Escape VelocityFeb 2
Watching all the "how to better secure your Signal" graphics come out this week has made me really wish we were all using SimpleX for this shit.
Show threadπŸŒ±πŸ΄β€πŸ…°οΈπŸ³οΈβ€βš§οΈπŸ§πŸ”§πŸ“Ž Ambiyelp

@escape_velocity

Thank you for being the only other person I see on my feed talking about simplex its refreshing

Imo its the gold standard in private anonymous group messaging. Better than Signal, briar, cwtch, deltachat, meshtastic.

All of them have some benefit over simples whether it be signals ease of use and stability, briars ability to share the binary over bluetooth, cwtch's simple in-app gui for self hosting, deltachat's interoperability with email, or meshtastics resilience in mesh networks.

But only simplex has no profile ids, quantum resistant encryption, advanced invite/multi profile management, as well as being decentralized

I think that especially anarchists and activists should seek this level of privacy because compromised contacts can have their conversations with you be corroborated to show you are the same person when you have a static id even if its a random string

Since I don't get to talk to people who use simplex much I should mention why I dont talk to the people in public simplex rooms: it skews far right because the creator is a trans hating[1] climate denier with a bunch of other right wing beliefs I cant remember, you know the usual.

That being said the developers have very little control over what happens on even their own servers: they can disable invite links they dont like but not rooms (invites can easily be regenerated), they can remove file links that get reported but not messages, (files are deleted after 48h anyway bc its a relay network they cant delete it when group members have it cached) and if either of these are hosted on another simplex server since its decentralised they cant do anything

except ig the nuclear option to totally cut connection to stop their own users connecting to users on that other server. but simplex is fairly simple to self host, we should be moving away from the official servers anyway

[1]
https://x.com/epoberezkin/status/1881832239186759841

#Simplex #FLOSS #E2EE #PSA #Privacy #Anonymity #QuantumResistantEncryption #Transgender #Climate #ClimateDenier #Signal #Briar #Cwtch #DeltaChat #Meshtastic

Evgeny (@epoberezkin) on X

@JamesEsses It is not just ideology. It is promotion of the chemical castration and mutilation to the children – the UK government should prohibit these horrific experiments. cc @reformparty_uk @RupertLowe10 please raise this issue in the parliament.

X (formerly Twitter)
Feb 2 at 10:28amWeb
Show threadProfile13115Feb 2
@ambiguous_yelp @escape_velocity we should think about forking before the new group monetization features get implemented: https://simplex.chat/vouchers/
SimpleX Community Vouchers

Show threadπŸŒ±πŸ΄β€πŸ…°οΈπŸ³οΈβ€βš§οΈπŸ§πŸ”§πŸ“Ž AmbiyelpFeb 2

@fredy_pferdi

Servers will always be able to charge for access at least this way it will be anonymous. even if you use a different client the simplex servers arent just going to let you sent traffic to them if they want you to pay, the bigger issue here is promoting more free to use servers and encouraging more people to self host to spread the costs (also should be mentioned that free limits aren't going away such as the file size limit of 1GB and delivery window of 48h those will remain free but they want you to pay for more) group size concerns me more but no one can make them provide server bandwidth for free

Heres a tutorial for self hosting over tor which is supported out of the box

http://opbible7nans45sg33cbyeiwqmlp5fu7lklu6jd6f3mivrjeqadco5yd.onion/opsec/anonsimplex-server/

#FLOSS #E2EE #PSA #Privacy #Anonymity #SimpleX #Tor #SelfHosting

Show threadProfile13115Feb 2
@ambiguous_yelp Some communities lack the capability to do so and have a thread model where it rather makes sense to use more public servers but I'm aware that this can be a solution for certain usecases.
Show threadπŸŒ±πŸ΄β€πŸ…°οΈπŸ³οΈβ€βš§οΈπŸ§πŸ”§πŸ“Ž AmbiyelpFeb 2

@fredy_pferdi

I do hope a competing public server infrastructure emerges that aims to survive purely on donations (like matrix.org or signal) but like I said if they want to charge for access that's a social problem not a technical one, forks wont fix it

#FLOSS #E2EE #PSA #Privacy #Anonymity #SimpleX #Matrix #Signal

Show threadProfile13115Feb 2

@ambiguous_yelp A fork can bring trust back tho. I understand that people do not feel like switching from one chat that is built by the reaction to another one built by a reactionary. Not everybody makes those decisions on a purely technical basis. I understand and really appreciate the simplex architecture but this Is a real social problem I'm facing that prevents adoption in certain circles.

As you said it is a social question not a technical one.

Show threadπŸŒ±πŸ΄β€πŸ…°οΈπŸ³οΈβ€βš§οΈπŸ§πŸ”§πŸ“Ž AmbiyelpFeb 2

@fredy_pferdi

I do agree it should be forked for this exact reason bringing back trust

I believe that the environment evgeny has cultivated is deeply exclusionary and is hampering their own development efforts, maybe they wouldn't need to charge for access if they weren't so hateful that they drove away so many people who would contribute for free

#FLOSS #E2EE #PSA #Privacy #Anonymity #SimpleX

Show threadProfile13115Feb 2

@ambiguous_yelp To me Evgeny seems politically and ideologically really confused. Its sad how much the insecurities of one man can hold back progress.

P.S Evgeny if you read this I hope you start questioning your view and experiences you had with the so called left and stop sucking Trump cock, fascists do not act in your interest!

Show threadπŸŒ±πŸ΄β€πŸ…°οΈπŸ³οΈβ€βš§οΈπŸ§πŸ”§πŸ“Ž AmbiyelpFeb 2

@fredy_pferdi Simplex has an official mastodon you could mention lol. I'm all for political rehabilitation but I dont think theres anything he can do or say that would ever make it appropriate for him to continue holding the power he has again

Also sucking cock isn't an insult its a normal part of human experience, its a livelihood an expression of love and an amoral pleasure

#FLOSS #E2EE #PSA #Privacy #Anonymity #Simplex #SexPositivity #SexNegativity

Show threadProfile13115Feb 2
@ambiguous_yelp haha you are right with sucking ofc (edit: I'm vulgar in a really dumb way and I'm sorry, but It happens, I'm not proud of it) <3 but I did not tag him intentionally and I generally agree with the rehabilitation but I think If a person ACTUALLY changed then it can be considered but this is another discussion.
Show threadrefraction Feb 2
@ambiguous_yelp @escape_velocity aside from people not wanting to use fashware, decentralization necessarily comes with certain compromises that advocates tend to not want to acknowledge because they elevate decentralization not as a solution to a problem but a value by itself.
Show threadπŸŒ±πŸ΄β€πŸ…°οΈπŸ³οΈβ€βš§οΈπŸ§πŸ”§πŸ“Ž AmbiyelpFeb 2

@elexia

I'm going to assume a couple of criticisms you might have of decentralized networks that I have heard people give before but its quite possible I wont cover all your concerns, or ascribe a concern you don't have. I do think all of this is worth discussing from an anarchist perspective though

Decentralization is generally good because it prevents the accumulation of power which as an anarchist I like. No one should be an authority on how people get to communicate. When you already have a moderation position over a network that's different because you have an implied duty to protect the space.

As an anarchist I don't like the notion that decentralized solutions that give the individual maximum power should be disfavoured due to misuse because it implies the existence of some authority that can be trusted to better manage a network and tell people what they are and aren't allowed to say. As much as I believe some people are better at that job than others its against what I stand for to say that *only* certain people should be allowed to and that people like me should decide who those people are.

In a network like simplex there are moderated spaces but similar to mastodon moderation is something that the individual opts into by choosing which spaces to join so I can't really call it a suppression of the individual

As far as people should be held accountable for what they say, it is up to the individual how anonymous they should want to be online, nothing about simplex for example precludes you from associating your analog identity and doing so could provide more authenticity and accountability to what you do and say there but precisely because the individual will always be less powerful than the collective and because humans don't have a good track record for oppressing minority groups anonymity and decentralization should always be an option

#FLOSS #E2EE #Anarchism #PSA #Privacy #Anonymity

Show threadrefraction Feb 2

@ambiguous_yelp you're making points that would be relevant to someone that still operates on a liberal framework of thought. we're anarchists. a properly E2E encrypted chat cannot be moderated anyway. signal for example doesn't know who you're talking to and what your saying and thus can neither moderate the contents nor give that information to the state. that's a good thing. we need to keep the state out of our private conversations.

our concerns are about the technical limitations of decentralized software. the thing about a service like signal is that unless they compromise one of the end points (in which case you're screwed regardless of your chat solution) an outside actor cannot tell who you're talking to when or even narrow it down. there's no way to construct a social graph. how does this fashware solution mitigate mapping of social graphs if it actually is highly decentralized? that is people don't just use a few large servers as usually happens with "decentralized" services, but are on their own small servers by themselves or with only a handful of users. that's one of the actual hard problems for decentralized chat software that we haven't yet seen a good solution to.

Show threadπŸŒ±πŸ΄β€πŸ…°οΈπŸ³οΈβ€βš§οΈπŸ§πŸ”§πŸ“Ž AmbiyelpFeb 2

@elexia

Signal can be subpoeanad they have offices, a tor simplex node cant even be identified. If simplex having popularly used infrastructure is a problem then the problem with Signal is even more foundational not even allowing other servers to operate.

Even if simplex (the org)'s servers are subpoenad there is IP obfuscation turned on by default which means unless you specifcally turn that off, and youre not using a vpn, simplex the org's servers being compromised can't deanonymise you directly like signals servers could

So I disagree with the point that decentralized networks dont add additional security, signal can tell what your phone number is, when your last connection to the server was and what IP you connected from, that can be enough to narrow down an investigation, or even get your identity through the phone number. simplex nodes don't know any of those things because its not possible to construct any kind of user profile even for these limited metadata

#FLOSS #E2EE #PSA #Privacy #Anonymity #SimpleX #Signal #VPN #Tor

Show threadπŸŒ±πŸ΄β€πŸ…°οΈπŸ³οΈβ€βš§οΈπŸ§πŸ”§πŸ“Ž AmbiyelpFeb 2

@elexia

And the reason its not possible is because for every chat or dm you join a new queue is created with new keys, so your subscription to one queue is not any indicator of your subscription to any other, and your IP is obsfuscated either using the default ip obfuscation or by connecting to tor servers (an opt in setting in the gui)

#FLOSS #E2EE #PSA #Privacy #Anonymity #SimpleX #Tor

Show threadπŸŒ±πŸ΄β€πŸ…°οΈπŸ³οΈβ€βš§οΈπŸ§πŸ”§πŸ“Ž AmbiyelpFeb 2

@elexia

Also multiple compromised contacts or infiltrators in spaces can corroborate your identity in semi private signal groups by just looking at your username: then signal can put a phone number and IP to that username. Nothing like that is possible with SimpleX unless of course you deanonymise yourself always important to mention that.

#FLOSS #E2EE #PSA #Privacy #Anonymity #SimpleX #Signal

Show threadrefraction Feb 2
@ambiguous_yelp yes, signal can be subpoenaed and they are, often. they also are very public about that. the only data they have is the phone number used for setup and the last time you connected to the server and that's all they can give no matter what kind of data authorities try to demand. since they can't tell who you talked to or what you sent that isn't really very helpful for investigations because they can't really connect a particular conversation to you unless they compromise an end point.
Show threadπŸŒ±πŸ΄β€πŸ…°οΈπŸ³οΈβ€βš§οΈπŸ§πŸ”§πŸ“Ž AmbiyelpFeb 2

@elexia

Yes they have comparatively little data compared to other messengers but I talked about this, phone numbers and connection logs can be dangerous, and simplex doesn't store either

Just being in a public group chat or using an E2EE messenger is something that it reasonable to want to hide in certain circumstances.

Also what is there to lose in being slightly more resilient to compromised end points such as an infiltrator in a semi private group.

A concrete example would be an ICE sightings report group for a local area, you want as many people to be able to join as possible and at the same time you want to keep your contributors as anonymous as possible

Show threadEscape VelocityFeb 2
@elexia @ambiguous_yelp These are good points, and it's good to bring them up in any conversation about decentralization.

I have noticed that Reticulum addresses the specific problem of small server de-anonymization by forgoing the notion of servers entirely. It relies on no authority (centralized or decentralized) to administer any kind of addressing space, instead allowing every node on the network to self-sign a globally unique identity claim and announce itself across its network. What do you think about that approach?
Show threadrefraction Feb 2
@escape_velocity @ambiguous_yelp honestly we don't have the ability to scrutinize their implementation that much ourselves and have to lean on more knowledgeable beings for analysis cause this is very technical and the specifics very much matter.
Show threadEscape VelocityFeb 2
@elexia @ambiguous_yelp valid!
Show threadMilkπŸ₯›Feb 4
@ambiguous_yelp @escape_velocity #deltachat Π»ΡƒΡ‡ΡˆΠ΅.
Show threadπŸŒ±πŸ΄β€πŸ…°οΈπŸ³οΈβ€βš§οΈπŸ§πŸ”§πŸ“Ž AmbiyelpFeb 5

@Milk31 @escape_velocity

It has no quantum resistant encryption to protect against Store Now Decrypt Later attacks

#FLOSS #E2EE #PSA #Privacy #SimpleX #DeltaChat #QuantumResistantEncryption

Show threadMilkπŸ₯›Feb 5
@ambiguous_yelp @escape_velocity ΠΏΠΎΠΊΠ° Ρ‡Ρ‚ΠΎ.
Show threadπŸŒ±πŸ΄β€πŸ…°οΈπŸ³οΈβ€βš§οΈπŸ§πŸ”§πŸ“Ž AmbiyelpFeb 5

@Milk31

Well I'm using what's best *for now* most users and even devs don't seem to consider Store Now Decrypt Later as a threat even when I talk to them about it so I'm sticking with the messenger that is safest.

#FLOSS #E2EE #PSA #Privacy #SimpleX #QuantumResistantEncryption