this post was submitted on 21 Aug 2024
32 points (92.1% liked)

Privacy

32191 readers
663 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

It seems really cool but I'm a bit wary of it due to the crypto stuff.

top 32 comments
sorted by: hot top controversial new old
[–] [email protected] 28 points 3 months ago (4 children)

Simplex is the better choice imo.

[–] [email protected] 22 points 3 months ago (4 children)

From two days ago:

https://lemmy.ml/comment/13108576

A few SimpleX shortcomings beyond what you noted, in no particular order:

  • No multi-device support.
  • Adding contacts requires sharing somewhat large links (as either text or QR code) which can be inconvenient.
  • Messages are lost if not retrieved soon after they’re sent. (I think it’s 21 days by default. I’ve had vacations longer than that.)
  • No group calls.
  • Group messaging is full-mesh, meaning that as a group grows, the network traffic will balloon faster than it would with any other topology. This is generally bad for high-traffic groups, but it might be okay if they stay small or everyone always has great unmetered connectivity.
  • The claim to not have user IDs is misleading at best, and outright false in group chats.
  • The desktop app uses Java, which will be unappealing to more than a few people. (To be fair, several other messengers use Electron, which is also unappealing to more than a few.)

It does have some neat design ideas. I don’t consider it ready for general use, but I look forward to seeing how it develops.

[–] [email protected] 6 points 3 months ago (1 children)
  • The claim to not have user IDs is misleading at best, and outright false in group chats.

I'm in a group chat but I'm unable to send a direct message to a group member, that's annoying, but would substantiate the claim that they don't have general user IDs.

[–] [email protected] 5 points 3 months ago* (last edited 3 months ago)

Their queue IDs are user IDs. Each one points to a specific user. You can call it a queue ID, or an account ID, or a user ID, or an elephant, but that doesn't change what it is.

They crate a different ID to share with each contact in 1:1 chats, but that doesn't make them anything less than user IDs. You can do the same thing on any other chat service by creating a different account to reveal to each contact. (This is obviously easier to manage on clients that support multiple accounts, but again, that doesn't change what the IDs do.)

And in group chats, they don't even do that; they reveal the same ID to all group members.

[–] [email protected] 3 points 3 months ago (1 children)

There is multi device support.

[–] [email protected] 5 points 3 months ago* (last edited 3 months ago)

On SimpleX? No, there is not. LAN tethering is not multi-device support.

[–] [email protected] 2 points 3 months ago (1 children)

What would you consider ready for general use? I feel like this is being unnecessarily harsh to the majority of potential users.

[–] [email protected] 0 points 3 months ago* (last edited 3 months ago)

I feel like this is being unnecessarily harsh to the majority of potential users.

I don't know why you would think it harsh to point out shortcomings in software. It's not a matter of opinion. These limitations exist, plain and simple, and some of them are not easily discovered from a quick visit to the SimpleX home page.

By listing them here, it saves everyone else the time and trouble of having to investigate on their own. (Unless they assume I'm lying or don't know what I'm talking about, but I can't help them with that.) It might also save some people from starting to build their network of contacts on a particular messenger, only to later discover a deal-breaking problem and have to start all over, asking all their contacts to switch again.

What would you consider ready for general use?

I can't make a single suggestion to fit everyone else's needs, because there is no messenger that addresses everyone's needs. All of them have different tradeoffs, so we have to prioritize the things we want.

For myself and my contacts, Matirx does all the things we must have: Free, anonymous, good crypto, audited, multi-platform, multi-device, not centralized, self-hostable, reasonably easy to use, and delivers messages (without time limits) even when we're offline. It even supports some nice extras, like screen sharing and voice calls.

Matrix detractors generally complain about certain metadata not being encrypted, which is technically true: A few things like the usernames that have joined a room, and avatars (if you set one), have not yet been moved to the encrypted channel and can therefore be seen by your homeserver admin. Frankly, it's not a high enough priority for us to be driven away from a tool that meets our needs. Protecting the content is our priority. We could self-host a server to protect the metadata, but we don't bother, because it's not part of our threat model.

Would I recommend Matrix for high-risk work, where state authorities finding out who you're talking to could threaten your safety? No, at least not in its current state. Communications like that demand very specific protections, and those protections don't exist in any messenger that has the conveniences and features that I expect from a modern chat service. That's (one of the reasons) why whistleblowers and targeted journalists turn to special tools. Having a separate tool/platform for high-risk work is fine; giving up features to meet those needs is a perfectly appropriate tradeoff.

But again, that metadata issue is not a risk factor for us. We're certainly not going to reject a uniquely useful chat platform because of it.

Back to your question:

I don't post on social media telling everyone to use the same tool I do, because I don't know everyone's needs, and I do know that a few people have very specific needs that don't match mine.

However, it turns out that the vast majority of the people I've talked to about this stuff have needs similar to mine, so Matrix (the protocol) often ends up at the top of the list of things to consider.

My main reservation in suggesting Matrix for general use right now is that the official reference clients (they're called Element on every platform) still have some rough edges. For example, occasionally sending messages that cannot be immediately decrypted by the recipient unless they jump through some troubleshooting hoops, and a search feature that isn't implemented in all clients yet. The underlying bugs have been steadily disappearing, so these issues are becoming less and less common, but since they're not entirely solved yet, I use an alternative client and avoid suggesting Matrix to mom and dad for now.

I already use it daily with friends (who I can help if a problem comes up) and people who are comfortable with troubleshooting on their own. It's visibly moving in the right direction.

[–] [email protected] 2 points 3 months ago (1 children)

We made a diff acc for each device and then added them all to groups

Works for us ymmv

[–] [email protected] 2 points 3 months ago

That does seem like a decent workaround for the multi-device problem, if you only communicate in small groups and each member only has a couple of devices. Directly addressing each other could get unwieldy fast as a group (or the number of devices) grows, but I'm guessing you're not in that situation. Nice work.

[–] przmk 5 points 3 months ago

From what I can gather, they don't intend on adding multi device capabilities for technical reasons. A big requirement for me is to be able to use both mobile and desktop without losing the history.

[–] [email protected] 4 points 3 months ago (2 children)

VC funded, not exactly a community project, I'm skeptical, and worried about it's future

[–] [email protected] 5 points 3 months ago (1 children)

The saving grace is it is licensed under AGPLv3 so community can take over if something happen.

[–] [email protected] 3 points 3 months ago (1 children)

That assumes the community can maintain enough public queue servers to deliver on its privacy promises and provide a good level of service.

[–] [email protected] 1 points 3 months ago

Well, there are enough public XMPP or even Matrix servers, so doesn't seem THAT unlikely...

[–] [email protected] 3 points 3 months ago

Wait until you see where Signal's funding comes from. And for that matter, Tor, the Internet, and computers.

[–] [email protected] 2 points 3 months ago (1 children)

Yea seems better, I installed it. Is there a way to allow certain SimpleX contacts to bypass DND? I was able to do it with Signal but it seems not possible with SimpleX

[–] [email protected] 3 points 3 months ago

Not that I'm aware of, no. But I don't have much reason to use that, so I haven't really looked for something like that either.

[–] [email protected] 13 points 3 months ago (1 children)

Things I didn't like about Session when I looked at it:

  • Small group size limit
  • Forward secrecy has been removed
  • Isolated, app-specific onion network seems destined to forever be inferior to something like Tor, at least where privacy is concerned
  • Immature codebase (time and dedication could solve this, of course)
[–] [email protected] 1 points 3 months ago

Yeah I agree with these

Unclear that their profit model will work out for them

[–] [email protected] 6 points 3 months ago* (last edited 3 months ago) (1 children)

My experience is that I tried to use it years ago and it didn't work, so I continued using Signal. Straight up could not receive messages. That's probably fixed now but if I wanted to move away, I'd try SimpleX instead.

[–] [email protected] 1 points 3 months ago

Yeah it work now lol

[–] [email protected] 3 points 3 months ago

My issue is effective impossibility to selfhost. XMPP, Simplex, even Matrix are very possible to run on your own, while a Session node would be insanely, arbitrarily expensive (requires around $1000 now, IIRC used to be more). A hobbyist like me and you would not want to pour this much into something they provide out of the goodness of their heart.

Seriously, if you have this much disposable money, you'd be better off running a few Tor nodes in various places).

[–] [email protected] 3 points 3 months ago (2 children)

It's my go to messenger, idc about the crypto stuff, it's just a way to reward volunteers who use their servers for all the mathematical conversions, and I have been thinking of running a node myself, to make the network more decentralized

It has some downsides though, you can't send larger files than 8mb, and if you lose your recovery phrase, you're compromised, and you can't edit messages

I used to tell people to use Signal or Element, but I noticed many can't even sign up, Session just generates a random ID for you, and voila..

[–] [email protected] 3 points 3 months ago

I think the biggest issue for most privacy/security people is the removal of PFS.

[–] [email protected] 1 points 3 months ago

it's just a way to reward volunteers

Yea, but creating a node requires a BIG initial stake. So wonder how likely it is that you'd at least break even with this.

[–] [email protected] 2 points 3 months ago

I still don't get their "privacy coin" based network. I think their luck would look a lot better if they use the existing tor network instead of lokinet.

[–] [email protected] 2 points 3 months ago

It's nice, reliable and super quick to on board people since no sign up required. Technology seems interesting and novel, and it's also transparent since it even shows the node path (in addition to being FOSS)

Do I trust it? No, but I don't trust technology in general

[–] [email protected] 1 points 3 months ago

Development is so slow it's genuinely hard to believe.
Usability is rather lacking.
I'd say avoid it for the time being and I say that as former long time user.

[–] [email protected] 0 points 3 months ago (1 children)
[–] [email protected] 2 points 3 months ago (1 children)

Never was a scam. What are you on about?

[–] [email protected] -4 points 3 months ago

Cope. It's based on a shitcoin and now they're rug pulling their node operators and forcing an even less privacy-oriented premined ethereum-based shitcoin that'll further enrich only the devs.