Evgeny Poberezkin (external) is the founder of SimpleX Chat - a messaging and application platform that does not use any user identifiers. Not even random numbers are used to identify user profiles.
SimpleX is 100% private, by design! The first messenger without user IDs. The most private and secure chat and application platform. SimpleX Chat is the next generation of decentralized communication, NOT based on cryptocurrencies for a change.
How is it different from Matrix, Session, Ricochet, Cwtch, etc., that also don’t require user identites?
Although these platforms do not require a real identity, they do rely on anonymous user identities to deliver messages – it can be, for example, an identity key or a random number. Using a persistent user identity, even anonymous, creates a risk that user’s connection graph becomes known to the observers and/or service providers, and it can lead to de-anonymizing some users. If the same user profile is used to connect to two different people via any messenger other than SimpleX, these two people can confirm if they are connected to the same person - they would use the same user identifier in the messages. With SimpleX there is no meta-data in common between your conversations with different contacts - the quality that no other messaging platform has.
Assessment: advertising promises are kept, headlines coincide with content and do not lead astray.
SimpleX (for Android and iPhones) is a relatively young messenger with an interesting concept of avoiding metadata. User profiles, contacts and groups are stored only on the client and not on a server.
To improve the anonymity when using it, you can hide your IP address from the servers and connect to the SimpleX servers via Tor.
Encrypted group chats and audio and video telephony are also possible if Tor is not used.
The clever basic idea: connections are not bidirectional. This means that messages can either only be sent or only received over a connection. This means that two independent connections are required for communication, and the servers involved are not aware of the messages in the other direction.
Identity, profile, contacts, and metadata are supposed to be protected by the fact that, unlike other messaging platforms, there are no identifiers assigned to users. No phone numbers, domain-based addresses (like email or XMPP), usernames, public keys, or even random numbers are used to identify users. Nobody knows how many people use the SimpleX servers.
The first messenger without user IDs Other apps have user IDs: Signal, Matrix, Session, Briar, Jami, Cwtch, etc. SimpleX does not, not even random numbers.
That’s right - but then identifiers are needed for connections:
uses temporary anonymous pairwise identifiers of message queues, separate for each of your connections — there are no long term identifiers.
So there are no user IDs like in other systems - but the way of connection-related IDs or the concept is indeed unique and promises more privacy for a reason.
Since there are no fixed/server managed user IDs or chat accounts, end-to-end encrypted sessions are set up between two SimpleX clients when a chat is established. The servers just push the data packets from A to B through the network and allow off-line messages to be exchanged.
It is also possible to use the profiles from the mobile device directly with the SimpleX desktop app. However, this is only possible if both devices are in the same network - there is no real synchronization between the devices (as with the chat standard XMPP).
Adding contacts](https://github.com/simplex-chat/simplex-chat/blob/stable/blog/20220511-simplex-chat-v2-images-files.md#how-to-connect-with-your-contacts-in-simplex-chat) (external) can be done via one-time invitation link/QR code, which is then sent via another channel like email - or you can share your SimpleX contact address as a QR code, which allows multiple uses.
Since there are no classic user IDs/chat accounts, there is no verification of communication partners. To ensure that one is truly connected to the desired interlocutor, establishing a chat connection can be done by scanning a one-time QR code at a face-to-face meeting, or by sending an invitation through a secure, verified channel. (There is no general answer to the question of why use SimpleX when a verified and secure communication channel already exists).
To deliver messages, SimpleX uses temporary, anonymous, pairwise identifiers of message queues, separately for received and sent messages - there are no long-term identifiers. Using it is effectively like using a separate email or phone for each contact.
Messages are encrypted end-to-end via double ratchet and transmitted over open connections via “push” (no pull) ??.
If the recipient is not online at the same time, the messages are cached on a server until retrieval/deletion.
Although servers are preconfigured in the app, you can enter any other SimpleX server or a self-operated SimpleX server. So you can choose which server should be used for receiving messages and each conversation can be split to two different and independent servers.
… are possible. The delivery of offline messages (more info on this at Github (external)) is done via individual “relay servers”:
SimpleX stores all user data on the client devices, messages are only temporarily held on the SimpleX relay servers until they are received. …
The maximum storage period is 30 days - if the messages are not picked up during this time, they are discarded.
This blog post covers design for notifications on Android and iOS platforms: https://simplex.chat/blog/20220404-simplex-chat-instant-notifications.html (external)
In a nutshell:__
Android: SMP servers push the messages themselves, no metadata is shared with other services, and nothing is used that cannot be self-hosted with our apps.
iOS: Requires a dedicated notification server per app, which has a device token and can observe some metadata; users can only host it themselves if they modify the app and register the app with Apple (it doesn’t have to be in the App Store, and Apple doesn’t actually like copies there, it can be internal to a group of users / companies - there is no approval process for such apps).
For instant notifications to work on iOS, the user must decide at signup if push notifications should be used. If yes, a DNS request is made to the iOS push notification server (ntf2.simplex.im / 188.8.131.52) when the app is started. This cannot be turned off.
The developer writes about this (via email): It is a compromise between privacy and convenience. For security and privacy related scenarios, iOS should not really be used.
project page: https://simplex.chat (external)
source code: https://github.com/simplex-chat (external)
F-Droid: https://f-droid.org/de/packages/chat.simplex.app/ (external)
Current status/planning: Roadmap (external)
Comparison with other protocols: Github (external)
About the attack scenario: Thread model (external)
Messenger that combines certain advantages of server-based systems (off-line messaging) and serverless systems (anonymity).