That’s not really a big deal since the session encryption was insecure anyway. It feels almost like a honeypot after they've removed forward secrecy. If you’re looking for a decentralized alternative SimpleX Chat is a more secure option.
That’s not really a big deal since the session encryption was insecure anyway. It feels almost like a honeypot after they've removed forward secrecy. If you’re looking for a decentralized alternative SimpleX Chat is a more secure option.
My issue with SimpleX is that the company is in the UK, and it's developed in the UK under UK law. https://simplex.chat/transparency/
Considering how fiercely anti-encryption the UK is/has become (because "only child molesters care about encryption!"), this is sadly reason enough for me not to trust it.
Do I believe they have a backdoor in their software? No.
But if the UK passes a law demanding they introduce one...
Or the mature and robust XMPP + OMEMO.
The problem with XMPP is that most clients use an outdated and insecure implementation of OMEMO. This includes popular clients such as Conversations and Gajim. Currently only Profanity and Kaidan use the latest version and you must always assume that the encryption has been secretly downgraded because the other person is using an insecure client. I highly recommend Soatek's blog post on this topic. https://soatok.blog/2024/08/04/against-xmppomemo/
I do not understand the security implications of this "Invisible Salamanders" post, but I would prefer XMPP even without any end-to-end encryption over a walled garden like Signal or Session.
Does that blogger discuss metadata, at all? I'm not saying the stuff pointed out in various non-Signal tools isn't valid, but I don't see any discussions on the dangers of metadata.