privacy

357 readers

1 users here now

Rules (WIP)

No ad hominem allowed
Attack the idea, not the poster

founded 1 year ago

MODERATORS

[email protected]

Meredith Whittaker - President of Signal Foundation. July 3, 2023 (qu.ax)

submitted 6 months ago by [email protected] to c/[email protected]

11 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] [email protected] 1 points 6 months ago* (last edited 6 months ago) (1 children)

Don't use Signal, use Session. A Monero based p2p net

https://getsession.org/download

80% of information is in metadata. What we want is to prevent opponents from even knowing that we communicate or what tools and protocolls we use.

[–] [email protected] 1 points 6 months ago (1 children)

Yeah, no. Rather use SimpleX or Threema.

[–] [email protected] 0 points 6 months ago* (last edited 6 months ago) (1 children)

SimpleX:

users place a degree of trust in servers. This trust decision is very similar to a user's choice of email provider;

Threema: trust in servers + creates digital ID + requires Android 5.0

[–] [email protected] 2 points 6 months ago* (last edited 6 months ago) (1 children)

please explain how session is different, because from my limited understanding, if you want to contact someone you need some kind of reference or 'ID'

why also do you differentiate 'trust in servers' from what you do in session?

to me, you're using a bunch of buzz words and phrases that have no real technical grounding. if i'm wrong please elaborate

if you're going to promote a service you should be offering up that information freely, otherwise no one will take you seriously. DYOR doesnt work in this scenario because its your initiative. this is aimed at you and @[email protected]

[–] [email protected] 2 points 6 months ago* (last edited 6 months ago) (2 children)

Sure. First I'm not promoting any project. Test and play and report your findings.

if you want to contact someone you need some kind of reference or ‘ID’

Thats the general problem of key exchange, unavoidable. You have to meet in person or establish trust any other way. Snail mail, key signin, etc. A good protocoll lets you create as many ID's as you wish and doesn't tie that to your phone or google ID. Like SimpleX supports GrapheneOS and linux.

why also do you differentiate ‘trust in servers’ from what you do in session?

Trust is not a dirty word. I do trust SimpleX servers, for example, say 75% and trust is needed in any case, whatever you do. You, for example don't trust me blindly. Thats good.

Session is different, incentivized not by FIAT and the p2p net is not run by the developers but 1959 miners. Latest whitepaper states it is PoW with a PoS overlay. I would say less than 100 peers should not be called a p2p network, not resilient enough. P2P is superior because metadata analysis is harder for an attacker. Particl's secure messaging protocoll is another good example. Using RingCT is the key here.

I offered my time and had a quick look at the code. Almost all of the crypto code is 1:1 from monero-core. That convinced me. I also like the idea to monitor the health of the network using a blockexplorer

TL;DR You can use the same tech as Monero not to send money, but also to send messages.

[–] [email protected] 3 points 6 months ago

Don’t use Signal, use Session

If you dont mean to promote one project over another, then i would suggest being more careful with what you write.

Thanks for the brief elaboration

[–] [email protected] 2 points 6 months ago (1 children)

As I understand it, the Monero based tech will be dropped for Ethereum based? https://getsession.org/blog/upgrading-to-session-network

[–] [email protected] 1 points 6 months ago

Looks like it. The 2000 staking nodes are maintaining a tor/i2p network with secure messaging built-in. That seems to be the idea. (if the whitepaper still holds) Thats is too bad.