Notices by 🌱@ambiguous_yelp:ahimsa.chat (ambiguous_yelp@social.coop)

@dalias @ljrk @khm @sammi @joelanman But we already know mathematically how to use QCs to break classical encryption through factorisation, its just a matter of scale, you just do the same algorithm but with more qubits to factor larger primes, and since qubits are increasing exponentially its not a stretch to say we will pass that threshold evenutally unless some major obstacle is reached in QC development

@dalias @sammi @joelanman no true scotsman fallacy. no true security researcher believes in quantum breaking classical encryption, if you havent seen the veritasium video on Harvest Now Decrypt Later you can also read the wikipedia page https://en.wikipedia.org/wiki/Harvest_now%2C_decrypt_later, at the very least it seems powerful orgs are taking the threat srsly, harvesting encrypted data for decryption and transitioning to PQ as defense https://cloud.google.com/blog/products/identity-security/why-google-now-uses-post-quantum-cryptography-for-internal-comms

@dalias @sammi @joelanman This is really short sighted, the fact is qubits on chip are growing exponentially, its kinda like vram once you have enough once you cross a threshold you can just do calculations you couldnt before, projections show well have enough qubits to break classical encryption anywhere from a couple years away to a couple decades away, unless you can say with confidence there will be some limiting factor this threshold will be reached eventually breaking historical encryption

@dalias @sammi @joelanman im going with what security researchers are saying on this https://www.youtube.com/watch?v=-UrdExQW0cs I am not qualified to say whether or not quantum computers will break classical encryption or not but theyre certainly picking up steam https://www.tomshardware.com/tech-industry/quantum-computing/google-claims-its-new-willow-quantum-chip-can-swiftly-solve-a-problem-that-would-take-a-standard-supercomputer-10-septillion-years

@dalias @sammi @joelanman ive already crafted a reply as to why simplex is better than cwtch, no permanent user ids, and PQ encryption protecting against HNDL attacks

@dalias @sammi @joelanman simplex has PQ encryption cwtch doesnt, making it susceptible to HNDL attacks and cwtch has unique persistent ids whereas simplex doesn't making cwtch vulnerable to contact correlation attacks by comparing your unique id across compromising devices, attacking the developers here is just fud bc the protocol is solid and is not susceptible to censorship or control by evgeny and his friends its literally explicitly designed with that ideological goal

@dalias @sammi @joelanman ok but I think telegram's ceo being arrested cross-border and then radically altering the tos seems to suggest that open source apps arent safe just because theyre based outside the "problem country" what if several countries start blocking signal? I just want an infrastructure that is more resilient to censorship from the start that has built in tor support

@dalias @jenkinse @joelanman no you're missing the point, theres groups and group links, you can then optionally choose to invite a bot (also open source and published implementation) to your room so it can be indexed on whatever directory, that is of course opt in and very intentional process, all simplex relays can see is room links as they point to a queue on the relay.

@sammi @dalias @joelanman Wouldn't it be more robust and pro privacy to support an infrastructure that is resistant to such corruption by being decentralised? Allowing anyone to run a simplex relay means if you distrust one provider you can switch relays without having to migrate all your contacts

@sammi @dalias @joelanman simplex is not feature compatible with signal, but using it makes you more private secure and anonymous, that is all I am saying. If you care about those things then simplex is the best

@sammi @dalias @joelanman @jenkinse Simplex is not 1-1 feature compatible with either signal or matrix, but it is the best choice for privacy and security for the reasons I outlined in the thread. If you need group calls then yeah use signal for that use case, for everything else though? Stick to simplex messaging for enchanced security

@dalias @sammi @joelanman Way to alienate millions of people. I live in uk. If it gets backdoored here then signal is irrelevant and useless to me and all my activist friends

@sammi @dalias @joelanman It was nearly backdoored. There is a damocles sword in the ammended bill that basically says if a judge considers it "technologically feasible" to backdoor signal then they can demand it

@jenkinse @dalias @joelanman the roomlist is organised through a user-bot on-platform, you message that bot asking for the top N rooms or keyword search for a room

@dalias @joelanman Any form of centralised/unique persistant id can be used to trivially correlate your contacts provided the surveillance apparatus is in place on the backend even if those conversations themselves are encrypted, such surveillance is impossible on simplex bc there are no user ids

@dalias @joelanman You're right about one thing the dev team are right wing ass hats, and it does attract right wingers because they can get away with saying the n word, but thats not really an infra critique its like saying theres right wingers on the web, simplex is just a messenger. The dev team control the "official" roomlist and that is a shit roomlist but apart from that they dont really have any structural control on who uses the platform

@dalias @joelanman Now you're just trusting that a centralised organisation wont leak your phone number when pressured by authorities

@dalias @joelanman yes it has https://simplex.chat/blog/20241014-simplex-network-v6-1-security-review-better-calls-user-experience.html

@dalias @joelanman I literally know someone whos friends got arrested bc their signal group chat was leaked by the initial arresstee exposing everyone elses phone numbers

@dalias @joelanman If simplex gets backdoored you can just swap the client for a fork and the network ie contacts and usergroups can remain pretty much unchanged because its a trustless decentralised model. You cannot make a decentralised signal bc it has a single point of failure, signals servers. As for signal only collecting "minimal data" I explained in the thread how correlation of contacts is performed and SimpleX protects against this.