this post was submitted on 06 Apr 2024
121 points (100.0% liked)

Privacy

789 readers
4 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

SimpleX Chat is an instant messenger that is decentralized and doesn't depend on any unique identifiers such as phone numbers or usernames. Users of SimpleX Chat can scan a QR code or click an invite link to participate in group conversations.

-privacyguides.org

It's clearly proving to be the most innovative technology when it comes to decentralized communication, in my opinion.

top 50 comments
sorted by: hot top controversial new old
[–] poVoq@slrpnk.net 89 points 7 months ago (4 children)

SimpleX Chat Ltd is a seed stage startup with a lot of user growth in 2022-2023, and a lot of exciting technical and product problems to solve to grow faster.

Run by a VC funded for-profit company. That really should tell you all you need to know. Sorry, but no thanks.

[–] FarraigePlaisteach@kbin.social 19 points 7 months ago (1 children)

Upvoted bc VC eventually means enshittifiication. But with xz getting back-doored recently, what is the middle ground that keeps these things sustainable financially and operationally?

[–] Kidplayer_666@lemm.ee 6 points 7 months ago (1 children)

Maybe it’ll be governments partially funding it. If Schleswig-Holstein’s attempt is anything to go by, it might be a way

[–] FarraigePlaisteach@kbin.social 4 points 7 months ago (1 children)

But do we trust entities that depend on our governments for funding? It could be argued that they’re fundamentally compromised.

[–] Kidplayer_666@lemm.ee 3 points 7 months ago

You have 4 basic options for funding:

-you rely on individual donations which doesn’t bring in enough money

-you force people to pay for it, which makes it less attractive when compared to traditional software, and makes much of the community pissy

-you rely on corporate money

-you rely on government money

None is perfect, but some amount of government funding (let’s say, 10% of what they would pay Microsoft for the equivalent software) might make sense

[–] aldalire@lemmy.dbzer0.com 12 points 7 months ago (1 children)

I did not know it was run by a VC funded company. Isn’t it open source and audited though? https://simplex.chat/blog/20221108-simplex-chat-v4.2-security-audit-new-website.html

Either way, if one needs to communicate without the use of identifiers like a phone number (afaik signal requires one) I trust Session. SimpleX features cool new tech but let’s wait until it matures

[–] tooLikeTheNope@lemmy.ml 7 points 7 months ago

AFAIK it is audited, and its threat model is rather extreme, like there is no unequivocally binding id, you can give every contact a different id

They talk about for profit/no profit in their last blog entry
https://simplex.chat/blog/20240323-simplex-network-privacy-non-profit-v5-6-quantum-resistant-e2e-encryption-simple-migration.html

[–] electric_nan@lemmy.ml 8 points 7 months ago

Thanks, I just uninstalled it lol.

[–] LemmyHead@lemmy.ml 3 points 7 months ago* (last edited 7 months ago) (1 children)

Why should that be an issue? It's fully open source

[–] poVoq@slrpnk.net 3 points 7 months ago

Oh, my sweet sweet summer child... I have bad news for you 😆

[–] pineapplelover@lemm.ee 34 points 7 months ago

My friends barely want to use Signal. There's no chance they're using something else.

[–] fuckwit_mcbumcrumble@lemmy.dbzer0.com 33 points 7 months ago (1 children)

"Hang on let me write down my QR code"

Usernames exist for a reason, especially in chat apps. Not having usernames is only going to severely limit your target demographic. And if nobody uses your app does it's benefits even matter?

[–] possiblylinux127@lemmy.zip 9 points 7 months ago (4 children)

You just scan QR codes. It is not that complicated

[–] 56_@lemmy.ml 14 points 7 months ago (1 children)

It can be pretty complicated without a phone. Especially if your computer doesn't have a webcam.

load more comments (1 replies)
load more comments (3 replies)
[–] IuseArchbtw@feddit.de 23 points 7 months ago

I'd definitely use it if my friends were using it. Sadly, I can't even get them to use signal.

[–] XTL@sopuli.xyz 21 points 7 months ago (1 children)

Never heard and don't know any users. I suspect I'm not alone.

[–] adespoton@lemmy.ca 4 points 7 months ago

I saw a user’s hash just this week — it was in a ransom note. They required their victims to sign up for the service and text a code to their userhash to kick off sending the attacker cryptocurrency so they’d send a decryption key and not make stolen data public.

Other than that use case, it hasn’t picked up many users that I’m aware of.

[–] krash@lemmy.ml 20 points 7 months ago

If I want a simple chat protocol, I use IRC or XMPP. These are battle proven by time. If I want a really secure protocol, I use Signal or Matrix. These are endored by many security experts who their shit when they assess protocols, crypto and solutions.

SimpleX may be a good alternative for anonymous communication, but there is plenty options out there. Considering how many startups are funded by cheap VC money, and the business model is always "provide something awesome, and once you have enough traction - enshittify it" makes me very weary of investing myself in new solutions no matter how open-source the are.

I may sound bitter and skeptic, but I've seen this pattern has been repeated many times over.

[–] uzi@lemmy.ca 13 points 7 months ago

In F-Droid, after disabling all anti-features, SimpleX still is listed. Signal never will be due to connecting to GCM or Firebase. Molly is an improvement for Signal but not for untrackable privacy like SimpleX from using a different ID with each individual SimpleX contact.

[–] BastingChemina@slrpnk.net 13 points 7 months ago

I liked the fact that it is really easy to self-host.

I tried it with friends on discord and in 10min I had a vps with a server running.

[–] kevincox@lemmy.ml 12 points 7 months ago

Any chat protocol without full mutli-device support is not really an option for me https://github.com/simplex-chat/simplex-chat/issues/444.

[–] GadgeteerZA@fedia.io 11 points 7 months ago

@SolarPunker@slrpnk.net I've not heard of anyone who does "not like" it? Many don't know about it maybe. I can't think of anything I've seen against it as it ticks most of the boxes for excellent privacy and has been very usable for me.

[–] Charger8232@lemmy.ml 11 points 7 months ago (6 children)

I've been a fan of SimpleX for a while now. Privacy comes at the cost of convenience, and SimpleX is the most private messaging platform according to this spreadsheet.

load more comments (6 replies)
[–] DavidDoesLemmy@aussie.zone 8 points 7 months ago (1 children)

Does it have forward/future security?

[–] 7heo@lemmy.ml 12 points 7 months ago* (last edited 7 months ago)

https://simplex.chat/blog/20240314-simplex-chat-v5-6-quantum-resistance-signal-double-ratchet-algorithm.html

messenger-comparison

¹ Repudiation in SimpleX Chat will include client-server protocol from v5.7 or v5.8. Currently it is implemented but not enabled yet, as its support requires releasing the relay protocol that breaks backward compatibility.

² Post-quantum cryptography is available in beta version, as opt-in only for direct conversations. See below how it will be rolled-out further.

Some columns are marked with a yellow checkmark:

  • when messages are padded, but not to a fixed size.
  • when repudiation does not include client-server connection. In case of Cwtch it appears that the presence of cryptographic signatures compromises repudiation (deniability), but it needs to be clarified.
  • when 2-factor key exchange is optional (via security code verification).
  • when post-quantum cryptography is only added to the initial key agreement and does not protect break-in recovery.
[–] LemmyHead@lemmy.ml 8 points 7 months ago* (last edited 7 months ago)

I think it's just that there are too many options and the communities are so fragmented. I'm trying out simplex but it still feels like beta software. Regardless I'd like to see it succeed so we have a real private alternative that doesn't rely on big tech or shady government sponsorship.

[–] lemmyreader@lemmy.ml 7 points 7 months ago

Interesting project, but last time I tried it was battery hungry, and having made quite an effort to get some of my contacts on Signal, I don't see it happen to get them all on SimpleXChat. And Signal Stickers make Signal more attractive for some.

[–] DieserTypMatthias@lemmy.ml 6 points 7 months ago (3 children)

Never tried it. But I use Element, which is based on the Matrix protocol.

[–] jack@monero.town 6 points 7 months ago

With SimpleX each server is replacable/fungible

load more comments (2 replies)
[–] moreeni@lemm.ee 5 points 7 months ago* (last edited 7 months ago)

They do. I absolutely love it

[–] shrugal@lemm.ee 5 points 7 months ago* (last edited 7 months ago)

What does their multi-device story look like? Can I use one identity/account on multiple devices, with synced read state etc?

Edit: Looks like it's being worked on. I don't want to use a messenger without this feature anymore, but I'll give SimpleX another look once it's done.

[–] ThinkingThings@lemmy.ca 4 points 7 months ago (1 children)

Simple answer to the question so far as I can see: in order to connect with someone, you have to video conference with them and show them a code. So the anonymity is only as anonymous as the video conference you use to do that. All of the benefits it claims are merely an illusion.

[–] jack@monero.town 6 points 7 months ago

Just send them the code. It's okay if the channel over which they the receive the code is insecure

[–] delirious_owl@discuss.online 3 points 7 months ago* (last edited 7 months ago)

Are chats synced with the mobile and desktop clients?

[–] aldalire@lemmy.dbzer0.com 3 points 7 months ago (1 children)

Session messenger allows you to chat without linking a phone number to your account. It’s what drug dealers use lol.

[–] EngineerGaming@feddit.nl 3 points 7 months ago (1 children)

What really bothers me about Session is that you effectively cannot selfhost - hosting a node is prohibitively expensive. So seems like the only people who can realistically host a node are crypto bros, big companies and government agencies. Thanks, I would rather stick with IRC/XMPP/Matrix.

load more comments (1 replies)
[–] Samsy@lemmy.ml 3 points 7 months ago (2 children)

I would use it, if there were unified push support.

[–] delirious_owl@discuss.online 2 points 7 months ago (1 children)

What is that and why does it matter?

[–] telep@lemmy.ml 7 points 7 months ago (2 children)

unified push works as a stand in for gms on devices without it. it runs in the background & receive the wakeup pings for the apps (in this case simplex) so you only need one websocket open instead of a different background service for each app. hugely reduces battery use.

load more comments (2 replies)
[–] Churbleyimyam@lemm.ee 2 points 7 months ago (3 children)
[–] possiblylinux127@lemmy.zip 6 points 7 months ago (1 children)

Jami is a bloated insecure mess. It is getting better but I would not use it

load more comments (1 replies)
[–] Samsy@lemmy.ml 2 points 7 months ago

Also Molly and Mercurygram and most of the Matrix messengers

load more comments (1 replies)
[–] Wave@monero.town 2 points 7 months ago

Top-Tec! decentralized and doesn’t depend on any unique identifiers

load more comments
view more: next ›