Stop with the bullcrap
acudroit opened this issue · 5 comments
Why? We already have Session claiming that it's a no-metadata application as well but unfortunately that's not possible, I don't see why you all keep claiming that your application doesn't collect metadata or whatever every application literally needs metadata to operate in the first place, a messaging application needs metadata to communicate in the first place with or without Tor - there is no such thing as "no metadata" and why bother promoting your application as if it's just so secure? Tor is part centralized to operate a decentralized network and Tor nodes can be compromised, routing user data through Tor wouldn't mean that it's not possible to compromise your user contacts although it's promised at least implied that their contacts will remain hidden and protected, if you're going to release an application at least be genuine and honest and not cliche and deceptive but you're wasting your time regardless, I'm sure you learned a lot from developing this application but you are wasting your time because you are still being generic, your application is generic there's no good form of "privacy and security" about it and why bother contradicting Tor? Tor website already claims that the network isn't completely secure yet you are already stating that your application is just so secure? No middleman servers? Tor is all about middleman servers so what the hell are you even talking about? We already have Signal that unnecessarily wants numbers, we already have Session with the same bullcrap thing as you, we have Telegram with the suspicious activities and we have Matrix/Element which is by far the only actual good platform for general purposes. Just get rid of your current application and develop something that's actually unique for once, stop with all the generic applications we have too many "secure messengers" that literally all have similar designs, if you really want your application to be privacy and security centralized then THINK HARDER because your current method is not that method.
Every Speek client hosts a hidden service, and what you're giving to others with your Speek ID is really just an onion address. This means that there is absolutely no central server you're communicating or sharing metadata with. You are directly communicating with your contact (P2P).
Please also check up on Ricochet on which Speek is based, to get a better idea of how it works.
Every Speek client hosts a hidden service, and what you're giving to others with your Speek ID is really just an onion address. This means that there is absolutely no central server you're communicating or sharing metadata with. You are directly communicating with your contact (P2P).
Please also check up on Ricochet on which Speek is based, to get a better idea of how it works.
You do realize that onion services or even addresses doesn't mean no metadata right? I don't think you understand that Tor is really all about middleman servers, these "nodes" are middleman relays, middleman servers, middleman routes. If a username is simply an address, then it's going to contain metadata of nodes, it's relying on metadata and anything passed within a node is going to be metadata, the issue with Tor is that literally anyone has the potential to control a node. It doesn't matter if your data is encrypted once your nodes become controlled then you are controlled, your username compromised, messages comprised, everything. It's bad to operate an application on a network where knowing how to decrypt data will be irrelevant since you'll be able to control it anyways, with that meaning that it would be possible for a third party to pretend to be one of you after controlling your nodes, thereby forcing decryption without having any of your user keys, but since a username will be an address apparently then with this in mind they could just use it to simply take over your account.
Taking into account of the "contact point" from and to your hidden service, there would be nothing in particular preventing anyone from compromising that point, sure it's peer to peer by contact but it can either be randomized or not in which case, there's still potential for compromise, still potential for Dos, etc which brings me to something else, why are you running an application on a network vulnerable to independent node attacks? When a person ddoses a centralized server or whatever generally what happens is that everything is affected so it could compromise both data and services or whatever it is taking place but in the case of Tor they could compromise data without comprising your services directly meaning you probably wouldn't even know when your messages are compromised.
Meaning Tor could just be a giant false positive or negative network at any given point and you most likely wouldn't be able to audit anything or solve anything afterwards, your entire messenger is running on a faulty issue waiting to occur basically.
On the other hand with a centralized service, there's potential for complete auditing control (I'm not saying you should switch to centralized services) but if a centralized service handle something better than what Tor can then you know there's a serious issue.