Oddbean

SimpleX Chat (world's most private?) now connects desktop app with mobile app via quantum resistant protocol It sounds like a simple thing to do, but SimpleX is not a cloud based hosting, nor does it even have a common profile that anyone can just follow or connect to. Every friend being connected with, receives a unique invite address. There is no e-mail address or phone number used to register, so no-one can find or connect with you unless you send them their own unique invite. Hence this linking has been keenly awaited for a while now. How does it work? "The way we designed this solution avoided any security compromises, and the end-to-end encryption remained as secure as it was - it uses double-ratchet algorithm, with perfect forward secrecy, post-compromise security and deniability. This solution is similar to WhatsApp and WeChat. But unlike these apps, no server is involved in the connection between mobile and desktop. The connection itself uses a new SimpleX Remote Control Protocol (XRCP) based on secure TLS 1.3 and additional quantum-resistant encryption inside TLS." The downside of this approach is that mobile device has to be connected to the same local network as desktop. But the upside is that the connection is secure, and you do not need to have a copy of all your data on desktop, which usually has lower security than mobile. See https://simplex.chat/blog/20231125-simplex-chat-v5-4-link-mobile-desktop-quantum-resistant-better-groups.html #technology #privacy #SimpleX

It's great to see this type of news focused profiles on #nostr ☺️ nostr:nevent1qqs9erlahx6q08farjlrrlp60trah8p4wvrngljg453t3ftral4y4kspp4mhxue69uhkummn9ekx7mqzypp2gxtcc5wtqp545xx7djt4fwgwyzxax8fg28nudygy3xwp46sruqcyqqqqqqghnnvnf

Other than that, SimpleX Chat has "relays" to store messages just like Nostr does. If you are not choosing your own relays to use SimpleX, it's not that different from Signal, where everything routes through the company's servers. And if you choose a new relay, make sure they are not tracking you. They can see a lot of metadata. This was one of the reasons that led me to push for a better standard for Nostr GiftWrapped DMs that minimizes (but doesnt completely solve) the power your relays have over you.

The metadata is indeed limited since a user does not have a unique global permanent identifier. At most they can track metadata within a single chat room but iirc they even have mitigations for that: https://github.com/simplex-chat/simplexmq/blob/master/protocol/overview-tjr.md#threat-model

They don't need an identifier, they have both user's IPs/session IDs and channel IDs available. Date/time of messages is also precise. Connecting into multiple friends with the same IP reveals more about you. If the server decides to track (which a court order might require them to) the metadata is probably useful. The beauty of the GiftWrap design is that people can setup their own Inbox relays at will. The package only arrives in the receipient's server, not in the sender's if the person doesnt want to (save a copy locally only). That with random date/times makes it harder for relays to track. Then of course, clients can always use a separate Tor circuit to make sure relays don't receive anything but the message in each connection.

Had to read the above a few times as I'm not very technical. Are you suggesting nostr will be able to provide better privacy compared to SimpleX? How can Nostr hide the metadata? And last question, is something like 0xChat potentially the way?

0xChat looks pretty awesome on the UI level too, first iOS app that looks sincerely made since Damus. No pushy onboarding, lean settings, and finally someone went with a semitransparent menu bar again.

You can have a deal with your users to delete GiftWraps after some time to declutter. But that is between the replay operator and the user. The same clutter can happen with DMs. So this is not an issue of the new method.

It's similar to Session, and Nostr, in that no personal info is required to register or create a presence. One of its big differences is not having any uniquie global identifier - so tracking is useless, as is trying to share any ID for others to register to connect with you. Each new contact gets their own unique invite.

So according to the last paragraph, it has to be on the same local network… how does that translate to anything other than sending messages/data to someone in the same house? ELI5 I’m techno-retarded.

Yes same local network only, but it is E2EE - it is really only remote access from the desktop app, to use the mobile app profile. The desktop app has its own profile so there is no merging of those two. SimpleX is not trying to have a connect everywhere slick cloud service - it is very much about security over convenience. Nostr does have a measure more convenience (shared profile) and i would not say Nostr is actually less secure. It is more that SimpleX aims to only be an instant chat messenger, whereas that is not the primary aim of Nostr at all.

SimpleX Chat got 370.000 Dollar Venture Capital von Village Global https://www.crunchbase.com/organization/simplex-chat Village Global means Marc Zuckerberg, Jef Bezos, Bill Gates, ect - see: https://villageglobal.cc