> What I don't quite follow - if the same key A is used to retrieve the messages how it is any better than having queue ID from the perspective of correlating messages to the users?
You need to collect metadata over time to get some value out of it. SimpleX durable queue IDs help with that. His scheme somehow only has ephemeral per-message keys where I don't know where they come from. He may be alluding to https://github.com/nostr-protocol/nips/blob/master/44.md .
I suspect the idea is to post DMs to relays without a specific recipient coded into the message. A large number of *potential* recipients all download all DMs from the sender and attempt to decrypt them. This will succeed for those that were intended for them. The security comes from a large number of potential recipients connecting with their IP for download out of which the actual recipient is but one.
I doubt this will scale well, in line with nostr's overall hail mary approach to distributed systems architecture.
Would be good to look at the spec.
nostr:npub1gcxzte5zlkncx26j68ez60fzkvtkm9e0vrwdcvsjakxf9mu9qewqlfnj5z Thanks for the suggestions. We did indeed consider various ideas about how to reduce the persistence queue ID, but the to rotate the queues to another server periodically seemed simpler and providing better metadata protection. The current approach also allows some basic protection from resource exhaustion attacks.
What I don't quite follow - if the same key A is used to retrieve the messages how it is any better than having queue ID from the perspective of correlating messages to the users? Wouldn't it still identify the user any better, and now instead of mapping IP addresses to queues, the server could map IP addresses to the messages... Maybe I don't understand what you propose?
The ideas we considered were about trying to avoid any persistent IDs entirely, e.g. via some kind of DHT tables, and something like this might happen in "v3" of the protocols (we are currently still moving to "v2").
Repudiation is the important quality for any private conversation - it gives digital conversation the same properties as face to face - you can plausibly deny it. And yes, non-repudiation can be added in the context where it is needed.
Yes, but in Session it is sadly achieved it at a cost of compromising security - and the recovery phrase is just two taps away, to be copied unnoticeably even by technically incompetent attacker…
Improving repudiation (deniability) in SimpleX protocols
Please send any questions/comments!
We believe that repudiation (aka deniability) is very important for communications. See this discussion with Session CTO about it, for example:
https://twitter.com/JefferysKee/status/1754336020857029013
https://twitter.com/SimpleXChat/status/1754455524068720762
https://twitter.com/JefferysKee/status/1754762787119919587
https://twitter.com/SimpleXChat/status/1754840209936543977
Currently only a part of SimpleX protocol stack provides it – client-to-client e2e encryption, that includes double ratchet (aka Signal) algorithm in one of the layers.
Client-relay protocol, on another hand, does not provide it, and as relays are chosen by the recipients, a modified relay can provide non-repudiation for sent messages, which is undesirable in the context of private communications.
We believe there should be a possibility for digital off-the-record conversations, in the same way as it is possible for in-person meetings - while recipient can keep the memory and even transcript, it should not be a strong proof to a third party.
This proposal adds repudiation to client-relay protocol by replacing cryptographic signature with authenticator (see this WIP document for the details: https://github.com/simplex-chat/simplexmq/blob/ep/cmd-auth/rfcs/2024-02-03-deniability.md).
It is already mostly implemented and will be fully rolled out by v5.7.
A more detailed post about repudiation importance and its acceptance in society and legal systems is coming.
I don’t think you can equate the amount of metadata available to Matrix and Signal servers with what is available to SimpleX servers - it’s actually less than what is available to Nostr relays users connect to. Putting them in one list, however flattering, implies a similar amount of metadata available, which is very far from reality and is misleading.
The comments on comparisons of SimpleX with other platforms: https://www.reddit.com/r/SimpleXChat/comments/1afgrcj/comments_on_comparisons_of_simplex_with_other/
SimpleX Chat v5.5 is released – with private notes and group history!
Also in this release:
- simpler UX to connect - paste SimpleX links to search bar.
- improved message delivery and reduced battery usage.
- fully encrypted files and media in the app storage.
- reveal secrets in messages by tapping.
- many other improvements.
Downloads page: https://simplex.chat/downloads/
#privacy #security #messenger
Thank you for all the support this year - it's been epic!
These are the last releases this year!
New in v5.4.2:
- faster sending messages to groups.
- lower CPU usage (except armv7 devices).
- on iOS: improved notifications and smaller video sizes
- many fixes!
In addition to that, v5.5-beta.0 has:
- new simpler UI for making connections.
- optional visible history in groups.
- reveal the secret texts by tapping.
Get them via our downloads page: https://simplex.chat/downloads/
Happy new year!
A talk about SimpleX Chat at BornHack 2023 conference by Peter Stuge:
https://media.ccc.de/v/bornhack2023-56143-simplex-chat-simple-m (recently uploaded)
The talk was made when v5.2 was the latest, with lots of progress since:
- local file encryption
- desktop client
- using mobile from desktop
etc.
Thank you!
Simplex Chat v5.4 is released – link mobile and desktop apps via secure quantum resistant protocol.
Also in v5.4:
- Many group improvements:
- faster to join and more reliable. Once you upgrade to v5.4, join the new users' group and find other groups in SimpleX directory.
- create groups with incognito profile.
- block group members to reduce noise.
- Better calls: faster to connect, with screen sharing on desktop.
- Many other fixes and improvements.
Read more in the post: https://simplex.chat/blog/20231125-simplex-chat-v5-4-link-mobile-desktop-quantum-resistant-better-groups.html
Install the apps via downloads page: https://simplex.chat/downloads/
SimpleX Chat v5.4.0-beta.3!
Share screen/window in desktop video calls!
Lots of group improvements:
- create groups incognito.
- block some members just for you.
- etc.
Lots of fixes - more stable connections, more stable sending files, fixed file sharing and many crashes.
Get it from GitHub, our F-Droid repo, Play Store beta and TestFlight for iOS: https://simplex.chat/downloads/
Also, iOS and Android (aarch64 only for now – it didn't change for arvm7a devices) are built using the new version of the GHC compiler that should reduce the battery consumption a bit - please share how battery consumption changed for you, comparing with the previous version.
RIP Chat Control?
https://european-pirateparty.eu/historic-agreement-on-chatcontrol-european-parliament-wants-to-safeguard-secure-encryption/ while I always believed that "Chat Control" as it was proposed would be dead on arrival, and unenforceable, it's always great to see common sense prevail. Some win for #privacy and #security of communications. The fight is far from over though.
https://freedom.tech/simplex-chat-review/ - a fantastic review of SimpleX Chat by nostr:npub1tr4dstaptd2sp98h7hlysp8qle6mw7wmauhfkgz3rmxdd8ndprusnw2y5g
SimpleX Chat is now available via AppImage hub!
SimpleX Chat desktop for Windows is released in v5.4-beta.0!
https://github.com/simplex-chat/simplex-chat/releases/tag/v5.4.0-beta.0
I don’t think that marketing Session in competitor’s threads is a viable replacement for lost deniability and forward secrecy, and for the fact that whoever has passphrase can read user’s messages without them knowing. So no, I don’t think anybody needs to use session, even Signal seems a better trade off.
Via export in database settings, but you can’t use one profile in both devices yet
F-droid is always a bit behind, you can check our fdroid repo: https://simplex.chat/fdroid