I can only hope that people begin to understand the difference between:
1) "we only gave them metadata, the content is end-to-end encrypted",
2) "we don't store any metadata the content is end-to-end encrypted"
3 ) "the app is metadata-resistant and end-to-end encrypted"
For context, I along with the rest of @OpenPriv have been working on the 3) for the last few years via an app called Cwtch. And over the last few weeks we've been slowly ramping up release candidate testing with external volunteers.
If you would like to help push Cwtch across the line via testing our latest release candidates (on Windows, Linux and Android) please drop me a DM.
You can also always donate to keep the lights on and the amazing research going: https://openprivacy.ca/donate/
Metadata underlies so much surveillance and censorship and it is not enough to simply not store it on centralized servers which are vulnerable to corruption.
The next generation of applications must be metadata-resistant, and decentralized, by design.
If you are interested in diving into the various components of Cwtch the best place to start is the Secure Development Handbook - which is intended to help people understand the current risk profile of Cwtch to help design new attacks & mitigations.
You can follow @SarahJamieLewis.
Tip: mention @threader on a Twitter thread with the keyword “compile” to get a link to it.