ContactDiscoveryService
DISCONTINUED
simplex-chat
Our great sponsors
ContactDiscoveryService | simplex-chat | |
---|---|---|
70 | 247 | |
270 | 5,172 | |
- | 5.6% | |
0.0 | 9.9 | |
11 months ago | about 15 hours ago | |
C | Haskell | |
GNU Affero General Public License v3.0 | GNU Affero General Public License v3.0 |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
ContactDiscoveryService
-
7 Best Open-Source Alternatives To WhatsApp In 2023
[1] https://signal.org/blog/private-contact-discovery/
-
WhatsApp data leak: 500M user records for sale
Signal uses SGX for remote attestation, which presumably lets the client verify that the code running on the server is a build of the OSS code and not a modified version. But I don't know the details or if this is reliable.
SGX and remote attestation described here:
- Elon on Signal
- Absolutely Insane "Feature"
-
Twilio Incident: What Signal Users Need to Know
Signal (or, more accurately, one of its predecessors) used to use client-side private set intersection for contact discovery, but this scales poorly [1].
Now they use a solution based on Intel SGX and server-side trusted computing [2].
-
New Intel chips won't play Blu-ray disks due to SGX deprecation
* dynamic HSM (https://github.com/intel/ehsm)
* machine learning in tandem with GPUs https://azure.microsoft.com/en-us/blog/azure-confidential-co...
* autonomous key management (https://docs.oasis.dev/general/oasis-network/overview#privac...)
* signal contact discovery (https://signal.org/blog/private-contact-discovery/)
Many of these will also work with next-gen enclave tech (mainly in the direction of total VM encryption), but those aren’t as secure as SGX yet, so SGX has continued utility to applications beyond DRM.
-
Messaging apps that don’t access contacts?
You’re looking for a solution where the problem actually doesn’t exist. At least not in Signal’s case. My advice is that instead of installing yet another fringe application nobody uses, and ending up actually or even potentially losing your privacy, do some light reading about how Signal handles contacts and contact discovery. Skimming through their FAQ might suffice.
-
Is anyone here using Signal?
You are mistaking privacy for an absolute. Signal makes your conversations private. While it uses your phone number for registration, you can choose who to give it to just as you would your phone number. They have also gone to great lengths, far more than other providers, to protect your contacts
-
Why Not Signal?
We should make a distinction between the server tampering with message content and message metadata. Message content is protected by well-scrutinized and auditable client code. However, there's nothing stopping a malicious server from logging a bunch of extra metadata on top of what they claim to log, which would be very interesting for nation states. And the extra-metadata scenario is the one being criticized, I think.
If you trust Intel SGX (or other secure enclaves) it is theoretically possible for the server to attest to the client that a particular hash of code is running. (Typically the reverse process is used, to attest to a server that a client is running whatever DRM code the company wants.)
Signal already uses SGX to implement contact search [1]. The actual algorithm is performed in plaintext in the enclave.
Now, you might counter that SGX is full of holes, and I would agree with you.
-
SimpleX Chat - the first chat platform that is 100% private by design - it has no access to your connections graph - now as mobile apps!
Signal [doesn't hold your connection graph and can cryptographically verify that it is not shared](https://signal.org/blog/private-contact-discovery/). What is the improvement over that approach?
simplex-chat
-
What are your favorite End-to-End encrypted tools for online privacy?
For messaging I'm currently on Olvid (E2E with physical key exchange) but since it still use their servers, I'm currently testing SimpleX where I can host my own servers.
- Launching Default End-to-End Encryption on Messenger
-
Apple Confirms Governments Using Push Notifications to Surveil Users
Notice how SimpleX (https://simplex.chat/) has no push notifications by default because of this issue.
- Possible today in Signal? Disable link preview
-
U.K. Abandons, for Now, Legislation That Would Have Banned End-to-End Encryption
If you have a mobile phone number, the domestic intelligence agency knows exactly where you are at all times and any LEO (without a warrant) can also find you. In addition, there have been numerous CCC presentations showing how insecure the global (excluding US) and (separately) US carriers are guilty of promiscuous metadata trafficking ($$) and insecure SS7 setups. As a consequence, for low $, you can go to any one of several shady websites and find the last location of almost any phone number (person unique ID) globally. There are additional varying exploitable vulnerabilities depending on the exact combination of {handset x carrier x country} to impersonate them, tap their line, reveal their exact location, and redirect their phone number through a third-party handset or even a PBX. These are more expensive and some capabilities are forbidden for all but a few selective intelligence uses.
Session (Signal fork) doesn't use phone numbers. It's pretty well-designed overall and uses an onion routing approach. It's already a superset of Signal except it doesn't use phone numbers. https://getsession.org
Also look interesting:
* (unproven) https://www.olvid.io/technology
* (unproven) https://simplex.chat
PS: Using regular TOR on home broadband or cloud servers is relatively risky and inefficient. Sybil attacks on it are common. And to network operators and security agencies it gives an easy "flow tag" of your uplink and exit node data traffic as automatically suspicious.
- The first messenger without user IDs
-
SimpleX – private messaging platform without user identifiers
Ah well… tried to install the CLI client from source (https://github.com/simplex-chat/simplex-chat/blob/stable/doc...), installed the Haskell compiler GHC v9, the Haskell package manager Cabal, `cabal update` went fine, no problem until `cabal install`:
cabal: Could not resolve dependencies:
The instructions say install GHC 8.10.7.
https://github.com/simplex-chat/simplex-chat/blob/stable/doc...
I suggest running
ghcup install ghc 8.10.7
-
What are Signal alternatives that don't require a phone number?
Simplex
What are some alternatives?
Element - A glossy Matrix collaboration client for the web.
session-android - A private messenger for Android.
nostr - a truly censorship-resistant alternative to Twitter that has a chance of working
Signal-Android - Fork from a private messenger for Android with extra options added: full backup and (partial, ony text) xml backup of messages. Restore can happen at any time, not only after a fresh install. Import SMS database. Import of (unencrypted) WhatsApp databases. Removed apk expire. Choose between passphrase protection and the Android screenlock. Choice for the backup location (internal or removable storage on Android < 11 (on 11 and higher this is already possible)). Set the maptype in the place picker. Option to treat view-once media as normal media. Option to ignore remote deletion. Choose between FCM or websocket notification delivery.
termpair - View and control terminals from your browser with end-to-end encryption đź”’
Signal-Server - Server supporting the Signal Private Messenger applications on Android, Desktop, and iOS
Signal-iOS - A private messenger for iOS.
whatsapp-viewer - Small tool to display chats from the Android msgstore.db database (crypt12)
simplexmq - ⚙️ SimpleXMQ - A reference implementation of the SimpleX Messaging Protocol for simplex queues over public networks.
status-mobile - a free (libre) open source, mobile OS for Ethereum
imessage - A Matrix-iMessage puppeting bridge
paper-research-privacy-matrix.org - Privacy research on Matrix.org