SimpleX Chat is an instant messenger that is decentralized and doesn’t depend on any unique identifiers such as phone numbers or usernames. Users of SimpleX Chat can scan a QR code or click an invite link to participate in group conversations.
-privacyguides.org
It’s clearly proving to be the most innovative technology when it comes to decentralized communication, in my opinion.
SimpleX Chat Ltd is a seed stage startup with a lot of user growth in 2022-2023, and a lot of exciting technical and product problems to solve to grow faster.
Run by a VC funded for-profit company. That really should tell you all you need to know. Sorry, but no thanks.
I did not know it was run by a VC funded company. Isn’t it open source and audited though? https://simplex.chat/blog/20221108-simplex-chat-v4.2-security-audit-new-website.html
Either way, if one needs to communicate without the use of identifiers like a phone number (afaik signal requires one) I trust Session. SimpleX features cool new tech but let’s wait until it matures
AFAIK it is audited, and its threat model is rather extreme, like there is no unequivocally binding id, you can give every contact a different id
They talk about for profit/no profit in their last blog entry
https://simplex.chat/blog/20240323-simplex-network-privacy-non-profit-v5-6-quantum-resistant-e2e-encryption-simple-migration.html
this is a wrong take for a few reasons, if we’re talking about trust.
Also, Signal literally was taking money from the CIA for a decade and also is based in the US anyway, and no one hardly said a word 🤣🤣 “Privacy” activists are a joke lmao. Also signal made a crypto coin and took away features like SMS, but of course they get a free pass for that too. Makes you wonder.
-
SimpleX is fully open source, verifiable, and audited. If there are changes that are bad, the community will talk about them, and at worst it can be forked
-
SimpleX has made it clear that they dont want you to trust them. It’s decentralised and anyone can run their own relay, and the servers are designed prevent correlation. They also make it very easy to use TOR and multiple circuits. This is contrary to the inferior Signal model where you just have to trust that the centralized Signal org isnt leaking your phone and IP to the feds.
moving towards a decentralised, open, and trustless world is better for everyone. In this kind of system, I really dont give a damn where they are getting their money from, as long as they arent putting crap in the software, and if they do, we will all know about it. But so far they have shown that they are committed to extreme security and privacy, and they obviously arent trying to appeal to normies, so i doubt they would ever even try to put VC-pushed garbage in.
If you want a good app, you will need funding from somewhere. Look at apps like Session that arent funded well. They suck. So I’d rather SimpleX be funded by a VC instead of by the feds like Signal, as long as everything stays open, free, trustless, and decentralised
Time to get downvoted! See you guys at -50 😁
Where did I even mention Signal? Total strawman argument, as I don’t think Signal is a good option either.
But you go ahead and trust Simplex Chat Ltd. I guess some people only learn from their own mistakes 🤷♂️
you completely ignored what i said, as I specifically argued that simplex is made to be used without trust. so dont talk about me trusting people lol.
Also I agree with you on Signal, was just throwing it out there for others, not necessarily for you.
You walked right into my deliberate rethorical trap 😅
There is no such thing as trustless computing, and anyone that tries to sell you that is scamming you or drank the same kool-aid.
-
Top-Tec! decentralized and doesn’t depend on any unique identifiers
“Hang on let me write down my QR code”
Usernames exist for a reason, especially in chat apps. Not having usernames is only going to severely limit your target demographic. And if nobody uses your app does it’s benefits even matter?
deleted by creator
I’ve been a fan of SimpleX for a while now. Privacy comes at the cost of convenience, and SimpleX is the most private messaging platform according to this spreadsheet.
Here is my take as someone who absolutely loves the work simplex did on the SMP protocol, but still does not use SimpleX Chat.
First the trivial stuff:
- no one else seems to use it
- UX is not great because of initial exchange
These two are not that unexpected. Any other chat app with E2E security has tricky UX, and SimpleX takes the hard road by not trading off security/privacy for UX. I think this is a plus, but yes it annoys people.
Now for the reasons that really keep me away:
- the desktop app is way behind the mobile app - and I would really prefer to use a desktop CLI app
- haskell puts me off a bit - the language is fine I just don’t know how to read it - for more practical issues it did not support older (arm6/7) devices which kept lots of people in older devices away
- AFAIK no alternative implementations of either the client or the SMP server exist - which is a petty I think the protocol would shine in other contexts (like push notifications)
- I was going to say that there are not many 3rd party user groups - but I just found out about the directory service (shame on me, maybe? can’t seem to find groups though)
- protocol features/stabilization is a moving target and most of the fancy new features don’t really interest me (i don’t care much about audio/video)
- stabilization of code/dependencies would help package the server/client in more linux distros, which I think would help adoption among the tech folk
Finally a couple of points on some of the other comments:
- multi device support - no protocol out there can do multi device properly (not signal, none really) so i’m ok with biting the bullet on this
- VC funding is a drag - but I am still thankful that they clearly specified the chat protocol separate from the message relay, which means that even if the chat app dies, SMP could still be used for other stuff.
Seems like another one of those mobile only messengers, not really interested in those to be honest.
There’s a desktop app: https://simplex.chat/downloads/#desktop-app
Ah, must have missed that one, though
Using the same profile as on mobile device is not yet supported – you need to create a separate profile to use desktop apps.
is a pretty major downside.
Actually, you can scan a qr code and use on both
But wouldn’t that mean if someone writes to your desktop profile you can’t respond on mobile and vice versa? And you would have to be added by everyone else twice too?
You just never use a desktop profile. You have an account on mobile, and every time you go desktop you sign in with the app and qr code so you’re always using the same db on each machine.
My desktop app has zero profiles and no db; I only sign in with my mobile.
I would use it, if there were unified push support.
What is that and why does it matter?
unified push works as a stand in for gms on devices without it. it runs in the background & receive the wakeup pings for the apps (in this case simplex) so you only need one websocket open instead of a different background service for each app. hugely reduces battery use.
Session messenger allows you to chat without linking a phone number to your account. It’s what drug dealers use lol.
What really bothers me about Session is that you effectively cannot selfhost - hosting a node is prohibitively expensive. So seems like the only people who can realistically host a node are crypto bros, big companies and government agencies. Thanks, I would rather stick with IRC/XMPP/Matrix.
Does it have forward/future security?
¹ Repudiation in SimpleX Chat will include client-server protocol from v5.7 or v5.8. Currently it is implemented but not enabled yet, as its support requires releasing the relay protocol that breaks backward compatibility.
² Post-quantum cryptography is available in beta version, as opt-in only for direct conversations. See below how it will be rolled-out further.
Some columns are marked with a yellow checkmark:
- when messages are padded, but not to a fixed size.
- when repudiation does not include client-server connection. In case of Cwtch it appears that the presence of cryptographic signatures compromises repudiation (deniability), but it needs to be clarified.
- when 2-factor key exchange is optional (via security code verification).
- when post-quantum cryptography is only added to the initial key agreement and does not protect break-in recovery.
Because Signal is great.
It’s really not. Requires phone number and is centralized
i don’t know in what world you’re living, but in this world where people think you’re (edit: we are) a pain in the ass for refusing to install WhatsApp when everyone is expected to use it for official communication (work + organizations); Signal is great.
I’ve convinced a couple of dozens of people to use Signal, and only one to keep Simplex as, at least, a backup.
as a caring-about-privacy minority we can invite “them” to Signal. “They” know Signal and Telegram👎. “They” understand our concerns. “They” for whatever incomprehensible reason keep using WhatsApp 🤷 We’re left out of the loop because once “everyone” is on that WhatsApp group, it’s tiring for them to send an email or an sms to the exceptional one or two people
What are you talking about? Your comment isn’t relevant at all. Next time read more carefully
it is relevant.
requiring phone number and being centralized doesn’t make Signal “not great” in a world where a great majority of people use WhatsApp + read the last comment again but more carefully ;)
signal is a great alternative to a WhatsApp world. Simplex or Session has no chance with the general public
Never heard and don’t know any users. I suspect I’m not alone.
I saw a user’s hash just this week — it was in a ransom note. They required their victims to sign up for the service and text a code to their userhash to kick off sending the attacker cryptocurrency so they’d send a decryption key and not make stolen data public.
Other than that use case, it hasn’t picked up many users that I’m aware of.
Any chat protocol without full mutli-device support is not really an option for me https://github.com/simplex-chat/simplex-chat/issues/444.