Signal isn’t any better than SimpleX, both don’t have a proper business model, in fact, it’s worse because at least you or others can self-host SimpleX.
Threema would be the only option that has a proper business model, but how many are willing to pay for it?
SimpleX’s design is also less wasteful because there is no need to verify numbers, etc., which costs Signal A TON of money.
That article is nonsense, they can’t control what kind of people use their app.
Being a for-profit company is a red flag.
Being a for-profit company without a clear path to profitability is a red flag squared.
Being a for-profit company without a clear path to profitability that’s using VC money is a red flag cubed
Many of the recommendations are for profit companies, who cares. I also don’t see why VC funding is such an issue. I’m only interested in the technical merits.
I’m not saying being a for profit is a deal-breaker, but it’s a red flag, something to keep an eye out on. In fact, I use many products from for-profit companies. Same with free vs. non-free software or open vs. closed source.
But if they are a for-profit, their mission is making a profit, not whatever else they might claim. And depending on the country, it’s even their primary legal duty to their investors. So that’s one reason to stay vigilant if you choose to depend on this company. If that for-profit doesn’t have a clear business model or path for profitability, even more so, as they will probably either fail, or betray their user’s trust to keep afloat. And if they are being funded by VC, sooner or later the VC is going to put pressure so that they can get their investment plus some back, either through a change on business model to become profitable, or through selling the company to another company. I’ve founded a company that was VC-backed and I can assure you they have way more power and influence over the company than what their share % and number of seats at the board might suggest.
So the combination of the three things is pretty bad and a deal breaker for me, specially if there are high switching costs, like with a messaging app.
Like I said I’m only interested in technical merits not “oh what if they do a complete 180 and start collecting all your data in the future bc the VC that funded it knowing full well what it is just wants them to completely change it for some reason.” If it turns into Facebook in a year then it’ll get removed but for now it’s one of if not the best messengers available.
SimpleX is not the program you want to use.
I have on several occasions tried to get epoberezkin to answer basic questions, but every time they run to the hills.
SimpleX prides itself with having no identifiers. The most revealing identifier would be your name, then phone number, then your IP, then your email, then your username. SimpleX server knows your IP-address by default. But the CEO pretends this is not an issue. They ignore the fact IP-addresses are constantly used to determine identity of copyright infringers using torrents etc. They either tie to the household, or to the person if they live alone.
SimpleX uses something called queues. Which are basically random persistent tokens that allow fetching data from the server. The server generates the token for Alice, and Alice shares them to Bob off-band.
Alice can use queue ID to_bob1 to send a package for Bob, who can then fetch it with queue ID from_alice1. Same, vice versa.
SimpleX is not transparent enough about the fact the server can trivially correlate the IP addresses that converse.
There is queue rotation, but since unauthorized users must not be able to change the queues between Alice and Bob, the server must authenticate Alice before this action. This means Alice is recognized by the server, regardless of which IP-address they connect.
So Alice can’t rotate their queues without the server knowing which queue pair Alice and Bob use next.
Since the server knows the queue ID between two users in long term (that is, unless they re-register for Simplex and start fresh), the server can keep accumulating all queue IDs associated with Alice and Bob. The server can also associate every IP-address it has seen Alice connect from to that user.
If Alice and Bob use Tor from day one, and somehow never fail to misconfigure Tor and leak their IP, SimpleX is probably OK. If they ever fail, then the user is permanently deanonymized.
This is why SimpleX sucks compared to Cwtch. Cwtch uses anonymous Tor IDs, that are trivial to spin up, and take down. You can have as many user IDs as you want, even 1:1 mapping for all contacts to micromanage your online status for every contact.
Cwtch forces connections through Tor, Onion Services can not operate without you having anonymity.
My huge issue with SimpleX, is the CEO is vacillating between the positions of “Tor has vulnerabilities, therefore it’s not 100% solution”, and at the same time offering Tor as an opt-in solution for paranoid users (their words, not mine.)
Tor is obviously not a panacea, but the CEO conveniently forgets, is
There is for now, nothing better. We haven’t seen any improvements to the concepts of onion routing since NSA slides crowned Tor the “King of Anonymity solutions”.
IF the anonymity provided by Tor fails, all that happens is, your IP address will leak to a third party. Which is what’s happening with SimpleX by default.
Cwtch solved the problem of IP-addresses get revealed due to accidental misconfiguration, which is an actual threat.
SimpleX solved the non-issue of usernames and offered the same IP-address protection as every bog-standard messaging app: None.
Evgeny, again, if you want to offer improvement over existing software like Cwtch, you need to expand on what they solved (like I did with TFC by solving endpoint security which Cwtch does not solve), not pretend the first thing metadata-resistant communication solves, does not matter, and then boast about being “first to have no persistent IDs”
Your system has a persistent ID. It is the
[(alice_tor_ip_address1, queue_id1),
(alice_tor_ip_address2, queue_id1),
(alice_tor_ip_address2, queue_id2),
(alice_tor_ip_address3, queue_id2),
(alice_tor_ip_address3, queue_id3),
(alice_home_ip_address, queue_id3),
(alice_tor_ip_address4, queue_id3)]
list of tuples collected by the server over time.
First HN. Now PrivacyGuides. You’re running out of hills to run with your snake oil. Please stop running and address these issues.
Hey, nice to see you here. For anyone who doesn’t know, TinFoilChat is an excellent tool for when you can’t guarantee your device isn’t compromised (although only if you use the separate hardware version, anything below it is software trust).
As for your post, it’s similar to the concerns I have over SimpleX. But they have claimed in a recent blog post to have solved some of these issues, at least partially. Especially interesting to me was the 2 side relay (where sender selects one and receiver selects one), which I don’t think actually helps in solving correlation, and may sometimes make it easier if certain users stick to specific relays. Would be interesting to know if these steps mitigate the concerns you have had: SimpleX blog: SimpleX network: private message routing, v5.8 released with IP address protection and chat themes
What funding model do you like then?
Making software, maintaining software, and owning/running servers is really expensive.
A profit motive can be aligned with privacy and security. If the product being offered only has value because it’s private/secure then the company offering it is incentivized to ensured it delivers as advertised or it will be replaced by a competitor that can deliver.
The problem is the demand side. Too many people in the privacy community refuse to actually pay for anything and demand all things be given to them for free.
Privacy is a fundamental human right, it should always be free.
Development costs time and money, though.
If what you’re saying is that all services should be privacy friendly, then I agree. But doesn’t mean everything should be free. For most applications not using it doesn’t mean you’re suddenly not private.
Your taxes are money. They should use them to clear-fund privacy and security projects.
And do you enjoy a privacy project that you actively use? Donate, as you tip the waiter who brought you the coffee you enjoyed.
Your solution to privacy is to rely on…the government?
Also taxes aren’t free either. People have to actually pay those.
I have no problem paying for stuff I use. I donate to Signal and have been a paying Proton supporter since the beginning.
What really annoys me is people who don’t pay for anything demanding other people pay for the services they use or demanding developers make applications for them for free.
When a privacy project has a business model will always care for its business first, then your privacy.
Dude, sorry, but that’s NOT how world works. You need revenue to keep things going. If you don’t have any money, you can’t offer any privacy-respecting products (or any products at all) because, nobody is going to work on a project while they can’t even live a standard life.
I think that’s flawed, if their business is your privacy then the profit motive lines up with your interests. There’s many examples of this in the site like Ente, Bitwarden, etc.
In a for-profit company, a profitable business model or one with a clear path towards profitability. If it’s a company using VC money without a clear plan to become profitable, I don’t trust the company.
In a non-profit one, either a sustainable model, or if it’s donation-based, not dependant on a single person or entity.
Everything SHOULD be free, privacy isn’t something that only people who are wealthy and are living in first-world countries should be able to access.
Proton is a perfect example of that, they provide free, private, and secure services with basic functionality to everyone, but if you want more features, then you need to pay.
I’m sorry, but those aren’t “privacy” projects, lol.
Np i forgive you, call them privacy services, doesn’t matter. ppl get the point.