cwtch vs simpleX-chat ? #520
Labels
No Label
android
arch
backlog
blocked-on-external
bug
bugbash
component/bindings
component/bine
component/connectivity
component/cwtch
component/tapir
component/ui
cwtch-1.14
cwtch-1.15
cwtch-beta-1.1
cwtch-beta-1.10
cwtch-beta-1.11
cwtch-beta-1.12
cwtch-beta-1.13
cwtch-beta-1.2
cwtch-beta-1.3
cwtch-beta-1.4
cwtch-beta-1.5
cwtch-beta-1.5.x
cwtch-beta-1.6
cwtch-beta-1.7
cwtch-beta-1.8
cwtch-beta-1.9
design
duplicate
enhancement
flutter
funding-needed
help wanted
hybrid-groups
in-nightly
in-progress
invalid
ios
linux
mac
need-replication-or-investigation
ops
packaging
post-stable
question
questionable
requires-more-effort-than-we-can-spare
rust
scheduled
stable-blocker
tails
testing-needed
tests
tor
waiting-on-fix-confirmation
waiting-on-new-flutter-feature
whonix
windows
wontfix
No Milestone
No project
No Assignees
2 Participants
Notifications
Due Date
No due date set.
Dependencies
No dependencies set.
Reference: cwtch.im/cwtch-ui#520
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Hi, just stumbled upon "the first messaging platform that has no user identifiers (not even random numbers)". The latest version allows to bootstrap to Tor in order to connect to their server.
https://www.reddit.com/r/selfhosted/comments/wjcyt8/simplex_chat_the_first_messaging_platform_that/
https://github.com/simplex-chat/simplex-chat#readme
On the first link (Reddit) the dev compares it to cwtch.
What would you guys' take be on his comparison to cwtch and on the app itself?
In an earlier thread they made some claims about cwtch and v3 onion services that were simply wrong: https://www.reddit.com/r/selfhosted/comments/s2hil6/comment/hsp09it/?utm_source=reddit&utm_medium=web2x&context=3
I'm glad to see that they have corrected some of their misunderstandings, but they appear to have many more.
The quote "The fundamental difference of SimpleX design is that we are always trying to avoid having meta-data instead of figuring out how to protect it" is one of those "not even wrong" kind of statements.
There is always metadata in a system, because communication requires information transfer. There are only 3 known ways to make protocol surveillance resistant:
SimpleX appears to planning "none of the above" (they readily admit in your linked thread that their system isn't secure right now, but they plan to make it stronger in the future - "dual server address", "message mixing" and "using separate tcp addresses per queue to prevent any server-level correlation of the traffic" none of which are effective mitigations against metadata attacks on their own or combined)
the literature is long and full of bad protocols.
thx for the feedback.
For some reason i missed the earlier reddit thread you linked me to. I see that the dev left you a reply and an invite to discuss it further. Maybe their latest update with their new claims might be an occasion to do just that for the benefit for the general public ? The dev is willing to do so, he just stated on the Reddit thread, and he also addressed your observations at the same time.