SimpleX Chat Discussion.

  • 🐕 I am attempting to get the site runnning as fast as possible. If you are experiencing slow page load times, please report it.
P R O X Y

P R O X Y

Ghost in the muuuuhsheen
True & Honest Fan
kiwifarms.net
Joined
Sep 5, 2024
Making this thread after some of the discussion from here. I'm sure there is like three of us total who care about discussing it but figured I'd at least open it up to a broader discussion.

SimpleX is the "first messenger without user IDs", comparable to Signal, Session, Matrix, and many more. It's made some headlines as being the next big messenger all the baddies are going to go to, but if you read through my inital rant then you'll see that's probably not the case.

Pro's:
  • Open-source
  • Built-in Tor Routing (not on by default)
  • Available on every major desktop and mobile operating system.
  • "Incognito" aliases, allowing you to join other chats without linking to your main alias.
  • E2E encrypted messages, voice messages, calls, and files.
  • Content padding, make network forensics based on traffic more difficult.
  • Sign-up without email, phone, or anything else identifying.
  • Undergone an audit.
Con's:
After seeing a company as large as Telegram get targeted by law enforcement, I would be shocked if SimpleX can't be easily pressured into complying with law enforcement which they already basically do with their privacy policy saying so. It's not very clear to me just yet if you can fully opt-out of everything that touches SimpleX infrastructure. In fairness to SimpleX, Telegram is completely centralized and was only used cause they didn't moderate anything. SimpleX hasn't grown large enough to see how they will impose their own moderation.

* For decentralization I get the feeling I'm misunderstanding why they are labeling it as such. For instance if I setup a server for SimpleX, I believe only I would be using that one, there is no network that it is mixed into similar to a network like Tor/I2P where other people would also be using my server (unless I explicitely gave them access). So in theory I guess yes it is not centralized in that they can deny me access to the network (although I'm not convinced they can't just block my relay from interacting with their servers), but the network in its current state still seems very centralized to some degree? I'd appreciate anyones inputs.

Another point I wanted to make is that if you look at the DNS information below, you can see all the servers for their infrastructure. You can see servers in Germany, Sweden, and the UK, which is kind of a mixed bag for a network layout in terms everything. It is trivial to see anyone who is using SimpleX since the servers associated with the app are easily known. Again this is common on other services like Signal, Telegram, blah blah blah. The possibly bigger issue is that all the infrastructure is on Linode / Akamai Cloud Compute, which is subject to US Laws, specifically New Jersey. How will Linode react once SimpleX starts getting used for more degenerate stuff? Not sure.

The cases when SimpleX Chat Ltd may share the data temporarily stored on the servers:
  • To meet any applicable law, or enforceable governmental request or court order.
  • To enforce applicable terms, including investigation of potential violations.
  • To detect, prevent, or otherwise address fraud, security, or technical issues.
  • To protect against harm to the rights, property, or safety of software users, SimpleX Chat Ltd, or the public as required or permitted by law.

DNS Servers

ns5.linode.com.
92.123.95.2
AKAMAI-ASN2
The Netherlands

ns1.linode.com.
92.123.94.2
AKAMAI-ASN2
The Netherlands

ns2.linode.com.
92.123.94.3
AKAMAI-ASN2
The Netherlands

ns3.linode.com.
92.123.95.3
AKAMAI-ASN2
The Netherlands

ns4.linode.com.
92.123.95.4
AKAMAI-ASN2
The Netherlands

MX Records **
10 mail.simplex.im.
172.234.115.164
AKAMAI-LINODE-AP Akamai Connected Cloud
Sweden

TXT Records ** Find more hosts in Sender Policy Framework (SPF) configurations
"v=spf1 mx -all ra=postmaster"

Host Records (A) ** this data may not be current as it uses a static database (updated monthly)
smp1.simplex.im

SSH: SSH-2.0-OpenSSH_8.4p1 Debian-5+deb11u1
88.80.191.111
AKAMAI-LINODE-AP Akamai Connected Cloud
United Kingdom
smp10.simplex.im
172.232.147.214
AKAMAI-LINODE-AP Akamai Connected Cloud
Sweden
smp11.simplex.im

SSH: SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.4
139.177.177.148
AKAMAI-LINODE-AP Akamai Connected Cloud
Germany
smp12.simplex.im
172.236.19.89
AKAMAI-LINODE-AP Akamai Connected Cloud
United Kingdom
smp14.simplex.im
139.177.180.4
AKAMAI-LINODE-AP Akamai Connected Cloud
Germany
smp15.simplex.im

HTTP: nginx centminmod
FTP: 220- Welcome to Pure-FTPd privsep TLS -220-You are user number 1 of 1000 allowed.220-Local time is n
SSH: SSH-2.0-OpenSSH_8.0
HTTP TECH: nginx 172.104.138.143
AKAMAI-LINODE-AP Akamai Connected Cloud
Germany
smp16.simplex.im
139.162.163.87
AKAMAI-LINODE-AP Akamai Connected Cloud
Germany
smp18.simplex.im
172.232.158.240
AKAMAI-LINODE-AP Akamai Connected Cloud
Sweden
smp19.simplex.im
172.234.115.219
AKAMAI-LINODE-AP Akamai Connected Cloud
Sweden
smp4.simplex.im
85.159.210.201
AKAMAI-LINODE-AP Akamai Connected Cloud
United Kingdom
smp6.simplex.im
172.232.152.8
AKAMAI-LINODE-AP Akamai Connected Cloud
Sweden
smp7.simplex.im
172.232.147.82
AKAMAI-LINODE-AP Akamai Connected Cloud
Sweden
smp8.simplex.im
194.195.243.87
AKAMAI-LINODE-AP Akamai Connected Cloud
Germany
smp9.simplex.im
172.232.152.16
AKAMAI-LINODE-AP Akamai Connected Cloud
Sweden
stun.simplex.im

HTTP: nginx/1.21.4
SSH: SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.5
HTTP TECH: nginx,1.21.4
nginx 88.80.185.137
AKAMAI-LINODE-AP Akamai Connected Cloud
United Kingdom
test.simplex.im
172.232.132.40
AKAMAI-LINODE-AP Akamai Connected Cloud
Sweden
turn.simplex.im

HTTP: nginx/1.18.0 (Ubuntu)
HTTP TECH: Ubuntu
nginx,1.18.0 139.162.253.141
AKAMAI-LINODE-AP Akamai Connected Cloud
United Kingdom

A clear outline of what information can be obtained from SimpleX users.

SimpleX Messaging Protocol server that proxies the messages to another SMP server​

can:


  • learn a sender's IP address, as long as Tor is not used.
  • learn when a sender with a given IP address is online.
  • know how many messages are sent from a given IP address and to a given destination SMP server.
  • drop all messages from a given IP address or to a given destination server.
  • unless destination SMP server detects repeated public DH keys of senders, replay messages to a destination server within a single session, causing either duplicate message delivery (which will be detected and ignored by the receiving clients), or, when receiving client is not connected to SMP server, exhausting capacity of destination queues used within the session.

SimpleX Messaging Protocol server​

can:

  • learn when a queue recipient is online
  • know how many messages are sent via the queue (although some may be noise or not content messages).
  • learn which messages would trigger notifications even if a user does not use push notifications.
  • perform the correlation of the queue used to receive messages (matching multiple queues to a single user) via either a re-used transport connection, user's IP Address, or connection timing regularities.
  • learn a recipient's IP address, track them through other IP addresses they use to access the same queue, and infer information (e.g. employer) based on the IP addresses, as long as Tor is not used.
  • drop all future messages inserted into a queue, detectable only over other, redundant queues.
  • lie about the state of a queue to the recipient and/or to the sender (e.g. suspended or deleted when it is not).
  • spam a user with invalid messages.

Without ranting any more I think the application is good, and with some configuration you can probably keep yourself safe from the feds coming to inspect the size of your anoose. I think the media personalities pushing this as the next place for big bad criminals are trying to just fuck these people over as this application does little to realistically keep you anonymous. It'll sometimes relay your IP through their relay if you aren't using Tor, but once you trust a server it possibly stops doing that? I have to look through some of the code but since the Tor is using it as a proxy setting, I'm not convinced this can't be bypassed through the other network features in the application. Use at your own risk ..
 
  • Informative
  • Thunk-Provoking
  • Like
Reactions: allthewaydowntotheballbag, Fagnacious D, Relinquish and 6 others
"simplex" just makes me think of the herpes simplex virus, you know that permanent disease that you find on a whore and infects the mouth and genitals with weeping growths? That one. That's exactly what I think about when I hear "simplex". The herpes virus. The permanent virus, the really disgusting permanent virus that is an embarrassing social stigma. Dirty, nasty, nobody ever wants to make physical contact with you ever again. Kind of like HIV. Like AIDS.
 
  • Like
  • Agree
  • Informative
Reactions: I'm Retarded?, Another Char Clone, Dragavei and 9 others
Definitely sounds interesting imo. Will wait to see what comes of it. Have only seen it discussed in sketchy circles.

spookiepookie3 said:
This looks and sounds like another honeypot.
Click to expand...
I'm not sure what other honeypot this could be reminiscent of. If you have any actual examples of similar projects being honeypots or something, that would be wonderful.
 
Personally, I don't understand their pitch of "we gots no user IDs, y'all!" because it's trivial to set up a blank "identity" with, say, a virtual machine and the myriad of available proxying tools and just use Discord XMPP or something.
 
  • Agree
  • Thunk-Provoking
Reactions: Lard Shart, Cats and Scout Trooper
I came into this thread curious because I'd heard about simpleX as the new boogieman which means it could be good but it seems it's just a honey pot. This is all I needed to know to dismiss it:
P R O X Y said:
Company is based out of London, UK.
Click to expand...

Thank you for the information.
 
I think this app has a lot of potential. The only thing I hate about it is the inability to use it on more devices, which makes it really impractical.
 
  • Thunk-Provoking
Reactions: vertebrae
Shlomo XL said:
Personally, I don't understand their pitch of "we gots no user IDs, y'all!" because it's trivial to set up a blank "identity" with, say, a virtual machine and the myriad of available proxying tools and just use Discord XMPP or something.
Click to expand...
Trivial for you, not for the thousands of normies you invariably need to mobilize an effective social/political movement. PGP and Tor have existed for decades but all it does is put a target on your back. Anonymity and secrecy needs to be seasoned and prepared to perfection before it's handed to normies on a silver plate. Signal, while a US intel front, has succeeded more than any other recent effort because they understood you need to make these platforms/tools normie-proof to be useful in the big-picture.

Signal's success deserves study. Its spread through the western world worked because it matched iMessage's clean and intuitive UX with crossplatform availability. In the U.S., iPhone owners don't default to third party messengers (e.g. WhatsApp, FB Messenger), so iOS -> Android messaging has always been crippled. This was a perfect opening. It also eased the concerns of street-level drug dealers, who then required their clients contact them through it. That helped it spread like fire across college campuses.
 
Last edited:
  • Like
  • Horrifying
Reactions: allthewaydowntotheballbag and Shlomo XL
Shlomo XL said:
Personally, I don't understand their pitch of "we gots no user IDs, y'all!" because it's trivial to set up a blank "identity" with, say, a virtual machine and the myriad of available proxying tools and just use Discord XMPP or something.
Click to expand...
XMPP does not protect metadata, unlike SimpleX. Operators of Jabber servers can tell precisely who you are talking to, their profile pictures and any groups they are in, among other things. Not everyone cares about this but in my opinion it's important, a lot of information can be gleaned from analyzing who you communicate with. Arguably, this is mitigable by running an instance, however then you would stand out (unless you open your server to the public, in which case have fun dealing with law enforcement scrutiny), and you would also have to worry about your hosting provider snooping if compelled to.

SimpleX doesn't have this problem, even in the case of server compromise or a malicious owner/provider, metadata is kept private. That's the main reason to use it, and I'm not sure there's a good alternative.

Also, if you don't trust the official servers, there's a plethora of community-run ones: https://discuss.privacyguides.net/t/simplex-community-servers-list/21443 (and you can, of course, start your own). I don't get OP's point about the network not being decentralized, you can use SimpleX without relying on their official infrastructure at all.
 
Last edited:
  • Like
  • Thunk-Provoking
Reactions: allthewaydowntotheballbag and Shlomo XL
Cats said:
"simplex" just makes me think of the herpes simplex virus, you know that permanent disease that you find on a whore...
Click to expand...
That sounds more like a projection of your inner worries than anything else really. To me, simplex is the generalized geometric shape of a triangle.
 
You might be on to something. I was in a discussion group with the main developer/owner of simplex and he mentioned he is planning a way to moderate the content upload to the SMP/XFTP(media sharing) servers. He said this will only be done on official servers, but who knows.

P R O X Y said:
I believe only I would be using that one
Click to expand...
You're wrong here. If you have the domain/IP address/ onion domain of a smp/xftp you can use it. In fact there are many listed if you look up unofficial simplex servers on github. Most active communities have shared their server with everyone.
 
You must log in or register to reply here.
Back