▲ | johnisgood a day ago | |||||||||||||||||||||||||
> obfuscate that with transports. Such as obfs4, I presume. I read about RACE just now, seems interesting: - https://github.com/tst-race/race-quickstart?tab=readme-ov-fi... - https://github.com/tst-race/race-destini Have you heard about it, or have you used it before? > Cwtch doesn't let you send messages when the recipient is offline by virtue of how it works, which is more secure, but inconvenient. I agree. How much more secure is that? In the case of Ricochet, this only applies to friend requests. You have to be online to be able to receive friend requests, which I am fine with. | ||||||||||||||||||||||||||
▲ | maqp 18 hours ago | parent | next [-] | |||||||||||||||||||||||||
>How much more secure is that? It's much more secure wrt metadata. There is no third party server that's able to amass metadata about the two users conversing. SimpleX doesn't hide your IP-address from the server, and given that there's exactly two parent companies hosting ALL of the official servers, it's not too hard for Akamai or https://runonflux.com/ or anyone who compromises their OOBM systems to perform end-to-end correlation between two users. https://discuss.privacyguides.net/t/simplex-vs-cwtch-who-is-... has a lot of discussion about Simplex vs Cwtch. | ||||||||||||||||||||||||||
| ||||||||||||||||||||||||||
▲ | heavyset_go 19 hours ago | parent | prev [-] | |||||||||||||||||||||||||
> Such as obfs4, I presume. Yep, but the author of obfs4 says not to use it, there are more modern transports with less flaws. At the end of the day, the transport lists are public, but sharded, so it's truly just obfuscation no matter what transport protocol you use. Someone observing your connection with the resources to map out transport relays can tell if you're using Tor. > Have you heard about it, or have you used it before? I haven't, but it looks interesting. It seems they're doing a similar mixnet approach to SimpleX. > I agree. How much more secure is that? If you don't to rely on a third party to queue and relay your messages when your recipient comes online, it's one less party that you're sharing information with. I also believe it opens you up to Tor correlation attacks, like what happened with Ricochet. Maybe an overlay mixnet can add some further obfuscation, as with SimpleX and RACE, but I assume those overlays are vulnerable to correlation attacks, as well. | ||||||||||||||||||||||||||
|