The only thing I remember about Secure Scuttlebutt is that it's anything but secure, but I can't for the life of me remember where I read it - can somebody jog my memory?
Might be because it's all written in somewhat hacky and not well-documented JS, making it harder to trust? There's an effort going right now to properly the (grown) protocol and provide reference implementations of the core components in Rust. Obviously, that doesn't make it secure per se, but it should make it much easier to reason about and audit.
Edit: apart from that, nanomonkey is right, if you post something publicly, it will be public. That's to be expected though. And assuming the use of libsodium is done correctly, there shouldn't be much of a problem with the primitives.
Now, the logic implemented on top of the protocol is a whole different story, sort of like most ethereum cautionary tales are not about ethereum being buggy, but people running buggy code on ethereum.
Well, public messages are...public. So anyone can follow you and view your posts. Once the data is out there, it can't be taken back. Private messages are encrypted, and only the sender's metadata can be viewed.
If you know of other insecurities, I'd be interested in hearing them.
Edit: apart from that, nanomonkey is right, if you post something publicly, it will be public. That's to be expected though. And assuming the use of libsodium is done correctly, there shouldn't be much of a problem with the primitives.
Now, the logic implemented on top of the protocol is a whole different story, sort of like most ethereum cautionary tales are not about ethereum being buggy, but people running buggy code on ethereum.