Oddbean

It doesn't surprise me that, SimpleX is under attack by corrupt liar Wired: "Neo-Nazis Are Fleeing Telegram for Encrypted App SimpleX Chat" https://www.wired.com/story/neo-nazis-flee-telegram-encrypted-app-simplex/ What DOES surprise me is the reaction of developer Evgeny Poberezkin, Here's the quote from the article: <quote> "And Poberezkin believes that the current limitations of his technology will mean these groups will eventually abandon SImpleX. “SimpleX is a communication network, rather than a service or a platform, where users can host their own servers, like in Open Web, so we were not aware that extremists have been using it,” says Poberezkin. “We never designed groups to be usable for more than 50 users and we’ve been really surprised to see them growing to the current sizes despite limited usability and performance. We do not think it is technically possible to create a social network of a meaningful size in the SimpleX network.”" </end quote> This is surprising because Evgeny told us that groups could scale by reducing the reliance on a single invite link, so anyone could enter via any group member or "super members". In fact, even from his own tweets, just 2 days prior: <quote> "We agree that once group can scale, they will help growth." </quote> Source: https://xcancel.com/SimpleXChat/status/1841561127320199583#m This is the danger of doing cypherpunk stuff, with government money venture capital and registered LLCs. At the slightest push from the mainstream media, he changes his tune. I like Evgeny. He's a good guy. And I DON'T blame him for trying to stop his company from being associated with bad actors. But we need to be honest here, he's trying to have his cake and eat it too. He wants to be a cypherpunk, but collect the paycheck of a corporation. What he should have said to Wired is: "This technology is like the printing press. It improves our lives and offers all of this freedom. But once it's made, the inventor can't control what people say. Do you really want to live in a world without the press, Wired?"

I haven't read the article but I agree with this take. Stop making it "paletabke for egalitarians", just say "it is a tool like any other". nostr:nevent1qqs9funqscwsham0r2z4nx9usrg7d2w2z053pwj8995hewy6j0qyyespzdmhxue69uhhwmm59e6hg7r09ehkuef0qgs2c0m2lct4j0mpsyz38kkf58j5f6rmnn53kf7n0wywck8m42gpf2srqsqqqqqpkz4czv

@simplex This. They try to shame you. Own the freedom from the get go. nostr:nevent1qqs9funqscwsham0r2z4nx9usrg7d2w2z053pwj8995hewy6j0qyyespp4mhxue69uhkummn9ekx7mqzyzkr76h7zavn7cvpq5fa4jdpu4zws7uuaydj05mm3rk937a2jq225qcyqqqqqqg40kcng

They only really work in practicality. If you have big rooms with a lot of people sending messages constantly and you're away for more than a day, your app will be catching up for 30 minutes before it is fully caught up and that is absolutely not a good experience.

Well, that's the problem, everyone should be using the onion services if you're using it for privacy/anonymity. Session does it by default, and yet it doesn't ever get *quite* that slow. In fairness, Session did get bogged down pretty hard because of massive DDoS attacks a few months back, but when that's not happening, it's a lot quicker. My biggest issue with SimpleX really is how it seems that messages take half an hour to catch up. Otherwise, the other flaws are either subjective or minor.

type "SimpleX directory" into your search engine of choice. Once you are connected to it, you just simply type a word and press the send key and it responds with groups that match that word. The Haveno-reto group is not in the directory, but it is on rgeir official site.

This is why SimpleX makes me nervous. They're run by a for-profit company and whether or not they are currently morally on the right side or not is irrelevant. It's why I personally trust Session more. It's a lot more traditional cypherpunk in development ethos. While SimpleX definitely has a LOT of really cool features, it has a way to go before I think it'll be useful for most people. It's sluggish if you're in popular groups, the notifications and message catch-up is a massive pain, etc. And like I said, it's kind of hard to trust a for-profit corporation in this case, even if the developer might be on the cypherpunk side of things.

Is there any way to verify how many servers Session is running? I don't think they're financial model (shitcoining) is working out for them and oxen is running them all. I run my own Simplex relays. AND they're not using double ratchet encryption. intercepted messages can be decrypted if an adversary gets access to the sending device. Simplex uses model Signal encryption. so a small number of servers run by a single entity not using modern encryption. doesn't sound very secure to me. I'd prefer a organization with a viable financial model.

I don't know. Possibly, but I have no idea. Also, I don't know how we can hate on Oxen/Session Token when it's pretty much touted as primarily being used as a means of securing the network. Having the network 100% open is one of Tor's main weaknesses due to sybil attacks, something far less likely on Session. Plus, the onion routing aspect means your packets are fully decentralized and anonymized. That said, I do agree that Session should have kept PFS but due to how the network works, it'd be difficult to decrypt enough messages to deanonymize.

I don't mind if that's how they incentivize people to help secure their network *if it works.* I'm just pointing out that it doesn't seem to have actually succeeded in doing that. And as far as anybody can tell, it's only them running nodes, so it's basically a single centralized third party. That said, I have used Session and it's improved a lot. The UX used to be terrible, but now it's pretty nice. It just seems like their security model didn't work out the way they hoped it would.