SimpleX

- Reading time: 9 minutes -

General

Evgeny Poberezkin (external) is the founder of SimpleX Chat - a messaging and application platform that does not use any user identifiers. Not even random numbers are used to identify user profiles.

Advertising promise

SimpleX is 100% private, by design! The first messenger without user IDs. The most private and secure chat and application platform. SimpleX Chat is the next generation of decentralized communication, NOT based on cryptocurrencies for a change.

On the project page is an interesting Comparison to other protocols (external) and also in the FAQ (external) there is information about this:

How is it different from Matrix, Session, Ricochet, Cwtch, etc., that also don’t require user identites?
Although these platforms do not require a real identity, they do rely on anonymous user identities to deliver messages – it can be, for example, an identity key or a random number. Using a persistent user identity, even anonymous, creates a risk that user’s connection graph becomes known to the observers and/or service providers, and it can lead to de-anonymizing some users. If the same user profile is used to connect to two different people via any messenger other than SimpleX, these two people can confirm if they are connected to the same person - they would use the same user identifier in the messages. With SimpleX there is no meta-data in common between your conversations with different contacts - the quality that no other messaging platform has.

Assessment: advertising promises are kept, headlines coincide with content and do not lead astray.

Concept

SimpleX (for Android and iPhones) is a relatively young messenger with an interesting concept of avoiding metadata. User profiles, contacts and groups are stored only on the client and not on a server.

To improve the anonymity when using it, you can hide your IP address from the servers and connect to the SimpleX servers via Tor.

Encrypted group chats and audio and video telephony are also possible if Tor is not used.

The clever basic idea: connections are not bidirectional. This means that messages can either only be sent or only received over a connection. This means that two independent connections are required for communication, and the servers involved are not aware of the messages in the other direction.

Rating

  • positive: good anonymity
  • positive: there are no user IDs, as is the case with other systems!
  • positive: good end-to-end encryption with “double ratchet”
  • Complete independence from providers. So not only in the sense that you can communicate (like with Mastodon or XMPP) with users (and the software) of other providers. But also in the sense that the account (or better the device for access) is not bound to a provider.
  • Positive: Messaging apps for console (desktop), iOS and Android
  • positive: client is open source throughout
  • positive: client for smatphone, desktop and terminal too
  • positive: server is open source throughout
  • positive: own servers are possible (and desired)
  • positive: different (own) display names for each contact in incognito mode
  • positive: no Google reCAPTCHA (info: https://dr-dsgvo.de/google-recaptcha (external))
  • positive: usable without minimum age
  • positive: possibility to authenticate the communication partner
  • positive: no cryptocurrency
  • positive: easy text formatting using Markdown
  • positive: portable encrypted database - profile can be moved to another device
  • positive: no trackers in Android app (16 permissions): Exodus (external)
  • positive: according to webbkoll (external) no third party cookies on the website
  • positive: German project page/help
  • pos./neg.: external security audit (external; PDF) (audit) published in November 2022 - but is not a “full audit”
  • pos./neg.: “SimpleX Chat is still a relatively early stage platform (the mobile apps were released in March 2022)” (external)
  • negative: no interoperability resp. no interface to chat standard XMPP
  • negative: according to webbkoll (external) 2 third party requests (third-party) on the website

Functionality

Identifier

Identity, profile, contacts, and metadata are supposed to be protected by the fact that, unlike other messaging platforms, there are no identifiers assigned to users. No phone numbers, domain-based addresses (like email or XMPP), usernames, public keys, or even random numbers are used to identify users. Nobody knows how many people use the SimpleX servers.

The first messenger without user IDs Other apps have user IDs: Signal, Matrix, Session, Briar, Jami, Cwtch, etc. SimpleX does not, not even random numbers.

That’s right - but then identifiers are needed for connections:

uses temporary anonymous pairwise identifiers of message queues, separate for each of your connections — there are no long term identifiers.

So there are no user IDs like in other systems - but the way of connection-related IDs or the concept is indeed unique and promises more privacy for a reason.

Since there are no fixed/server managed user IDs or chat accounts, end-to-end encrypted sessions are set up between two SimpleX clients when a chat is established. The servers just push the data packets from A to B through the network and allow off-line messages to be exchanged.

It is also possible to use the profiles from the mobile device directly with the SimpleX desktop app. However, this is only possible if both devices are in the same network - there is no real synchronization between the devices (as with the chat standard XMPP).

Add contacts

Adding contacts](https://github.com/simplex-chat/simplex-chat/blob/stable/blog/20220511-simplex-chat-v2-images-files.md#how-to-connect-with-your-contacts-in-simplex-chat) (external) can be done via one-time invitation link/QR code, which is then sent via another channel like email - or you can share your SimpleX contact address as a QR code, which allows multiple uses.

Messaging

Since there are no classic user IDs/chat accounts, there is no verification of communication partners. To ensure that one is truly connected to the desired interlocutor, establishing a chat connection can be done by scanning a one-time QR code at a face-to-face meeting, or by sending an invitation through a secure, verified channel. (There is no general answer to the question of why use SimpleX when a verified and secure communication channel already exists).

To deliver messages, SimpleX uses temporary, anonymous, pairwise identifiers of message queues, separately for received and sent messages - there are no long-term identifiers. Using it is effectively like using a separate email or phone for each contact.

Messages are encrypted end-to-end via double ratchet and transmitted over open connections via “push” (no pull) ??.

If the recipient is not online at the same time, the messages are cached on a server until retrieval/deletion.

Server

Although servers are preconfigured in the app, you can enter any other SimpleX server or a self-operated SimpleX server. So you can choose which server should be used for receiving messages and each conversation can be split to two different and independent servers.

Offline messages

… are possible. The delivery of offline messages (more info on this at Github (external)) is done via individual “relay servers”:

SimpleX stores all user data on the client devices, messages are only temporarily held on the SimpleX relay servers until they are received. …

The maximum storage period is 30 days - if the messages are not picked up during this time, they are discarded.

Push Notifications

This blog post covers design for notifications on Android and iOS platforms: https://simplex.chat/blog/20220404-simplex-chat-instant-notifications.html (external)

In a nutshell:__ Android: SMP servers push the messages themselves, no metadata is shared with other services, and nothing is used that cannot be self-hosted with our apps.
iOS: Requires a dedicated notification server per app, which has a device token and can observe some metadata; users can only host it themselves if they modify the app and register the app with Apple (it doesn’t have to be in the App Store, and Apple doesn’t actually like copies there, it can be internal to a group of users / companies - there is no approval process for such apps).

Special Knowledge.

For instant notifications to work on iOS, the user must decide at signup if push notifications should be used. If yes, a DNS request is made to the iOS push notification server (ntf2.simplex.im / 139.162.221.251) when the app is started. This cannot be turned off.

The developer writes about this (via email): It is a compromise between privacy and convenience. For security and privacy related scenarios, iOS should not really be used.

Registered office

SimpleX Chat Ltd was founded on 20.10.2021 and is based in London (20-22 Wenlock Road, London N1 7GU).

references

project page: https://simplex.chat (external)
source code: https://github.com/simplex-chat (external)
F-Droid: https://f-droid.org/de/packages/chat.simplex.app/ (external)
Current status/planning: Roadmap (external)
To the SimpleX protocol: Github (external)
Comparison with other protocols: Github (external)
About the attack scenario: Thread model (external)

Report and short test by Kuketz (external)
In the Privacy manual (external) SimpleX is listed as “exotic with special privacy features”.

Conclusion

Messenger that combines certain advantages of server-based systems (off-line messaging) and serverless systems (anonymity).

SimpleX Logo