Sorry to hear that. Some Nostr users got their panties in a bunch over the Community Credits proposal. The pitch was a tokenized funding model for network infrastructure. Critics saw it as the beginning of tokenomics creeping into a project they wanted to stay focused on private messaging. Whether that criticism was fair or not, that's about when the discussion around SimpleX on Nostr cooled off. Meanwhile, SimpleX kept shipping. They've also undergone independent security audits—a bar that no Nostr-native competitor has cleared yet. Don't trust. Verify.

Replies (10)

Haven't seen anything about it, but I'd be interested to know. For context, SimpleX didn't just get a random audit. They hired Trail of Bits, one of the most respected security firms in the industry, to review their cryptography, networking, and protocol design. That's the kind of independent scrutiny that earns trust. Signal didn't become trusted because people liked the branding—it became trusted because its protocol and implementation were subjected to years of analysis by independent researchers, academics, and cryptographers. A proper independent security audit isn't cheap. A basic penetration test might run $5,000–$15,000, while a full application security audit is often $10,000–$30,000+. When you're talking about source-code review, cryptography, protocol design, backend infrastructure, and multiple rounds of testing by a firm like Trail of Bits, costs can easily exceed $50,000. If White Noise has had that level of third-party review, that's worth knowing.
Looks like you're right. I hadn't seen the Least Authority audit. Least Authority is a legitimate security auditing firm, so White Noise deserves credit for that. Independent security reviews matter. SimpleX hired Trail of Bits for multiple reviews of its cryptography, networking, and protocol design, which is one reason I take it seriously. It's good to see White Noise undergoing independent audits as well. That's the standard.
Just because someone uses proper English, em dashes, and cites their sources doesn't mean AI wrote it—but you're damn right I had it scan that audit. 😄 I've been writing professionally for nearly two decades. I've also written extensively about the hypocrisy of people using AI to write code, audit software, and analyze documents, but somehow thinking it's cheating when it's used to help polish punctuation and grammar.
Ahhhh so that's why it fell out of fashion. I guess I wasn't around for that part. It's a shame when projects do that, people forget that even Signal made a shitcoin way back in the day too (Mobilecoin), they always fail and get swept under the rug in a few years anyway. As far as I'm concerned, if the underlying project is good, just ignore it and let the shitcoin die out. I never stopped using Signal just because of Mobilecoin. I just ignored it. Same with Telegram and TON. I know Telegram isn't actually private but it is useful for groups. It's always annoying to me when something like that is announced though because I'm always like "guys... if you want instant private decentralised payments in your messaging app... Lightning is right there."
Respect for that. Good friend of mine has dyslexia and uses AI to fix his spelling and punctuation all the time. Legitimate use of it. You can tell when something is actually written by a human first from the sentence structure and content, like not once did you say "it's not just X, it's Y!" 😅