does it really need the simplex.chat dns as a rendezvous point? If yes, it would seem to me as a weak point.. if the domain gets seized or blocked by some dictatorships...
Discussion
You can run your own. Early days.
Thanks, yes, that helps, I must test it with a self hosted server sitting on tor with an onion address for the rendezvous. Do not want to rely on a centralized ICANN services. 😅
I think the 'simplex.chat' piece is only to show a nice webpage with the invite QR, but the link itself contains the relay DNS. Obviously that one could still be attacked.
nostr:npub1exv22uulqnmlluszc4yk92jhs2e5ajcs6mu3t00a6avzjcalj9csm7d828 any thoughts?
What about using Orbot app with Simplex Chat? I'm not a techy though. Waiting for their reply.
You can use Orbot indeed
That’s correct, simplex.chat domain doesn’t participate in the connection, and the only attack possible is via GitHub replacing page code - I don’t consider it a real threat for now.
Also, you can replace https://simplex.chat/ with simplex:/
It’s probably time we make it an option in the app…
nostr:npub1exv22uulqnmlluszc4yk92jhs2e5ajcs6mu3t00a6avzjcalj9csm7d828Good to know it can be replaced by simplex :/
Is the code for rendering the qr available for selfhost?
Yes, it’s a static page and it can be hosted on any domain - the app ignores domain part when processing the links. We didn’t split it from the website, but it’s trivial for anyone to split.
Does using Orbot/TOR solve that?