SimpleX Chat (world's most private?) now connects desktop app with mobile app via quantum resistant protocol
It sounds like a simple thing to do, but SimpleX is not a cloud based hosting, nor does it even have a common profile that anyone can just follow or connect to. Every friend being connected with, receives a unique invite address. There is no e-mail address or phone number used to register, so no-one can find or connect with you unless you send them their own unique invite.
Hence this linking has been keenly awaited for a while now.
How does it work? "The way we designed this solution avoided any security compromises, and the end-to-end encryption remained as secure as it was - it uses double-ratchet algorithm, with perfect forward secrecy, post-compromise security and deniability. This solution is similar to WhatsApp and WeChat. But unlike these apps, no server is involved in the connection between mobile and desktop. The connection itself uses a new SimpleX Remote Control Protocol (XRCP) based on secure TLS 1.3 and additional quantum-resistant encryption inside TLS."
The downside of this approach is that mobile device has to be connected to the same local network as desktop. But the upside is that the connection is secure, and you do not need to have a copy of all your data on desktop, which usually has lower security than mobile.
See
SimpleX Chat v5.4 - link mobile and desktop apps via quantum resistant protocol, and much better groups.
#technology #privacy #SimpleX
Replies (36)
It's great to see this type of news focused profiles on #nostr ☺️
View quoted note →Other than that, SimpleX Chat has "relays" to store messages just like Nostr does. If you are not choosing your own relays to use SimpleX, it's not that different from Signal, where everything routes through the company's servers.
And if you choose a new relay, make sure they are not tracking you. They can see a lot of metadata.
This was one of the reasons that led me to push for a better standard for Nostr GiftWrapped DMs that minimizes (but doesnt completely solve) the power your relays have over you.
I love this app
wow
They don't need an identifier, they have both user's IPs/session IDs and channel IDs available. Date/time of messages is also precise. Connecting into multiple friends with the same IP reveals more about you. If the server decides to track (which a court order might require them to) the metadata is probably useful.
The beauty of the GiftWrap design is that people can setup their own Inbox relays at will. The package only arrives in the receipient's server, not in the sender's if the person doesnt want to (save a copy locally only). That with random date/times makes it harder for relays to track.
Then of course, clients can always use a separate Tor circuit to make sure relays don't receive anything but the message in each connection.
How is it different from setting up your own SMP receiving relay?
Signal almost certainly has back door keys, let’s be honest
Correct me if I am wrong but the SMP contains both user messages. In Nostr each user relay has the peer user messages. Relay can't count the full conversation.
Had to read the above a few times as I'm not very technical. Are you suggesting nostr will be able to provide better privacy compared to SimpleX? How can Nostr hide the metadata? And last question, is something like 0xChat potentially the way?
But aren’t the relays spread across random participants, even some who run servers like Start9’s instead of a centralized company server like Signal uses?
Yep, we hope to do better than SimpleX. The implementation 0xChat and Amethyst have is the same and already this new model :)
0xChat looks pretty awesome on the UI level too, first iOS app that looks sincerely made since Damus. No pushy onboarding, lean settings, and finally someone went with a semitransparent menu bar again.
Yep, they are awesome. I still need to integrate their voice and video calls with Amethyst. But DMs and group chats already work quite well.
What about the "post quantum" part does anyone really need this.
Encrypted spam only affects the receiver, who can easily mark as spam just like any other DM.
Brilliant, is there anywhere I can find this explained? Thank you
it also clutters the server (relay). disk space is a scarce resource as much as attention is.
Nostr right now is a small close-knit community like early 90's Usenet. We need to be prepared for an eternal September.
You can have a deal with your users to delete GiftWraps after some time to declutter. But that is between the replay operator and the user. The same clutter can happen with DMs. So this is not an issue of the new method.
Relay monoliths that we have today will never scale to where we are going. None of today's architecture will survive.
How does it compare to session?
So according to the last paragraph, it has to be on the same local network… how does that translate to anything other than sending messages/data to someone in the same house?
ELI5 I’m techno-retarded.
🤔
Security profile is therefore bound to that of local network?
It's similar to Session, and Nostr, in that no personal info is required to register or create a presence. One of its big differences is not having any uniquie global identifier - so tracking is useless, as is trying to share any ID for others to register to connect with you. Each new contact gets their own unique invite.
Yes same local network only, but it is E2EE - it is really only remote access from the desktop app, to use the mobile app profile. The desktop app has its own profile so there is no merging of those two. SimpleX is not trying to have a connect everywhere slick cloud service - it is very much about security over convenience.
Nostr does have a measure more convenience (shared profile) and i would not say Nostr is actually less secure. It is more that SimpleX aims to only be an instant chat messenger, whereas that is not the primary aim of Nostr at all.
I don't think spam would know how to find you? Even a friend needs a unique invite to connect with you. They have no way of finding you, or knowing who/where you are on SimpleX.
Thanks so much for the explanations!
I've looked into it a bit more and can see myself taking advantage of your nip but no common relays or relay implementations really support it right now so will just wait and observe.
SimpleX Chat got 370.000 Dollar Venture Capital von Village Global
https://www.crunchbase.com/organization/simplex-chat
Village Global means Marc Zuckerberg, Jef Bezos, Bill Gates, ect - see:
https://villageglobal.cc
