SimpleX Channels, SimpleX Network Consortium and Community Crowdfunding
Comments
nohell
maqp
Plus the company likes to advertise their product as more metadata-private than Tor Onion Service based messaging apps like Cwtch.
They lie by omission when they say that the service doesn't have any user IDs. What they really mean is, the application does not add its own long term identifiers. But by default, the application takes zero steps to anonymize your IP address from the server, meaning the server can very probably tell users apart.
It's also ridiculous that the entire public server infrastructure is hosted under two companies: Akamai and Runonflux. Roughly 50% of your conversations can be end-to-end correlated by a single VPS company.
epoberezkin
This is both incorrect and misleading.
Application is designed to: - always choose server from configuration to deliver messages via, and not the destination server that is chosen by the recipient. The protocol is designed to provide packet-level anonymity (not circuit-level anonymity, as in Tor) so that neither of the servers can see which IP address talks to which IP address. - always choose server operated by another operator, to mitigate collusion risks.
My problem with Tor is that after all these years it takes zero steps to prevent collusion and data sharing by Tor node operators - even though Tor has a centralized authority over server registry and could have deployed such mitigation. So the main assumption on which Tor security is based on - that independent parties run relays in the circuit - is simply untrue. We are designing the network and the app to ensure exactly that.
If people want to use Tor, it's their choice, and the app supports it. But we won't be integrating it.
epoberezkin
You are just naive. Read the comment below - the main Tor's security assumption does not hold for years.
epoberezkin
And btw Tor is 100% compliant with all laws - don't you know that? :)
It's a US-based organization, with transparency and compliance.
I do not trust Evgeny or his "bow to the law" approach which is antithetical to the largely darknet userbase. Software should be governed by the people, not by VC firms.
It's worth noting that it's not possible to disable the official servers for now, which do censor lots of content.
Oh and the app is incredibly unstable and has a tendency to leak memory until it crashes the host.