Beginner’s Guide: Setting Up Pidgin with OTR for Secure Messaging : OpSec | Torhoo darknet markets

Thanks! I like reading yours too.

You're spreading misinformation once again. I don't know if on purpose or you're simply misinformed (there's another word for it but lets be civil).

MITM
Both OMEMO or OTR are irrelevant in the face of XMPP. the XMPP is dependent on the third party server side, most usually of the 3rd party one.

False. Refer to the specification of OMEMO or OTR. They are end to end encrypted, I'm not going to baby feed you the basics.

Provide proof and code with your claim as it would be the worlds first. I never knew there were so talented people on Dread, we should invite a panel of experts to see how asfaleia will be breaking the Double Ratchet. We'll make the world news /u/Paris /u/HugBunter /u/DaVenom We are all watching with interest.

Most of the users DON'T check the pub keys of their contacts

You're talking about how user behaves. Entirely different from the technology itself. A user can on accident enter their personal information on website while using Tor. Does it mean Tor can be MITM'd too?

If you're talking about out of the box solution XMPP does need more configuration to make it running right. XMPP does need to improve in that aspect I said it in my previous comment too. Doesn't mean a properly configured one isn't a good solution for secure communication. Kind of like VPN. You can have different protocols and some are better than others but if you don't follow the best security practices in either everything can be subverted in default configurations.


More on MITM & SimpleX
Let me remind you another thing. What does SimpleX use? That's right OTR.

Double-ratchet protocol —
OTR messaging with perfect Forward secrecy and Break-in recovery.

By your logic claims you can MITM SimpleX too. Remember SimpleX has, and I can't stress it enough, NO REPRODUCIBLE BUILDS. What does it mean? In layman terms a trust me bro no backdoor. No such thing with XMPP with decades of proven track record.

You conveniently left that detail in your response. Based on your Dread history of generic & superficial security comments you seem to imagine yourself as a security expert. How does it compute to trust a random binary if you can't compile it?




Now let me turn your attention to SimpleXs actual website. A lot of information in research papers but since you see them as the standard in security I'll quote their own website.

[simplex chat/blog/20240314-simplex-chat-v5-6-quantum-resistance-signal-double-ratchet-algorithm.html]

none of the post-quantum algorithms are proven to be secure against quantum or conventional computers. They are usually referred to as

"believed to be secure"

by the researchers and security experts. There is continuous research to break post-quantum algorithms, and to prove their security, and many of these algorithms are broken every year, often by conventional computers.

I put it in bold, red text and subtitled it so you don't miss it. Believed to be secure isn't secure. No research has PQE nailed down and if they did until we see Shors algorithm in action can't know for sure. Not a single protocol has protection against quantum computers, SimpleX included.

Is it better to have it than nothing compared to XMPP or others? Absolutely and since it's encapsulated you don't need to rely on it being secure or not against quantum computer breaking it or risk attacks by traditional modern computers. I'd love for XMPP or other messenger to add such functionality regardless if it only might be wishful thinking.

Shortly commenting on PQE itself. There've been a couple of tests one of the first were with South Koreas SK Telecom and some Chinese ones with satellites. The real issue with real PQE is the infrastructure. Traditional computers can relay information through switches and routers who essentially copy and pass on the information. With quantum communication such possibility doesn't exist as once the state of a byte is inspected it must have a 0 or 1. In such you can't pass on the information without error and the reasoning why it is believed if implemented correctly PQE can inform users if their connections are attempted to be spied on (error-correction alerts). The longest internet cable has a physical limit (SK Telecoms experiment) while the Chinese one used satellite kind of bypassing that physical limitation. I'm not going to be searching for the exact links as it is out of the scope of this topic but they are out there.

XMPP is centered around 3rd party servers.

SimpleX too? You use preset SimpleX servers but can host your own. The network models are different to XMPP yes but with XMPP you can host your own server too. No one is disputing XMPP should have less metadata by default. Once again I said it in my previous comment to you.

The server can see the timing of the messages, volume of the messages, size of the messages, full social graph and so on.

Mitigation: run your own server. Same as saying default vanilla Tor hidden service onions can be discovered more easily yes. That's why things like vanguards were created. You can see your logic makes no sense. If there was no mitigation on Tors part then that's another topic same with XMPP. But they exist and because you don't know or don't want to acknowledge them doesn't make it insecure.

If it is your own server (wast majority of ppl using 3rd party servers), the server observer can see all the above except less structured and no social graph.

Mitigation: run the server completely under Tor. Already mentioned in my previous comment refer to it.

I'm not saying XMPP is perfect and its default state far from it. I'm not saying SimpleX can't be better starting with source code you can compile, in its default state ignoring the source code issue it would be a better choice. However mitigations exist for XMPP running your own server, Tor, OMEMO. If you take a second to search for them. If you'd like to put your trust in trust me bro binaries on messengers and protocols with limited audits and lifespan - be my guest.

All of that is clearly visible in the underlying code and publicly available information about each of the protocol.

Show and prove it then. You made the initial outlandish claim, the burden of proof is on your side. I can't believe nobody has called you out on your claims which based on your posts seem to be a recurring theme.

Verdict - You got no idea what you're talking about and repeating what you read online without verifying/researching deeper. I could be wrong and you're a super cool 1337 master hacker. We'll see who is right once you provide your PoCs and additional documentation to prove your claims.

Cheers ;)

Mum I'm on TV



░░░░░░▄▄▄▄▀▀▀▀▀▀▀▀▄▄▄▄▄▄▄
░░░░░█░░░░░░░░░░░░░░░░░░▀▀▄
░░░░█░░░░░░░░░░░░░░░░░░░░░░█
░░░█░░░░░░▄██▀▄▄░░░░░▄▄▄░░░░█
░▄▀░▄▄▄░░█▀▀▀▀▄▄█░░░██▄▄█░░░░█
█░░█░▄░▀▄▄▄▀░░░░░░░░█░░░░░░░░░█
█░░█░█▀▄▄░░░░░█▀░░░░▀▄░░▄▀▀▀▄░█
░█░▀▄░█▄░█▀▄▄░▀░▀▀░▄▄▀░░░░█░░█
░░█░░░▀▄▀█▄▄░█▀▀▀▄▄▄▄▀▀█▀██░█
░░░█░░░░██░░▀█▄▄▄█▄▄█▄▄██▄░░█
░░░░█░░░░▀▀▄░█░░░█░█▀█▀█▀██░█
░░░░░▀▄░░░░░▀▀▄▄▄█▄█▄█▄█▄▀░░█
░░░░░░░▀▄▄░░░░░░░░░░░░░░░░░░░█
░░▐▌░█░░░░▀▀▄▄░░░░░░░░░░░░░░░█
░░░█▐▌░░░░░░█░▀▄▄▄▄▄░░░░░░░░█
░░███░░░░░▄▄█░▄▄░██▄▄▄▄▄▄▄▄▀
░▐████░░▄▀█▀█▄▄▄▄▄█▀▄▀▄
░░█░░▌░█░░░▀▄░█▀█░▄▀░░░█
░░█░░▌░█░░█░░█░░░█░░█░░█
░░█░░▀▀░░██░░█░░░█░░█░░█
░░░▀▀▄▄▀▀░█░░░▀▄▀▀▀▀█░░█
░░░░░░░░░░█░░░░▄░░▄██▄▄▀
░░░░░░░░░░█░░░░▄░░████
░░░░░░░░░░█▄░░▄▄▄░░▄█
░░░░░░░░░░░█▀▀░▄░▀▀█
░░░░░░░░░░░█░░░█░░░█
░░░░░░░░░░░█░░░▐░░░█
░░░░░░░░░░░█░░░▐░░░█
░░░░░░░░░░░█░░░▐░░░█
░░░░░░░░░░░█░░░▐░░░█
░░░░░░░░░░░█░░░▐░░░█
░░░░░░░░░░░█▄▄▄▐▄▄▄█
░░░░░░░▄▄▄▄▀▄▄▀█▀▄▄▀▄▄▄▄
░░░░░▄▀▄░▄░▄░░░█░░░▄░▄░▄▀▄
░░░░░█▄▄▄▄▄▄▄▄▄▀▄▄▄▄▄▄▄▄▄█

Thank you! That means a lot to me. You both are the best!

did you put my flair too? toxic to ask why the most stupid posts get many upvotes?