thanks, I think I know that one, but yeah as you said it is not a real security audit and the person itself said so
could you provide some source/link to the SimpleX security audits? I would like to look into it, thanks in advance!
does Briar has security audits you could point to? thanks in advance
does that one has security audits? thanks in advance
yet the reason that "Signal is expensive" https://signal.org/blog/signal-is-expensive/ is because they didn't go for a federated approach, they spend more money just to keep the servers running than resources spent on development
You can always look at their history “complying” to government orders to hand over user data.
IIRC by US law they are not allowed to disclose requests from US gov itself
so live tests seem about as good as a security audit.
I would rather prefer real security audits
Not me, but someone on the signal forums helpfully compiled many of them; there are a lot more than I thought! https://community.signalusers.org/t/wiki-overview-of-third-party-security-audits/13243
ok I read it, these are no real security audits but academic reviews of protocol properties etc.
Matrix isn’t ready for the general public and I’m doubtful it ever will be, so in the meantime Signal is the next best thing.
yeah, it is too complex etc. take a look at https://arcanechat.me/ and https://delta.chat/ (I contribute to these open source projects) they are probably the decentralized messengers that are more on pair with WhatsApp etc. super easy to use, no phone numbers or any private data required
Not me, but someone on the signal forums helpfully compiled many of them
thanks for sharing!
It’s serverless though, right?
no, and in fact the cost of running it is really high because the server infrastructure they need to pay, they even say it themselves "Signal is expensive" https://signal.org/blog/signal-is-expensive/
it would be possible just to fork and use a “European” version of it
in theory yes, in practice no one has done it, and then you should not use Signal but the european fork which will not be compatible/federated with signal
It is a us based non profit that doesn’t store any information about you
still it runs in AWS, Microsoft, etc servers, and as any centralized service policy and interests can change at any time in the future, which would be pretty bad when you have several countries fully depending on them, just look the current situation with whatsapp, you can not be resilient/sovereign like that
has been independently audited like four times.
could you provide source pointing to the security audits?
If what you want is encrypted email, and see it in the form of a chat, take a look at ArcaneChat