SimpleX Chat is an instant messenger that is decentralized and doesn’t depend on any unique identifiers such as phone numbers or usernames. Users of SimpleX Chat can scan a QR code or click an invite link to participate in group conversations.

-privacyguides.org

It’s clearly proving to be the most innovative technology when it comes to decentralized communication, in my opinion.

  • poVoq@slrpnk.net
    link
    fedilink
    arrow-up
    122
    arrow-down
    20
    ·
    8 months ago

    SimpleX Chat Ltd is a seed stage startup with a lot of user growth in 2022-2023, and a lot of exciting technical and product problems to solve to grow faster.

    Run by a VC funded for-profit company. That really should tell you all you need to know. Sorry, but no thanks.

    • Scolding0513@sh.itjust.works
      link
      fedilink
      arrow-up
      69
      arrow-down
      19
      ·
      8 months ago

      this is a wrong take for a few reasons, if we’re talking about trust.

      Also, Signal literally was taking money from the CIA for a decade and also is based in the US anyway, and no one hardly said a word 🤣🤣 “Privacy” activists are a joke lmao. Also signal made a crypto coin and took away features like SMS, but of course they get a free pass for that too. Makes you wonder.

      1. SimpleX is fully open source, verifiable, and audited. If there are changes that are bad, the community will talk about them, and at worst it can be forked

      2. SimpleX has made it clear that they dont want you to trust them. It’s decentralised and anyone can run their own relay, and the servers are designed prevent correlation. They also make it very easy to use TOR and multiple circuits. This is contrary to the inferior Signal model where you just have to trust that the centralized Signal org isnt leaking your phone and IP to the feds.

      moving towards a decentralised, open, and trustless world is better for everyone. In this kind of system, I really dont give a damn where they are getting their money from, as long as they arent putting crap in the software, and if they do, we will all know about it. But so far they have shown that they are committed to extreme security and privacy, and they obviously arent trying to appeal to normies, so i doubt they would ever even try to put VC-pushed garbage in.

      If you want a good app, you will need funding from somewhere. Look at apps like Session that arent funded well. They suck. So I’d rather SimpleX be funded by a VC instead of by the feds like Signal, as long as everything stays open, free, trustless, and decentralised

      Time to get downvoted! See you guys at -50 😁

      • poVoq@slrpnk.net
        link
        fedilink
        arrow-up
        26
        arrow-down
        7
        ·
        8 months ago

        Where did I even mention Signal? Total strawman argument, as I don’t think Signal is a good option either.

        But you go ahead and trust Simplex Chat Ltd. I guess some people only learn from their own mistakes 🤷‍♂️

        • Scolding0513@sh.itjust.works
          link
          fedilink
          arrow-up
          22
          arrow-down
          9
          ·
          8 months ago

          you completely ignored what i said, as I specifically argued that simplex is made to be used without trust. so dont talk about me trusting people lol.

          Also I agree with you on Signal, was just throwing it out there for others, not necessarily for you.

          • poVoq@slrpnk.net
            link
            fedilink
            arrow-up
            6
            arrow-down
            39
            ·
            8 months ago

            You walked right into my deliberate rethorical trap 😅

            There is no such thing as trustless computing, and anyone that tries to sell you that is scamming you or drank the same kool-aid.

      • SolarPunker@slrpnk.netOP
        link
        fedilink
        arrow-up
        12
        arrow-down
        4
        ·
        8 months ago

        Exactly what I thought; if the technology is so decentralized does it make sense to care so much about who finances the project? Like if one instance of lemmy was funded by Microsoft, we could easily use another one and block it, right?

        • Scolding0513@sh.itjust.works
          link
          fedilink
          arrow-up
          1
          ·
          8 months ago

          originally it was. but it was given to the larger community as an open project, because they realized that without public use, it would be useless.

          There is endless discussion on whether tor software is backdoored or not, but I severely doubt this with all the eyes on the open source code

          There is also debate on how many nodes are owned by the feds, but the largest estimates at the peak were about 20%ish iirc. i doubt it’s a significant number enough to worry about, from what I’ve seen.

          tldr I’d recommend to look up all the opinions online yourself.

      • uzi@lemmy.ca
        link
        fedilink
        arrow-up
        4
        arrow-down
        4
        ·
        8 months ago

        I’m in full agreement with you. Not even a little bit of disagreement.

    • FarraigePlaisteach@kbin.social
      link
      fedilink
      arrow-up
      25
      arrow-down
      2
      ·
      8 months ago

      Upvoted bc VC eventually means enshittifiication. But with xz getting back-doored recently, what is the middle ground that keeps these things sustainable financially and operationally?

      • Kidplayer_666@lemm.ee
        link
        fedilink
        arrow-up
        6
        ·
        8 months ago

        Maybe it’ll be governments partially funding it. If Schleswig-Holstein’s attempt is anything to go by, it might be a way

        • FarraigePlaisteach@kbin.social
          link
          fedilink
          arrow-up
          5
          arrow-down
          1
          ·
          8 months ago

          But do we trust entities that depend on our governments for funding? It could be argued that they’re fundamentally compromised.

          • taladar@sh.itjust.works
            link
            fedilink
            arrow-up
            8
            ·
            8 months ago

            As opposed to whom? Are investors in VC startups less compromised or more? What are the incentives in either case? Who do you trust to be competent and/or incompetent enough to compromise it without you noticing it? Who is likely to change a project that was well intentioned first after the fact? In what ways?

          • Kidplayer_666@lemm.ee
            link
            fedilink
            arrow-up
            6
            ·
            8 months ago

            You have 4 basic options for funding:

            -you rely on individual donations which doesn’t bring in enough money

            -you force people to pay for it, which makes it less attractive when compared to traditional software, and makes much of the community pissy

            -you rely on corporate money

            -you rely on government money

            None is perfect, but some amount of government funding (let’s say, 10% of what they would pay Microsoft for the equivalent software) might make sense

  • fuckwit_mcbumcrumble@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    42
    arrow-down
    3
    ·
    8 months ago

    “Hang on let me write down my QR code”

    Usernames exist for a reason, especially in chat apps. Not having usernames is only going to severely limit your target demographic. And if nobody uses your app does it’s benefits even matter?

      • 56!@lemmy.ml
        link
        fedilink
        arrow-up
        16
        ·
        8 months ago

        It can be pretty complicated without a phone. Especially if your computer doesn’t have a webcam.

      • jet@hackertalks.com
        link
        fedilink
        English
        arrow-up
        6
        ·
        8 months ago

        You match with someone on a dating app and want to move to the next step… Sending them a QR code to scan into the app is a huge hurdle.

          • jet@hackertalks.com
            link
            fedilink
            English
            arrow-up
            11
            ·
            8 months ago

            A Messaging app is made for communication. The ideal dream is a messaging app that is both easy to communicate with, and respect privacy. If a messaging app cannot be used for a common messaging use case, like dating. It’s not going to work as a general messaging app

  • IuseArchbtw@feddit.de
    link
    fedilink
    arrow-up
    37
    ·
    8 months ago

    I’d definitely use it if my friends were using it. Sadly, I can’t even get them to use signal.

    • fluckx@lemmy.world
      link
      fedilink
      arrow-up
      5
      ·
      8 months ago

      Same… Sigh…

      I don’t need people to be hyper-privacy minded. But just a little bit at least. I’m not expecting everybody to self host a matrix server and use element and run self hosted services on their own RPI.

      But just not pick one of the worst ones?

    • LazaroFilm@lemmy.world
      link
      fedilink
      English
      arrow-up
      3
      arrow-down
      6
      ·
      8 months ago

      Find better friends. I say that but my friends decided to leave Facebook Messenger group chat… for Instagram. Now they use both.

    • Em Adespoton@lemmy.ca
      link
      fedilink
      arrow-up
      6
      arrow-down
      1
      ·
      8 months ago

      I saw a user’s hash just this week — it was in a ransom note. They required their victims to sign up for the service and text a code to their userhash to kick off sending the attacker cryptocurrency so they’d send a decryption key and not make stolen data public.

      Other than that use case, it hasn’t picked up many users that I’m aware of.

  • krash@lemmy.ml
    link
    fedilink
    arrow-up
    27
    arrow-down
    3
    ·
    8 months ago

    If I want a simple chat protocol, I use IRC or XMPP. These are battle proven by time. If I want a really secure protocol, I use Signal or Matrix. These are endored by many security experts who their shit when they assess protocols, crypto and solutions.

    SimpleX may be a good alternative for anonymous communication, but there is plenty options out there. Considering how many startups are funded by cheap VC money, and the business model is always “provide something awesome, and once you have enough traction - enshittify it” makes me very weary of investing myself in new solutions no matter how open-source the are.

    I may sound bitter and skeptic, but I’ve seen this pattern has been repeated many times over.

  • Gravitywell@sh.itjust.works
    link
    fedilink
    arrow-up
    21
    arrow-down
    1
    ·
    edit-2
    8 months ago

    I don’t trust for profit venture capital funding, if you want to see where it ends up just Look at how telegram or wickr transitions from being “open” and free to getting stripped of features only to have them become paid only and the wickr sold off to Amazon and ended all non business support…the business model for making a profit off chat applications is bad for users.

    Also now that signal supports usernames I have no reason to use anything else even for people I wouldn’t want having my real number.

    • FriendBesto@lemmy.ml
      link
      fedilink
      arrow-up
      1
      ·
      8 months ago

      Agreed, this is why I am slowly moving away from Signal. The moment they announced putting in a wallet along their own crypto, was the sign for me to leave.

  • BastingChemina@slrpnk.net
    link
    fedilink
    arrow-up
    14
    ·
    8 months ago

    I liked the fact that it is really easy to self-host.

    I tried it with friends on discord and in 10min I had a vps with a server running.

  • uzi@lemmy.ca
    link
    fedilink
    arrow-up
    15
    arrow-down
    1
    ·
    8 months ago

    In F-Droid, after disabling all anti-features, SimpleX still is listed. Signal never will be due to connecting to GCM or Firebase. Molly is an improvement for Signal but not for untrackable privacy like SimpleX from using a different ID with each individual SimpleX contact.

    • malean@lemmy.world
      link
      fedilink
      arrow-up
      4
      ·
      8 months ago

      I hoped Molly leaved the sms feature, that is the only thing I can use as a bait for let my friends switch to signal.

      • uzi@lemmy.ca
        link
        fedilink
        arrow-up
        2
        arrow-down
        1
        ·
        8 months ago

        No, because SMS code was removed from Signal, I believe Molly would have to fork the code if they try to put it back in.

        • Em Adespoton@lemmy.ca
          link
          fedilink
          arrow-up
          1
          ·
          8 months ago

          Not to mention, SMS was removed because it’s inherently insecure at every level. Keeping it would mean there’d be an insecure side channel into the protocol. While it’s a useful onboarding mechanism, it can also be abused — and was. So eventually it got removed to prefer privacy and security over convenience.

          • uzi@lemmy.ca
            link
            fedilink
            arrow-up
            1
            ·
            8 months ago

            That’s a valid reason, prioritizing security over convenience. I forgot about the fact that texting is plain text communication.

  • GadgeteerZA@fedia.io
    link
    fedilink
    arrow-up
    12
    ·
    8 months ago

    @SolarPunker@slrpnk.net I’ve not heard of anyone who does “not like” it? Many don’t know about it maybe. I can’t think of anything I’ve seen against it as it ticks most of the boxes for excellent privacy and has been very usable for me.

    • Gooey0210@sh.itjust.works
      link
      fedilink
      arrow-up
      10
      ·
      8 months ago

      Me, my friends, and family are using it

      Aaand… Everyone is hating it, tbh 🤣

      The notifications are unreliable and at the same time it drains 20% of the battery

      Waiting for fixes, also want to setup my own relay

    • 7heo@lemmy.ml
      link
      fedilink
      arrow-up
      16
      ·
      edit-2
      8 months ago

      https://simplex.chat/blog/20240314-simplex-chat-v5-6-quantum-resistance-signal-double-ratchet-algorithm.html

      messenger-comparison

      ¹ Repudiation in SimpleX Chat will include client-server protocol from v5.7 or v5.8. Currently it is implemented but not enabled yet, as its support requires releasing the relay protocol that breaks backward compatibility.

      ² Post-quantum cryptography is available in beta version, as opt-in only for direct conversations. See below how it will be rolled-out further.

      Some columns are marked with a yellow checkmark:

      • when messages are padded, but not to a fixed size.
      • when repudiation does not include client-server connection. In case of Cwtch it appears that the presence of cryptographic signatures compromises repudiation (deniability), but it needs to be clarified.
      • when 2-factor key exchange is optional (via security code verification).
      • when post-quantum cryptography is only added to the initial key agreement and does not protect break-in recovery.
  • lemmyreader@lemmy.ml
    link
    fedilink
    English
    arrow-up
    10
    ·
    8 months ago

    Interesting project, but last time I tried it was battery hungry, and having made quite an effort to get some of my contacts on Signal, I don’t see it happen to get them all on SimpleXChat. And Signal Stickers make Signal more attractive for some.

  • LemmyHead@lemmy.ml
    link
    fedilink
    arrow-up
    9
    ·
    edit-2
    8 months ago

    I think it’s just that there are too many options and the communities are so fragmented. I’m trying out simplex but it still feels like beta software. Regardless I’d like to see it succeed so we have a real private alternative that doesn’t rely on big tech or shady government sponsorship.