@simplex@mastodon.social avatar

simplex

@simplex@mastodon.social

SimpleX - the first messaging platform without user identifiers of any kind - 100% private by design!

Security assessment: https://simplex.chat/blog/20221108-simplex-chat-v4.2-security-audit-new-website.html

This profile is from a federated server and may be incomplete. Browse more on the original instance.

simplex, to random
@simplex@mastodon.social avatar

We are upgrading the preset SimpleX relays to the new version - it is compatible only with the apps starting from v5.5.3 (released early February) - please upgrade to the latest version and ask your friends to upgrade too.

simplex,
@simplex@mastodon.social avatar

@MartinBe @MartinaNeumayer we have the GitHub issue, but it would be really helpful to have the logs from the device when it happens. Also, having a full list of settings might help reproducing.

echo_pbreyer, to random German
@echo_pbreyer@digitalcourage.social avatar

🇩🇪270 Wissenschaftler aus 33 Ländern zerreißen den neuesten Vorstoß des EU-Rats zur #Chatkontrolle in der Luft und warnen vor "katastrophalen Konsequenzen":
▶️untergräbt Kommunikations- und Systemsicherheit
▶️nie gekannte Überwachungs- und Kontrollmöglichkeiten
▶️Millionen Falschtreffer zu erwarten
▶️#Chatkontrolle ist Techno-Solutionismus und wird Kindesmissbrauch kaum eindämmen

https://nce.mpi-sp.org/index.php/s/eqjiKaAw9yYQF87

#Piraten

simplex, (edited )
@simplex@mastodon.social avatar

@echo_pbreyer Consequences will actually be much worse - they will hugely increase the abuse of children if passed, not just have little impact.

The main risk for children is their discoverability on social media and the lack of parental controls - it allows sexual predators to approach children on social media, and reducing privacy will make it much more effective.

This NM case against Meta illustrates how the lack of privacy helps abuse: https://nmdoj.gov/press-release/attorney-general-raul-torrez-files-lawsuit-against-meta-platforms-and-mark-zuckerberg-to-protect-children-from-sexual-abuse-and-human-trafficking/

simplex,
@simplex@mastodon.social avatar

@echo_pbreyer instead of dramatically increasing the risks for children by reducing their and their family privacy, the legislators should consider raising the age where parents have the right to access children information to at least 16 years, as technology platforms can't identify sexual predators masquerading as children.

By the time the abuse materials distributed it's already too late - so by reducing the privacy legislators are trying to hide the symptoms rather than solve the problem.

simplex,
@simplex@mastodon.social avatar

@echo_pbreyer in the stand-off "protect children" vs "protect privacy" we will lose both. The reality is that the only way to protect children is by increasing their and their family privacy.

That is of course if legislators really want to protect children, and are not simply using it as a pretext for large scale surveillance against their citizens.

Let's not be fooled by "protect the children" narrative - if Chat Control surveillance succeeds, children will be a collateral damage.

simplex, to random
@simplex@mastodon.social avatar

SimpleX Chat v5.7 released:

  • quantum resistant e2e encryption will be enabled for all contacts.
  • forward and save messages without revealing the source.
  • in-call sounds and switching sound sources.
  • customizable profile images - from square to circle.
  • better network connection management.

Also, we added Lithuanian interface language to Android and desktop apps - thanks to our users!

Read moret: https://simplex.chat/blog/20240426-simplex-legally-binding-transparency-v5-7-better-user-experience.html

simplex,
@simplex@mastodon.social avatar

@anchel done

simplex,
@simplex@mastodon.social avatar

@anchel weird, not for me. Please try force-refresh the page maybe?

simplex,
@simplex@mastodon.social avatar

@anchel I see, you were asking about simplexmq... Updated :)

dico, to random German
@dico@det.social avatar

What I still don't understand: Why do services like @simplex and @Tutanota use Reddit as a forum to communicate with the user?

simplex,
@simplex@mastodon.social avatar

@Tutanota @dico I can confirm. What's more - we had all the initial growth thanks to Reddit communities, and if we are not where our next users are - how will we bring them over the line?

Brett_E_Carlock, to random
@Brett_E_Carlock@mastodon.online avatar

@simplex, I am just learning about your app/protocol.

Is there a way to migrate chat histories from other apps, like say Threema, into Simplex so I can reduce switching costs for my family and friends?

simplex,
@simplex@mastodon.social avatar

@Brett_E_Carlock Not really, no such option.

alshafei, to privacy
@alshafei@mastodon.social avatar

An overview of how @simplex works and what sets it apart from other messaging apps and protocols:

https://linuxiac.com/simplex-chat/

"SimpleX is one of the most private and secure chat and applications platform that you can find out there."

simplex,
@simplex@mastodon.social avatar

@jamesmarshall @alshafei

Thank you!

On groups, for most public, open-to-join groups e2e encryption is needed to protect participation, not content, so we don't need pairwise ratchets between members here - we're developing the new design based on super-peers that'll do broadcasting. e2e encryption between members can indeed be added later to that design.

For IP address protection, we are currently developing a two-hop message routing protocol: https://github.com/simplex-chat/simplexmq/blob/stable/rfcs/2023-09-12-second-relays.md

simplex, (edited ) to random
@simplex@mastodon.social avatar

Making message deniability more plausible.

Cryptographic repudiation provides, at least technically, a plausible deniability to senders' whose confidentiality was betrayed by the recipients.

I wrote before what we added to improve deniability: https://www.reddit.com/r/SimpleXChat/comments/1al1emd/improving_repudiation_deniability_in_simplex/

So, we're considering to add two features:

  • ability to create received messages on your device from any contact (effectively, to fake them).
  • ability to send signed messages that cannot be faked.

What do you think about it:

simplex,
@simplex@mastodon.social avatar

@liberloebi Curious, why do you think it's a horrible idea?

simplex,
@simplex@mastodon.social avatar

@lyyn the case for non-repudiable messages is binding promises/contracts.

simplex,
@simplex@mastodon.social avatar

@lyyn we never said we're building a messenger ;)

simplex,
@simplex@mastodon.social avatar

@pixelcode agreed about not actively encouraging, it may be hidden under "long press on send", or even under some setting.

But imagine how hard it would be to explain the concept of deniability to the jury without this feature - you'd need to bring an expert, and still an average person is likely to remain unconvinced. And how much easier it becomes when you can demonstrate that message history cannot be used as an evidence, and it is, legally, a hearsay (as it already is).

simplex, to privacy
@simplex@mastodon.social avatar

SimpleX Chat: Real privacy via stable profits and non-profit protocol governance.

See the post about v5.6 release with quantum resistant end-to-end encryption and also how SimpleX network will deliver real privacy via a profitable business and non-profit protocol governance:

https://simplex.chat/blog/20240323-simplex-network-privacy-non-profit-v5-6-quantum-resistant-e2e-encryption-simple-migration.html

Esra'a Al Shafei (@alshafei) has just joined SimpleX Chat team to help us deliver these goals - welcome!

lutindiscret, to random
@lutindiscret@mastodon.libre-entreprise.com avatar

@simplex have you considered supporting https://webxdc.org 🤔 ?

simplex,
@simplex@mastodon.social avatar

@lutindiscret yes, I've seen the spec. I think that widgets-in-chat concept doesn't really work UX-wise for the simple reason that the life-time of a widget is usually longer than it stays in view. So, something else is needed to bring interactivity to the conversations.

simplex, to privacy
@simplex@mastodon.social avatar

SimpleX Chat v5.6 beta: adding quantum resistance to Signal double ratchet algorithm!

This is a major upgrade for SimpleX messaging protocols, and I am really proud to present the results of the hard work of our whole team on the Pi day.

https://simplex.chat/blog/20240314-simplex-chat-v5-6-quantum-resistance-signal-double-ratchet-algorithm.html

You can install beta version via the GitHub release, our F-Droid repo, Google PlayStore Beta and Apple TestFlight.

Warning: this is the first beta for v5.6 release, expect some bugs!

simplex, to random
@simplex@mastodon.social avatar

Updated "SimpleX Chat Privacy Policy and Conditions of Use"

The updated document: https://github.com/simplex-chat/simplex-chat/blob/stable/PRIVACY.md

The changes: https://github.com/simplex-chat/simplex-chat/pull/3796/files

TL;DR:

  • it clarifies that we develop software for communication network, and not a communication service.
  • it highlights the requirement of AGPLv3 license to publish any code modifications, and our commitment to run unmodified code.

Let us know any comments or questions!

simplex, to random
@simplex@mastodon.social avatar

@djb sorry if it is not the right place to ask the question about NaCl crypto_box.

In case you could answer, am I right that :

  1. it does not hash the output of Curve25519 computation, and
  2. it is secure to not hash it given the rest of the construction?

Thank you for your work!

simplex, to random
@simplex@mastodon.social avatar

We are improving repudiation (deniability) in SimpleX protocols!

Please send any questions/comments!

We believe that repudiation is very important for private communications.

Currently only a part of SimpleX protocol stack provides it – client-to-client e2e encryption, that includes double ratchet (aka Signal) algorithm.

This proposal (https://github.com/simplex-chat/simplexmq/blob/ep/cmd-auth/rfcs/2024-02-03-deniability.md) adds repudiation to client-relay protocol.

It is already mostly implemented and will be fully rolled out by v5.7 of SimpleX Chat.

djb, to random
@djb@cr.yp.to avatar

Is there a name for the following failure pattern? (1) "Don't worry about flaws in defense X: we have Y as another layer of defense." (2) "Don't worry about flaws in Y: we also have X." (3) "This real-world attack exploited flaws in X and in Y? Nobody could have expected that!"

simplex,
@simplex@mastodon.social avatar

@djb could be a "false dilemma" logical fallacy as the assumption in 1 and 2 is that X and Y flaws are mutually exclusive, so 3 is unexpected?

GrapheneOS, to random
@GrapheneOS@grapheneos.social avatar

In the latest release of GrapheneOS, you can now enable hardware memory tagging for all user installed apps on the Pixel 8 and Pixel 8 Pro to make them substantially harder to exploit. This is particularly useful for apps like Signal and WhatsApp.

https://grapheneos.social/deck/@GrapheneOS/111479244810981775

simplex,
@simplex@mastodon.social avatar

@GrapheneOS

> E2EE does no good if app is exploited.

I think this is a very wide and generally misleading statement. It's not that black and white. You are talking about different attack vectors, and the purpose of E2EE is to protect from the operator, and the attacks you describe are from untrusted/malicious contacts. Also, the attack via media that would lead to the compromise of E2EE with other contacts is very hard - it's on you to demonstrate it, before stating it's possible.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • anitta
  • mdbf
  • magazineikmin
  • InstantRegret
  • hgfsjryuu7
  • Durango
  • Youngstown
  • slotface
  • everett
  • thenastyranch
  • rosin
  • kavyap
  • khanakhh
  • PowerRangers
  • Leos
  • DreamBathrooms
  • vwfavf
  • ethstaker
  • tacticalgear
  • cubers
  • ngwrru68w68
  • modclub
  • cisconetworking
  • osvaldo12
  • GTA5RPClips
  • normalnudes
  • tester
  • provamag3
  • All magazines
    •