I am torn between on one hand my usual attitude of not recommending any technology for communication of sensitive data as they usually all suck, and mostly depend on golden-prison user-hostile environments like Android or iOS;
and on the other hand my enthusiasm for the underlying principles of Simplex.chat as a young piece of software with very promising and forward thinking ideas (reminding somehow of pond, for those who knew of/used it):
@jz It's still nice to see apps with interesting new interaction concepts, even if they are part of the silos. Personally, I don't think that we will get users away from the platforms - because open-source never really reacted to them. That's for the future IMO.
@jz I have been using it for a bit, but getting people to move to yet another platform is just difficult. the app for android is pretty mature and I have not seen any crashes yet.
Simplex.chat is based on users not needing any sort of strong identification (phone number, email address) to be usable, unlike most other chats. Sure you technically still have a "cryptographic identity" (a public key), but the protocol is designed in such way that the server (yes there is still servers unfortunately) will know the minimum about its users. no user-identifying metadata are stored or processed. :blobCatAnon:
On simplex, identity is just something you chose and store on your client, that can easily change depending on context. You decide you are "Alice" and your contacts will see that, unless if when opening a contact with a given person or group you use an "icognito" identity, in which case they will see you as "FlamboyantTruth" or some other generated name.
With incognito groups, one can share publicly links to a group and people join them (via a QR Code) with their identity protected! 🥸
So this idea of protecting your identity is really the core of Simplex, and it should be the Freedom0 of any communication protocol if you ask me.
To connect to someone over Simplex you send them either a very long URL through another channel or better get them to flash a QR Code on your device or on a piece of paper. 🤝
Use case: you meet that person in a bar, they're nice and chatty and want to stay in touch. You are mildly interested so give them a QR code to flash linking to an "incognito" identity.
You chat with them afterwards, and after some times can decide to say "OKThanksBye.", and disconnect from them without them ever having to know your name, phone number, email etc. and thus unable to stalk you or anything... 🥂
So, for vulnerable and/or exposed people who want to seriously organize Simplex.chat may be (or become) one of the best options: dispoable identities on fresh devices, connected to un-identifiable contacts.
If your device gets compromised or seized, it doesn't give away the identities of other incognito members of your groups... 🤫 Also works well for/with people with no phone whatsoever.🛖
Also as part of the interesting features: Simplex allows for out-of-app webRTC calls+video, Simplex is NOT an electron app, yet it exists under: android, iOS, linux-tui, linux-desktop, windows, macos... So more multiplatform already than most.
Yet, as a piece of software even if advancing fast in the last months, it is still young. The way it is being packaged and distributed solely over Microsft Pages(tm) (aka github) is a bit concerning, but these things will evolve in the future, according to its main author in the public user group channel, and discussion about these things is rather open...
@jz I've experimented with it. The app is very solid, especially for being so young. Conceptually, as you described, very intriguing, even convincing. But I'm no expert to judge the privacy promises from a technical POV. There may have been questions about the financial sources of the project – but don't quote me on that. Again: technically very interesting, better than Signal; easier/more momentum than Briar, I'd say.
@jz Excluding the unclear financial/social component, I'd totally advocate for it in a IT tech conference context, or for ad hoc networking in activist/demonstration situations. For the no-identity, stalking-proof features you described.
@Rainer_Rehak true, thanks for pointing out this contradiction.
I guess looking at 98% of the “normal” population, I am in fact a privacy expert. Not so much here in my Mastodon IT bubble, though. It’s all relative ;)
“Better than Signal”, I mean from a high-level conceptual (and maybe naïve) standpoint. I’ve not investigated deeply into it.
Well one can adhere to principles, for political+philosophical/ethical reasons, and only hope that the technological aspects will be audited, ironed out, triple-checked, reimplemented in stricter/safest/minimalist ways, etc...
...rather than trusting some third-party technological opinions on something that leaves blatant holes on the political side ("we kill people based on metadata" 2014) while trying to mono-culturishly look cool....
@ploum Indeed a chicken-and-egg thing! i started by telling a pair of very close people that i would love to experiment that with them, and as we weren't satisfied with existing/available solutions we tried.
then i started systematizing offering it as an option to new contacts, and was suprised by how many of them got curious, as soon as i explained key concept of identity-independance. was mostly nerds and tech-adjacent people, but still!
now 20+ contacts, daily use. (and tui on pinephone!)
Add comment