> That statement is incorrect. Queue identifier is different for each pair of users, not for each user, so it cannot be used to understand who is connected to whom, and even how many users are there.
That statement is correct. I'm not sure which part of the statement you disagree with, so let's break it down into two parts.
The first part simply acknowledges that SimpleX has a message queue identifier (ID) for each contact/chat, which is clearly written in its docs. For example, if Alice opens three one-on-one chats with three contacts, she will have three chat IDs, which will be used to receive messages. Are you challenging this part?
The second part says that these IDs can be correlated through a metadata analysis. I described a few attacks in the article. For example, Alice goes online and checks if she has any new messages by providing these three IDs, which can be easily correlated into a shadow account based on timestamps and an IP address. That's also referred to as clustering of request batches. Are you challenging this part?
> That is not clear what metadata is suggested to analyse here. This can be done with GPA traffic analysis, but the same would apply to any network. Asynchronous delivery makes such attacks harder.
Timestamps, IP addresses, and even internet speed/ping can be used to correlate chat IDs into shadow accounts, I've explained that in the article and also in the Alice example above. Other networks (Tor, Session) have better metadata protections due to a proper 3-hop onion routing. That said, most networks are vulnerable to timestamp-based attacks, but they usually don't claim to be "100% private" with no IDs, etc.
> This is incorrect. Tor has three relays between the user and destination computer. SimpleX has two relays between the user and destination computer. So it's either 1 vs 2 hops, or 2 vs 3 hops. Unless you are counting some different hops.
SimpleX uses a 1-hop routing. I've already provided an example with Session in the article, but since you insist, let's also compare SimpleX with using a centralized messaging app via Tor.
`SimpleX: Alice - 1 relay - receiving server - Bob`
`TG+Tor: Alice - 3 relays - Telegram server - Bob`
1 vs 3 hops. Please provide an example if you dispute this statement.
And I'll repeat again the Session example from the article.
`SimpleX: Alice - 1 relay - server - Bob`
`Session: Alice - 3 relays - swarm - 3 relays - Bob`
Depending on your counting method, it's either 1 vs 6 hops or 2 vs 7 hops. Basically, five hops less.
Are you disputing this? Please provide an example.