Conversation

Notices

1. Embed this notice
   SimpleX Chat (simplex@mastodon.social)'s status on Sunday, 25-Aug-2024 01:01:49 JST SimpleX Chat

   https://www.securemessagingapps.com is the great comparison of messaging apps, but there are several incorrect statements about SimpleX Chat.

   Commenting in the thread below!

   • Embed this notice
     SimpleX Chat (simplex@mastodon.social)'s status on Sunday, 25-Aug-2024 01:06:55 JST SimpleX Chat

     in reply to

     6. Is the design well documented? Somewhat

     The design documentation was reviewed in preparation for design security audit - report is about to be published.

     this.ven repeated this.
   • Embed this notice
     SimpleX Chat (simplex@mastodon.social)'s status on Sunday, 25-Aug-2024 01:06:55 JST SimpleX Chat

     in reply to

     Thanks to our users who highlighted these inaccuracies to us!

   • Embed this notice
     SimpleX Chat (simplex@mastodon.social)'s status on Sunday, 25-Aug-2024 01:06:56 JST SimpleX Chat

     in reply to

     4. Directory service could be modified to enable a MITM attack? Yes

     This is incorrect, as there is no user directory service, and MITM by relays is not possible by design, even without optional security code verification (that exists to mitigate MITM by the channel you used to pass one-time invitation link, e.g. email).

   • Embed this notice
     SimpleX Chat (simplex@mastodon.social)'s status on Sunday, 25-Aug-2024 01:06:56 JST SimpleX Chat

     in reply to

     5. Does the company log timestamps/IP addresses? Yes

     This is incorrect, we never logged IP addresses and access timestamps of the users.

     Further, the private message routing that is now enabled by default for all users prevents such logging by any 3rd party servers with modified code:

     https://simplex.chat/blog/20240604-simplex-chat-v5.8-private-message-routing-chat-themes.html

   • Embed this notice
     SimpleX Chat (simplex@mastodon.social)'s status on Sunday, 25-Aug-2024 01:06:57 JST SimpleX Chat

     in reply to

     2. Company jurisdiction: UK

     We disagree that there are any jurisdictions that are particularly good for privacy. Also, this might be important for centralised services, like Threema, where the users can't host servers, and much less important for decentralized network, such as SimpleX, where there are hundreds (if not thousands) of servers that we don't control.

   • Embed this notice
     SimpleX Chat (simplex@mastodon.social)'s status on Sunday, 25-Aug-2024 01:06:57 JST SimpleX Chat

     in reply to

     3. Cryptographic primitives: Curve25519 / XSalsa20 256 / Poly1305 (downgraded for the absence of PQ encryption).

     We added PQ encryption in March this year: https://simplex.chat/blog/20240314-simplex-chat-v5-6-quantum-resistance-signal-double-ratchet-algorithm.html

     This is done in the same way as Apple describes as PQ3 here: https://security.apple.com/blog/imessage-pq3/

   • Embed this notice
     SimpleX Chat (simplex@mastodon.social)'s status on Sunday, 25-Aug-2024 01:06:58 JST SimpleX Chat

     in reply to

     1. Main reasons why the app isn't recommended: Provide a transparency report

     It is available online and updated at least quarterly, or if anything changes: https://simplex.chat/transparency/