|
Inhalt
Evgeny Poberezkin (external) is the founder of SimpleX Chat - a messaging and application platform that does not use any user identifiers. Not even random numbers are used to identify user profiles.
SimpleX is 100% private, by design! The first messenger without user IDs. The most private and secure chat and application platform. SimpleX Chat is the next generation of decentralized communication, NOT based on cryptocurrencies for a change.
On the project page is an interesting Comparison to other protocols (external) and also in the FAQ (external) there is information about this:
How is it different from Matrix, Session, Ricochet, Cwtch, etc., that also don’t require user identites?
Although these platforms do not require a real identity, they do rely on anonymous user identities to deliver messages – it can be, for example, an identity key or a random number. Using a persistent user identity, even anonymous, creates a risk that user’s connection graph becomes known to the observers and/or service providers, and it can lead to de-anonymizing some users. If the same user profile is used to connect to two different people via any messenger other than SimpleX, these two people can confirm if they are connected to the same person - they would use the same user identifier in the messages. With SimpleX there is no meta-data in common between your conversations with different contacts - the quality that no other messaging platform has.
The blanket phrase “most private and secure chat and application platform” is an extreme and, as always, raises eyebrows. Everyone should actually check for themselves whether the “most private and secure” actually meets their own requirements. Because there are many possible criteria for security and privacy/anonymity, which everyone can see individually and evaluate differently! Overall, however, SimpleX is still very interesting.
SimpleX is a relatively young messenger with an interesting concept of avoiding metadata. User profiles, contacts and groups are stored only on the client and not on a server.
To make it more difficult to intercept a complete conversation on the connection path, connections are not bidirectional. This means that messages can either only be sent or only received via a connection. This means that 2 independent connections are required for communication and the servers involved are not aware of the messages in the other direction. However, this security has nothing to do with anonymity!
Identity, profile, contacts, and metadata are supposed to be protected by the fact that, unlike other messaging platforms, there are no identifiers assigned to users. No phone numbers, domain-based addresses (like email or XMPP), usernames, public keys, or even random numbers are used to identify users. Nobody knows how many people use the SimpleX servers.
The first messenger without user IDs Other apps have user IDs: Signal, Matrix, Session, Briar, Jami, Cwtch, etc. SimpleX does not, not even random numbers.
That’s right - but then identifiers are needed for connections:
uses temporary anonymous pairwise identifiers of message queues, separate for each of your connections — there are no long term identifiers.
So there are no user IDs like in other systems - but the way of connection-related IDs or the concept is indeed unique and promises more privacy for a reason.
Since there are no fixed/server managed user IDs or chat accounts, end-to-end encrypted sessions are set up between two SimpleX clients when a chat is established. The servers just push the data packets from A to B through the network and allow off-line messages to be exchanged.
It is also possible to use the profiles from the mobile device directly with the SimpleX desktop app. However, this is only possible if both devices are in the same network - there is no real synchronization between the devices (as with the chat standard XMPP).
Adding contacts](https://github.com/simplex-chat/simplex-chat/blob/stable/blog/20220511-simplex-chat-v2-images-files.md#how-to-connect-with-your-contacts-in-simplex-chat) (external) can be done via one-time invitation link/QR code, which is then sent via another channel like email - or you can share your SimpleX contact address as a QR code, which allows multiple uses.
Since there are no classic user IDs/chat accounts, there is no verification of communication partners. To ensure that one is truly connected to the desired interlocutor, establishing a chat connection can be done by scanning a one-time QR code at a face-to-face meeting, or by sending an invitation through a secure, verified channel. (There is no general answer to the question of why use SimpleX when a verified and secure communication channel already exists).
To deliver messages, SimpleX uses temporary, anonymous, pairwise identifiers of message queues, separately for received and sent messages - there are no long-term identifiers. Using it is effectively like using a separate email or phone for each contact.
Messages are encrypted end-to-end via double ratchet and transmitted over open connections via “push”.
If the recipient is not online at the same time, the messages are cached on a server until retrieval/deletion.
Due to the system, separate connections are used for incoming and outgoing messages and different servers (SMP relays) can be used/defined for this. In order to receive messages, the own server (more precisely: a server from the own server list) connects to a server from the list of the communication partner - even if this address is not in the own server list. Everyone can only define their own send/receive server.
Although servers are preconfigured in the app, you can enter any other SimpleX server or even a SimpleX server that you operate yourself. You can therefore specify which server should be used to receive messages and each conversation can be split between two different and independent servers.
However, to hide your own IP address from the recipient, it makes sense not to use your own private SMP server for sending (which could be reassigned), but one of the SMP standard servers.
… are possible. The delivery of offline messages (more info on this at Github (external)) is done via individual “relay servers”:
SimpleX stores all user data on the client devices, messages are only temporarily held on the SimpleX relay servers until they are received. …
If the recipient is not online at the same time, the messages are temporarily stored on an SMP server for a maximum of 21 days until they are collected/deleted, after which they are discarded. Larger files routed via XFTP are stored for a maximum of 48 hours for collection from the XFTP server. The retention values can be changed by server operators for their own SMP/XFTP servers.
This blog post covers design for notifications on Android and iOS platforms: https://simplex.chat/blog/20220404-simplex-chat-instant-notifications.html (external)
In a nutshell:__
Android: SMP servers push the messages themselves, no metadata is shared with other services, and nothing is used that cannot be self-hosted with our apps.
iOS: Requires a dedicated notification server per app, which has a device token and can observe some metadata; users can only host it themselves if they modify the app and register the app with Apple (it doesn’t have to be in the App Store, and Apple doesn’t actually like copies there, it can be internal to a group of users / companies - there is no approval process for such apps).
Technical background for iOS
For instant notifications to work on iOS, the user must decide at signup if push notifications should be used. If yes, a DNS request is made to the iOS push notification server (ntf2.simplex.im / 139.162.221.251) when the app is started. This cannot be turned off.
The developer writes about this (via email): It is a compromise between privacy and convenience. For security and privacy related scenarios, iOS should not really be used.
This section on anonymity is especially for those interested in technology: Only read it if the terms IP address, hop, relay mean something to you - otherwise you’ll despair!
Traffic analysis
(Data) traffic analysis refers to the analysis of data traffic in order to obtain metadata (who communicated with whom, when, for how long or not). However, such an analysis is potentially easier than with unidirectional communication, given the separation of sending and receiving paths, which I as a layman see as advantageous. SimpleX ‘paddles’ every message (even when exchanging keys) to the same length (16k characters), which in turn is very good.
The following solution is available to protect your own IP address:
“2-hop routing with sender-chosen sending relays in addition to recipient-chosen receiving relays … not only it solves IP address protection, it makes threat model for senders much better, as the receiving relays no longer have sessions with the senders, and no shared metadata at all between different messaging queues (assuming sending relays don’t share the data with the receiving relays).
There are frequent new functions and updates; there is a rapid response to reported issues or user requests. From the Vision (external) of SimpleX:
Going forward we plan to keep the basic usage of the platform free, and at the same time we will be providing the benefits to the project sponsors. For example, there will be additional app icons and user profile badges. There also will be higher file transfer limits – currently we don’t limit it at all, only limiting the file size, but it’s unlikely to be sustainable. In any case, the app will remain highly usable for everyone for free, and fully open-source. Several other apps are already being developed based on our app core, leading to a fully decentralized network.
The developer has its own view of privacy and is redefining it. Privacy would not be possible without venture capital
https://www.poberezkin.com/posts/2022-12-07-why-privacy-needs-to-be-redefined.html https://www.poberezkin.com/posts/2023-10-31-why-privacy-impossible-without-venture-funding.html
Further functionalities are planned such as:
SimpleX Chat Ltd was founded on 20.10.2021 and is based in London (20-22 Wenlock Road, London N1 7GU).
–
project page: https://simplex.chat (external)
source code: https://github.com/simplex-chat (external)
F-Droid: https://f-droid.org/de/packages/chat.simplex.app/ (external)
Current status/planning: Roadmap (external)
To the SimpleX protocol: Documentation (external), Github (external)
Comparison with other protocols: Github (external) and discussion on this at Reddit (external)
About the attack scenario: Thread model (external)
Report and short test by Kuketz (external)
In the Privacy manual (external) SimpleX is listed as “exotic with special privacy features”.
SimpleX is under heavy development and is a messenger that combines certain advantages of server-based systems (offline messaging) and serverless systems (anonymity).