trust, And I think that's what we should rely on.

https://notes.valdikss.org.ru/jabber.ru-mitm/

session??

Wahahah

adding a coin to a messaging protocol is a joke + lokinet is a joke.

TG groups but e2ee?

matrix spaces come close, there is a discord open source alternative but feels dubious.

A security analysis comparison between Signal, WhatsApp and Telegram - https://eprint.iacr.org/2023/071.pdf

Tor Lvl Shit?

Also good for LAN messaging.

https://code.briarproject.org/briar/briar/-/wikis/Mailbox-Architecture

Others

https://divestos.org/pages/messengers

https://eylenburg.github.io/im_comparison.htm

Appendix A

whatsapp/tg people use to serve clients (frontend), slack for backend team

About

xmpp or matrix? not really. but signal maybe, but how to do tg topics & groups?

Topics

Resources

License

Stars

Watchers

Forks