Thoughts on Simplex Chat? Is It Secure? Is it the new signal? - eviltoast
  • Lynda@lemmy.ml
    link
    fedilink
    arrow-up
    4
    ·
    2 years ago

    Having unique one-time (non-reusable) invite ID is great.

    The wat SimpleX uses one-way queues, and then distributes those queues among servers offers a way to mitigate communication correlation (if the servers are independent and won’t collude). Or you can just self host and not worry. Self hosting an onion service is easy.

    Running SimpleX through a tor proxy (or VPN) offers even more advantages (if you think you need them).

    Perhaps the only downside is SimpleX still controls who gets to be a public server (anyone can self host or offer servers, but they won’t be integrated). I have no way of knowing if the servers are owned by a single entity. This part is not “open”.

  • bkrl@lemmy.ml
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    2 years ago

    No spam and no identifiers (phone number, email, ids, etc.) by design. Local encrypted sign-in. Your whole chat system-in-a-file .zip. Disposal, one-time, connections. This is awesome!

      • amanneedsamaid@sopuli.xyz
        link
        fedilink
        arrow-up
        1
        ·
        1 year ago

        SimpleX > Session > Signal in terms of metadata.

        On Signal, your user id is your phone number, a directly identifying piece of information. That is a major point of weakness in terms of metadata reduction, usernames would remedy this significantly.

        On Session, your user id is anonymous, a randomized string of numbers and letters. However, this user identifier is persistent, meaning if multiple people were found messaging that single randomized ID, that is data about that user even though it the id is randomized.

        On SimpleX (although you do have to option to have a persistent ID on top of using this), every conversation uses a randomized user id you send to your contact via a QR code or link. This means in terms of identifying you’re talking to the right person, SimpleX is weaker as if someone hijacks the link, they can impersonate you. The links are one time only, so you have to make sure you transfer the link securely (i.e. QR code via encrypted video call, a message on another secure messenger, or scanning the QR code in person). Once you establish the connection however, SimpleX is a more private experience because of the lack of a persistent user identifer. This also means no spam, ever!

  • Drew Got No Clue@lemmy.world
    link
    fedilink
    arrow-up
    2
    ·
    edit-2
    1 year ago

    I really like the concept but I never managed to convince anyone in real life to use it with me. lmao

    Edit: I’ve just realized this post is from 7 months ago; why did someone bump this now?