>>12377

> You can't get more private than joining IRC or SSH over Tor and seven proxies

That is true (not the IRC part) but what simplex is doing is making it much easier/better with it's protocol, I think you guys have fundamentally wrong understanding of simplex protocol and have it differs from XMPP and IRC, so here a quick explanation

> Unlike XMPP and Matrix (which have server-local accounts that can communicate with each other via federation), SimpleX Chat's servers work as unidirectional pipes between client devices. Chatrooms and user profiles are implemented entirely client-side, without the servers storing any persistent data about users or chatroom: Source [Whonix](https://www.whonix.org/wiki/SimpleX)

>Our XMPP server already has occupant JIDs turned off.
But occupant still has a ID, what simplex is doing is entirely removing any form of ID, it creates a temporary id and there is no permanent ID at all, the severs can't identify any user

>But are those attachments stored on the server or the centralized relay?
>I don't like the idea of a centralized relay at all
Neither, everything is stored locally and there is no "centralized relay"

>which are all completely decentralized protocols you can spin up on a box in minutes
well not truly (especially IRC) as xmpp is still federated but its good enough for most people i guess.

>we aren't missing any features because they're already being covered by the 4 services we already have running
That's fair :)

>>12379

> SimpleX Chat's servers work as unidirectional pipes between client devices.
Except it doesn't. It relies on "temporary relays" to pass messages through. The servers are not meant to hold onto these messages but nothing prevents a bad actor from holding on now, and decrypting later (when the technology suffices).

> But occupant still has a ID, what simplex is doing is entirely removing any form of ID, it creates a temporary id and there is no permanent ID at all, the severs can't identify any user
If you care about not being identifyable, having a clean vCard and rejoining with a different nickname is usually private enough. If you wanted to appear anonymous even to staff (who can see your JID), there are anonymous JID services.

SimpleX "removes metedata" but that is about it. As previously mentioned, messages go through a temporary relay server, and these servers can log what clients connect to them. Of course this is incredibly difficult to put together a profile on a single user, but you initially described it as if it was the greatest privacy-preserving messenger ever.

> Neither, everything is stored locally and there is no "centralized relay"
There is no centralized relay but there are a number of independantly ran temporary relays, and your attachments get stored onto one of these and it is how other clients download it. It is not handled locally through clients only.

> well not truly (especially IRC) as xmpp is still federated but its good enough for most people i guess.
Except it is true. Serverless XMPP exists and there is a XEP just for it.

---

Essentially, this is another one of those "look how secure we are" bullcrap chats. There is nothing that points this to being any more secure than using crap like Signal, Matrix, etc. And your reporting about how it all goes through clients is misleading if not outright wrong.