You'd have to have a link between the pseudonym and the user right? So that only exists upon full server compromise right? I which case only the admin would be fucked (potentially) VS users bc you'd assume those using simplex would use a vpn giving them plausible deniability between and user IP correlations
well that's weird: when I said simplex collects users' data, I meant «when you use application SimpleXChat, it sends anonymized diagnostics about the use to improve your usage experience» — yet now I cannot find any proofs of that not. I was sure I read it myself in their privacy policy. Huh...
Anyway, yes, official servers do collect some statistics (which may be somewhat dangerous: https://www.nature.com/articles/s41467-019-10933-3 — yet not too bad). I'm not sure if using own server won't identify you by centralizing all your connections, killing the main reason to use the app: when 100 (your) pseudonyms uses all one same small server, and no or almost no other people are using it, pseudonyms can clearly be identified as belonging to a one person, or am I wrong?
Discussion
we should note that not everyone takes extra actions. users would be even safer is vpn + tor is used, and even more safe if simplex is installed on a disposable phone — yet up to 90% of the users don't use vpn and tor additionally.
session includes tor-like system (with actually higher safety than the tor) in the core. thus, in session privacy is on by default, not optionally.
note once again: I'm not saying session is definitely better — both apps have their advantages.
From my reading, a tuslly it doesn't matter if the simplex server is compromised as it's just a broker, messages are only stored on the people involved in the message