We are planning a 3rd party security audit for the protocols and cryptography design in July 2024, and also the security audit for an implementation in December 2024/January 2025, and it would hugely help us if some part of this $50,000+ expense is covered with donations.
XMPP as a protocol was great. But the problems the servers had, the mess is just a no go.
SimpleX is far better in privacy and usability in my opinion. I doubt XMPP will recover anytime soon.
Yea, my main concern for now is that most people are using default servers. Good thing their servers are very easy to host, but still, power of the default. I would really like to see lists of public servers, like what we see now for XMPP and Matrix. The thing is still young, so looking forward.
I self-host too, that wasn't the problem, it's that there is the power of the default. Just like with Matrix. You can ask a friend to use your server or another one and delete the main ones entirely, but chances are you won't be avoiding them in a random chatroom.
agreed, i liked that session had out of the box alternative routing, but a basic vpn + simplex's new private routing knocks down one of my final gripes with the app.
although, i guess my only other gripe now is that using your simplex profile on both desktop and phone is either hard as shite or totally impossible.
Here is my take as someone who absolutely loves the work simplex did on the SMP protocol, but still does not use SimpleX Chat.
First the trivial stuff:
no one else seems to use it
UX is not great because of initial exchange
These two are not that unexpected. Any other chat app with E2E security has tricky UX, and SimpleX takes the hard road by not trading off security/privacy for UX. I think this is a plus, but yes it annoys people.
Now for the reasons that really keep me away:
the desktop app is way behind the mobile app - and I would really prefer to use a desktop CLI app
haskell puts me off a bit - the language is fine I just don't know how to read it - for more practical issues it did not support older (arm6/7) devices which kept lots of people in older devices away
AFAIK no alternative implementations of either the client or the SMP server exist - which is a petty I think the protocol would shine in other contexts (like push notifications)
I was going to say that there are not many 3rd party user groups - but I just found out about the directory service (shame on me, maybe? can't seem to find groups though)
protocol features/stabilization is a moving target and most of the fancy new features don't really interest me (i don't care much about audio/video)
stabilization of code/dependencies would help package the server/client in more linux distros, which I think would help adoption among the tech folk
Finally a couple of points on some of the other comments:
multi device support - no protocol out there can do multi device properly (not signal, none really) so i'm ok with biting the bullet on this
VC funding is a drag - but I am still thankful that they clearly specified the chat protocol separate from the message relay, which means that even if the chat app dies, SMP could still be used for other stuff.
I think it's just that there are too many options and the communities are so fragmented. I'm trying out simplex but it still feels like beta software. Regardless I'd like to see it succeed so we have a real private alternative that doesn't rely on big tech or shady government sponsorship.
I don't trust for profit venture capital funding, if you want to see where it ends up just Look at how telegram or wickr transitions from being "open" and free to getting stripped of features only to have them become paid only and the wickr sold off to Amazon and ended all non business support...the business model for making a profit off chat applications is bad for users.
Also now that signal supports usernames I have no reason to use anything else even for people I wouldn't want having my real number.
Agreed, this is why I am slowly moving away from Signal. The moment they announced putting in a wallet along their own crypto, was the sign for me to leave.
¹ Repudiation in SimpleX Chat will include client-server protocol from v5.7 or v5.8. Currently it is implemented but not enabled yet, as its support requires releasing the relay protocol that breaks backward compatibility.
² Post-quantum cryptography is available in beta version, as opt-in only for direct conversations. See below how it will be rolled-out further.
Some columns are marked with a yellow checkmark:
when messages are padded, but not to a fixed size.
when repudiation does not include client-server connection. In case of Cwtch it appears that the presence of cryptographic signatures compromises repudiation (deniability), but it needs to be clarified.
when 2-factor key exchange is optional (via security code verification).
when post-quantum cryptography is only added to the initial key agreement and does not protect break-in recovery.
@SolarPunker I've not heard of anyone who does "not like" it? Many don't know about it maybe. I can't think of anything I've seen against it as it ticks most of the boxes for excellent privacy and has been very usable for me.
Simple answer to the question so far as I can see: in order to connect with someone, you have to video conference with them and show them a code. So the anonymity is only as anonymous as the video conference you use to do that. All of the benefits it claims are merely an illusion.
I'm not saying it necessarily is a good name but simplex is just a Latin word that's used in many contexts. I for one would have never thought of Herpes here
simplex.chat
Hot