SimpleX

- Reading time: 13 minutes -

Inhalt

General

Evgeny Poberezkin (external) is the founder of SimpleX Chat - a messaging and application platform that does not use any user identifiers. Not even random numbers are used to identify user profiles.

Advertising promise

SimpleX is 100% private, by design! The first messenger without user IDs. The most private and secure chat and application platform. SimpleX Chat is the next generation of decentralized communication, NOT based on cryptocurrencies for a change.

On the project page is an interesting Comparison to other protocols (external) and also in the FAQ (external) there is information about this:

How is it different from Matrix, Session, Ricochet, Cwtch, etc., that also don’t require user identites?
Although these platforms do not require a real identity, they do rely on anonymous user identities to deliver messages – it can be, for example, an identity key or a random number. Using a persistent user identity, even anonymous, creates a risk that user’s connection graph becomes known to the observers and/or service providers, and it can lead to de-anonymizing some users. If the same user profile is used to connect to two different people via any messenger other than SimpleX, these two people can confirm if they are connected to the same person - they would use the same user identifier in the messages. With SimpleX there is no meta-data in common between your conversations with different contacts - the quality that no other messaging platform has.

Assessment

The blanket phrase “most private and secure chat and application platform” is an extreme and, as always, raises eyebrows. Everyone should actually check for themselves whether the “most private and secure” actually meets their own requirements. Because there are many possible criteria for security and privacy/anonymity, which everyone can see individually and evaluate differently! Overall, however, SimpleX is still very interesting.

Concept

SimpleX is a relatively young messenger with an interesting concept of avoiding metadata. User profiles, contacts and groups are stored only on the client and not on a server.

To make it more difficult to intercept a complete conversation on the connection path, connections are not bidirectional. This means that messages can either only be sent or only received via a connection. This means that 2 independent connections are required for communication and the servers involved are not aware of the messages in the other direction. However, this security has nothing to do with anonymity!

Rating

  • positive: there are no user IDs, as is the case with other systems!
  • positive: good end-to-end encryption with “double ratchet”
  • Complete independence from providers. So not only in the sense that you can communicate (like with Mastodon or XMPP) with users (and the software) of other providers. But also in the sense that the account (or better the device for access) is not bound to a provider.
  • Positive: Messaging apps for console (desktop), iOS and Android
  • positive: client is open source throughout
  • positive: client for smatphone, desktop and terminal too
  • positive: server is open source throughout
  • positive: own servers are possible (and desired)
  • positive: different (own) display names for each contact in incognito mode
  • positive: no Google reCAPTCHA (info: https://dr-dsgvo.de/google-recaptcha (external))
  • positive: usable without minimum age
  • positive: possibility to authenticate the communication partner
  • positive: no cryptocurrency
  • positive: easy text formatting using Markdown
  • positive: portable encrypted database - profile can be moved to another device
  • positive: no trackers in Android app (16 permissions): Exodus (external)
  • positive: according to webbkoll (external) no third party cookies on the website
  • positive: German project page/help
  • neutral: Interoperability or an interface to the XMPP chat standard is not desired/possible by design
  • pos./neg.: external security audit (external; PDF) (audit) published in November 2022 - but is not a “full audit”
  • pos./neg.: “SimpleX Chat is still a relatively early stage platform (the mobile apps were released in March 2022)” (external)
  • negative: no interoperability resp. no interface to chat standard XMPP
  • negative: according to webbkoll (external) 2 third party requests (third-party) on the website
  • Negative: audio and video calls are only possible if Tor is not used

Functionality

Identifier/ID

Identity, profile, contacts, and metadata are supposed to be protected by the fact that, unlike other messaging platforms, there are no identifiers assigned to users. No phone numbers, domain-based addresses (like email or XMPP), usernames, public keys, or even random numbers are used to identify users. Nobody knows how many people use the SimpleX servers.

The first messenger without user IDs Other apps have user IDs: Signal, Matrix, Session, Briar, Jami, Cwtch, etc. SimpleX does not, not even random numbers.

That’s right - but then identifiers are needed for connections:

uses temporary anonymous pairwise identifiers of message queues, separate for each of your connections — there are no long term identifiers.

So there are no user IDs like in other systems - but the way of connection-related IDs or the concept is indeed unique and promises more privacy for a reason.

Since there are no fixed/server managed user IDs or chat accounts, end-to-end encrypted sessions are set up between two SimpleX clients when a chat is established. The servers just push the data packets from A to B through the network and allow off-line messages to be exchanged.

It is also possible to use the profiles from the mobile device directly with the SimpleX desktop app. However, this is only possible if both devices are in the same network - there is no real synchronization between the devices (as with the chat standard XMPP).

Add contacts

Adding contacts](https://github.com/simplex-chat/simplex-chat/blob/stable/blog/20220511-simplex-chat-v2-images-files.md#how-to-connect-with-your-contacts-in-simplex-chat) (external) can be done via one-time invitation link/QR code, which is then sent via another channel like email - or you can share your SimpleX contact address as a QR code, which allows multiple uses.

Messaging

Since there are no classic user IDs/chat accounts, there is no verification of communication partners. To ensure that one is truly connected to the desired interlocutor, establishing a chat connection can be done by scanning a one-time QR code at a face-to-face meeting, or by sending an invitation through a secure, verified channel. (There is no general answer to the question of why use SimpleX when a verified and secure communication channel already exists).

To deliver messages, SimpleX uses temporary, anonymous, pairwise identifiers of message queues, separately for received and sent messages - there are no long-term identifiers. Using it is effectively like using a separate email or phone for each contact.

Messages are encrypted end-to-end via double ratchet and transmitted over open connections via “push”.

If the recipient is not online at the same time, the messages are cached on a server until retrieval/deletion.

Server

Due to the system, separate connections are used for incoming and outgoing messages and different servers (SMP relays) can be used/defined for this. In order to receive messages, the own server (more precisely: a server from the own server list) connects to a server from the list of the communication partner - even if this address is not in the own server list. Everyone can only define their own send/receive server.

Although servers are preconfigured in the app, you can enter any other SimpleX server or even a SimpleX server that you operate yourself. You can therefore specify which server should be used to receive messages and each conversation can be split between two different and independent servers.

However, to hide your own IP address from the recipient, it makes sense not to use your own private SMP server for sending (which could be reassigned), but one of the SMP standard servers.

Offline messages

… are possible. The delivery of offline messages (more info on this at Github (external)) is done via individual “relay servers”:

SimpleX stores all user data on the client devices, messages are only temporarily held on the SimpleX relay servers until they are received. …

If the recipient is not online at the same time, the messages are temporarily stored on an SMP server for a maximum of 21 days until they are collected/deleted, after which they are discarded. Larger files routed via XFTP are stored for a maximum of 48 hours for collection from the XFTP server. The retention values can be changed by server operators for their own SMP/XFTP servers.

Push Notifications

This blog post covers design for notifications on Android and iOS platforms: https://simplex.chat/blog/20220404-simplex-chat-instant-notifications.html (external)

In a nutshell:__ Android: SMP servers push the messages themselves, no metadata is shared with other services, and nothing is used that cannot be self-hosted with our apps.
iOS: Requires a dedicated notification server per app, which has a device token and can observe some metadata; users can only host it themselves if they modify the app and register the app with Apple (it doesn’t have to be in the App Store, and Apple doesn’t actually like copies there, it can be internal to a group of users / companies - there is no approval process for such apps).

Technical background for iOS

For instant notifications to work on iOS, the user must decide at signup if push notifications should be used. If yes, a DNS request is made to the iOS push notification server (ntf2.simplex.im / 139.162.221.251) when the app is started. This cannot be turned off.

The developer writes about this (via email): It is a compromise between privacy and convenience. For security and privacy related scenarios, iOS should not really be used.

Expert knowledge

This section on anonymity is especially for those interested in technology: Only read it if the terms IP address, hop, relay mean something to you - otherwise you’ll despair!

Traffic analysis

(Data) traffic analysis refers to the analysis of data traffic in order to obtain metadata (who communicated with whom, when, for how long or not). However, such an analysis is potentially easier than with unidirectional communication, given the separation of sending and receiving paths, which I as a layman see as advantageous. SimpleX ‘paddles’ every message (even when exchanging keys) to the same length (16k characters), which in turn is very good.

The following solution is available to protect your own IP address:

“2-hop routing with sender-chosen sending relays in addition to recipient-chosen receiving relays … not only it solves IP address protection, it makes threat model for senders much better, as the receiving relays no longer have sessions with the senders, and no shared metadata at all between different messaging queues (assuming sending relays don’t share the data with the receiving relays).


Development

There are frequent new functions and updates; there is a rapid response to reported issues or user requests. From the Vision (external) of SimpleX:

Going forward we plan to keep the basic usage of the platform free, and at the same time we will be providing the benefits to the project sponsors. For example, there will be additional app icons and user profile badges. There also will be higher file transfer limits – currently we don’t limit it at all, only limiting the file size, but it’s unlikely to be sustainable. In any case, the app will remain highly usable for everyone for free, and fully open-source. Several other apps are already being developed based on our app core, leading to a fully decentralized network.

The developer has its own view of privacy and is redefining it. Privacy would not be possible without venture capital

https://www.poberezkin.com/posts/2022-12-07-why-privacy-needs-to-be-redefined.html https://www.poberezkin.com/posts/2023-10-31-why-privacy-impossible-without-venture-funding.html

Further functionalities are planned such as:

  • SMP queue redundancy and rotation (manual is supported)
    Random servers can also be used for existing contacts through automatic rotation, which will make it even more difficult to track communication.
  • Large groups, communities and public channels
    The current groups are actually only intended for smaller numbers of participants.
  • Feeds/broadcasts
  • Web widgets for custom interactivity in the chats
  • Programmable chat automations / rules (automatic replies/forward/deletion/sending, reminders, etc.)

Registered office

SimpleX Chat Ltd was founded on 20.10.2021 and is based in London (20-22 Wenlock Road, London N1 7GU).

References

project page: https://simplex.chat (external)
source code: https://github.com/simplex-chat (external)
F-Droid: https://f-droid.org/de/packages/chat.simplex.app/ (external)
Current status/planning: Roadmap (external)
To the SimpleX protocol: Documentation (external), Github (external)
Comparison with other protocols: Github (external) and discussion on this at Reddit (external)
About the attack scenario: Thread model (external)

Report and short test by Kuketz (external)
In the Privacy manual (external) SimpleX is listed as “exotic with special privacy features”.

Conclusion

SimpleX is under heavy development and is a messenger that combines certain advantages of server-based systems (offline messaging) and serverless systems (anonymity).


SimpleX Logo