User: Now that SimpleX offers IP protection (its main criticism), is there any case where it is still better to use @ Session, @ JefferysKee? Is there anything Session still has?Does [sic] Session have any advantages over simplex in any respect?
Session CTO (Kee Jefferys): Depends on what percent of SimpleX Chat users are using self hosted relays? I assume a very small percent. For the majority of users this “Private routing” adds very little privacy, since both servers in your route will likely be run by SimpleX Chat LTD.
In this case it would be fairly simple to correlate the routes? Compared to Session where there’s a network of 2000+ community operated nodes which participate in 3 hop Onion Routing for all users. Maybe I’m wrong about the details?
User: I don’t think it would be easy to correlate (see picture).
Don’t you think is a matter of time SimpleX users start operating nodes in a similar quantity as your’s? Is cheaper than running a Session node. And people will run them even if they don’t get rewarded, altruistically. [Quote from SimpleX blog announcement:] “At the same time, the relays chosen by the sending clients to forward the messages cannot observe to which connections (messaging queues) the messages are sent, because of the additional layer of end-to-end encryption between the sender and the destination relay, similar to how onion routing works in Tor network, and also thanks to the protocol design that avoids any repeated or non-random identifiers associated with the messages, that would otherwise allow correlating the messages sent to different connections as sent by the same user. Each message forwarded to the destination relay is additionally encrypted with one-time ephemeral key, to be independent of messages sent to different connections.”
An [sic] from SimpleX FAQ: There will also be a revenue-sharing model from customers to network operators, to provide an incentive for them to continue running nodes, which will increase decentralization and reliability of the network.
CTO: If relay A knows the exact packets it will send to relay B, then all relay B needs to do is listen for those exact packets and the path is correlated, assuming A and B are run by the same operator. Seems to be a very trivial deanonimisation technique. Above protections dont help?
Most people won’t run relays, look at any public access network like Tor, or federated protocols like Matrix, 99% of users use someone else’s server. I don’t see this changing dramatically in the future
[Answering SimpleX FAQ]: Making relays pay for use without clever monetization can make things worse, centralizing use around free servers. There’s very few successful paid only messengers.