I’ve seen several people claim Simplex is the best messenger app in terms of privacy and security, but does that still stand after reading the threat model page? Personally I was surprised by what can be done.
Click show origional.
What would you like it to rather not do from the list you shared?
Well, everything. Its supposed to be anonymous yet a server can see and watch everything from everybody and link it back to real IP, so much for anonymous. I don’t think people would speak as highly of Simplex if they read that page.
2 Likes
Absolutely not true and objectively false.
I don’t think you understand how this app and service works. The app can’t see everything as you claim or think it does.
It is indeed anonymous, you can self host or use a VPN to mask your IP for good measure or have the app use the Onion network instead.
You should read the page you linked again and this too: SimpleX Chat: private and secure messenger without any user IDs (not even random)
You should also read what it cannot do, and the entire page again.
I don’t know if you’re new to privacy or not and how much you know about how to assess privacy app info even from a technical POV, but I think you’re misguided and misunderstanding SimpleX Chat. Please read up more on it and ask specific questions if you have any. Rest assured, SimpleX is indeed fully private and as secure as it can be for what it is for now and may as well be one of the paragons of an encrypted messenger app.
People have read that page. It still stands true for all that it claims.
2 Likes
Would you trust it with critical actions like whistleblowing against a government agency?
Using the app for that is one thing, but your device and other opsec must also be ideal for you to be safe if you or anyone wants to do that.
But since you asked, all other things ensured, yes I would. But if state actors are actively and particularly targeting you, then know that no app or system is 100% perfect so you’ll have to choose the best “bad” option. In this particular case, I would then use OnionShare instead. But you can certainly use SimpleX too. It would not matter a lot or won’t be too big a difference.
2 Likes
The main difference here is that simplex chat does offer you a thread model page, with clear things written of what is possible and what is not. Of course it’s more frightening than having … Absolutely no list and and see none of those threats if you look at whatsapp or facebook messenger. Dont be affraid of having more info and a better communication that other app. Aso don’t imagine perfect security and privacy exists. Simplex help you by giving you am accurate picture and keeping you grounded.
1 Like
You also run the risk of loading Simplex by mistake before starting tor or VPN and then you get leaked to the app designed to keep you secure.
1 Like
And that’s what I mean by opsec. It is upto the user to be cautious of these other factors first. And that’s why its best to do this in a public space and not in a residential area if forgetting to turn on VPN is a likelihood.
But again, this is a simple thing you must remember if you’re really going to partake in critical actions like whistleblowing.
Hell, you can also use Signal in a pinch for this type of work. Metadata collection is minimal if any, Signal doesn’t and cannot know anything about anything except just to register you with any phone number on which you can get 1 SMS and the last time you were online on Signal.
All other data, as far as I know and understand is private, secure, and encrypted.
1 Like
It is indeed designed to keep you secure. But a user must also use it properly for it to work for you and not against you. It’s like driving a car, you only do it if you know how to. And if you know how to, it will work exactly how its supposed to. If you don’t, you are not safe.
Would it work to use a VPN router so its not possible to forget? Signal needs phone number which nobody would want tied to them just in case it turns out Signl is lying.
Signal is not lying. I assure you. If you want, you can get a number from (https://www.smspool.net/) very cheap and register. It doesn’t use your phone number as your identifier or a PII.
Sure, you can do this. But it’s best to have the VPN set up on device for easy control and management of your connections. Plus, I would use an Android phone with GrapheneOS if you’re on mobile for even better protections all around - again, if this is the type of critical work you’re trying to do. If you’re on mobile, you can choose when you want to be on a VPN and when you want to be on the Onion network.
1 Like
You should also know that while all I am saying here is as true as I know it to be - I am not an authority on whistleblowing or a technical expert in esoteric and highly critical matters like this.
What I am suggesting and sharing are indeed the best ways to go about it but I am not guaranteeing 100% safety for you with all I am sharing here now. There may be others on the forum with better suggestions and more information. I don’t think anyone can give you 100% safety but I’m still saying.
While you can keep asking follow up questions and I can keep responding, I also suggest waiting a few days while other community members respond with their thoughts before you decide anything for yourself - if this is really what you’re planning on doing.
–
That’s my disclaimer in all honesty and in good faith.
1 Like
I’m not actually planning on critical whistleblowing, that was just an example.
I see
So much for all that typing. But now you know, nonetheless.
1 Like
But I believe I have answered your titular and follow up questions as best as I can for now.
1 Like
7 Likes
Signal very well could be lying or be co-opted.
3 Likes
Sure, anything could be the case. Nothing is impossible. Anything can happen. By this logic, don’t trust anything or anyone for any reason.
But that’s not what all evidence we have thus far points to now does it. And we have to trust something at some point and accept whatever implausible risks to at come with it.
Boy, if that’s the thinking one operates their life with, one ought to not use technology at all and we should only trust what we can make and build ourselves that has no dependencies whatsoever. Such an impractical mindset.
I refuse to believe you’re not smart enough to realize that trust has to begin somewhere. And if Signal is not what you trust, then either you have and significantly higher threat model with legitimate concerns that a nation state is actively looking to attack you at all times or that you simply wanted to point out that anything could happen even though it is highly implausible and unlikely just for the sake of it.
I’m sorry, but this type of comment that could have a basis for being true but does not from all we know thus far is irksome and counter productive to any discussion.
1 Like