🆕 Software Suggestion | SimpleX Chat #202
-
Hey I'd like to suggest an OSS project I'm contributing to called SimpleX Chat. It's a decentralized, private chat app that doesn't use any global identities (email, phone number etc). https://github.com/simplex-chat/simplex-chat The app is available as s terminal app but we'll start working on a mobile app in the new year. I'd really appreciate you guys checking it out! Thanks! |
Beta Was this translation helpful? Give feedback.
Replies: 0 comments 18 replies
-
Any reason to use this over something like Matrix? It just seems overly complicated to me. I'm not oppposed to terminal clients, but it shouldn't be the only client (e.g. see what matrix has). It also seems to be using outdated cryptography - RSA. |
Beta Was this translation helpful? Give feedback.
-
Hey @xibeifenghenhaohe - I am the founder of SimpleX Chat. It's quite possible that it's early for your audience, it's not ready for general users yet. But what we've built gets geeks quite excited - the release we made yesterday triggered lots of questions and comments on reddit.
SimpleX is not a federated network, like Matrix is, it's closer to P2P design, but with the servers solving the problem of asynchronous delivery and providing recipient anonymity (they act as a low latency mix node). Coincidentally, SimpleX is close to an evolution of Pond, although we've only found out about it after the fact. Matrix design is decentralized, but it does not preserve participants privacy in any way - all identities are visible to the servers, while SimpleX has no global user identities at all - all contacts are local to client devices. This and other answers on reddit has a few more details. In additional to meta-data privacy SimpleX has non-optional (unlike Matrix) E2E encryption with non-optional (unlike Signal) protection against MITM attacks (afaik only 5-10% of Signal users use key fingerprint verification, in our case one of the keys is passed via out-of-band authenticated channel - e.g. QR code via video call, so all key exchanges for direct contacts are protected against substitution). Hope it makes sense, but let me know - happy to share more technical details.
100% agreed, we only built it while experimenting and stabilising the protocol. The mobile app is coming in Q1, but terminal app is quite usable, and we thought it may be interested as an early stage product, given that all people here know how to use terminal...
Well, I wouldn't go as far as calling it outdated, it's got some advantages and disadvantages compared with Ed keys and DH exchange... We can talk about it :) The main downside though, other than performance and key size, which are not hugely important in our case, is the lack of forward secrecy with RSA keys. While in our case we use lots of different RSA keys, and users can mitigate it with a minimal effort, we are migrating off RSA anyway - to Ed keys with DH exchange and NaCL crypto-box for recipient traffic encryption and to double ratchet with Ed keys for E2E encryption. |
Beta Was this translation helpful? Give feedback.
-
Looks like an interesting project. We have generally though with our criteria been moving towards only recommending products with external cryptographic audits. Doing so allows us to recommend products with a higher degree of assurance and also cut out the many requests for some crappy messenger to be added. Thanks for making us aware of it though. Do you have a developer blog with RSS/mailing list? |
Beta Was this translation helpful? Give feedback.
-
@dngray this is reasonable, we are working on the review - we should stabilise client/server to v1 this year, and the review should be ready by the same time, we will announce it. We do have a mailing list - you can sign up in from the website https://simplex.chat |
Beta Was this translation helpful? Give feedback.
-
Briar? Jami? Tox? All exist and are P2P. P2P also kills batteries and cellular data plans. |
Beta Was this translation helpful? Give feedback.
-
SimpleX Chat is not P2P, it’ll also have notifications services so it shouldn’t kill batteries and data plans. |
Beta Was this translation helpful? Give feedback.
-
From a glance Simplex has changed quite a bit *when compared to its inception. For example, it uses a different E2EE scheme. Is it possible to recheck it and opine on it? Edit: According to its GitHub repo it implemented a good number of features, however it's still feature incomplete. |
Beta Was this translation helpful? Give feedback.
-
I've been trying out SimpleX a bit and so far I'm pretty into it 👍 We generally don't recommend beta software so we won't be adding it to the site at this time I don't think... But if you (devs) want to share the project more publicly within our community, you are welcome to create a SimpleX thread in the showcase category on our forum: https://discuss.privacyguides.org/c/privacy/showcase/13 - And we can take another look when it's ready to go on more platforms. |
Beta Was this translation helpful? Give feedback.
-
We've reviewed this now and tested it with a small chat for a few days. Must say its nice to see software that works with a basic set of functionality but well. Too often projects try to build too much, too quickly and nothing works correctly. |
Beta Was this translation helpful? Give feedback.
-
Hey. |
Beta Was this translation helpful? Give feedback.
I've been trying out SimpleX a bit and so far I'm pretty into it 👍
We generally don't recommend beta software so we won't be adding it to the site at this time I don't think... But if you (devs) want to share the project more publicly within our community, you are welcome to create a SimpleX thread in the showcase category on our forum: https://discuss.privacyguides.org/c/privacy/showcase/13 - And we can take another look when it's ready to go on more platforms.