Lynda

This is a good article. A lot of other apps have the same problem. I think it is important that apps have a security threat matrix.

Many people don't realize what is really private, and what isn't. As in a phone conversation, it isn't known what you are talking about, but who you are talking with is known. Is that the full definition of privacy? No. People also don't full understand how metadata can be collected and used. Many people don't understand the risk of a server being hacked. If a server can be blocked/censored, I would imagine a server be spoofed is plausible too.

Many people hear "secure" or E2EE. But they do not realize that applies to the transmission of your message. That doesn't mean it is stored on your device encrypted and secure, nor does it mean stored on someone's else device is encrypted and secure. Some say it isn't necessary because if your device is compromised, then so would any app security. But I doubt those same people leave their password database unencrypted.

Status is something I'm trying to better understand. It solves the P2P problem of offline messages, but I haven't tried the mobile version to measure battery consumption. I would assume the battery usage is better because Status doesn't require to be constantly online.

I think there needs to be a mind set change for these types of apps. The big shift is to refer to these apps/platforms as decentralized/distributed. Decentralization/distributed includes messaging + currency + websites. Status is also built with Ethereum. So if they have the technology already built, it would seem logical a lot of these apps/platforms are going to include similar crypto/blockchain features. And if you don't like the dapps and wallet, you can disable the features in the app. So far I haven't seen a downside.

I didn't like Briar because it isn't cross platform. I didn't like Jami because the configuration is confusing and the UI on Linux is not good. Tox has issues, but I'm over Tor. It is simple...and very fast...even over Tor. Status.im is another to take a look at. They may have solved the offline issues. Like I've said, there still a lot of room for a new generation of messengers.

Tox is well implemented, but we need something that can handle messages when a recipient is offline, and something that won't consume a lot of energy on a mobile device. Regardless of what options we have today, we need to push for the next gen of P2P, not accept less.

You can run your own Session server, if you stake it. But Session is about relaying messages, so its not an exclusive server. And because a node is staked, I'm skeptical where Lokinet/Oxen is going (sounds like there's eventually going to be a business model somewhere in there).

I think the future needs to go towards something serverless. P2P has its drawbacks (offline messages and battery usage). Server based communication has dependence on someone else's infrastructure. Blockchain might be a solution, combined with either something like Signal Secret Sender, Whisper, or Tor/Lokinet/I2P/relay. Not sure...but I believe it can be a lot better than what we have.

Matrix and XMPP is just not streamlined enough for mass adoption like Signal is. If Signal removes the phone number requirement, that will be HUGE. But keep in mind, Signal could easily be blocked.

I hope they eventually become multi-platform, and good support.

I wonder how much longer until governments require corporations to Know Your Customer, especially if they offer crypto.

Skip Signal, skip Matrix, go independent, go P2P.

I think it would be nice to have a consumer focused document covering:

• Product risks.
• Roadmap of where we want to go.
• Feature implementation matrix of where we want to go.
• I would also like to know the challenges to what we want (feasibility? pros/cons?)

In addition: I don't want to depend on servers.
I don't want the risk of self hosting a server. I don't want a server that can be blocked. I don't want to trust client/server code. I don't want people/admins to know who I am talking to. I don't want people/admins to know where I'm talking from. I don't want admins to know about groups, the subject, or the members. I don't want to depend on an organization that can be controlled by government or ideology. I don't want to depend on anything that can be shutdown.

Status and Session seem to be the next evolution (though still not perfect).

How much of the ad targeting is data collected from only Safari versus other apps (including Apple Apps and non-Apple)?

If it is just Safari, then the ad targeting is similar to other ad-enabled browsers (simply stop using Safari). However, if Apple is using data from maps, messages, photos, device scanning, etc, then that is much, much, much worse.

I think it took me a few weeks and building karma to be accepted.

I don't use it because it's Android only, which greatly limits communications.

Berty.tech might become an alternative to some of Briar's features.

Session/Status don't need a central server either (decentralized and distributed).

The question I have is how much is something decentralized/distributed and how peer discovery works. Ideally everyone would be a client/server (like bittorrent and I2P).