Simplex is developed by a person who has a rather difficult view of the world. I would not recommend using it as long as this person is responsible for it.
Holding and openly expressing these abhorrent views probably encourages him to focus on security and privacy more than others.
But it does risk his app being associated with that and therefore discouraging everyday users. I wouldn't be surprised if it ends up as the next EncroChat.
Focusing on security and privacy is great, but I expected some downsides. I'm glad you decided to emphasize the dedication of the creator of SimpleX instead.
EncroChat was not open-source, so it was much easier to be infiltrated.
You can self-host SimpleX and it is open source, otherwise I have no idea what you mean by associated with his views. If the project is as promised, then why would you care about the views of the developer?
I came here to write just that. It is all over the place as well. I find it a bit disturbing with regard to how one defines struggle against power. What does those views mean with regards to the long term priorities of the software?
Oh, it's very simple: those views mean nothing. Unless you can point to the part of the source code where they are expressed and explain us how this part undermines the project's technological goals.
If you're so eager on encouraging cancel-culture, would you be so kind to elaborate on why exactly you want to cancel this programmer instead of just vaguely pointing in the direction of a closed platform?
Here is perhaps a simpler metric. If the creator of a security focused software is this awful at protecting their own anonymity- why would I trust them in the first place?
If they are revealing their identity so that we can vet their credentials, then it makes sense that they would want us to judge them based on their online persona.
If we believe all of this to be true - it’s not really cancel culture, it’s by design that the creator of SimpleX has implemented this filtering mechanism for their users.
False dychotomy — there are more options than "protecting anonymity" and "revealing identity so that credentials can be vetted". He just writes what he believes under his own name, it doesn't necessarily have anything to do with establishing his authority.
I don't know what you're mentioning, but let's not forget that whatever view he might have, it changes nothing in the technology he creates. It's open source, it's auditable, and the code does not have worldviews of its own.
Your comment promotes cancel-culture, and as filthy as it is in general, it's even more so in the technology world. Don't do it. Please.
As long as you are not auditing every bit of code you run yourself AND are sufficiently knowledgeable to detect even obfuscated malicious code, you need some basis of trust.
Evident world views far off reason, reality, compassion and pragmatic self-regulation, don't speak for a stable, predictable and reasonable personality.
If a person thinks some humans deserve less rights than others, how could you trust any update to not reflect this world view?
Additionally you may be becoming technologically dependent on a person whose actions may be detrimental to your safety or wellbeing in other parts of your life.
You may also just don't like to promote this person's work.
It's fair to inform others about the person behind the software they are running. Everybody can make their own informed choices.
And the appropriate basis of trust in the technology world would be source code audits, not scraping some individual's Twitter posts.
If the users' communications are encrypted — which they are — there is no way for the creator to "reflect his world view", whatever it might be, in the form of undermining the security or privacy for some part of the user base.
I like your point that if a developer is a vocal neo nazi then only people capable of regularly conducting their own thorough code reviews should rely on the products that they make. I agree with you that regular folks that can’t do code audits should not trust neo nazis with their private communications. It is good to know that we’re on the same page about not implicitly trusting the simplex code
This is not my point. Trusting someone else's code audit is infinitely more valuable than trusting any "vibe check", since it touches the actual subject matter.
If I wanted to make a honeypot that undermines users' privacy and anonymity, I would make sure to be as nice to everyone as possible. The "vibe check" is irrelevant, the false positives are far too common.
However, human being human beings, they find it very hard to sequester their beliefs, emotions from their work. It's a common human failing. Often they are not even aware of it.
Having politically or socially divisive beliefs publicly also makes such a person a target of coercion and encouragement to yield to a "harmless" temptation by way of appropriate 3 letter like agencies.
To ensure that this does not happen will require maintaining a paranoid level of vigilance on the code all the time. That is a lot of work, very expensive and is unlikely to happen. Perhaps not fair to his creation, but that's just how it goes.
My comment is at a high level. This is the first time I heard of Simplex chat, so I don't even know what views its developer has.
black markets and opposition members i’ve used / talked with focus on disposability not security
the premise of their communications is always “the platform is bugged” and in case of opposition members “the government can always just beat you and trick you into unlocking your phone”
deals happen on messenger all the time and burning messages / rotating phones and accounts is very common. for opposition members, messaging apps are purely for benign communication and actual discussion happens in person or in truly destructible formats or it’s not recorded at all
periodically anon burner message apps appear on app stores and rotate out pretty fast once they start getting too much attention
the idea of a perfectly secure app for communication is currently mostly a fantasy; if a malicious actor wants to get your info and communication they will. this doesn’t mean give up completely and be insecure but instead just be in a position to ditch the app when it becomes necessary, if you need that level of security
it’s better people be trained to understand the reality of what can be done with the communication methods they use and how they can be punked
so they can make informed decisions — i’m fine with signal’s goals and efforts but i’m not a fan of signal advocates treating security and privacy like another round of the OS wars, that teaches people the wrong lesson and makes it harder to convince ppl privacy and security are a problem we need to take seriously not just for criminals but for everyone. privacy and security benefit us all or it benefits no one
The "police trying to infiltrate it" means nothing unless they can do so successfully. We know that it's vastly easier to undermine users' privacy on WhatsApp than on SimpleX.
So where exactly is that "much more security" you're touting?