IronJumbo68 @ IronJumbo @lemmy.world

Posts

6

Comments

8

Joined

1 yr. ago

Even if it is an advertisement, can the threats be true?

I am not associated with any tested company or this blog.

I am an ordinary user of all Proton products since his birth and I love him.

Because the test looks credible, I just want an expert from Proton to dispel my doubts or honestly confirm the problem.

In that case, it seems to me that the only threat is the mindless copying of public keys to other servers, as described in the article. But who does so? Do admins not create separate private-public keys for each server?

Thank you for the explanation!

Thanks Evgeny for your explanation and time (I'm sure we all appreciate it). But you didn't say directly and specifically - does the app make these connections to Google servers?

I hope @epoberezkin@lemmy.ml will dispel our doubts or a member of the Simplex.chat team :(

It's not about whether the application communicates with these addresses or not. It's about the fundamental question: why are these addresses even encoded in the code of a VERY privacy-sensitive application?

My friend, in every answer you push F-Droid as a cure for all evil. There is no perfect store, F-Droid also has its problems (I wrote about it above). I am not an enemy of F-Droid (I also use it sometimes), but I will repeat: F-Droid control is insufficient (it's security theater - it's not a full audit of the source code).

When installing from Github you only trust the developer and their signed certificate key.

When installing from F-Droid you additionally also have to trust the F-Droid developer's signature.

Besides that F-droid has its own problems:

https://privsec.dev/posts/android/f-droid-security-issues/

I don't use F-Droid. I use Obtainium and additionally check signatures in AppVerifier.

https://sideofburritos.com/blog/obtainium-overview/

From official Github https://github.com/simplex-chat/simplex-chat/releases