The entire platform is a joke. It pretends to have no identifiers and heavily markets queues (a programming technique) as a solution to privacy problem.
You ask the authors how they solved the problem of server needing to know to which client connection an incoming ciphertext needs to be forwarded, and they'll run to the hills.
They're lying by omission about their security, and misleading about what constitutes as a permanent identifier.
That you don't like the design is well known. But this is not the reason to lie.
You understand the design quite well, from our past conversations, you simply don't like the fact that we don't recognise user IP address as a permanent user identifier on the protocol level. It is indeed a transport identifier, not a protocol-level identifier that all other messaging networks have for the users (in addition to transport identifiers).
Message routing protocol has anonymous pairwise identifiers for the connections between users (graph edges), but it has no user identifiers - messaging servers have no concept of a user, and no user accounts.
In general, if you want to meaningfully engage in the design criticism, I would be happy too, and it will help, but simply spitting out hate online because you don't like something or somebody, is not a constructive approach – you undermine your own reputation and you also mislead people.
> You ask the authors how they solved the problem of server needing to know to which client connection an incoming ciphertext needs to be forwarded, and they'll run to the hills
This is very precisely documented, and this design was recently audited by Trail of Bits (in July 2024), we are about to publish their report. So either you didn't understand, or your are lying.
> They're lying by omission about their security, and misleading about what constitutes as a permanent identifier.
You would have to substantiate this claim, as otherwise it is slander. We are not lying about anything, by omission or otherwise. You, on another hand, are lying here.
That you are spiteful for some reason is not a good enough reason.
>> You ask the authors how they solved the problem of server needing to know to which client connection an incoming ciphertext needs to be forwarded, and they'll run to the hills
> This is very precisely documented, and this design was recently audited by Trail of Bits (in July 2024), we are about to publish their report.
I’ve looked at SimpleX in the past and am also curious about this. Is there a high-level summary?
>you simply don't like the fact that we don't recognise user IP address as a permanent user identifier on the protocol level
So how exactly are all those DMCA letters finding themselves to the correct household if IP address doesn't deanonymize you?
>Message routing protocol has anonymous pairwise identifiers for the connections between users
I'm so tired of you avoiding the obvious question. What does this identifier look like?
Given that you say its anonymous, its probably not a username. So.
Is it a random string, an RSA/DH/ed25519/ed448/ECDSA key-pair?
Is it permanent? If not, how often does it change? How is it changing, are the identifiers advancing in a hash-ratchet etc. Can it change while the IP address stays the same?
Give me an example of the identifier. If it is a collection of data, explain every single segment of it.
It's clear the server does not tell one user connection from another by its IP address. So, until you explain what information exactly the server uses to tell one user's connection apart from another, it makes no sense to discuss this further.
>You would have to substantiate this claim, as otherwise it is slander.
As per above, IPv4 addresses have been used to identify individual subscriptions, and you're not making it clear that if the users wants ambiguity about the identity of who's behind an IP-address, they should not live in a single person household. You're also not defaulting to Tor so by default every single-household user not behind a NAT can be determined by their IPv4 address. You pretending that IPv4 addresses don't matter doesn't change reality.
Also as for your vague threats of SLAPP lawsuits, let me give you a quick lesson on the Finnish law:
"Edellä 1 momentin 2 kohdassa tarkoitettuna kunnianloukkauksena ei pidetä arvostelua, joka kohdistuu toisen menettelyyn politiikassa, elinkeinoelämässä, julkisessa virassa tai tehtävässä, tieteessä, taiteessa taikka näihin rinnastettavassa julkisessa toiminnassa ja joka ei selvästi ylitä sitä, mitä voidaan pitää hyväksyttävänä."
or
"Defamation as referred to in subsection 1, point 2 above is not considered to be criticism directed at another person's conduct in politics, business, public office or task, science, art or similar public activities and which does not clearly exceed what can be considered acceptable."
The entire platform is a joke. It pretends to have no identifiers and heavily markets queues (a programming technique) as a solution to privacy problem.
You ask the authors how they solved the problem of server needing to know to which client connection an incoming ciphertext needs to be forwarded, and they'll run to the hills.
They're lying by omission about their security, and misleading about what constitutes as a permanent identifier.
That you don't like the design is well known. But this is not the reason to lie.
You understand the design quite well, from our past conversations, you simply don't like the fact that we don't recognise user IP address as a permanent user identifier on the protocol level. It is indeed a transport identifier, not a protocol-level identifier that all other messaging networks have for the users (in addition to transport identifiers).
Message routing protocol has anonymous pairwise identifiers for the connections between users (graph edges), but it has no user identifiers - messaging servers have no concept of a user, and no user accounts.
Also, recently we added a second step in message routing that protects both user IP addresses and transport sessions: https://simplex.chat/blog/20240604-simplex-chat-v5.8-private...
In general, if you want to meaningfully engage in the design criticism, I would be happy too, and it will help, but simply spitting out hate online because you don't like something or somebody, is not a constructive approach – you undermine your own reputation and you also mislead people.
> You ask the authors how they solved the problem of server needing to know to which client connection an incoming ciphertext needs to be forwarded, and they'll run to the hills
This is very precisely documented, and this design was recently audited by Trail of Bits (in July 2024), we are about to publish their report. So either you didn't understand, or your are lying.
> They're lying by omission about their security, and misleading about what constitutes as a permanent identifier.
You would have to substantiate this claim, as otherwise it is slander. We are not lying about anything, by omission or otherwise. You, on another hand, are lying here.
That you are spiteful for some reason is not a good enough reason.
Factually, at this point SimpleX Chat is one of the most private and secure messengers, see the comparisons of e2e encryption properties in SimpleX Chat and other messengers: https://simplex.chat/blog/20240314-simplex-chat-v5-6-quantum...
>> You ask the authors how they solved the problem of server needing to know to which client connection an incoming ciphertext needs to be forwarded, and they'll run to the hills
> This is very precisely documented, and this design was recently audited by Trail of Bits (in July 2024), we are about to publish their report.
I’ve looked at SimpleX in the past and am also curious about this. Is there a high-level summary?
>you simply don't like the fact that we don't recognise user IP address as a permanent user identifier on the protocol level
So how exactly are all those DMCA letters finding themselves to the correct household if IP address doesn't deanonymize you?
>Message routing protocol has anonymous pairwise identifiers for the connections between users
I'm so tired of you avoiding the obvious question. What does this identifier look like?
Given that you say its anonymous, its probably not a username. So. Is it a random string, an RSA/DH/ed25519/ed448/ECDSA key-pair? Is it permanent? If not, how often does it change? How is it changing, are the identifiers advancing in a hash-ratchet etc. Can it change while the IP address stays the same?
Give me an example of the identifier. If it is a collection of data, explain every single segment of it.
It's clear the server does not tell one user connection from another by its IP address. So, until you explain what information exactly the server uses to tell one user's connection apart from another, it makes no sense to discuss this further.
>You would have to substantiate this claim, as otherwise it is slander.
As per above, IPv4 addresses have been used to identify individual subscriptions, and you're not making it clear that if the users wants ambiguity about the identity of who's behind an IP-address, they should not live in a single person household. You're also not defaulting to Tor so by default every single-household user not behind a NAT can be determined by their IPv4 address. You pretending that IPv4 addresses don't matter doesn't change reality.
Also as for your vague threats of SLAPP lawsuits, let me give you a quick lesson on the Finnish law:
"Edellä 1 momentin 2 kohdassa tarkoitettuna kunnianloukkauksena ei pidetä arvostelua, joka kohdistuu toisen menettelyyn politiikassa, elinkeinoelämässä, julkisessa virassa tai tehtävässä, tieteessä, taiteessa taikka näihin rinnastettavassa julkisessa toiminnassa ja joka ei selvästi ylitä sitä, mitä voidaan pitää hyväksyttävänä."
or
"Defamation as referred to in subsection 1, point 2 above is not considered to be criticism directed at another person's conduct in politics, business, public office or task, science, art or similar public activities and which does not clearly exceed what can be considered acceptable."
https://www.finlex.fi/fi/laki/ajantasa/1889/18890039001
Tldr: Criticism of businesses is legal in Finland. Feel free to consult your lawyers on the matter.
1 reply →