• LWD@lemm.ee
    link
    fedilink
    arrow-up
    8
    ·
    1 year ago

    Its biggest struggles are

    1. Large group message synchronization
    2. Identifying people across rooms, including people who aren’t using incognito profiles and want you to find them
    3. Reliance on the relay servers that either are official, or are the ones you choose (I think) – if you use a “compromised” relay you could perhaps pull other people’s IP addresses.

    I’m not so sure about #2, and even less sure about #3. If anybody can “debunk” either, I’m interested

    • Joe Bidet@lemmy.ml
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      also now that i think of it:

      1. there is now a discovery mechanism of some sort… but otherwise it’s a feature and not a bug that you can only identify people whom you had an initial exchange with. much preferable than something that Signal that without asking (and without opting out?) will by default access all your contacts and match them through the use of a strong selector (phone number) also:
      2. i think with the minimal knowledge the server has of its users (and the no-identity concept) this really limits risk. Also it means that for the most tight of security models, one can use their own server (which is not feasible with most other chat protocols)

      so all in all: go simplex! :)

      • LWD@lemm.ee
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        For 3, I think you’re right, but I want to assume someone spins up a malicious server for the purposes of gathering IP addresses, creates an identity that routes through that server, and then picks a target. Would it be possible, at that point, for them to gather their target’s IP address at some point?

        For 2, I mean it’s difficult to identify the same person across multiple chats. For example, let’s say your only communication with someone is through simplex. if you DM them, and then you join a group when they are present, there is nothing easily identifying them is the same person. This is the case even if they use the same public facing username in both instances.

        (Upon looking, it seems you can set a nickname for a user and it will persist across rooms, and it looks like the QR code is also the same across rooms, but the first one is a bit tedious, and the second one is worse.)