15 comments

[ 2.7 ms ] story [ 38.2 ms ] thread
Austria's goverment agreed on spying messengers for the public safety. How does white noise protects itself from getting legally hacked?
Congratulations on the release!

As someone who used to be in the Secure Scuttlebutt community an now works on OpenMLS, I wonder how they (you?) deal with concurrency of Commit messages. I spent quite some time thinking about ways to detect and resolve forks, and the current iteration of MLS doesn't really have good answers here.

> White Noise stands out by merging Nostr’s decentralized network with advanced encryption.

How does White Noise address criticisms surrounding Nostr's implementation[1]:

> While nostr offers the ability to send encrypted DMs to user pubkeys, the metadata of these messages are broadcast publicly via relays. This is the same as a bitcoin transaction being viewable on the public ledger. The contents of the direct message will be encrypted, but other metadata like the sender and recipient can be viewed by anyone.

Even assuming if metadata is encrypted, does WN's implementation broadcast messages across public relays?

If you can map out social networks based on publicly available data, can tell if one user messages another, or correlate when messages were sent to/from whom, I would not call that private.

[1] https://ron.stoner.com/nostr_Security_and_Privacy/

As much as I love the idea of these secure messaging apps, until I see how a company responds to government intimidation I am always wary of being too invested and trustworthy of the marketing.
interesting but still very alpha. It doesn't have any desktop/PC clients yet, but I assume it will?
i admit i havent looked at the app, but i assume is centrally run.

firstly: i think the only way secure p2p messaging can work is if its decentralised. no 3rd parties to communication, how this would be done i have no idea. maybe like email but without the server?

secondly: you'd need to ensure a secure os on each end that you can trust to not take screenshots and send to hq before transmission or after reception.

since its not possible to use the internet without a source ip. its almost provably insecure (in terms of privacy), no matter what protocols are dreamed up. a 3rd party will have to be trusted to distribute packets. and thats the weak point. (unless you force the source IP to be 0.0.0.0 or something before it goes out)

couldnt we just use dns to point to recipients, force zero the source ip and send udp packets directly?

what about pgp through a tor relay?

> i admit i havent looked at the app, but i assume is centrally run.

I don't mean to be rude, but why comment then? Your core premise was incorrect, which could have been resolved within 5 seconds of reading the headings on the page linked.

Wow, Nostr is back in vogue on the all time highs?
title: secure and private terms: we're not responsible
Looks super interesting. I am waiting for the App Store release since TestFlight is full. I like the idea of not requiring a phone number - the only thing makes Signal lose some points in my eyes... well, I guess if the company goes down that might be another reason for open protocols over apps.
Heads up that you have a typo - "Unscensorable"
The file/image storage concept using whats called "Blossom server" needs to be explained publicly somewhere. I don't know anything about this concept of "storing private files on public servers" and it immediately screems at me as unsafe.

I've only been able to find this coverage on the Blossom thing: https://www.nobsbitcoin.com/blossom-intro/