SimpleX servers know more about you than DM relays.
Discussion
SimpleX servers only know IP, which 90%+ users protect via tor and/or integrated private routing. There's correlation with any users because there are no user identities of any kind. It's just IP and a bunch of 16k encrypted chunks.
The protocol uses channel IDs and generated keys that are visible to the servers. Those can be used to track you around. Especially if both users use the same server, which is common for the default setting of the app.
I think you may be have looked at it before private routing was implemented. There's only a potential for discerning a specific profile if they're using a private SMP server, and not an array of public servers. Every connection involves a randomly selected server pair selected from the collection of servers each person has defined. With private routing, there's additional proxying and mixing, as well as session-level masking.
Are those things the default now? Last time I check they were still opt-in. And since most of those servers were been run by the same entity, in practice people can still be traced.
But yes, this is way better than their version from last year.
Do you know why they decided to not use Tor sessions to do proxying and masking?
Private routing is on by default now. As of v6 (or maybe v5.8, I don't remember). You're not wrong about channel IDs, but it's a different ID per message queue. With 2 queues, receiving and sending, and each member's pair using different queues, they have very little info to start tracking users, and it would be very hard to identify anyone from that, on a server that has a lot of messages going on.
To me, servers should not even know which messages go in which queues.
The weakness is that there's one main provider for the default servers; SimpleX. It takes manual effort to setup different servers, so as you said, most users are using the default servers. But that's also changing soon as additional providers are being brought in, and their servers will be among the initially configured servers. There's also talk of having a set of randomly-selected servers configured on install so that everyone wouldn't have the same default set.
Yeah, that's a major problem to me. The company should not even run any server. It's too easy for court orders.
I don’t think so man
I think that is incorrect, what information do you think they get?