Simplex Chat is very popular in the Nostr community; whenever someone posts a note asking which chat app is secure, many people recommend Simplex Chat. We also think Simplex Chat is a great app.
So, many people ask what is the difference between Keychat and Simplex Chat? Is Keychat's security as good as Simplex Chat's? Is it really possible to create a chat app as secure as Simplex Chat on Nostr? Why not just use Simplex Chat? Why reinvent the wheel?
A common misconception in the Nostr community is that Nostr is not suitable for private things.
"Nothing about any of the protocols we’ve developed requires centralization; it’s entirely possible to build a federated Signal Protocol-based messenger, but I no longer believe that it is possible to build a competitive federated messenger at all." — Signal Founder Moxie https://signal.org/blog/the-ecosystem-is-moving%C2%A0
This is because the encryption process is completed on the client side, and relays only pass the encrypted messages.
Keychat and Simplex Chat both use the Signal protocol to encrypt messages, so both meet the following security requirements 1-4:
Anti-Forgery
Anti-Forgery ensures that the sender of a message is verifiable and the message has not been tampered with.
End-to-End Encryption
End-to-end encryption ensures that only the sender and receiver can decrypt and read the message content, protecting it from unauthorized access by servers or other network devices.
Forward Secrecy
Forward secrecy ensures that even if the current key is compromised, historical messages cannot be decrypted, since each message uses a new encryption key, which is deleted after use.
Break-in Recovery
Break-in Recovery ensures that if the current key is compromised, future messages cannot be decrypted, and the system can recover from the attack. This feature is also known as backward secrecy.
Metadata Privacy
Protecting the privacy of communication involves more than just protecting the content of messages; it also includes protecting the identities of the communication parties and other data.
Regarding the fifth point, metadata privacy. The designs of Keychat and Simplex Chat are different.
Simplex’s metadata privacy protection scheme
"Simplex chat is the first messenger without user IDs."
“To deliver messages, instead of user IDs used by all other platforms, SimpleX uses temporary anonymous pairwise identifiers of message queues, separate for each of your connections — there are no long term identifiers.”
“Temporary anonymous pairwise identifiers
SimpleX uses temporary anonymous pairwise addresses and credentials for each user contact or group member.
It allows to deliver messages without user profile identifiers, providing better meta-data privacy than alternatives.”
We can understand this mechanism as, if a Simplex Chat user has 10 friends, they have 10 IDs, using different IDs with different friends?
Keychat’s metadata privacy protection scheme
Current chat applications and email have forgotten that an address is not the same as an ID, treating the ID as the address. Emails and current chat applications send messages as [from: Alice's ID to: Bob's ID]. Regardless of how your geographical address changes, when Alice sends an email to Bob, it’s always [from: Alice's ID to: Bob's ID]. This compromises metadata privacy.
However, letters work differently; they are [from: Alice's current geographical address to: Bob's current geographical address].
Keychat separates the receiving address and sending addresses from the ID, and the receiving address and sending addresses are also different. Keychat messages are [from: Alice's one-time sending address to: Bob's almost one-time receiving address]. This makes it difficult for outsiders and relay administrators to determine who is sending messages to whom.
Which scheme do you think is easier to understand and better protects metadata privacy?
Finally, Keychat also uses ecash sat as a stamp for messages, with relays funded by stamp revenue to sustain operations.
Single use IDs are less anon than making an encrypted note that only Bob can read and posting it right beside your public notes. This way Bob can hide in the annonimity set of all your followers.
Single use IDs are trivially discoverable by relay admins by looking at note retrieval queries. Only Alice and Bob will ever access a single use ID. That's an annonimity set of 2.
As soon as you feel a sore throat or a cold you can do any number of these:
Eat a raw onion 🌰
Stop drinking water, it allows the bacteria to spread more easily. Instead drink orange juice 🍊 because of its acidity. The longer your throat is coated in the acid juice the better. So sip it slowly throughout the day. Another option is squeezed lemon 🍋 with water. But don't use sugar, don't make lemonade.
Get as much sun ☀️ as you can. Vitamin D is geat.
Drink vitamin C.
Look at your tongue in the mirror. Is it white? Brush that stuff off while you're brushing your teeth.
Try very hard not to cough. Coughing makes the situation worse by irritating your throat. Focus on holding your breath when you get the feeling of coughing. Ignore the sensation of clearing your throat.
Now the contradiction to the one above. Cough! Hard! But into the sink with your mouth open, tongue out, neck tilted up and your torso bent over forwards. Create a straight passageway from your lungs to your throat to the sink. Cough hard but only if phglem is coming out. Don't do it when your throat is dry. When phlegm is yellow it's still infested. When it's white you've beaten the cold and you can stop coughing into the sink.
When you have a runny nose don't snort. Doing that transfers a runny nose into a throat infection.
Don't blow your nose into tissue paper if you have another option. Tissue paper irritates your nose. A better option is blowing your nose into the sink.
All infected fluids should come outwards. Don't swallow them. Blow your nose in public as much as you have to. Spit the stuff out if you have to.
Sweet. Didn't know about this one.
For direct messages contact me on SimpleX