The following is a cross-post from my mastodon thread
In the wake of metas enshitiffication I have seen people recommend Signal and Matrix as private open source alternatives to meta products. In the following thread I will outline how if your goal is software freedom anti surveillance and anti censorship the best option for direct and group messaging is neither Signal nor Matrix but instead the up and coming https://simplex.chat/
Signal is centralised meaning its vulnerable to censorship it almost got backdoored by uks online safety bill and that bill still has a damocles sword clause hanging over signal. Signal is also not anonymous, your account is linked to you through your phone number, if your contacts are compromised then your conversations can easily be linked back to you and your contacts all be correlated. In contrast simplex is like having “a burner phone for every contact” meaning even if one contact is correlated you have no consistent identity that can be compromised by default. Also simplex has a custom onion routing protocol to hide your ip from relay servers by default and it makes it very easy to connect over tor if simplex is blocked in your country im pretty sure signal doesnt do that. Matrix has been floated as potentially being a decentralised and e2ee open source alternative to Signal, but Signal shares one massive pro with SimpleX which is that both have post quantum encryption meaning that quantum computers that many researchers say are a few short years away from being able to decrypt all historical data that is encrypted using classical techniques ie not post-quantum encryption - such as the private messages you are sending across matrix today Afaik Matrix currently has no plans to add post quantum (PQ) encryption today and previously they were relying on it being implemented in MLS a standard that Matrix has been trying to adapt to their decentralised framework for years with stagnant process. Whats more afaict the motion to add PQ to MLS quietly expired and wasn’t renewed so it’s likely not coming any time soon. SimpleX has PQ on top of their classical encryption implemented and working today and you can download the app and have PQ rn (the additional classical encryption is insurance in case it turns out PQ has some classical attack vector, hybrid encryption is recommended by sec researchers at this stage) In conclusion both Signal and SimpleX are PQ unlike matrix but SimpleX and Matrix are decentralised and less vulnerable to censorship than Signal, while only SimpleX supports Tor connections and protects ur IP with or without Tor, and has no persistent unique identifier creating a “burner phone for every contact” scenario where compromised contacts cant necessarily be used to correlate ur other contacts/groups simply by looking at ur phone number/username in those groups
Heres some evidence and argumentation to support building post quantum encryption now, state and capital are hoovering up encrypted data rn to decrypt for profit as soon as it becomes cheap enough to do so with quantum computers https://www.youtube.com/watch?v=-UrdExQW0cs
And here’s the best explainer of SimpleX on youtube, sorry about the racist thumbnail the guys a right winger but his knowledge on OPSEC is valuable. If you don’t know why the thumbnail is racist search “Terry Davis glow in dark” (the search results for which I have to give a racist slur cw for but theres no slurs in this video) https://www.youtube.com/watch?v=0cRu98XSap0
edit: see whitepaper for technical privacy details https://github.com/simplex-chat/simplexmq/blob/stable/protocol/overview-tjr.md
That is one wall of text.
Please use more paragraphs
My messenger needs to be one my 70+ parents, who trust big companies and mistrust anything too small, or different, or “extreme”, are willing to use. Getting them to install Signal so we could still have our family group chat after I deleted WhatsApp was a major win. Scanning each others’ QR codes, having to go through some process when they change phones…? Yeah, they would’ve been scared of being “put on a list” and wouldn’t have gone through the technical stuff even for me.
This is kind of black or white thinking to think that its only valuable to use simplex if every one of your contacts uses it. I think of digital privacy like plugging holes in a simking ship to some extent it doesnt matter if you dont get them all if you can bail water fast enough but the more you plug the better. I recommend the arguments in these videos as responses to “i have nothing to hide” https://www.youtube.com/watch?v=Hcqh0ZSza50 https://www.youtube.com/watch?v=0aXIXozAsOE but if everyone you could possible ask to add you on simplex is thinking like this that they don’t want to be lumped in with criminals and what not then this is a disturbing trend that privacy is seen as suspicious
I find your parents’ mindset interesting. They trust the big companies but not the government (I assume the list is a government list). Do they know that the big companies harvest data and make it available for sale, even to the government? It’s a loophole.
Oh, they trust the government too, or would say so if asked. Kinda “work with the system and the system works with you” trust, firm belief in not making waves or drawing undue attention to yourself. And, well, it works for upper middle class native white people in EU, if you can look away or give your silent consent to whatever is happening.
Big companies and the government are familiar 🙄, known 😐 and thus safe 😑.
But when you migrate devices with Whatsapp, there’s a database migration as well - so there is some familiariy with inconvenience. Anyway, certain XMPP clients make using the protocol as easy as Whatsapp. I’d say even more so since it’s snappier and wouldn’t suddenly cut off users of old phones
As for the lists - everyone is on some list or the other anyway.
Thank you. It’s fine for people here to like these kinds of things, I’m not opposed to that. But be realistic. This will never be the public standard.
SimpleX has some interesting ideas, but also some shortcomings for people who want a practical messaging service. For example:
- It is funded by venture capital, which calls into question its longevity, and if it does manage to stick around, suggests that it will be leveraged to exploit people once the user base is large enough.
- Its queue servers delete messages if they are not delivered within a certain time frame (21 days by default). Good luck if you take a vacation off-grid for a few weeks.
- No multi-device support. (This means a single account accessed concurrently from multiple independent devices.) The closest it comes is locally tethering a mobile device to a computer.
- Establishing new contacts requires sharing a large link or QR code, which is not always convenient.
- No support for group calls.
I look forward to seeing how its design decisions develop in the coming years, but outside of a few niche use cases, it is not a suitable replacement for Matrix or Signal.
This is an accurate list of the cons, but my title clearly states I am solely talking about privacy/anonymity goals. Of particular interest was the second bullet there I knew there was a timeout but I didnt think it was that short I will keep that in mind and perhaps suggest it be increased to like at least a couple months. Anyway yes simplex is not feature compatible with signal and matrix. that was not the point of the post. Imo though it IS good enough enough to replace bare bones direct messaging with trusted contacts as I have been using it like that for about 6 months now and it has only gotten more stable since then.
I agree SimpleX is superior protocol. I use it to share text between my devices. But I’m little bit hesitant to recommend it to friends and family because it is VC funded. Until SimpleX becomes non-profit or alternative implementation of SimpleX protocol starts showing up, I won’t use it as my main IM.
It does work really well as a copy paste buffer
How is simplex going to turn a profit for the people who’ve currently invested in it? This is why things get enshittified, they have vulture capitalists helping them start out and no one thinks about it till one day it comes time to pay the piper and features start getting broken, ads get shoveled in, and unless enough money is generated the app will eventually fail.
I hope simplex finds a way to go non profit, until then I can’t trust their business model to not shift in the future.
As an anarchocommmunist I hope they go non profit too, but the protocol is robust and decentralised enough that I’m not worried whatevever the company does it can just be forked. Look at Simple Mobile Tools for andoird, an open source project that sold out to a data harvesting company, within a few months it was forked and now you can get the exact same apps under the name Fossify. And then theres the example of Redhat a forprofit company that “sells linux” by providing techniocal consultation to large businesses. Idk anyone who would say that redhat linux is enshittified bc redhat is forprofit. Evgeny the lead dev has said several times this is the kind of model they want to pursue and they recognise privacy and anonymity is their only selling point, they are into right wing conspiracy theories too so they have an ideological reason not to sell out like that they actually believe in the right to privacy and anonymity. You may be interested in evgenys blog posts about this contention https://simplex.chat/blog/20240516-simplex-redefining-privacy-hard-choices.html
This is exactly what I was trying to figure out on the website to no avail.
please see my comment above and the linked blogpost from evgeny
There are more topics to cover than just encryption. Less on encryption, more on other topics.
Is it p2p or server model? I happen to lookup and it seems to be server as intermediary.
Is server side open sourced? Who is running servers? How does client choose the server to connect to? if hop server is tracking data, what will it see?
With all that end address obfuscation, how user friendly is establishing a connection with a friend?
I think you will be interested in the whitepaper, I will append it to the OP https://github.com/simplex-chat/simplexmq/blob/stable/protocol/overview-tjr.md I’ve read it and it satisfied me.
Isn’t SimpleX VC funded?
Horrible name choice though: https://en.wikipedia.org/wiki/Herpes_simplex_virus
Blame computer scientists from the old days for inventing simplex/duplex for one way / two way communication
Signal’s leadership team includes former Google and Whatsapp executives. What’s your point?
SimpleX will have to return a profit at some point
Exactly, Signal is at the very least has a non-profit foundation involved while it’s very clear SimpleX has investors it needs to please.
“It’s worth noting that some private foundations operate on the VC model in supporting nonprofits, either by requiring Board seats or requesting that their funding be used towards very specific objectives not always in alignment with the organization’s values and mission. It’s also worth noting that some nonprofits actually operate on the models of surveillance and censorship. Therefore, whether an organization or company is VC-backed or a nonprofit should not be the sole factor in deciding whether or not it is trustworthy. Actions are important, with full transparency being one of the most critical factors, and being fully open source being another to attract valid criticisms and audits to ensure any product or protocol lives up to its privacy and security promise. SimpleX Chat prides itself on being both transparent and open, on top of also being fully decentralized. If you’re new to it and eager to know more, you can start with this overview.”
https://simplex.chat/blog/20240404-why-i-joined-simplex-chat-esraa-al-shafei.html
Not exactly an unbiased chunk of evidence there, is it?
There is concern about simpleX sacrificing privacy down the road for profit like all the other chat options that started this way.
You can hide your number on Signal so people can’t start conversations with you unless they have your QR code/link.
But even if you leave it visible… it’s really not that big a deal. Tbh, thats a good feature if you want to use Signal as a way for people you don’t often interact with to securely communicate if they have your phone number but can’t utilize encrypted RCS. Once Apple gets on board with encryption then it’s less important for Signal to fill that gap for casual conversation.
Signal may not be perfect for all use cases. But it’s pretty easy to navigate for the normies and its got most of the features people would miss from whatsapp/facebook messenger. I got my family converted to Signal this week from facebook messenger and it went rather smoothly. Plus, Signal has been around for a long time. Even some among my less tech-literate family had already used it in the past, but everyone had heard of it so it was an easy sell.
The reality of communication nowadays is that there is no one size fits all solution. Signal, XMPP, Matrix, whatever else all have their pros/cons.
I know there’s been a lot more discussion around SimpleX lately, but tbh, the sudden noise about it + the VC backing just feels more like a coordinated advertising campaign and that makes me less interested in it.
I understand the skepticism, the owner evgeny is a right wing conspiracy person but it has actually already had a security review you might be interested in https://simplex.chat/blog/20241014-simplex-network-v6-1-security-review-better-calls-user-experience.html also because of the decentralised design it is easier to run a simplex relay than a matrix homeserver for example hackliberty.net runs private relays for simplex. All in all I think you’re right to be skeptical of a for profit enterprise but evgeny has said several times they have no intention to profit from user data, they recognise that privacy and anonymity is p much their only selling point so theyve said they want to make profit selling consultations and techniocal expertise to large corporations, kinda like how redhat “sells linux” i guess https://simplex.chat/blog/20240516-simplex-redefining-privacy-hard-choices.html as an anarchocommunist I dont agree with some of the views in this blogpost but I think reading it is a good way to dispell some of the skepticism
I am all for using the true and tested xmpp protocol.
And it is so much fucking easier to admin. Especially if you have a server with open signups.
IDK, maybe it’s just the server only being personal, but I found Simplex and XMPP roughly equivalent (Matrix was very annoying, though). What features does XMPP do better in this regard?
Signal is centralised meaning its vulnerable to censorship
…what? How do you figure? Signal has attempted to be censored several times but you can just switch relays.
if your contacts are compromised then your conversations can easily be linked back to you and your contacts all be correlated
…how do you suppose that works?
- If you switch relays you alienate the 99% of people on the central signal network who now have to put in extra work just to talk to you, simplex is decentralised by design anyone can use any relay they choose and the UI is seemlesss bc its handled in the invite link and handshake protocol. 2. Two ways contacts can be compromised, by the attacker simply looking at the phone numbers of you contacts, or if they use usernames instead they can subpoena signal to divulge the phone number associated with the username, from there its trivial to use either leaked phone details or subpoena the phone companies to get your personal details
Blocking the server is not even the most effective way it can be restricted. If a country wants to gimp Signal, it can ban their cell carriers from delivering the confirmation codes. Or, on the contrary, if US wanted to restrict sanctioned countries, they could prohibit Signal from interacting with the country’s range of phone numbers.
Yes, you could rent numbers of another country to avoid that. But while pretty much everyone can figure out how to bypass website censorship, phone rentals are much more of a roadblock, especially if your payment method is sanctioned and thus you have to use crypto or workarounds. Not to mention that the number being temporary introduces a permanent security hole, and if it is not temporary - it’s an extra expense, which may be noticeable for poor people.
On a similar note - the issue I take with Signal in this regard is the fact that the stock app only allows their own censorship bypass proxy. Why not just arbitrary Socks?? Sure, you can use a whole-device VPN, but for a lot of people this is inconvenient (like if the free VPN is very slow), so a proxy for a background connection is much better. Thankfully, Molly addresses this.
There is a signal legal entity that can fail and take out all of signal which is less true with matrix since there are multiple client and server implementations the only thing a government can achieve by breaking a single entity is disrupt governance
That’s true but they didn’t say anything about that.
Because the architecture is centralized, a law can target signal. Currently signal is hosted in the United States, a law United States writes could take it down
Signal is hosted on cloud infrastructure around the world.
I doubt this cloud infrastructure would be able to disobey the main organization’s orders or go on without it if said organization is told to shit down.
There are plenty of potential alternatives in such a wild scenario.
Haha, Ulrich I noticed you on several threads the past few days correcting misinformation, thank you for your service.
I mean, you also covered the reasons someone might choose signal over simplex.
