Comment by ranger_danger

4 months ago

> Since SimpleX requires that users place some trust in the SimpleX servers

Do you know what they mean by this? I could not understand from the explanation given. My understanding is that the message contents are still not known in any case, so I'm curious what it is they are worried about.

1 comment

ranger_danger

Reply
yamrzou  4 months ago

Because a malicious SimpleX server could run a modified version of the code that allows them to collect metadata, even if they can't see message contents. So, indeed, it assumes trust in the server[1]:

  Our open-source code that we are legally bound to use doesn't provide any metadata that could be used to learn who connects to whom. But the privacy of users' connections still depends on us honouring our promises and privacy policy.

But they offer a way out using Flux, as they explain it here[1].

[1] https://simplex.chat/blog/20241125-servers-operated-by-flux-...