Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
[Matrix/Element]Dead
much thanks to @gary_host_laptop for the logo design :)
SimpleX Chat Ltd is a seed stage startup with a lot of user growth in 2022-2023, and a lot of exciting technical and product problems to solve to grow faster.
Run by a VC funded for-profit company. That really should tell you all you need to know. Sorry, but no thanks.
Upvoted bc VC eventually means enshittifiication. But with xz getting back-doored recently, what is the middle ground that keeps these things sustainable financially and operationally?
Maybe it’ll be governments partially funding it. If Schleswig-Holstein’s attempt is anything to go by, it might be a way
But do we trust entities that depend on our governments for funding? It could be argued that they’re fundamentally compromised.
You have 4 basic options for funding:
-you rely on individual donations which doesn’t bring in enough money
-you force people to pay for it, which makes it less attractive when compared to traditional software, and makes much of the community pissy
-you rely on corporate money
-you rely on government money
None is perfect, but some amount of government funding (let’s say, 10% of what they would pay Microsoft for the equivalent software) might make sense
I did not know it was run by a VC funded company. Isn’t it open source and audited though? https://simplex.chat/blog/20221108-simplex-chat-v4.2-security-audit-new-website.html
Either way, if one needs to communicate without the use of identifiers like a phone number (afaik signal requires one) I trust Session. SimpleX features cool new tech but let’s wait until it matures
AFAIK it is audited, and its threat model is rather extreme, like there is no unequivocally binding id, you can give every contact a different id
They talk about for profit/no profit in their last blog entry
https://simplex.chat/blog/20240323-simplex-network-privacy-non-profit-v5-6-quantum-resistant-e2e-encryption-simple-migration.html
Thanks, I just uninstalled it lol.
Why should that be an issue? It's fully open source
Oh, my sweet sweet summer child... I have bad news for you 😆
My friends barely want to use Signal. There's no chance they're using something else.
"Hang on let me write down my QR code"
Usernames exist for a reason, especially in chat apps. Not having usernames is only going to severely limit your target demographic. And if nobody uses your app does it's benefits even matter?
You just scan QR codes. It is not that complicated
It can be pretty complicated without a phone. Especially if your computer doesn't have a webcam.
I'd definitely use it if my friends were using it. Sadly, I can't even get them to use signal.
Never heard and don't know any users. I suspect I'm not alone.
I saw a user’s hash just this week — it was in a ransom note. They required their victims to sign up for the service and text a code to their userhash to kick off sending the attacker cryptocurrency so they’d send a decryption key and not make stolen data public.
Other than that use case, it hasn’t picked up many users that I’m aware of.
If I want a simple chat protocol, I use IRC or XMPP. These are battle proven by time. If I want a really secure protocol, I use Signal or Matrix. These are endored by many security experts who their shit when they assess protocols, crypto and solutions.
SimpleX may be a good alternative for anonymous communication, but there is plenty options out there. Considering how many startups are funded by cheap VC money, and the business model is always "provide something awesome, and once you have enough traction - enshittify it" makes me very weary of investing myself in new solutions no matter how open-source the are.
I may sound bitter and skeptic, but I've seen this pattern has been repeated many times over.
In F-Droid, after disabling all anti-features, SimpleX still is listed. Signal never will be due to connecting to GCM or Firebase. Molly is an improvement for Signal but not for untrackable privacy like SimpleX from using a different ID with each individual SimpleX contact.
I liked the fact that it is really easy to self-host.
I tried it with friends on discord and in 10min I had a vps with a server running.
Any chat protocol without full mutli-device support is not really an option for me https://github.com/simplex-chat/simplex-chat/issues/444.
@SolarPunker@slrpnk.net I've not heard of anyone who does "not like" it? Many don't know about it maybe. I can't think of anything I've seen against it as it ticks most of the boxes for excellent privacy and has been very usable for me.
I've been a fan of SimpleX for a while now. Privacy comes at the cost of convenience, and SimpleX is the most private messaging platform according to this spreadsheet.
Does it have forward/future security?
¹ Repudiation in SimpleX Chat will include client-server protocol from v5.7 or v5.8. Currently it is implemented but not enabled yet, as its support requires releasing the relay protocol that breaks backward compatibility.
² Post-quantum cryptography is available in beta version, as opt-in only for direct conversations. See below how it will be rolled-out further.
Some columns are marked with a yellow checkmark:
- when messages are padded, but not to a fixed size.
- when repudiation does not include client-server connection. In case of Cwtch it appears that the presence of cryptographic signatures compromises repudiation (deniability), but it needs to be clarified.
- when 2-factor key exchange is optional (via security code verification).
- when post-quantum cryptography is only added to the initial key agreement and does not protect break-in recovery.
I think it's just that there are too many options and the communities are so fragmented. I'm trying out simplex but it still feels like beta software. Regardless I'd like to see it succeed so we have a real private alternative that doesn't rely on big tech or shady government sponsorship.
Interesting project, but last time I tried it was battery hungry, and having made quite an effort to get some of my contacts on Signal, I don't see it happen to get them all on SimpleXChat. And Signal Stickers make Signal more attractive for some.
Never tried it. But I use Element, which is based on the Matrix protocol.
With SimpleX each server is replacable/fungible
They do. I absolutely love it
What does their multi-device story look like? Can I use one identity/account on multiple devices, with synced read state etc?
Edit: Looks like it's being worked on. I don't want to use a messenger without this feature anymore, but I'll give SimpleX another look once it's done.
Simple answer to the question so far as I can see: in order to connect with someone, you have to video conference with them and show them a code. So the anonymity is only as anonymous as the video conference you use to do that. All of the benefits it claims are merely an illusion.
Just send them the code. It's okay if the channel over which they the receive the code is insecure
Are chats synced with the mobile and desktop clients?
Session messenger allows you to chat without linking a phone number to your account. It’s what drug dealers use lol.
What really bothers me about Session is that you effectively cannot selfhost - hosting a node is prohibitively expensive. So seems like the only people who can realistically host a node are crypto bros, big companies and government agencies. Thanks, I would rather stick with IRC/XMPP/Matrix.
I would use it, if there were unified push support.
What is that and why does it matter?
unified push works as a stand in for gms on devices without it. it runs in the background & receive the wakeup pings for the apps (in this case simplex) so you only need one websocket open instead of a different background service for each app. hugely reduces battery use.
Jami has that.
Jami is a bloated insecure mess. It is getting better but I would not use it
Also Molly and Mercurygram and most of the Matrix messengers
Top-Tec! decentralized and doesn’t depend on any unique identifiers
