Hacker News new | ask | show | jobs
by maqp 183 days ago
SimpleX front page lied by omission about it having no identifiers. The fine print threat model did not mention the server has access to your IP addresses, and the mitigation to create "decentralized" system of users talking via separate servers ran into the problem of there being two VPS companies hosting the entire public server infrastructure. These issues were major as SimpleX advertised itself as an improvement over Cwtch, which should've meant superset of metadata had been protected. But that obviously wasn't the case.

The CEO vanished from the discussion (again) so my proposals to improve ease of use of Tor never reached them. You can catch up on the discussion at https://discuss.privacyguides.net/t/simplex-vs-cwtch-who-is-...
2 comments
miroljub 183 days ago
What do you use now? Catch? Briar? Tox?

I liked the SimpleX concept, but would prefer its relay server were replaced by Tor or i2p network.

And if they used Signal instead of NIH protocol.

Actually, the only unique SimpleX feature I really like is that it uses separate ids for every connection and group.

link
maqp 183 days ago
>What do you use now?

Signal mostly.

>separate ids for every connection and group

The thing is, there's Akamai and Runonflux, two companies hosting the entire public SimpleX infrastructure. If you're not using Tor and SimpleX Onion Services with your buddies, these two companies can perform end-to-end correlation attacks to spy on which IPs are conversing, and TelCos know which IPs belong to which customers at any given time. Mandatory data retention laws about the assigned IPs aren't rare.

link
miroljub 183 days ago
Yes, that's why I said I don't like their relays. It doesn't even have to be Akamai, you need to trust SimpleX first that not to track your IP. I'd rather use a messenger where something is not possible (or even hard) than trust.

As long as IP leaks are possible, I'd rather also use Signal, where at least the rest is battle tested and state of the art.

My concern with Signal is they'll either comply or move out of the EU with the incoming Chat Control, and I'd rather have a fully decentralized messenger with as few leaks as possible.

link
akimbostrawman 183 days ago
>so my proposals to improve ease of use of Tor never reached

Probably because it has always been trivial to proxy Tor with build in and supported socks5

link