{"id":15146986,"url":"https://github.com/securitybrahh/secure-messaging","last_synced_at":"2026-01-20T20:03:24.305Z","repository":{"id":248011481,"uuid":"827497186","full_name":"securitybrahh/secure-messaging","owner":"securitybrahh","description":"xmpp or matrix? not really. but signal maybe, but how to do tg topics \u0026 groups?","archived":false,"fork":false,"pushed_at":"2025-03-22T06:09:08.000Z","size":6623,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-04-06T22:47:43.496Z","etag":null,"topics":["e2ee","matrix","metadata","server-admin","sysadmin","telegram","xmpp"],"latest_commit_sha":null,"homepage":"https://empiresec.co/securitybrahh/setup/","language":null,"has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/securitybrahh.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-07-11T19:04:08.000Z","updated_at":"2025-03-22T06:09:12.000Z","dependencies_parsed_at":"2024-12-20T11:10:55.027Z","dependency_job_id":"d10319ff-1c67-448d-99c1-fe2706e4fe58","html_url":"https://github.com/securitybrahh/secure-messaging","commit_stats":{"total_commits":22,"total_committers":1,"mean_commits":22.0,"dds":0.0,"last_synced_commit":"30211e2d49e358d518ec5be39129193936b18896"},"previous_names":["securitybrahh/secure-messaging"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/securitybrahh/secure-messaging","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/securitybrahh%2Fsecure-messaging","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/securitybrahh%2Fsecure-messaging/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/securitybrahh%2Fsecure-messaging/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/securitybrahh%2Fsecure-messaging/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/securitybrahh","download_url":"https://codeload.github.com/securitybrahh/secure-messaging/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/securitybrahh%2Fsecure-messaging/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":28612157,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-01-20T18:56:40.769Z","status":"ssl_error","status_checked_at":"2026-01-20T18:54:26.653Z","response_time":117,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["e2ee","matrix","metadata","server-admin","sysadmin","telegram","xmpp"],"created_at":"2024-09-26T12:21:16.407Z","updated_at":"2026-01-20T20:03:24.289Z","avatar_url":"https://github.com/securitybrahh.png","language":null,"readme":"https://soatok.blog/2024/07/31/what-does-it-mean-to-be-a-signal-competitor/\n\nhttps://x.com/securitybrahh/status/1896190092961542194\n\nhttps://proton.me/support/encryption-lock-meaning\n\nhttps://dev.gajim.org/gajim/gajim/-/merge_requests/995\n\nNormal calls are not encrypted as PSTN is outdated.\n\njmp.chat calls are encrypted for the last mile (so it protects you from local attacks)\n\nRCS/imessage maybe encrypted, depends on client implementations and the future.\n\nhttps://9to5mac.com/guides/rcs/\n\nhttps://www.gsma.com/newsroom/article/rcs-encryption-a-leap-towards-secure-and-interoperable-messaging/\n\nSimplex uses a lot of client RAM. \n\nservers only relay on SimpleX afaik. so a relay won't cost much to a cloud provider, and can be done on \"good will\"\n\nVC shit - get money coz you have distribution, no biz model.\n\nfear-mongering privacy narrative pushing donations?\n\nhttps://x.com/kaepora/status/1811454454232694847\n\n\ndumb servers, Wise clients.\n\n\n\nhttps://github.com/simplex-chat/simplex-chat/blob/stable/docs/rfcs/2024-04-26-commercial-model.md\n\nhttps://github.com/simplex-chat/simplex-chat/blob/stable/blog/20240814-simplex-chat-vision-funding-v6-private-routing-new-user-experience.md\n\n# Secure Messaging\n\nsoftware is free speech, [lobbyin](https://x.com/SimpleXChat/status/1808068417162805302)[g](https://simplex.chat/blog/20240704-future-of-privacy-enforcing-privacy-standards.html) for privacy is what it takes it seems.\n\nso it was nostr after all?\n\nhttps://signal.org/docs/specifications/doubleratchet/#recovery-from-compromise\n\nxmpp or matrix? not [really](https://web.archive.org/web/20211215132539/https://infosec-handbook.eu/articles/xmpp-aitm/). but [signal](https://signal.org/blog/signal-private-group-system/) maybe, but how to do tg topics \u0026 groups?\n\nhttps://soatok.blog/2024/08/14/security-issues-in-matrixs-olm-library/\n\nHOW does even signal EARNS?? How will [SimplexCha](https://github.com/simplex-chat/simplex-chat/blob/stable/docs/SIMPLEX.md#users-own-simplex-network)[t](https://github.com/simplex-chat/simplexmq/blob/stable/protocol/overview-tjr.md#threat-model) earn??? \u003cI don't endorse or like simplexChat rn but may change in the future\u003e\n\nsignal was given a 50$ mil loan by [Brian Acton](https://en.m.wikipedia.org/wiki/Signal_Foundation#Signal_Messenger_LLC) for some reason.\n\ndonations from ppl because \"its bankrupting\", recent desktop bug fiasco shown that its not!\n\nSimplex plan to make a \"stamp\" (not a coin), users will be able to donate to 3rd party hosters wirh legally binding / build verifiable directly.\n\n## XMPP?\nhttps://soatok.blog/2025/01/20/session-round-2/\n\n\nhttps://web.archive.org/web/20211215132539/https://infosec-handbook.eu/articles/xmpp-aitm/\n\n\u003e **TL;DR**\n\n\u003e * Server-side parties (e.g., administrators, attackers, law enforcement) can transparently modify, log, and monitor nearly everything when communicating via XMPP---independent of end-to-end encryption. \"Transparently\" means your XMPP client doesn't learn about these server-side actions; showing no warnings in most cases.\n\u003e * Contrary to claims, law enforcement can easily detect and block XMPP traffic. Furthermore, many XMPP servers are physically centralized, hosted by a small number of hosting companies.\n\u003e * Federation, decentralization, encryption, and \"use Tor\" don't solve these issues as XMPP processes data in cleartext and produces tons of metadata.\n\n## Matrix?\n\nhttps://telegra.ph/why-not-matrix-08-07\n\nMatrix linked Amdocs found tapping South African cell phones - https://archive.ph/iFJ0n\n\nMatrix Metadata Leaks? - https://web.archive.org/web/20210202175947/https://serpentsec.1337.cx/matrix\n\n## XMPP?\n\nI feel pgp \u003e\u003e s/meme or [omemo](https://xmpp.org/extensions/xep-0384.html)\n\npgp relies on curcle of trust, And I think that's what we should rely on.\n\nhttps://notes.valdikss.org.ru/jabber.ru-mitm/\n\n**session??**\n\n![Wahahah](/images/hah.gif)\n\nadding a coin to a messaging protocol is a joke + lokinet is a joke.\n\n## TG groups but e2ee?\n\nmatrix spaces come close, there is a discord open source alternative but feels dubious.\n\nA security analysis comparison between Signal, WhatsApp and Telegram - https://eprint.iacr.org/2023/071.pdf\n\n## Tor Lvl Shit?\n\nAlso good for LAN messaging.\n\nhttps://code.briarproject.org/briar/briar/-/wikis/Mailbox-Architecture\n\n\n## Others\n\nhttps://divestos.org/pages/messengers\n\nhttps://eylenburg.github.io/im_comparison.htm\n\n## Appendix A\n\nwhatsapp/tg people use to serve clients (frontend), slack for backend team\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsecuritybrahh%2Fsecure-messaging","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fsecuritybrahh%2Fsecure-messaging","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fsecuritybrahh%2Fsecure-messaging/lists"}