like, if I send the QR code to someone I want to talk to via email, anyone intercepting this message will at the very least know my SimpleX address; same thing if I send it via messenger.

edit: let’s assume we don’t have an established and trusted channel. furthermore, they’re not expecting this info.

  • Evgeny PoberezkinM
    link
    fedilink
    English
    11 year ago

    You don’t have to encrypt the message, simply observing it won’t compromise security. You only need to ensure that the channel is 1) authenticated (that is, you know who you send to) 2) cannot MITM you (that is, replace the link). MITM can be mitigated with security code verification via yet another channel, but SimpleX relays cannot MITM key exchange (unlike any centralised service).