Thoughts on Simplex Chat? Is It Secure? Is it the new signal? - eviltoast
  • amanneedsamaid@sopuli.xyz
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    SimpleX > Session > Signal in terms of metadata.

    On Signal, your user id is your phone number, a directly identifying piece of information. That is a major point of weakness in terms of metadata reduction, usernames would remedy this significantly.

    On Session, your user id is anonymous, a randomized string of numbers and letters. However, this user identifier is persistent, meaning if multiple people were found messaging that single randomized ID, that is data about that user even though it the id is randomized.

    On SimpleX (although you do have to option to have a persistent ID on top of using this), every conversation uses a randomized user id you send to your contact via a QR code or link. This means in terms of identifying you’re talking to the right person, SimpleX is weaker as if someone hijacks the link, they can impersonate you. The links are one time only, so you have to make sure you transfer the link securely (i.e. QR code via encrypted video call, a message on another secure messenger, or scanning the QR code in person). Once you establish the connection however, SimpleX is a more private experience because of the lack of a persistent user identifer. This also means no spam, ever!