Yenn dc ☂️

Hi Fediusers~

Anyone around knows about Zerion (@zerionchat)?
https://zerion.chat

Chat/IM application via Tor.

I've just recently been pointed to it. On a first, admittedly shallow look, it really looks pretty good.
… I'd say a little too good, tbh; even if it could be just paranoia speaking.

I'm pretty ok with giving it some chance (… and looking deeper), but since that's going to take me a good while, if anyone's actually used it or knows it better — comments are very much appreciated, whether experiences, points to check first, or whatevers. ^^

#Fediquestion #Chat #Tor #Messaging #Privacy #Zerion

Zerion — Private Messaging Over Tor

End-to-end encrypted messenger with no phone number, no servers, and full Tor integration. Post-quantum cryptography. Available on Google Play and F-Droid.

Zerion
Jun 7 at 3:20pmWeb
Show threadjandi3d ago

@yenndc They don't mention anything about LLM use in development, but that speed is a huge tell. I'd prefer if they mentioned it outright.

I wouldn't use vibe-coded or "sparkling new" apps for security or privacy purposes, but that's me... maybe they pull it off, who knows?

Show threadzerionchat3d ago

@jandi @yenndc you can check our code, and we will be audited soon at Trail of Bits.

We didnt use AI for coding, but for security checks and bugs.

And you correct most of the coders using AI i dont see the problem there.

Show threadYenn dc ☂️2d ago

@jandi

Hm, that could be an issue, yeah. :/
Thanks for noting it.

I don't see the usual "agent" files on the repository, at least, which is a plus.

Some of the ‘speed’ could be simply from leveraging the Briar project to do the heavy lifting, as well; the core idea is the same, and Briar has been around much longer.
Customizing it ought to be significantly easier (and safer) than building it for scratch.

Still speculating somewhat tho; haven't taken a look at the actual code. 😅

Show threadzerionchat1d ago

@jandi @yenndc

We added a article about LLM

https://zerion.chat/blog/llm-use-in-zerion.html

On LLM Use in Zerion Development

How Zerion uses large language models — security audits and bug detection. What they are not used for: cryptographic primitives, key management, or wire-protocol logic.

Show threadzerionchat3d ago

@yenndc we hope you like it.

Its open source and a semi fork of briar, but wr used only the bramble protocol and gived a full PQ with tripple rachet.

We are a small team of security experts without doing any marketing our code talks the quality.

And we still in development.

Show threadYenn dc ☂️2d ago

@zerionchat

It does indeed look good; it's just, well, first time hearing about new tools on delicate topics, it's bound to raise an eyebrow or two. ;3

Looking at the code would, of course, be ideal; but since I doubt I'll have the time for it anytime soon (nvm actually understanding it), an "informal check" is a simple approximation for now.
(And actual users' experience is always welcome.)

Also need to take a closer look at Briar; at minimum to get a clear idea of the different use cases or threat model.

Ah well. Thankfully I have little hurry.

Good to hear about the upcoming audit at any rate. ^^
And good luck~

Show threadzerionchat2d ago

@yenndc

Thanks for taking the time to look at it. 🙂

Your caution is completely understandable. Privacy tools should be questioned and verified, not blindly trusted.

We’re still improving Zerion, and hopefully the upcoming audit will provide a clearer picture.

If you ever get the chance to test it or compare it with Briar, we’d love to hear your thoughts.

Thanks again for the support.