this post was submitted on 28 Oct 2023
64 points (93.2% liked)

Privacy

31821 readers
247 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

cross-posted from: https://monero.town/post/934733

SimpleX Chat

Private and Secure messaging platform without user IDs

Will this new messenger replace Signal?

Watch on Youtube

by Evgeny Poberezkin

all 47 comments
sorted by: hot top controversial new old
[–] fmstrat@lemmy.nowsci.com 10 points 1 year ago (2 children)

Oof, bad timing for that name selection. Especially with payment processing.

The invitation method is interesting, but will likely be its limiting factor vs its draw. Regular Jane/Joe wants to share their username, just not their number or email. Not being able to share verbally is tough.

[–] BearOfaTime@lemm.ee 3 points 1 year ago* (last edited 1 year ago)

Simplex has been out for a year or so.

It's tough getting people used to systems that respect privacy, since Out-of-band ID sharing is part of that.

[–] possiblylinux127@lemmy.zip 1 points 1 year ago

I've found it easier to get contacts though the QR code

[–] einfach_orangensaft@feddit.de 4 points 1 year ago (2 children)

i like the whole concept but it seamed to good to be true and not some type of backdoored honeypot, ill guess ill check it out when enough people reviewed the sourcecode

[–] Cheradenine@sh.itjust.works 6 points 1 year ago

Well, since it was audited quite awhile ago you could probably check it out now.

simplex.chat/blog/20221108-simplex-chat-v4.2-security-audit-new-website.html

[–] noodlejetski@lemm.ee 3 points 1 year ago (2 children)

back when I was using reddit, whenever it would be posted in /r/privacy or /r/privacyguides it would get like 30 or 40 upvotes in a matter of minutes. for a service that came seemingly out of nowhere, it really felt suspicious to me.

[–] moreeni@lemm.ee 3 points 1 year ago

I think that's because it's the content for privacy subs. Now that it had been audited and privacyguides recommends it I put my trust into SimpleX

[–] jet@hackertalks.com 3 points 1 year ago* (last edited 1 year ago)

TLDR via notegpt

  • 🚀 Simplex Chat: A private and secure messaging platform without user identifiers.
  • 💡 Founder's story: The startup was founded in 2021, with ideas dating back to late 2019.
  • 🌐 Join the group: Interested viewers can join the conference group to ask questions and try out the platform.
  • 💰 Privacy and cost: Lack of privacy in messaging platforms can cost users real money.
  • 🔒 Designing for privacy: Simplex Chat's design removes the need for user identities, providing a high level of application-level anonymity.
  • ⚙️ Usability and future plans: Simplex Chat aims to be as usable as popular messengers while addressing the challenges of establishing connections and transfer anonymity.
  • 🌐 Future evolution: The network is evolving into a two-hop mix network to further protect IP addresses and enhance session isolation.
[–] Gargari@lemmy.ml 2 points 1 year ago (2 children)

Is it a simple chat app or something like Telegram with channels and groups support?

[–] moreeni@lemm.ee 5 points 1 year ago (3 children)

It doesn't have channels, only groups. It's more like Signal with no phone number req but with worse UX as a trade off

[–] blkpws@lemmy.ml 3 points 1 year ago* (last edited 1 year ago) (1 children)

But https://briarproject.org can be used on Gaza right now, works without internet.

EDIT: And has forums posts for important notices around you, which is super useful on war/censorship times.

[–] BearOfaTime@lemm.ee 3 points 1 year ago (2 children)

I think they serve different (though related or overlapping) purposes.

Briar started (IIRC) as a Bluetooth-only comm tool, and they've done a great job expanding what it can do (think it does Tor now?). Briar is not battery friendly, and the devs will tell you so. I don't consider it a daily driver, but rather for specific circumstances. I keep it around just-in-case.

SimpleX is more of a daily driver since it's a more conventional IP networking app, though it's a little battery hungry too.

[–] blkpws@lemmy.ml 1 points 1 year ago (1 children)

Yeah, you are right, I just think SimpleX is not for me as I already use many Matrix chat even for work stuff and collaborations (group chats), and I'm not sure if I can do the same or chat daily with my team as I do on Matrix. And I just hope and have faith that they will fix those metadata issues:

https://github.com/matrix-org/matrix-spec/issues/660
https://github.com/matrix-org/matrix-spec/issues/549

But can take long, for now I am not worried at all.

[–] BearOfaTime@lemm.ee 3 points 1 year ago (1 children)

Yea, it's a different tool. And it's still early days.

I don't use SimpleX as a daily driver, yet. But it has a lot potential. Just glad to see another tool out there, and the devs seem really earnest (I worked with them a year ago while testing the app).

[–] blkpws@lemmy.ml 1 points 1 year ago (1 children)

I should give it a try, but not sure if I will be able to talk with anyone... I don't really have friends that care about privacy... 😢

[–] BearOfaTime@lemm.ee 2 points 1 year ago (1 children)

Lol, welcome to the club!

God how I despise SMS, and I can't get anyone off it, even if other options are easier to use than SMS, much more robust, faster, more flexible, etc.

There are a couple messaging apps that are self-hostable (like I believe SimpleX is). Litewire is one. At some point I plan on hosting one myself, and preconfigure accounts for friends/family to make it even easier for them. Maybe that will get them on board.

[–] blkpws@lemmy.ml 0 points 1 year ago (1 children)

Yeah, and I first need to get friends... such a hard work... physical world isn't for me...

[–] BearOfaTime@lemm.ee 2 points 1 year ago

Lol, there is that problem. One thing at a time...

[–] EngineerGaming@feddit.nl 1 points 1 year ago (1 children)

My main concern wit Briar is that it would be of not much use without a smartphone (I meant the internet-less features in particular). I would not trust sensitive things to a smartphone. I wonder if soemthing like that could be doable with an Android VM or Waydroid with a laptop's bluetooth...

[–] BearOfaTime@lemm.ee 1 points 1 year ago (1 children)

Maybe. Check out Android Subsystem for Windows. It's essentially an Android VM though you don't have a launcher/home screen. You just see the apps in your task bar like any windows app. I run it on an older laptop, it's a touch slow but works well enough.

https://github.com/MustardChef/WSABuilds

[–] EngineerGaming@feddit.nl 1 points 1 year ago* (last edited 1 year ago) (1 children)

Windows is as much of a spyware as an average smartphone though, so not much of a point.

Edit: I should try it in Waydroid then.

[–] BearOfaTime@lemm.ee 1 points 1 year ago

Lol, true. I just assume most people are using it.

I'm working on getting away from it, been stuck on fining a OneNote replacement.

[–] authed@lemmy.ml 0 points 1 year ago

Signal only ask for a phone number to verify your identity... its far from private

[–] jelloeater85@lemmy.world 1 points 1 year ago

It's more or less truly anonymous chat. Like you meet someone on the street and need to chat with them, but don't want to give them any personally identifiable info. It's really cool in concert, but good luck getting anyone to use it. Signal is good enough if you're paranoid. TBH Telegram secret chats are just as good for sensitive stuff and way easier to get folks to use.

[–] PipedLinkBot@feddit.rocks 2 points 1 year ago

Here is an alternative Piped link(s):

Watch on Youtube

Piped is a privacy-respecting open-source alternative frontend to YouTube.

I'm open-source; check me out at GitHub.

[–] 01189998819991197253@infosec.pub 1 points 1 year ago (1 children)
[–] onlinepersona@programming.dev 1 points 1 year ago (1 children)

No link to a repo? I'm not going to watch a video to know what a project does or how it does it. No thanks.

[–] vim_b@lemmy.ml 8 points 1 year ago (1 children)
[–] onlinepersona@programming.dev 1 points 1 year ago (2 children)

Thanks.

So it has a new ID for each tunnel/channel/whatever. As usual, that comes with the downside of discoverability: how do you find all your contacts when installing the app? You always need an out of band transfer of the user ID - be it email, username, or a transient one like this.

I'm not sure how much better that is than existing chat apps that don't have discoverability.

[–] BearOfaTime@lemm.ee 1 points 1 year ago (1 children)

OOB is arguably better for privacy.

[–] onlinepersona@programming.dev 0 points 1 year ago (1 children)

How?

If the OOB is not encrypted --> hello MITM attack or impersonation (unless of course you're physically in the same place, which is quite limiting)

If it's encrypted, why not just keep using encrypted channel? I have to find an encrypted channel to initiate an encrypted chat?

I'm not seeing the benefit

[–] BearOfaTime@lemm.ee 3 points 1 year ago

I can give someone my ID in person. I control how it's delivered.