SimplifiedPrivacy.com Podcast on Nostr: Privacy Ranked: I’m going to rank these least private to most, and explain why on ...
Privacy Ranked:
I’m going to rank these least private to most, and explain why on each step.
Discord
Why: Discord is as bad as it gets. It's not only completely unencrypted, but they maliciously sell your data and have such huge restrictions on VPN IPs and SMS VoIP verification.
SMS
Why: It’s going naked over the phone lines, but isn't heavily sold in such a rotten way as Discord.
VoIP
Why: VoIP is just as horrible as SMS, but separates your real physical location from the cell tower
Telegram
Why: Unlike VoIP, it does have end-to-end encryption, but only on mobile. And with weak encryption that they made up, that hasn’t been properly reviewed [Source: Madaidans of Whonix]
Signal
Why: Telegram has no metadata protection, while as Signal has sealed sender. Signal’s encryption is stronger and more thoroughly peer reviewed. Also Signal has a good legal track record and isn’t strict on crypto VoIP burners like Telegram. Having phone numbers isn't that big a deal if I paid $1 of crypto for a random VoIP burner in Cambodia without restrictions on Tor. Btw, my Signal # is Cambodian: +855 68 504 905
Matrix
Why: Tucker Carlson’s Signal was hacked. Also, academic papers have shown Signal’s sealed sender has flaws. If you self-host Matrix, that's much more control than trusting Amazon's AWS, which is a CIA contractor. Many open source projects use Matrix rooms.
Session
Why: Most Matrix users use Matrix.org which is Cloudflare with Gmail verifying the emails. Setting up a Matrix server is more expensive and complex than just opening Session and hitting "create account". Session’s onion routing, non-location based DNS, and decentralization is stronger than Matrix's Cloudflare-dominated network.
SimpleX
Why: Session lacks (by default) rotating keys and multiple identities. You can manually rotate keys using your blockchain name, and manually get multiple accounts at once via enabling it on Linux, but most won’t want to do this just to avoid government domain names (which most SimpleX users use). Session is better for censorship of servers, SimpleX is better for end users being invisible.
Self-hosted Tor XMPP
Why: SimpleX is hiding from servers, but if you control the server, that’s stronger. Even a self-hosted SimpleX server only picks half the conversation. Also, XMPP has a longer proven track record, which is more eyes on the code. Now if you DON'T self-host XMPP, it's way up on the list next to Matrix.
Self-hosted Tor XMPP w/ OTR
Why: OTR nukes the conversation when it’s done. It literally destroys the encryption keys. Game over bro.
Conclusion:
Anything is better than Discord. Now, let's play a game, pick a communication method I did not mention, and you tell me where you think it should rank on the list. Then, we'll discuss.
Published at
2024-07-06 00:16:24Event JSON
{
"id": "b9203daff28bd7e211060e1829260ad55adb534a61ed37446b6734f2ea976fda",
"pubkey": "ac3f6afe17593f61810513dac9a1e544e87b9ce91b27d37b88ec58fbaa9014aa",
"created_at": 1720224984,
"kind": 1,
"tags": [],
"content": "Privacy Ranked:\n\nI’m going to rank these least private to most, and explain why on each step.\n\nDiscord\nWhy: Discord is as bad as it gets. It's not only completely unencrypted, but they maliciously sell your data and have such huge restrictions on VPN IPs and SMS VoIP verification.\n\nSMS\nWhy: It’s going naked over the phone lines, but isn't heavily sold in such a rotten way as Discord.\n\nVoIP\nWhy: VoIP is just as horrible as SMS, but separates your real physical location from the cell tower\n\nTelegram\nWhy: Unlike VoIP, it does have end-to-end encryption, but only on mobile. And with weak encryption that they made up, that hasn’t been properly reviewed [Source: Madaidans of Whonix]\n\nSignal\nWhy: Telegram has no metadata protection, while as Signal has sealed sender. Signal’s encryption is stronger and more thoroughly peer reviewed. Also Signal has a good legal track record and isn’t strict on crypto VoIP burners like Telegram. Having phone numbers isn't that big a deal if I paid $1 of crypto for a random VoIP burner in Cambodia without restrictions on Tor. Btw, my Signal # is Cambodian: +855 68 504 905\n\nMatrix\nWhy: Tucker Carlson’s Signal was hacked. Also, academic papers have shown Signal’s sealed sender has flaws. If you self-host Matrix, that's much more control than trusting Amazon's AWS, which is a CIA contractor. Many open source projects use Matrix rooms.\n\nSession\nWhy: Most Matrix users use Matrix.org which is Cloudflare with Gmail verifying the emails. Setting up a Matrix server is more expensive and complex than just opening Session and hitting \"create account\". Session’s onion routing, non-location based DNS, and decentralization is stronger than Matrix's Cloudflare-dominated network.\n\nSimpleX\nWhy: Session lacks (by default) rotating keys and multiple identities. You can manually rotate keys using your blockchain name, and manually get multiple accounts at once via enabling it on Linux, but most won’t want to do this just to avoid government domain names (which most SimpleX users use). Session is better for censorship of servers, SimpleX is better for end users being invisible.\n\nSelf-hosted Tor XMPP\nWhy: SimpleX is hiding from servers, but if you control the server, that’s stronger. Even a self-hosted SimpleX server only picks half the conversation. Also, XMPP has a longer proven track record, which is more eyes on the code. Now if you DON'T self-host XMPP, it's way up on the list next to Matrix.\n\nSelf-hosted Tor XMPP w/ OTR\nWhy: OTR nukes the conversation when it’s done. It literally destroys the encryption keys. Game over bro.\n\nConclusion:\nAnything is better than Discord. Now, let's play a game, pick a communication method I did not mention, and you tell me where you think it should rank on the list. Then, we'll discuss.\n",
"sig": "9863c16bdf9675606cbd3c58088eea507bebaace3dd3bc84828360745b270651f2011c99606304232fd6f3eec6775ae133aa6f84e892579018b3721d25c18031"
}