I think the 'simplex.chat' piece is only to show a nice webpage with the invite QR, but the link itself contains the relay DNS. Obviously that one could still be attacked.
nostr:npub1exv22uulqnmlluszc4yk92jhs2e5ajcs6mu3t00a6avzjcalj9csm7d828 any thoughts?
That’s correct, simplex.chat domain doesn’t participate in the connection, and the only attack possible is via GitHub replacing page code - I don’t consider it a real threat for now.
Also, you can replace https://simplex.chat/ with simplex:/
It’s probably time we make it an option in the app…
nostr:npub1exv22uulqnmlluszc4yk92jhs2e5ajcs6mu3t00a6avzjcalj9csm7d828Good to know it can be replaced by simplex :/
Is the code for rendering the qr available for selfhost?
Yes, it’s a static page and it can be hosted on any domain - the app ignores domain part when processing the links. We didn’t split it from the website, but it’s trivial for anyone to split.
