[ArVID220u]

With all respect, it is not obviously false. You should take a look at our whitepaper: https://anysphere.co/anysphere-whitepaper.pdf (the figure on page 2 might be helpful). To my knowledge, no other communication platform provides complete metadata privacy like we do. I would love to be disproved here though! It would be awesome if other completely private communication tools exist.

I do agree that there is a general problem where companies make hyperbolic claims, especially when it comes to security/privacy. For example, “zero trust” has been abused by so many people that even in the cases where it might apply, you cannot say that it applies to you because the term has lost its meaning. In our case, users do not need to place any trust in our servers, but we decided not to call it “zero trust” because people have taken it to mean “trust your employees less” or something else similarly outrageous.

If you have any suggestions for how we can improve our messaging here I’d love to take them. In other words, how could we convey that we are indeed the only completely private communication platform, without provoking a reaction similar to yours?

[andrewmcwatters]

It is obviously false. End-to-end encryption doesn't leak metadata in the way you propose it does in your whitepaper. And it doesn't help that you don't define metadata in your paper, you just repeat it over and over again.

Specifically, what are you talking about protecting? Does this extend to deep packet inspection? Because your paper doesn't mention anything about that either. OR, you know, literally just talking to another server. You don't mention relays. You casually mention Tor in passing but make no concrete statements about the design of it by comparison.

Your paper isn't rigorous, your claims are superfluous, and they further attempt to discredit security progress across the entire field.

YOU are the only one who has ever created truly secure communication? Get real. What a complete joke.

It's like someone selling water and saying no one has ever created pure water before US.

Edit: If you want to appeal to security people, use plain language, be precise, and state your intentions. You do none of those things with this software.

Instead you:

* Use provably wrong marketing language

* Propose a provably wrong whitepaper

* Do not state your intentions for building the software

What it looks like to me is that you received some modest funding ($200,000) to write software and your sponsors didn't realize your work doesn't pass the smell test.

[shengtongzhang]

Shengtong chiming in here. We are working on a rigorous security proof here https://anysphere.co/anysphere-security-definition.pdf. Included in it is a definition of metadata, a definition of exactly what we are defending against, as well as a rigorous proof of defense against adversaries that can manipulate packets. It is still work in progress, so there may be a lot of typos, but I believe it is a correct proof.

Let us know if there is anything else you want to be proved, or if the adversary in the paper is not strong enough :).