cross-posted from: https://beehaw.org/post/20989376
Where Soatok goes over why checklists are meaningless when trying to figure out if something is private or just for comparisons in general.
cross-posted from: https://beehaw.org/post/20989376
Where Soatok goes over why checklists are meaningless when trying to figure out if something is private or just for comparisons in general.
My lithsmus test for a good checklist is how they rate the Brave browser, Telegram, and popular VPNs. All three have marketed themselves as privacy friendly and secure, but all three are absolutely terrible if you do your homework on them. I’ve seen Brave or Telegram in the top tier on so many lists it isn’t even funny
Yeah, more tech and privacy enthusiasts should really look into things before declaring them secure or private. Even those that market themselves as such. Like, a lot of them hark on about SimpleX without really understanding that it’s not a good choice.
deleted by creator
Well, it’s not exactly about privacy. But it does need a lot more time to develop before it is ready for ‘mainstream’ use, right now it’s very niche, they haven’t figured out how to get the same profile on multiple devices, there’s no proper ipad support and because it’s niche only tech people use it and thus I’m not interested in it until the average user can and will use it easily as I like all my friends etc to be on things I use.
Plus it doesn’t have as many audits, as say, signal, so that’s a big hmmm in my book. Yes, it’s not been around as long, so that might not be fair, but it has a lot of things to fix before it’s worth using.
Also, it really needs more ‘fun’ features, like signal has before most average people will use it. I think it also needs to figure out things like calling, especially group, but I cannot remember if that’s still accurate or not.
Oh, also, I remember there was a big concern about funding because they went commercial instead of doing the right thing and starting a foundation or some such.
Okay so its absolute trash at best.
I actually do endorse SimpleX. While it does lack a lot of user features you might enjoy in other messengers, it does do the security/privacy part right. While not having as many auditors as signal, there have been enough to form an opinion. The fact that it is foss in the first place gives an advocate for their transparency. It’s also double ratchet E2E enrypted, comletely anonymous, practices perfect forward secrecy, and even offers Tor proxies; which is more to be said than most messengers.
The only good argument I’ve seen against it is that it isn’t federated or P2P, which is a discussion on the centralization of power rather than a security/privacy issue outright
A big thing they could do to convince more of us is to set up a transparency report like Signal has, so we can see any requests for information or legal orders they get, and their replies.