like, if I send the QR code to someone I want to talk to via email, anyone intercepting this message will at the very least know my SimpleX address; same thing if I send it via messenger.

edit: let’s assume we don’t have an established and trusted channel. furthermore, they’re not expecting this info.

  • @jet@hackertalks.com
    link
    fedilink
    English
    15 months ago

    Without face-to-face communication, you cannot guarantee you haven’t been man in the middle MITM.

    One of the benefits of public key cryptography, is everybody can publish their public key, and then you can have a reasonable assurance that you’re talking to the appropriate person, cuz you can see the key, they can see the key, so in theory you have verified the key.

    With simple x, if one of you publishes a known non-incognito, static receive address. IE on your public website, or in your letterhead, or something, then the other side knows they’re talking directly to you. You don’t know you’re talking directly to them. Or at least to the published address

    If you want to talk to somebody, in a deniable way, then you probably should not be sending them direct mail. Meet them in person, exchange addresses that way, use briar, something.