the author literally picked random projects from github tagged as matrix, without considering their prevalence or whether they are actually maintained etc.
if you actually look at % of impacted clients, it’s tiny.
meanwhile, it is very unclear that any sidechannel attack on a libolm based client is practical over the network (which is why we didn’t fix this years ago). After all, the limited primitives are commented on in the readme and https://github.com/matrix-org/olm/issues/3 since day 1.
That is exactly what it says. They knew about security issues in their library and didn’t fix them for years. This isn’t being ignorant, this is negligence.
I do, use Signal if you care about privacy. They are the only game in town when it comes to reasonably secure chat software. Sure, I would prefer a federated alternative but I haven’t found one yet that is always end-to-end encrypted, open source, implements forward secrecy, and is user friendly enough to be used by my grandmother.
SimpleX is cool, but fails the “my grandmother can use it” requirement. Signal has the huge benefit that is just as easy as WhatsApp. With Simplex you have to invite each of your friends individually.
With Signal you just have to install the App and make an account to start chatting with your friends and family. SimpleX requires me to send a link or QR code to everybody I want to interact with. You will have a hard time convincing anyone to do that. Compare that to the first Twitter exodus, people chose Bluesky over Mastodon because picking a server was ‘difficult’. The average person doesn’t care about technology at all and will always pick the path of least resistance.
True which is why WhatsApp, Facebook Messenger and Telegram still reign supreme. Don’t forget that its a minute for each person I want to contact, why bother if I already have the phone number of everybody I know. SimpleX targets a different market than the previously mentioned Messengers, and that’s OK, but it also means its a no-go for anyone outside that market. Signal on the other hand is targeting the same market and thus is a viable alternative and for that reason I could convince my friends and family including my grandmother to use it instead.
Don’t use Matrix the devs knew about sidechannel vulnerabilities and ignored them for years. This is peak negligence and should immediately disqualify you from touching anything security related.
From your link.
That is exactly what it says. They knew about security issues in their library and didn’t fix them for years. This isn’t being ignorant, this is negligence.
You do not have a solution.
I do, use Signal if you care about privacy. They are the only game in town when it comes to reasonably secure chat software. Sure, I would prefer a federated alternative but I haven’t found one yet that is always end-to-end encrypted, open source, implements forward secrecy, and is user friendly enough to be used by my grandmother.
SimpleX is better, you don’t even need a phone number.
SimpleX is cool, but fails the “my grandmother can use it” requirement. Signal has the huge benefit that is just as easy as WhatsApp. With Simplex you have to invite each of your friends individually.
Scan a QR isn’t difficult, there are also tantum links
With Signal you just have to install the App and make an account to start chatting with your friends and family. SimpleX requires me to send a link or QR code to everybody I want to interact with. You will have a hard time convincing anyone to do that. Compare that to the first Twitter exodus, people chose Bluesky over Mastodon because picking a server was ‘difficult’. The average person doesn’t care about technology at all and will always pick the path of least resistance.
It require literally a minute, also creating an account isn’t a thing people like to do.
True which is why WhatsApp, Facebook Messenger and Telegram still reign supreme. Don’t forget that its a minute for each person I want to contact, why bother if I already have the phone number of everybody I know. SimpleX targets a different market than the previously mentioned Messengers, and that’s OK, but it also means its a no-go for anyone outside that market. Signal on the other hand is targeting the same market and thus is a viable alternative and for that reason I could convince my friends and family including my grandmother to use it instead.
Thanks