|
|
|
|
|
|
by tptacek
3728 days ago
|
|
|
Stipulate that Tor's encryption is modernized and drastically improved. I still don't think it's a good idea to build a messaging application directly on top of that, for some of the same reasons that it isn't a good idea to simply run a messaging application on top of TLS or Nacl. The service model and security requirements for a simple transport are different from those of a messenger. That's what's so exciting about the WhatsApp announcement. WhatsApp is by all accounts a pretty great messaging application, and it doesn't just have decent encryption now; it has best in class encryption specifically designed to protect a messaging application, designed by experts who thought about this problem for a long time. |
|
|
The nice thing about using the onion address (transport layer) is that you have mandatory e2e authentication with only one id that solves multiple real world problems with bgp/dns/tls.
How would you propose to go further from current state-of-the-art WhatsApp to stop leaking meta-data? I know Ricochet is open to use a stronger encryption layer on top of Tor †.
† https://github.com/ricochet-im/ricochet/issues/72