I think the 'simplex.chat' piece is only to show a nice webpage with the invite QR, but the link itself contains the relay DNS. Obviously that one could still be attacked.
nostr:npub1exv22uulqnmlluszc4yk92jhs2e5ajcs6mu3t00a6avzjcalj9csm7d828 any thoughts?
What about using Orbot app with Simplex Chat? I'm not a techy though. Waiting for their reply.
You can use Orbot indeed
That’s correct, simplex.chat domain doesn’t participate in the connection, and the only attack possible is via GitHub replacing page code - I don’t consider it a real threat for now.
Also, you can replace https://simplex.chat/ with simplex:/
It’s probably time we make it an option in the app…
nostr:npub1exv22uulqnmlluszc4yk92jhs2e5ajcs6mu3t00a6avzjcalj9csm7d828Good to know it can be replaced by simplex :/
Is the code for rendering the qr available for selfhost?
Yes, it’s a static page and it can be hosted on any domain - the app ignores domain part when processing the links. We didn’t split it from the website, but it’s trivial for anyone to split.
