No spam and no identifiers (phone number, email, ids, etc.) by design. Local encrypted sign-in. Your whole chat system-in-a-file .zip. Disposal, one-time, connections. This is awesome!
deleted by creator
They actually had security audit done by Trail of bits. Here’s a link to their reddit post
Having unique one-time (non-reusable) invite ID is great.
The wat SimpleX uses one-way queues, and then distributes those queues among servers offers a way to mitigate communication correlation (if the servers are independent and won’t collude). Or you can just self host and not worry. Self hosting an onion service is easy.
Running SimpleX through a tor proxy (or VPN) offers even more advantages (if you think you need them).
Perhaps the only downside is SimpleX still controls who gets to be a public server (anyone can self host or offer servers, but they won’t be integrated). I have no way of knowing if the servers are owned by a single entity. This part is not “open”.
This is not a new Signal, this makes Signal obsolete.
How so?
SimpleX > Session > Signal in terms of metadata.
On Signal, your user id is your phone number, a directly identifying piece of information. That is a major point of weakness in terms of metadata reduction, usernames would remedy this significantly.
On Session, your user id is anonymous, a randomized string of numbers and letters. However, this user identifier is persistent, meaning if multiple people were found messaging that single randomized ID, that is data about that user even though it the id is randomized.
On SimpleX (although you do have to option to have a persistent ID on top of using this), every conversation uses a randomized user id you send to your contact via a QR code or link. This means in terms of identifying you’re talking to the right person, SimpleX is weaker as if someone hijacks the link, they can impersonate you. The links are one time only, so you have to make sure you transfer the link securely (i.e. QR code via encrypted video call, a message on another secure messenger, or scanning the QR code in person). Once you establish the connection however, SimpleX is a more private experience because of the lack of a persistent user identifer. This also means no spam, ever!
Signal has moved away from using phone numbers
Since when? I still use a number it seems
I thought a few months ago? But maybe that’s just when they stopped allowing SMS
Yeah. They stopped using sms a few months ago but divorcing from phone numbers is who knows when
Hm, when I go to settings it still has my number displayed even though I can’t use it for SMS. It would be nice if they went to a un/ pw model one day. Then maybe I could use it on my phone and Android tablet at the same time :(
Not yet, lol.
When is the transition date?
They are already working on usernames but didn’t provide a date
Open source?
yes it’s open source
Simplex doesn’t need phone number so its different from signal
I really like the concept but I never managed to convince anyone in real life to use it with me. lmao
Edit: I’ve just realized this post is from 7 months ago; why did someone bump this now?
It’s happening everywhere. The default sort on many of these apps is “hot” and posts from years ago are being shown like they’re new.
Also many new users, like me, are looking through everything to see what to subscribe to. A couple of new comments on an old thread and it gets bumped.
I tried SimpleX Chat, and saw it requires the other person to be on-line, maybe that will change ? The project looks promising. I think they wanted to get more money to have a security audit done for the source code.
it’s only for the initial connection
Thanks
Here a security audit (Read on Lobste.rs today) : https://raw.githubusercontent.com/trailofbits/publications/master/reviews/SimpleXChat.pdf
deleted by creator
Looks good in principle! I’ve yet to try using it with anybody.
Looks nice! Is it self-hostable? Or I guess because it’s decentralized, the chat history/ etc is saved only between clients?
This ? Already existed? Isn’t this like Olvid?