Oddbean

The new SimpleX release hides IPs with onion routing. Next he's going to do blockchain vouchers to pay the relays. And add a 2nd identity with PGP keys. -Onion hops to hide IPs -Relays paid w/ blockchain -2nd key for identity Sounds like Session. Now if he's going to step-by-step copy Session's features, while promoting propaganda about Session, I will still try to promote education of both, to benefit the end user's freedom. I wish those who tried to haze me over the last year for promoting these ideas would do the same.

Can you make a guide to use Simplex with sane defaults over your own home server. Somewhere I read if I run my home server via on on and that's the only server I am connected to there would be connectivity issues. Is this (still) true? And what's the best configuration I should point others to if they don't want or can run their own servers?

If it's literally in your home, you have IP publicity issues, which you can solve with Tor Onion. Also most residential homes change IPs, which Tor helps with. If you're talking about a VPS, then I'd recommend the official script from the SimpleX website

No, not like Session at all. We are not going to throw away double ratchet, and we are not going to create cryptocurrencies based on public blockchains. If we ever replace double ratchet with any other scheme, we would replace it with the more secure one, not with a less secure one like Session did. We are moving to a very different direction from Session's: https://simplex.chat/blog/20240516-simplex-redefining-privacy-hard-choices.html Also, the design of the private routing achieves the level of metadata privacy that onion routing in Session doesn’t provide - I can comment more on it, but here is the post: https://simplex.chat/blog/20240604-simplex-chat-v5.8-private-message-routing-chat-themes.html I understand that Session fans might be angry about my criticism of Session, but its crisis is of their own doing - Session's decision to remove double ratchet was a wrong one - users who choose Session need double ratchet, at least. The path for Session to regain users' trust would be: 1) get double ratchet back, with all its qualities, and figure out how to solve multidevice without compromising encryption security - I’d happily collaborate on that, as an acceptable solution doesn’t exist yet. 2) make node ownership optionally transparent and let clients choose nodes owned by known and different operators (to avoid unknown operators who potentially collude undermining onion routing promises - these promises only hold under the assumption that operators of nodes chosen for the circuit do not collude). 3) decentralise media storage in the same way messages are decentralised - Session may as well adopt XFTP protocol we designed - it's independent from messaging, and that can create some collaboration points too. 4) add a notification when another device access the same profile via recovery code. 5) protect access to recovery code in the app with PIN. In its current state Session is simply dangerous to use for any scenarios requiring privacy and security. Solving points 4 and 5 would remove Session from "dangerous" territory and make it simply “not too secure”. I don't understand why it wasn't already done after the public conversation with Keith several months ago, see the links here: https://x.com/SimpleXChat/status/1755216356159414602 Solving 1 would make it secure. Solving 2 and 3 would make it private. It's correct to point out SimpleX network limitations, and we work on resolving them. But by misleading the audience about Session level of privacy and security you are creating risks that may cost some people their lives or freedom - this is really bad for the community and detrimental for your reputation as well.

Yes I agree it sucks he removed forward secrecy. Yes I agree that simpleX hides metadata better when BOTH parties want to be invisible. Yes I agree that he should make the pin and notification on devices would be good. Yes I agree it would be better if you could pick your entrance node like Tor. This isn’t a real debate because I have no say in what KeeJef does. Remember, I am a USER of session, and NOT a developer. So my goal is to educate people on the pros and cons. We use a Session bot we made to distribute content, I’d like to do the same for SimpleX in the future. But I’m not going to do it if it’s a toxic culture. What I do like about Session is a complete separation of physical locations from identity or communication, the ability to own your identity like a crypto wallet, and rotate the key to a new identity via the blockchain. As we outlined in our uncensored discussion for it’s use on a VPS. http://simplifiedprivacy.com/uncensored This makes Session more suited for pure censorship, unlike simpleX with government domain name identities. If you think about it, SimpleX heavily relies on a secure off-band mode of communication to begin with, to prevent bogus URLs from being sent as man in the middle. Now, you said you’re adding PGP keys, and that’s great. I look forward to it. But I’m still relying on the regular government internet stack to deliver me the public key. SimpleX excels at TWO way anonymity. Session excels at ONE way anonymity, since anyone can quickly tap into your blockchain name and verify it easily. Many people in life may want to be invisible, but in most cases you don’t. A journalist doesn’t want to be invisible, I want to know that I’m talking to the right journalist. A crypto-trader doesn’t want to be invisible, I want to know that I’m sending funds to the right trader. Additionally, users can achieve the same thing as SimpleX by having multiple Session identities on Linux. I like SimpleX, and I’m excited you have made progress. I’m NOT saying don’t use it. I’ve just grown frustrated over the last few months with the simpleX linux clients having errors that caused me to abandon accounts, which makes the whole thing real vulnerable to phising attacks. As I mentioned in chat previously, SimpleX’s reliance on android first is one I disagree with as mobile devices are not secure. Also, the motivation to host your own server is somewhat confusing, if using your own server causes you to stand out. I hope your voucher system fixes this. At the end of the day, I’m not looking to cause fighting for the sake of drama. I get excited about freedom technology for the love it. I wonder if you bashing Session 24/7 while adopting very similar features is in the same vein. I think KeeJef should be the one to debate with you, not me.

I don't understand how does establishing 1st communication doesn't always require connecting offband. You can always someone because they told you how to do so in another medium, there is no way around it, no amount of "decentralized identity layer" would prevent that. The exception is when you new meet people in the medium itself and can just initiate a conversation directly.

My Session ID is "Support". My SimpleX code is: https://simplex.chat/contact#/?v=1-4&smp=smp%3A%2F%2FZKe4uxF4Z_aLJJOEsC-Y6hSkXgQS5-oc442JQGkyP8M%3D%40smp17.simplex.im%2FjlgwnohJoxn1yz9bhJ_3m6JhanIbgOME%23%2F%3Fv%3D1-2%26dh%3DMCowBQYDK2VuAyEArsSD2oa0yAYYTXuSKj_3uw5uQo0LU77i3jeoXtK6kjU%253D%26srv%3Dogtwfxyi3h2h5weftjjpjmxclhb5ugufa5rcyrmg7j4xlch7qsr5nuqd.onion Which one is easier to verify or fake? Which one can I blast out and people type to easily reach me under the cover of a mixnet?

Can I ask you a question. I've been very interested in private messaging for a while, as much out of curiosity as anything else and your write up poses some questions for me. Two or the most interesting approaches to anonymity I've seen are Retroshare and Onionshare, which can both be used as messengers. I realise both have their development issues, but looking at the principle, why didn't you initially go this route, baking Onion Routing in from the start?

lol you posting this cause monero town is talking about retroshare? I'm not familar with onionshare, but its like Briar right? If it's peer to peer, both parties have to be online at the same time. (like Briar) I am not the dev behind SimpleX or Session. Session has onion routing built in. SimpleX can do Tor optionally. Onion routing is good, not just for privacy but also censorship, we also just got a new Tor Onion on a new VPS btw: privacyy3tsy4mge4qmg4nsid2vnhl7szzupphhkfsxvayx5tl2ztbqd.onion

That's interesting. I have to admit, I'm not cool enough to know what #monero town is. I heard about #Retroshare on a Matrix group call privacy some time ago. They also mentioned #MuWire which has since lost it's original developer, but used the garlic routing #i2p network instead of #TOR. I know technically what Monero is - a #blockchain that uses ring signatures - but I'm not cool enough to be part of the scene :(