LiberLion's avatar
LiberLion liberlion@iris.to 5 months ago
Absolute privacy is very difficult to achieve, but some apps continue to sell that illusion. SimpleX Chat claims to be the most private messenger in the world. No identifiers, no metadata, no tracking. Sounds good… until you read the fine print in its own policy. Metadata matters, and in some cases more than the data itself. Let's see. It states that “there are no user identifiers, not even hashes or keys.” Yet it admits that servers may store IP addresses, geolocation, and session data to prevent abuse. So which is it? That clause opens the first crack: if IP and location are stored, a technical fingerprint exists. The system may lack usernames, but it still leaves transport traces that can reconstruct identity. It also says servers “cannot know the size of your messages.” Then explains that messages are padded to 16 KB. Meaning they can see the size — it’s just fixed. Privacy through normalization, not invisibility. Public and group messages are another front. SimpleX notes that when you delete a message, “copies on other users’ devices will not be deleted.” User sovereignty ends where others’ devices begin. The infrastructure is decentralized, but servers are community-run. If a third party operates a relay, they can log traffic or IPs. Real anonymity depends on the trustworthiness of operators you’ll never meet. In practice, SimpleX works like a mixnet with distributed trust, not like a fully anonymous network such as Tor. It’s a step forward, yes, but the “no identifiers” marketing sets impossible expectations. The policy claims the company cannot comply with legal requests because it “has no data.” Yet it’s registered in the UK, where the Investigatory Powers Act allows authorities to demand technical cooperation. Real privacy isn’t the same as promised privacy. The system might be well-engineered, but when a policy mixes absolutes (“no data”) with exceptions (“temporarily IP”), the risk hides in the ambiguity. Read every privacy policy as if it were code. Each “we don’t collect” comes with an exception when. Each “anonymous” with an up to a point. Absolute privacy is an ideal not achieved in this product.
SimpleX Privacy Policy

Replies (18)

Daedalus's avatar
Daedalus _@daedalus.website 5 months ago
Dude you're reaching hard. They introduced private routing to offer some degree of IP obfuscation but encourage Orbot Tor routing for maximal obfuscation. You can enforce .onion connections only in-app while having private routing on creating 8 hops (6 Tor and 2 SimpleX) between you and the destination. You got a better way to obfuscate packet metadata better than padding to a fixed size? Come up with a solution to that and you'll fundamentally change the entire landscape of network level privacy. The reason Simplex is the gold standard is because each server, in the worst case scenario without VPNs, onion routing or private routing, still only sees one way fixed sized packets, they can't tell if you're talking to one person or in a group chat, not can they tell if the recipient even responds. Stack on multiple layers of network level obfuscation as I've described above and you're left with what is currently the lowest metadata messenger in the space. If you know of a better messenger please let me know. You mention Session consistently but from my knowledge, Session only obfuscates metadata by two way onion routed connections, much weaker than a well configured SimpleX setup.
1 replies ↓
Daedalus's avatar
Daedalus _@daedalus.website 5 months ago
Also whenever you're using servers whose metal you don't run yourself, you must assume IP logging. You're not cracking the case by exposing that, it's the null case. Even if it's your own metal, your ISP logs connections so really IP metadata is always exposed without network level obfuscation that SimpleX's private routing (on by default) and optional onion only Tor routing already provides.
Daedalus's avatar
Daedalus _@daedalus.website 5 months ago
Oh nice! I was just wondering if that was possible, I'll have to set that up I just set up an i2p router the other day.
MoneRogue's avatar
MoneRogue MoneRogue@coinos.io 5 months ago
1. Go to SimpleX app --> Settings --> Networks and servers --> Your servers --> Add server --> Enter server manually --> Paste the SMP and XFTP servers one at a time to add them 2. Go to SimpleX app --> Settings --> SOCKS proxy settings --> Set SOCKS proxy to 127.0.0.1:4447 (or what port your I2P SOCKS proxy is) Don't forget to give your I2P SOCKS proxy an outproxy before doing all of this! You can use Tor's SOCKS proxy 127.0.0.1:9050 as an outproxy.
1 replies ↓
Vyram Kraven's avatar
Vyram Kraven vyramk@nostrcheck.me 5 months ago
Theres something you need to comprehend there is no such thing as 100% privacy. It's impossible for servers to not know an ip address connected to it that's how the internet works. Tor is not anonymous it's a private routing which your exposed to the user running the tor exit node. You will always be exposed to someone tor, vpn, isp, & i2p. As for the storage of geolocation & device creating link yeah it sucks that's the one thing that sucks about it. What people fail to realize in this "To prevent server overloading or attacks, the servers can temporarily store data that can link to particular users or devices, including IP addresses, geographic location, or information related to the transport sessions. This information is not stored for the absolute majority of the app users, even for those who use the servers very actively." A third party operator can have this on so as quick as people are to find alternative smp servers to switch to just remember your putting blind trust into a random joe blow running a smp, xftp, & relay server over a corporation who is expressing their values just because it's not them what is joe blow expressing hey here's my .onion smp, xftp, & relay join because it's not simplex's servers lel. Just fair warning host your own don't join alternatives they could turn on all that logging & store it you wouldn't know.
1 replies ↓
Scoundrel's avatar
Scoundrel 5 months ago
You are so, so stupid. The ideal messaging system is one where you click send qnd the message simply appears in the reciever's inbox without any need for it to travel across connections. Though I'm thinking of upgrading to situation where the other person simply knows what I want to say to them without me having to type it out.
1 replies ↓
Daedalus's avatar
Daedalus _@daedalus.website 5 months ago
I can imagine latency and bandwidth would make most applications beyond simple text messaging impractical no? Visiting eepsites are slow as it is, I cant imagine adding a Tor circuit on top would be practical for browsing.
Scoundrel's avatar
Scoundrel 5 months ago
Oh damn, I was hoping you would fall for my psychic internet connection bit. I really put a lot of effort into making it convincing and realistic. What gave it away? How did you ever see through my ploy and realize that I don't actually believe in teleporting internet packets? Is there anything I could have done to be more convincing? What if I told you that we should talk to eachother through tin cans whose strings are cut? Is that a more realistic position for me to hold?
1 replies ↓