this post was submitted on 06 Apr 2024
142 points (87.0% liked)

Privacy

32173 readers
610 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

SimpleX Chat is an instant messenger that is decentralized and doesn't depend on any unique identifiers such as phone numbers or usernames. Users of SimpleX Chat can scan a QR code or click an invite link to participate in group conversations.

-privacyguides.org

It's clearly proving to be the most innovative technology when it comes to decentralized communication, in my opinion.

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 97 points 8 months ago (6 children)

SimpleX Chat Ltd is a seed stage startup with a lot of user growth in 2022-2023, and a lot of exciting technical and product problems to solve to grow faster.

Run by a VC funded for-profit company. That really should tell you all you need to know. Sorry, but no thanks.

[–] [email protected] 48 points 8 months ago (6 children)

this is a wrong take for a few reasons, if we're talking about trust.

Also, Signal literally was taking money from the CIA for a decade and also is based in the US anyway, and no one hardly said a word 🀣🀣 "Privacy" activists are a joke lmao. Also signal made a crypto coin and took away features like SMS, but of course they get a free pass for that too. Makes you wonder.

  1. SimpleX is fully open source, verifiable, and audited. If there are changes that are bad, the community will talk about them, and at worst it can be forked

  2. SimpleX has made it clear that they dont want you to trust them. It's decentralised and anyone can run their own relay, and the servers are designed prevent correlation. They also make it very easy to use TOR and multiple circuits. This is contrary to the inferior Signal model where you just have to trust that the centralized Signal org isnt leaking your phone and IP to the feds.

moving towards a decentralised, open, and trustless world is better for everyone. In this kind of system, I really dont give a damn where they are getting their money from, as long as they arent putting crap in the software, and if they do, we will all know about it. But so far they have shown that they are committed to extreme security and privacy, and they obviously arent trying to appeal to normies, so i doubt they would ever even try to put VC-pushed garbage in.

If you want a good app, you will need funding from somewhere. Look at apps like Session that arent funded well. They suck. So I'd rather SimpleX be funded by a VC instead of by the feds like Signal, as long as everything stays open, free, trustless, and decentralised

Time to get downvoted! See you guys at -50 😁

[–] [email protected] 19 points 8 months ago (1 children)

Where did I even mention Signal? Total strawman argument, as I don't think Signal is a good option either.

But you go ahead and trust Simplex Chat Ltd. I guess some people only learn from their own mistakes πŸ€·β€β™‚οΈ

[–] [email protected] 12 points 8 months ago (1 children)

you completely ignored what i said, as I specifically argued that simplex is made to be used without trust. so dont talk about me trusting people lol.

Also I agree with you on Signal, was just throwing it out there for others, not necessarily for you.

load more comments (1 replies)
[–] [email protected] 8 points 8 months ago (1 children)

Exactly what I thought; if the technology is so decentralized does it make sense to care so much about who finances the project? Like if one instance of lemmy was funded by Microsoft, we could easily use another one and block it, right?

[–] [email protected] 8 points 8 months ago (3 children)

yeah it's like TOR. it's public knowledge that it was both made and is funded by the US Gov, but we all see it as the standard of anonymity online because everything is open, trustless, and decentralized.

load more comments (3 replies)
load more comments (4 replies)
[–] [email protected] 22 points 8 months ago (9 children)

Upvoted bc VC eventually means enshittifiication. But with xz getting back-doored recently, what is the middle ground that keeps these things sustainable financially and operationally?

[–] [email protected] 6 points 8 months ago (5 children)

Maybe it’ll be governments partially funding it. If Schleswig-Holstein’s attempt is anything to go by, it might be a way

load more comments (5 replies)
load more comments (8 replies)
[–] [email protected] 12 points 8 months ago (1 children)

I did not know it was run by a VC funded company. Isn’t it open source and audited though? https://simplex.chat/blog/20221108-simplex-chat-v4.2-security-audit-new-website.html

Either way, if one needs to communicate without the use of identifiers like a phone number (afaik signal requires one) I trust Session. SimpleX features cool new tech but let’s wait until it matures

[–] [email protected] 9 points 8 months ago

AFAIK it is audited, and its threat model is rather extreme, like there is no unequivocally binding id, you can give every contact a different id

They talk about for profit/no profit in their last blog entry
https://simplex.chat/blog/20240323-simplex-network-privacy-non-profit-v5-6-quantum-resistant-e2e-encryption-simple-migration.html

load more comments (3 replies)
[–] [email protected] 51 points 8 months ago

My friends barely want to use Signal. There's no chance they're using something else.

[–] [email protected] 36 points 8 months ago (2 children)

I'd definitely use it if my friends were using it. Sadly, I can't even get them to use signal.

load more comments (2 replies)
[–] [email protected] 34 points 8 months ago (1 children)

"Hang on let me write down my QR code"

Usernames exist for a reason, especially in chat apps. Not having usernames is only going to severely limit your target demographic. And if nobody uses your app does it's benefits even matter?

[–] [email protected] 10 points 8 months ago (2 children)

You just scan QR codes. It is not that complicated

[–] [email protected] 15 points 8 months ago (4 children)

It can be pretty complicated without a phone. Especially if your computer doesn't have a webcam.

[–] [email protected] 7 points 8 months ago

you don't need a camera, you can load the qrCode image (after sending it through Signal 🀭

load more comments (3 replies)
[–] [email protected] 6 points 8 months ago (2 children)

You match with someone on a dating app and want to move to the next step... Sending them a QR code to scan into the app is a huge hurdle.

load more comments (2 replies)
[–] [email protected] 23 points 8 months ago (1 children)

Never heard and don't know any users. I suspect I'm not alone.

load more comments (1 replies)
[–] [email protected] 23 points 8 months ago (3 children)

If I want a simple chat protocol, I use IRC or XMPP. These are battle proven by time. If I want a really secure protocol, I use Signal or Matrix. These are endored by many security experts who their shit when they assess protocols, crypto and solutions.

SimpleX may be a good alternative for anonymous communication, but there is plenty options out there. Considering how many startups are funded by cheap VC money, and the business model is always "provide something awesome, and once you have enough traction - enshittify it" makes me very weary of investing myself in new solutions no matter how open-source the are.

I may sound bitter and skeptic, but I've seen this pattern has been repeated many times over.

load more comments (3 replies)
[–] [email protected] 19 points 8 months ago* (last edited 8 months ago) (1 children)

I don't trust for profit venture capital funding, if you want to see where it ends up just Look at how telegram or wickr transitions from being "open" and free to getting stripped of features only to have them become paid only and the wickr sold off to Amazon and ended all non business support...the business model for making a profit off chat applications is bad for users.

Also now that signal supports usernames I have no reason to use anything else even for people I wouldn't want having my real number.

load more comments (1 replies)
[–] [email protected] 15 points 8 months ago (6 children)

I've been a fan of SimpleX for a while now. Privacy comes at the cost of convenience, and SimpleX is the most private messaging platform according to this spreadsheet.

load more comments (6 replies)
[–] [email protected] 14 points 8 months ago (4 children)

In F-Droid, after disabling all anti-features, SimpleX still is listed. Signal never will be due to connecting to GCM or Firebase. Molly is an improvement for Signal but not for untrackable privacy like SimpleX from using a different ID with each individual SimpleX contact.

load more comments (4 replies)
[–] [email protected] 13 points 8 months ago

I liked the fact that it is really easy to self-host.

I tried it with friends on discord and in 10min I had a vps with a server running.

[–] [email protected] 13 points 8 months ago

Any chat protocol without full mutli-device support is not really an option for me https://github.com/simplex-chat/simplex-chat/issues/444.

[–] [email protected] 11 points 8 months ago (1 children)

@[email protected] I've not heard of anyone who does "not like" it? Many don't know about it maybe. I can't think of anything I've seen against it as it ticks most of the boxes for excellent privacy and has been very usable for me.

[–] [email protected] 10 points 8 months ago

Me, my friends, and family are using it

Aaand.. Everyone is hating it, tbh 🀣

The notifications are unreliable and at the same time it drains 20% of the battery

Waiting for fixes, also want to setup my own relay

[–] [email protected] 10 points 8 months ago (1 children)

Does it have forward/future security?

[–] [email protected] 16 points 8 months ago* (last edited 8 months ago)

https://simplex.chat/blog/20240314-simplex-chat-v5-6-quantum-resistance-signal-double-ratchet-algorithm.html

messenger-comparison

ΒΉ Repudiation in SimpleX Chat will include client-server protocol from v5.7 or v5.8. Currently it is implemented but not enabled yet, as its support requires releasing the relay protocol that breaks backward compatibility.

Β² Post-quantum cryptography is available in beta version, as opt-in only for direct conversations. See below how it will be rolled-out further.

Some columns are marked with a yellow checkmark:

  • when messages are padded, but not to a fixed size.
  • when repudiation does not include client-server connection. In case of Cwtch it appears that the presence of cryptographic signatures compromises repudiation (deniability), but it needs to be clarified.
  • when 2-factor key exchange is optional (via security code verification).
  • when post-quantum cryptography is only added to the initial key agreement and does not protect break-in recovery.
[–] [email protected] 10 points 8 months ago (1 children)

Interesting project, but last time I tried it was battery hungry, and having made quite an effort to get some of my contacts on Signal, I don't see it happen to get them all on SimpleXChat. And Signal Stickers make Signal more attractive for some.

load more comments (1 replies)
[–] [email protected] 9 points 8 months ago* (last edited 8 months ago)

I think it's just that there are too many options and the communities are so fragmented. I'm trying out simplex but it still feels like beta software. Regardless I'd like to see it succeed so we have a real private alternative that doesn't rely on big tech or shady government sponsorship.

[–] [email protected] 8 points 8 months ago

After Signal dropped SMS support, most of my friends jumped ship. No way they're using this.

[–] [email protected] 8 points 8 months ago (3 children)

Seems like another one of those mobile only messengers, not really interested in those to be honest.

[–] [email protected] 12 points 8 months ago (1 children)
[–] [email protected] 19 points 8 months ago (5 children)

Ah, must have missed that one, though

Using the same profile as on mobile device is not yet supported – you need to create a separate profile to use desktop apps.

is a pretty major downside.

load more comments (5 replies)
load more comments (2 replies)
[–] [email protected] 8 points 8 months ago (1 children)

SimpleX is great but not ready for prime time.

I use it as a copy paste buffer on my different devices. I run into issues with sending media sometimes.

Adding people at a distance is a huge pain in the ass with long codes, that needs a solution before the app can be used by normal people.

load more comments (1 replies)
[–] TCB13 7 points 8 months ago

Because when you read their website https://simplex.chat/ and they say stuff like "Possibility of MITM > NO" and "Central component or other network-wide attack > No - resilient" they kind lose their credibility.

Also, "Other apps have user IDs (...) SimpleX does not, not even random numbers." > there must be an ID at some point. When you invite someone with a QR code or a link that effectively becomes an ID - even if it changes for every invitation. Also servers need to coordinate message delivery, some form of ID is required for that.

The way the messaging queues work and what the servers see is interesting but I'm yet to dig into that.

[–] [email protected] 7 points 8 months ago (3 children)

Never tried it. But I use Element, which is based on the Matrix protocol.

[–] [email protected] 7 points 8 months ago

With SimpleX each server is replacable/fungible

load more comments (2 replies)
[–] [email protected] 6 points 8 months ago* (last edited 8 months ago)

What does their multi-device story look like? Can I use one identity/account on multiple devices, with synced read state etc?

Edit: Looks like it's being worked on. I don't want to use a messenger without this feature anymore, but I'll give SimpleX another look once it's done.

load more comments
view more: next β€Ί