But wait – it gets much, much worse
As I was finishing up the above post, I noticed something a little strange in the code – something I’d glossed over earlier. There are a ton of references to what looks to be functions related to Google’s #Firestore database.
Oh, I didn’t intend to skip the Tox comments. I haven’t used that in a whole, and was unaware of the CVEs. Those, and the fact there’s no iOS app, are good reasons to not use it. I found its use of DHT limited its performance and often had device battery life impacts; it still had a better protocol than Signal. The CVEs and other issues are technical implementation problems that can be fixed, unlike Signal’s design flaws.
Confide was just an example of a new class of fully anonymous, ephemeral chat clients, and maybe not the best choice. There are a half-dozen of these, all using similar mechanisms, some of which are OSS. I need to do a deeper survey of these, because they’re an interesting new approach to full-security chat.
Anyway, just saying I hit "sendx prematurely.