Why don't people here love SimpleXChat more?
SimpleX Chat is an instant messenger that is decentralized and doesn't depend on any unique identifiers such as phone numbers or usernames. Users of SimpleX Chat can scan a QR code or click an invite link to participate in group conversations.
-privacyguides.org
It's clearly proving to be the most innovative technology when it comes to decentralized communication, in my opinion.
https://simplex.chat/Open linkView original on slrpnk.net143
Comments122
Run by a VC funded for-profit company. That really should tell you all you need to know. Sorry, but no thanks.
this is a wrong take for a few reasons, if we're talking about trust.
Also, Signal literally was taking money from the CIA for a decade and also is based in the US anyway, and no one hardly said a word 🤣🤣 "Privacy" activists are a joke lmao. Also signal made a crypto coin and took away features like SMS, but of course they get a free pass for that too. Makes you wonder.
SimpleX is fully open source, verifiable, and audited. If there are changes that are bad, the community will talk about them, and at worst it can be forked
SimpleX has made it clear that they dont want you to trust them. It's decentralised and anyone can run their own relay, and the servers are designed prevent correlation. They also make it very easy to use TOR and multiple circuits. This is contrary to the inferior Signal model where you just have to trust that the centralized Signal org isnt leaking your phone and IP to the feds.
moving towards a decentralised, open, and trustless world is better for everyone. In this kind of system, I really dont give a damn where they are getting their money from, as long as they arent putting crap in the software, and if they do, we will all know about it. But so far they have shown that they are committed to extreme security and privacy, and they obviously arent trying to appeal to normies, so i doubt they would ever even try to put VC-pushed garbage in.
If you want a good app, you will need funding from somewhere. Look at apps like Session that arent funded well. They suck. So I'd rather SimpleX be funded by a VC instead of by the feds like Signal, as long as everything stays open, free, trustless, and decentralised
Time to get downvoted! See you guys at -50 😁
Where did I even mention Signal? Total strawman argument, as I don't think Signal is a good option either.
But you go ahead and trust Simplex Chat Ltd. I guess some people only learn from their own mistakes 🤷♂️
you completely ignored what i said, as I specifically argued that simplex is made to be used without trust. so dont talk about me trusting people lol.
Also I agree with you on Signal, was just throwing it out there for others, not necessarily for you.
You walked right into my deliberate rethorical trap 😅
There is no such thing as trustless computing, and anyone that tries to sell you that is scamming you or drank the same kool-aid.
Exactly what I thought; if the technology is so decentralized does it make sense to care so much about who finances the project? Like if one instance of lemmy was funded by Microsoft, we could easily use another one and block it, right?
yeah it's like TOR. it's public knowledge that it was both made and is funded by the US Gov, but we all see it as the standard of anonymity online because everything is open, trustless, and decentralized.
How is TOR trustless?
I recommend to study how TOR works
I did. Can you maybe answer the question?
Would you say Tor is bad because its from the US navy?
originally it was. but it was given to the larger community as an open project, because they realized that without public use, it would be useless.
There is endless discussion on whether tor software is backdoored or not, but I severely doubt this with all the eyes on the open source code
There is also debate on how many nodes are owned by the feds, but the largest estimates at the peak were about 20%ish iirc. i doubt it's a significant number enough to worry about, from what I've seen.
tldr I'd recommend to look up all the opinions online yourself.
I'm in full agreement with you. Not even a little bit of disagreement.
This comment right here is the sanest in this thread
Upvoted bc VC eventually means enshittifiication. But with xz getting back-doored recently, what is the middle ground that keeps these things sustainable financially and operationally?
Maybe it’ll be governments partially funding it. If Schleswig-Holstein’s attempt is anything to go by, it might be a way
But do we trust entities that depend on our governments for funding? It could be argued that they’re fundamentally compromised.
As opposed to whom? Are investors in VC startups less compromised or more? What are the incentives in either case? Who do you trust to be competent and/or incompetent enough to compromise it without you noticing it? Who is likely to change a project that was well intentioned first after the fact? In what ways?
Exactly.
Many question marks, one answer- Gitea
You have 4 basic options for funding:
-you rely on individual donations which doesn’t bring in enough money
-you force people to pay for it, which makes it less attractive when compared to traditional software, and makes much of the community pissy
-you rely on corporate money
-you rely on government money
None is perfect, but some amount of government funding (let’s say, 10% of what they would pay Microsoft for the equivalent software) might make sense
I wonder what that looks like fleshed out a little, though. Is that a mandatory or voluntary payment? And by paying for what they use is that per message or per month like a subscription?
Mandatory? And per month or year. Younger people might not remember but WhatsApp was $1/year (at least in the states.)
There shouldn't be anything wrong with expecting payment to pay for servers, etc. If it's free then you're the product right?
Threema.ch already do this. Maybe that’s the answer?
Maybe. That is a one time payment but i guess they make their money on businesses. I like it but it's not the slickest app yet.
@timbuck2themoon @FarraigePlaisteach or self hosted :thinkerguns:
I do this but sadly not viable for everyone. It is a great option though.
Secure and private by design is the solution
Nobody can compromise you if they can't
I did not know it was run by a VC funded company. Isn’t it open source and audited though? https://simplex.chat/blog/20221108-simplex-chat-v4.2-security-audit-new-website.html
Either way, if one needs to communicate without the use of identifiers like a phone number (afaik signal requires one) I trust Session. SimpleX features cool new tech but let’s wait until it matures
AFAIK it is audited, and its threat model is rather extreme, like there is no unequivocally binding id, you can give every contact a different id
They talk about for profit/no profit in their last blog entry
https://simplex.chat/blog/20240323-simplex-network-privacy-non-profit-v5-6-quantum-resistant-e2e-encryption-simple-migration.html
Why should that be an issue? It's fully open source
Oh, my sweet sweet summer child... I have bad news for you 😆
Thanks, I just uninstalled it lol.
My friends barely want to use Signal. There's no chance they're using something else.
I'd definitely use it if my friends were using it. Sadly, I can't even get them to use signal.
Same.... Sigh...
I don't need people to be hyper-privacy minded. But just a little bit at least. I'm not expecting everybody to self host a matrix server and use element and run self hosted services on their own RPI.
But just not pick one of the worst ones?
Find better friends. I say that but my friends decided to leave Facebook Messenger group chat… for Instagram. Now they use both.
"Hang on let me write down my QR code"
Usernames exist for a reason, especially in chat apps. Not having usernames is only going to severely limit your target demographic. And if nobody uses your app does it's benefits even matter?
You just scan QR codes. It is not that complicated
It can be pretty complicated without a phone. Especially if your computer doesn't have a webcam.
you don't need a camera, you can load the qrCode image (after sending it through Signal 🤭
just send them the link
Thereby surrendering your anonymity and negating any reason to use the app over mainstream alternatives.
You match with someone on a dating app and want to move to the next step... Sending them a QR code to scan into the app is a huge hurdle.
Well dating apps are not made for privacy
A Messaging app is made for communication. The ideal dream is a messaging app that is both easy to communicate with, and respect privacy. If a messaging app cannot be used for a common messaging use case, like dating. It's not going to work as a general messaging app
If I want a simple chat protocol, I use IRC or XMPP. These are battle proven by time. If I want a really secure protocol, I use Signal or Matrix. These are endored by many security experts who their shit when they assess protocols, crypto and solutions.
SimpleX may be a good alternative for anonymous communication, but there is plenty options out there. Considering how many startups are funded by cheap VC money, and the business model is always "provide something awesome, and once you have enough traction - enshittify it" makes me very weary of investing myself in new solutions no matter how open-source the are.
I may sound bitter and skeptic, but I've seen this pattern has been repeated many times over.
Signal was funded by the CIA for a decade
So? Tor is in a similar boat.
Government agencies need secure crypto to hide their activities, and it doesn’t work if they’re the only ones using the technology.
I think his point is that funding doesn't equate to it being shit
Never heard and don't know any users. I suspect I'm not alone.
I saw a user’s hash just this week — it was in a ransom note. They required their victims to sign up for the service and text a code to their userhash to kick off sending the attacker cryptocurrency so they’d send a decryption key and not make stolen data public.
Other than that use case, it hasn’t picked up many users that I’m aware of.
I don't trust for profit venture capital funding, if you want to see where it ends up just Look at how telegram or wickr transitions from being "open" and free to getting stripped of features only to have them become paid only and the wickr sold off to Amazon and ended all non business support...the business model for making a profit off chat applications is bad for users.
Also now that signal supports usernames I have no reason to use anything else even for people I wouldn't want having my real number.
Agreed, this is why I am slowly moving away from Signal. The moment they announced putting in a wallet along their own crypto, was the sign for me to leave.
I've been a fan of SimpleX for a while now. Privacy comes at the cost of convenience, and SimpleX is the most private messaging platform according to this spreadsheet.
No Jami? Absurd.
Jami hasn't had a security audit
Jami really needs to get talked about more. I think it's great.
Doesn't work, never will. Partly because both have ro be online to chaz
Thanks for this report.
Beware https://privacyspreadsheet.com/messaging-apps uses Google fonts. So much for privacy.
In F-Droid, after disabling all anti-features, SimpleX still is listed. Signal never will be due to connecting to GCM or Firebase. Molly is an improvement for Signal but not for untrackable privacy like SimpleX from using a different ID with each individual SimpleX contact.
I hoped Molly leaved the sms feature, that is the only thing I can use as a bait for let my friends switch to signal.
No, because SMS code was removed from Signal, I believe Molly would have to fork the code if they try to put it back in.
Not to mention, SMS was removed because it’s inherently insecure at every level. Keeping it would mean there’d be an insecure side channel into the protocol. While it’s a useful onboarding mechanism, it can also be abused — and was. So eventually it got removed to prefer privacy and security over convenience.
That's a valid reason, prioritizing security over convenience. I forgot about the fact that texting is plain text communication.
I liked the fact that it is really easy to self-host.
I tried it with friends on discord and in 10min I had a vps with a server running.
Did you use an install script that you found online or did you set it up yourself?
I followed the documentation on their website to install it on a vps
Any chat protocol without full mutli-device support is not really an option for me https://github.com/simplex-chat/simplex-chat/issues/444.
@[email protected] I've not heard of anyone who does "not like" it? Many don't know about it maybe. I can't think of anything I've seen against it as it ticks most of the boxes for excellent privacy and has been very usable for me.
Me, my friends, and family are using it
Aaand.. Everyone is hating it, tbh 🤣
The notifications are unreliable and at the same time it drains 20% of the battery
Waiting for fixes, also want to setup my own relay
Interesting project, but last time I tried it was battery hungry, and having made quite an effort to get some of my contacts on Signal, I don't see it happen to get them all on SimpleXChat. And Signal Stickers make Signal more attractive for some.
I'd say the battery problem is now under control. The UI is still horrible though...
Does it have forward/future security?
https://simplex.chat/blog/20240314-simplex-chat-v5-6-quantum-resistance-signal-double-ratchet-algorithm.html
I think it's just that there are too many options and the communities are so fragmented. I'm trying out simplex but it still feels like beta software. Regardless I'd like to see it succeed so we have a real private alternative that doesn't rely on big tech or shady government sponsorship.
SimpleX is great but not ready for prime time.
I use it as a copy paste buffer on my different devices. I run into issues with sending media sometimes.
Adding people at a distance is a huge pain in the ass with long codes, that needs a solution before the app can be used by normal people.
Optional usernames would be nice
Because when you read their website https://simplex.chat/ and they say stuff like "Possibility of MITM > NO" and "Central component or other network-wide attack > No - resilient" they kind lose their credibility.
Also, "Other apps have user IDs (...) SimpleX does not, not even random numbers." > there must be an ID at some point. When you invite someone with a QR code or a link that effectively becomes an ID - even if it changes for every invitation. Also servers need to coordinate message delivery, some form of ID is required for that.
The way the messaging queues work and what the servers see is interesting but I'm yet to dig into that.
Seems like another one of those mobile only messengers, not really interested in those to be honest.
There's a desktop app: https://simplex.chat/downloads/#desktop-app
Ah, must have missed that one, though
is a pretty major downside.
Actually, you can scan a qr code and use on both
But wouldn't that mean if someone writes to your desktop profile you can't respond on mobile and vice versa? And you would have to be added by everyone else twice too?
Yes.
You have to switch between devices.
When this becomes seamless, it'll be a more competitive app.
Also, it's a ram eater on my phone
You just never use a desktop profile. You have an account on mobile, and every time you go desktop you sign in with the app and qr code so you're always using the same db on each machine.
My desktop app has zero profiles and no db; I only sign in with my mobile.
There is a desktop app but linking is not as easy and featured as Session, which is really easy to use on multiple devices, but then you lose the superior security of SimpleX
This is why I use Wire.
Desktop is a first-class app (not dependent on a mobile app), no phone number required, and syncing chats between all your devices just works.
Wire hasn't been updated in 2 years on fdroid tho, so I'm eager to switch to something else. But nothing else exists that meets these basic usability reqs.
After Signal dropped SMS support, most of my friends jumped ship. No way they're using this.
Never tried it. But I use Element, which is based on the Matrix protocol.
With SimpleX each server is replacable/fungible
Isn't matrix encryption beta? I remembered element always warns about that
I don't think so.
What does their multi-device story look like? Can I use one identity/account on multiple devices, with synced read state etc?
Edit: Looks like it's being worked on. I don't want to use a messenger without this feature anymore, but I'll give SimpleX another look once it's done.
Are chats synced with the mobile and desktop clients?
I would use it, if there were unified push support.
What is that and why does it matter?
unified push works as a stand in for gms on devices without it. it runs in the background & receive the wakeup pings for the apps (in this case simplex) so you only need one websocket open instead of a different background service for each app. hugely reduces battery use.
Does that work without google services? I thought this was why signal said they wouldn't remove gapps depends, and all privacy apps do pull instead of push?
Jami has that.
Jami is a bloated insecure mess. It is getting better but I would not use it
How so? First time I've heard this.
Also Molly and Mercurygram and most of the Matrix messengers
Jami is broken
Session messenger allows you to chat without linking a phone number to your account. It’s what drug dealers use lol.
Same for simplex 🫠
Fair
Simple answer to the question so far as I can see: in order to connect with someone, you have to video conference with them and show them a code. So the anonymity is only as anonymous as the video conference you use to do that. All of the benefits it claims are merely an illusion.
Just send them the code. It's okay if the channel over which they the receive the code is insecure
Top-Tec! decentralized and doesn’t depend on any unique identifiers
Here is my take as someone who absolutely loves the work simplex did on the SMP protocol, but still does not use SimpleX Chat.
First the trivial stuff:
These two are not that unexpected. Any other chat app with E2E security has tricky UX, and SimpleX takes the hard road by not trading off security/privacy for UX. I think this is a plus, but yes it annoys people.
Now for the reasons that really keep me away:
Finally a couple of points on some of the other comments:
I'm not saying it necessarily is a good name but simplex is just a Latin word that's used in many contexts. I for one would have never thought of Herpes here
HERPES would be an AMAZING messaging app, since a estimated 60-95% of adults have it already..... So very catchy!
https://en.wikipedia.org/wiki/Herpes
Hey man, do you have herpes? Try it out. It is really easy to get one.
Because Signal is great.
It's really not. Requires phone number and is centralized
i don't know in what world you're living, but in this world where people think you're (edit: we are) a pain in the ass for refusing to install WhatsApp when everyone is expected to use it for official communication (work + organizations); Signal is great.
I've convinced a couple of dozens of people to use Signal, and only one to keep Simplex as, at least, a backup.
as a caring-about-privacy minority we can invite "them" to Signal. "They" know Signal and Telegram👎. "They" understand our concerns. "They" for whatever incomprehensible reason keep using WhatsApp 🤷 We're left out of the loop because once "everyone" is on that WhatsApp group, it's tiring for them to send an email or an sms to the exceptional one or two people
What are you talking about? Your comment isn't relevant at all. Next time read more carefully
it is relevant.
requiring phone number and being centralized doesn't make Signal "not great" in a world where a great majority of people use WhatsApp + read the last comment again but more carefully ;)
signal is a great alternative to a WhatsApp world. Simplex or Session has no chance with the general public
Oh youre right I was completely wrong
my bad, i should have worded it clearer :/
went up and edited it