The following is a cross-post from my mastodon thread
In the wake of metas enshitiffication I have seen people recommend Signal and Matrix as private open source alternatives to meta products. In the following thread I will outline how if your goal is software freedom anti surveillance and anti censorship the best option for direct and group messaging is neither Signal nor Matrix but instead the up and coming https://simplex.chat/
Signal is centralised meaning its vulnerable to censorship it almost got backdoored by uks online safety bill and that bill still has a damocles sword clause hanging over signal. Signal is also not anonymous, your account is linked to you through your phone number, if your contacts are compromised then your conversations can easily be linked back to you and your contacts all be correlated. In contrast simplex is like having "a burner phone for every contact" meaning even if one contact is correlated you have no consistent identity that can be compromised by default. Also simplex has a custom onion routing protocol to hide your ip from relay servers by default and it makes it very easy to connect over tor if simplex is blocked in your country im pretty sure signal doesnt do that. Matrix has been floated as potentially being a decentralised and e2ee open source alternative to Signal, but Signal shares one massive pro with SimpleX which is that both have post quantum encryption meaning that quantum computers that many researchers say are a few short years away from being able to decrypt all historical data that is encrypted using classical techniques ie not post-quantum encryption - such as the private messages you are sending across matrix today Afaik Matrix currently has no plans to add post quantum (PQ) encryption today and previously they were relying on it being implemented in MLS a standard that Matrix has been trying to adapt to their decentralised framework for years with stagnant process. Whats more afaict the motion to add PQ to MLS quietly expired and wasn't renewed so it's likely not coming any time soon. SimpleX has PQ on top of their classical encryption implemented and working today and you can download the app and have PQ rn (the additional classical encryption is insurance in case it turns out PQ has some classical attack vector, hybrid encryption is recommended by sec researchers at this stage) In conclusion both Signal and SimpleX are PQ unlike matrix but SimpleX and Matrix are decentralised and less vulnerable to censorship than Signal, while only SimpleX supports Tor connections and protects ur IP with or without Tor, and has no persistent unique identifier creating a "burner phone for every contact" scenario where compromised contacts cant necessarily be used to correlate ur other contacts/groups simply by looking at ur phone number/username in those groups
Heres some evidence and argumentation to support building post quantum encryption now, state and capital are hoovering up encrypted data rn to decrypt for profit as soon as it becomes cheap enough to do so with quantum computers https://www.youtube.com/watch?v=-UrdExQW0cs
And here's the best explainer of SimpleX on youtube, sorry about the racist thumbnail the guys a right winger but his knowledge on OPSEC is valuable. If you don't know why the thumbnail is racist search "Terry Davis glow in dark" (the search results for which I have to give a racist slur cw for but theres no slurs in this video) https://www.youtube.com/watch?v=0cRu98XSap0
...what? How do you figure? Signal has attempted to be censored several times but you can just switch relays.
...how do you suppose that works?
Blocking the server is not even the most effective way it can be restricted. If a country wants to gimp Signal, it can ban their cell carriers from delivering the confirmation codes. Or, on the contrary, if US wanted to restrict sanctioned countries, they could prohibit Signal from interacting with the country's range of phone numbers.
Yes, you could rent numbers of another country to avoid that. But while pretty much everyone can figure out how to bypass website censorship, phone rentals are much more of a roadblock, especially if your payment method is sanctioned and thus you have to use crypto or workarounds. Not to mention that the number being temporary introduces a permanent security hole, and if it is not temporary - it's an extra expense, which may be noticeable for poor people.
On a similar note - the issue I take with Signal in this regard is the fact that the stock app only allows their own censorship bypass proxy. Why not just arbitrary Socks?? Sure, you can use a whole-device VPN, but for a lot of people this is inconvenient (like if the free VPN is very slow), so a proxy for a background connection is much better. Thankfully, Molly addresses this.
There is a signal legal entity that can fail and take out all of signal which is less true with matrix since there are multiple client and server implementations the only thing a government can achieve by breaking a single entity is disrupt governance
That's true but they didn't say anything about that.
Because the architecture is centralized, a law can target signal. Currently signal is hosted in the United States, a law United States writes could take it down
Signal is hosted on cloud infrastructure around the world.
I doubt this cloud infrastructure would be able to disobey the main organization's orders or go on without it if said organization is told to shit down.
There are plenty of potential alternatives in such a wild scenario.
Haha, Ulrich I noticed you on several threads the past few days correcting misinformation, thank you for your service.