Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/securitybrahh/secure-messaging

xmpp or matrix? not really. but signal maybe, but how to do tg topics & groups?
https://github.com/securitybrahh/secure-messaging

e2ee matrix metadata server-admin sysadmin telegram xmpp

Last synced: about 1 month ago
JSON representation

xmpp or matrix? not really. but signal maybe, but how to do tg topics & groups?

Host: GitHub
URL: https://github.com/securitybrahh/secure-messaging
Owner: securitybrahh
License: gpl-3.0
Created: 2024-07-11T19:04:08.000Z (7 months ago)
Default Branch: main
Last Pushed: 2024-11-26T15:01:23.000Z (about 2 months ago)
Last Synced: 2024-11-26T16:19:49.721Z (about 2 months ago)
Topics: e2ee, matrix, metadata, server-admin, sysadmin, telegram, xmpp
Homepage: https://bowtiedanon.com/setup/
Size: 6.28 MB
Stars: 0
Watchers: 2
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

https://proton.me/support/encryption-lock-meaning

https://dev.gajim.org/gajim/gajim/-/merge_requests/995

Normal calls are encrypted as PSTN is outdated.

jmp.chat calls are encrypted for all I know.

RCS/imessage maybe encrypted, depends on client implementations and the future.

Simplex uses a lot of client RAM.

servers only relay on SimpleX afaik. so a relay won't cost much to a cloud provider, and can be done on "good will"

VC shit - get money coz you have distribution, no biz model.

fear-mongering privacy narrative pushing donations?

https://x.com/kaepora/status/1811454454232694847

dumb servers, Wise clients.

https://github.com/simplex-chat/simplex-chat/blob/stable/docs/rfcs/2024-04-26-commercial-model.md

https://github.com/simplex-chat/simplex-chat/blob/stable/blog/20240814-simplex-chat-vision-funding-v6-private-routing-new-user-experience.md

# Secure Messaging

software is free speech, [lobbyin](https://x.com/SimpleXChat/status/1808068417162805302)[g](https://simplex.chat/blog/20240704-future-of-privacy-enforcing-privacy-standards.html) for privacy is what it takes it seems.

so it was nostr after all?

https://signal.org/docs/specifications/doubleratchet/#recovery-from-compromise

xmpp or matrix? not [really](https://web.archive.org/web/20211215132539/https://infosec-handbook.eu/articles/xmpp-aitm/). but [signal](https://signal.org/blog/signal-private-group-system/) maybe, but how to do tg topics & groups?

HOW does even signal EARNS?? How will [SimplexCha](https://github.com/simplex-chat/simplex-chat/blob/stable/docs/SIMPLEX.md#users-own-simplex-network)[t](https://github.com/simplex-chat/simplexmq/blob/stable/protocol/overview-tjr.md#threat-model) earn???

signal was given a 50$ mil loan by [Brian Acton](https://en.m.wikipedia.org/wiki/Signal_Foundation#Signal_Messenger_LLC) for some reason.

donations from ppl because "its bankrupting", recent desktop bug fiasco shown that its not!

Simplex plan to make a "stamp" (not a coin), users will be able to donate to 3rd party hosters wirh legally binding / build verifiable directly.

## XMPP?

https://web.archive.org/web/20211215132539/https://infosec-handbook.eu/articles/xmpp-aitm/

> **TL;DR**

> * Server-side parties (e.g., administrators, attackers, law enforcement) can transparently modify, log, and monitor nearly everything when communicating via XMPP---independent of end-to-end encryption. "Transparently" means your XMPP client doesn't learn about these server-side actions; showing no warnings in most cases.
> * Contrary to claims, law enforcement can easily detect and block XMPP traffic. Furthermore, many XMPP servers are physically centralized, hosted by a small number of hosting companies.
> * Federation, decentralization, encryption, and "use Tor" don't solve these issues as XMPP processes data in cleartext and produces tons of metadata.

## Matrix?

https://telegra.ph/why-not-matrix-08-07

Matrix linked Amdocs found tapping South African cell phones - https://archive.ph/iFJ0n

Matrix Metadata Leaks? - https://web.archive.org/web/20210202175947/https://serpentsec.1337.cx/matrix

## XMPP?

I feel pgp >> s/meme or [omemo](https://xmpp.org/extensions/xep-0384.html)

pgp relies on curcle of trust, And I think that's what we should rely on.

https://notes.valdikss.org.ru/jabber.ru-mitm/

**session??**

![Wahahah](/images/hah.gif)

adding a coin to a messaging protocol is a joke + lokinet is a joke.

## TG groups but e2ee?

matrix spaces come close, there is a discord open source alternative but feels dubious.

A security analysis comparison between Signal, WhatsApp and Telegram - https://eprint.iacr.org/2023/071.pdf

## Tor Lvl Shit?

Also good for LAN messaging.

https://code.briarproject.org/briar/briar/-/wikis/Mailbox-Architecture

## Others

https://divestos.org/pages/messengers

https://eylenburg.github.io/im_comparison.htm

## Appendix A

whatsapp/tg people use to serve clients (frontend), slack for backend team