But wait – it gets much, much worse
As I was finishing up the above post, I noticed something a little strange in the code – something I’d glossed over earlier. There are a ton of references to what looks to be functions related to Google’s #Firestore database.
Man, this is great. I’ll admit that after leaving Reddit I was starting to miss the petty arguing about semantics. It’s great to see Lemmy picking up the slack!
Eh, I disagree. A little convenient security is not as good as full inconvenient security. Governments and corporations everywhere are glad that there are many people who share your opinion, though - and a very many people do agree with you, as you point out in your comment about PGP.
Just to be clear, I didn’t mean to accuse you of ignorance about leaking metadata. I was expressing greater value of it than you do; metadata is a tool of oppression and exploitation, and companies like Signal minimize its impact in order to support their business model. Private messaging, to me, means privacy; not partial privacy. Not privacy of some things. It’s why it’s important to secure DNS queries. Google absolutely exploits DNS metadata from 8.8.8.8 queries - a perfect analog to Signal’s collection of phone numbers and routing. Who you talk to is extremely valuable metadata, metadata which is not private under Signal. So, again, I disagree with you that simplicity trumps metadata privacy in declaring a “gold standard” privacy protocol.
For SimpleX, the key is the statement “individuals with known identities.” If you publish your identity publically on your web page, and your friend does too, yeah. Attackers can tell you two are communicating. The difference from Signal is that, with SimpleX you can not publish your identity. You can also easily create new (unpublished) identities, and use a different one for each friend. With Signal, you have no option other than buying burner phones and having your friends all reconnect every time you get a new phone. And knowing what I do of the telecom industry, burner phones - while improving privacy - are not immune to a committed attacker such as a government.
You’re right that Jami has flaws; I won’t begin to try to defend them, although it still has better metadata protection than Signal.
It’s a false equivalency to claim that because a protocol is not perfect, that it’s no better than an even less perfect protocol. I might as well claim that because Signal isn’t perfect, it’s no better than SMS.
Maybe I should be asking: why do you believe that a system that requires users to expose their identities and route centrally unencryptable metadata through a central server is sufficient? Does it not concern you that, because Signal (the company) effectively shut down the use of third h party servers, giving them full access to all of this metadata? Why do they deserve the label “gold standard” - purely as a result of their popularity?
SimpleX is my current favorite, but I won’t suggest that it’s easy to use. It needs one missing feature (multi-device channel sharing) and some usability enhancements. It could also benefit from easier ID rotation to enhance its already quite good anonymity protection. But the core protocol is the most solid of the existing options, and it works well. And for people who are at risk, and truly need security - e.g. political dissidents - including privacy of metadata, I would recommend putting up with little inconveniences, and not cut corners on privacy.