Privacy redefined
-The first messenger
without user IDs
+ حریم خصوصی بازتعریف شده
+اولین پیامرسان
بدون شناسههای کاربری
- Other apps have user IDs: Signal, Matrix, Session, Briar, Jami, Cwtch, etc.
SimpleX does not, not even random numbers.
This radically improves your privacy.
+ برنامههای دیگر دارای شناسههای کاربری هستند: Signal، Matrix، Session، Briar، Jami، Cwtch و غیره.
اما SimpleX اینگونه نیست، حتی شمارههای تصادفی هم ندارد.
این موضوع به طور اساسی حریم خصوصی شما را بهبود میبخشد.
Why user IDs are bad for privacy?
+چرا شناسههای کاربری برای حریم خصوصی بد هستند؟
- When users have persistent identities, even if this is just a random number, like a Session ID, there is a risk that the provider or an attacker can observe how the users are connected and how many messages they send. + زمانی که کاربران هویتهای پایدار دارند، حتی اگر این فقط یک شماره تصادفی مانند شناسه جلسه باشد، خطر این وجود دارد که ارائهدهنده یا یک مهاجم بتوانند مشاهده کنند که کاربران چگونه متصل شدهاند و چند پیام ارسال میکنند.
- They could then correlate this information with the existing public social networks, and determine some real identities. + سپس آنها میتوانند این اطلاعات را با شبکههای اجتماعی عمومی موجود همبسته کرده و برخی هویتهای واقعی را شناسایی کنند.
- Even with the most private apps that use Tor v3 services, if you talk to two different contacts via the same profile they can prove that they are connected to the same person. + حتی با خصوصیترین برنامهها که از خدمات Tor v3 استفاده میکنند، اگر شما با دو مخاطب مختلف از طریق یک پروفایل یکسان صحبت کنید، آنها میتوانند ثابت کنند که به یک شخص واحد متصل هستند.
- SimpleX protects against these attacks by not having any user IDs in its design. And, if you use Incognito mode, you will have a different display name for each contact, avoiding any shared data between them. + SimpleX با عدم وجود شناسههای کاربری در طراحی خود، در برابر این حملات محافظت میکند. و اگر از حالت ناشناس استفاده کنید، برای هر مخاطب نام نمایشی متفاوتی خواهید داشت که از اشتراکگذاری هرگونه داده بین آنها جلوگیری میکند.
How does SimpleX work?
+SimpleX چگونه کار میکند؟
- Many users asked: if SimpleX has no user identifiers, how can it know where to deliver messages? + بسیاری از کاربران پرسیدند: اگر SimpleX هیچ شناسه کاربری ندارد، چگونه میتواند بداند پیامها را کجا تحویل دهد؟
- To deliver messages, instead of user IDs used by all other networks, SimpleX uses temporary anonymous pairwise identifiers of message queues, separate for each of your connections — there are no long term identifiers. + برای تحویل پیامها، به جای شناسههای کاربری که توسط سایر شبکهها استفاده میشود، SimpleX از شناسههای موقتی و ناشناس جفتبهجفت صفهای پیام استفاده میکند که برای هر یک از اتصالات شما جداگانه هستند — هیچ شناسه بلندمدتی وجود ندارد.
- You define which server(s) to use to receive the messages, your contacts — the servers you use to send the messages to them. Every conversation is likely to use two different servers. + شما سرورهایی را که برای ارسال پیامها به مخاطبین خود استفاده میکنید مشخص میکنید و همچنین از کدام سرور(ها) برای دریافت پیامها بهره میبرید. هر مکالمه احتمالاً از دو سرور مختلف استفاده میکند.
- This design prevents leaking any users' metadata on the application level. To further improve privacy and protect your IP address you can connect to messaging servers via Tor. + این طراحی از نشت هرگونه فراداده کاربران در سطح برنامه جلوگیری میکند. برای بهبود بیشتر حریم خصوصی و محافظت از آدرس IP خود، میتوانید از طریق Tor به سرورهای پیامرسانی متصل شوید.
- Only client devices store user profiles, contacts and groups; the messages are sent with 2-layer End-to-end encryption. + فقط دستگاههای کلاینت پروفایلهای کاربری، مخاطبین و گروهها را ذخیره میکنند؛ پیامها با رمزنگاری انتها به انتهای دو لایه ارسال میشوند.
- Read more in SimpleX whitepaper. + برای اطلاعات بیشتر به وایت پیپر SimpleX مراجعه کنید.
Security assessments
+ارزیابیهای امنیتی
- Trail of Bits is a leading security and technology consultancy whose clients include big tech, governmental agencies and major Blockchain projects. + Trail of Bits یک مشاوره پیشرو در زمینه امنیت و فناوری است که مشتریان آن شامل شرکتهای بزرگ فناوری، نهادهای دولتی و پروژههای بزرگ بلاکچین میباشد.
- Trail of Bits reviewed SimpleX network cryptography and networking components in November 2022. Read more. + Trail of Bits در نوامبر 2022 اجزای رمزنگاری و شبکه SimpleX را بررسی کرد. بیشتر بخوانید.
- Trail of Bits reviewed cryptographic design of SimpleX network protocols in July 2024. Read more. + Trail of Bits در ژوئیه 2024 طراحی رمزنگاری پروتکلهای شبکه SimpleX را بررسی کرد. بیشتر بخوانید.
Get SimpleX desktop app
+برنامه دسکتاپ SimpleX را دریافت کنید
@@ -841,18 +841,18 @@ window.addEventListener('scroll',changeHeaderBg);
- Make a private connection + یک ارتباط خصوصی برقرار کنید
- The video shows how you connect to your friend via their 1-time QR-code, in person or via a video link. You can also connect by sharing an invitation link. + ویدئو نشان میدهد که چگونه میتوانید از طریق کد QR یکبار مصرف دوست خود، بهصورت حضوری یا از طریق یک لینک ویدیویی به او متصل شوید. همچنین میتوانید با به اشتراکگذاری یک لینک دعوت، ارتباط برقرار کنید.
Why privacy matters
-Preserving the privacy of your metadata — who you talk with — protects you from:
+چرا حریم خصوصی مهم است
+حفظ حریم خصوصی فرادادههای شما — با چه کسی صحبت میکنید — شما را در برابر موارد زیر محافظت میکند:
Advertising and price discrimination
+تبلیغات و تبعیض قیمت
- Privacy saves you money + حریم خصوصی باعث صرفهجویی در هزینه شما میشودPrivacy saves you money
+حریم خصوصی باعث صرفهجویی در هزینه شما میشود
- Many large companies use information about who you are connected with to estimate your income, sell you the products you don't really need, and to determine the prices. + بسیاری از شرکتهای بزرگ از اطلاعات مربوط به اینکه با چه کسانی ارتباط دارید، برای تخمین درآمد شما، فروش محصولات غیرضروری به شما و تعیین قیمتها استفاده میکنند.
- Online retailers know that people with lower incomes are more likely to make urgent purchases, so they may charge higher prices or remove discounts. + فروشگاههای آنلاین میدانند که افراد با درآمد پایینتر بیشتر احتمال دارد خریدهای فوری انجام دهند، بنابراین ممکن است قیمتهای بالاتری تعیین کنند یا تخفیفها را حذف کنند.
- Some financial and insurance companies use social graphs to determine interest rates and premiums. It often makes people with lower incomes pay more — it is known as 'poverty premium'. + برخی از شرکتهای مالی و بیمه از نمودارهای اجتماعی برای تعیین نرخهای بهره و حق بیمهها استفاده میکنند. این اغلب باعث میشود که افراد با درآمد پایینتر بیشتر پرداخت کنند — که به آن 'حق بیمه فقر' گفته میشود.
- SimpleX network protects the privacy of your connections better than any alternative, fully preventing your social graph becoming available to any companies or organizations. Even when people use servers preconfigured in SimpleX Chat apps, server operators do not know the number of users or their connections. + شبکه SimpleX حریم خصوصی ارتباطات شما را بهتر از هر گزینه دیگری محافظت میکند و بهطور کامل از در دسترس قرار گرفتن نمودار اجتماعی شما برای هر شرکت یا سازمانی جلوگیری میکند. حتی زمانی که افراد از سرورهای پیشپیکربندیشده در برنامههای چت SimpleX استفاده میکنند، اپراتورهای سرور از تعداد کاربران یا ارتباطات آنها اطلاعی ندارند.
Manipulation of elections
+دستکاری در انتخابات
- Privacy gives you power + حریم خصوصی به شما قدرت میدهدPrivacy gives you power
+حریم خصوصی به شما قدرت میدهد
- Not so long ago we observed the major elections being manipulated by a reputable consulting company that used our social graphs to distort our view of the real world and manipulate our votes. + مدتی پیش، ما شاهد دستکاری در انتخابات بزرگ توسط یک شرکت مشاوره معتبر بودیم که از نمودارهای اجتماعی ما برای تحریف دیدگاهمان نسبت به دنیای واقعی و دستکاری در رأیگیریمان استفاده کرد.
- To be objective and to make independent decisions you need to be in control of your information space. It is only possible if you use private communication network that does not have access to your social graph. + برای اینکه عینی باشید و تصمیمات مستقل بگیرید، باید کنترل فضای اطلاعات خود را در دست داشته باشید. این تنها در صورتی ممکن است که از یک شبکه ارتباطی خصوصی استفاده کنید که به نمودار اجتماعی شما دسترسی نداشته باشد.
- SimpleX is the first network that doesn't have any user identifiers by design, in this way protecting your connections graph better than any known alternative. + SimpleX اولین شبکهای است که بهطور ذاتی هیچ شناسه کاربری ندارد و به این ترتیب نمودار ارتباطات شما را بهتر از هر گزینه شناختهشده دیگری محافظت میکند.
Prosecution due to innocent association
+تعقیب قانونی به دلیل ارتباط بیگناه
- Privacy protects your freedom + حریم خصوصی از آزادی شما محافظت میکندPrivacy protects your freedom
+حریم خصوصی از آزادی شما محافظت میکند
- Everyone should care about privacy and security of their communications — harmless conversations can put you in danger, even if you have nothing to hide. + همه باید به حریم خصوصی و امنیت ارتباطات خود اهمیت دهند — گفتگوهای بیضرر میتوانند شما را در خطر قرار دهند، حتی اگر چیزی برای پنهان کردن نداشته باشید.
- One of the most shocking stories is the experience of Mohamedou Ould Salahi described in his memoir and shown in The Mauritanian movie. He was put into Guantanamo camp, without trial, and was tortured there for 15 years after a phone call to his relative in Afghanistan, under suspicion of being involved in 9/11 attacks, even though he lived in Germany for the previous 10 years. + یکی از شگفتانگیزترین داستانها، تجربه محمدو ولد صلاحی است که در یادداشتهایش توصیف شده و در فیلم "موریتانی" به نمایش درآمده است. او بدون محاکمه به اردوگاه گوانتانامو منتقل شد و به مدت ۱۵ سال تحت شکنجه قرار گرفت. این اتفاق پس از یک تماس تلفنی با یکی از بستگانش در افغانستان رخ داد. او به ظن ارتباط با حملات ۱۱ سپتامبر، بدون محاکمه به اردوگاه گوانتانامو منتقل شد.
- Ordinary people get arrested for what they share online, even via their 'anonymous' accounts, even in democratic countries. + افراد عادی به خاطر آنچه که بهصورت آنلاین به اشتراک میگذارند، حتی از طریق حسابهای 'ناشناس' خود، حتی در کشورهای دموکراتیک دستگیر میشوند.
- It is not enough to use an end-to-end encrypted messenger, we all should use the messengers that protect the privacy of our personal networks — who we are connected with. + استفاده از یک پیامرسان رمزنگاری شده انتها به انتها کافی نیست؛ همه ما باید از پیامرسانهایی استفاده کنیم که حریم خصوصی شبکههای شخصی ما را محافظت میکنند — اینکه با چه کسانی ارتباط داریم.
Make sure your messenger can't access your data!
+اطمینان حاصل کنید که پیامرسان شما به دادههای شما دسترسی نداشته باشد!
Why SimpleX is unique
+چرا SimpleX منحصربهفرد است
#1
-You have complete privacy
+شما حریم خصوصی کاملی دارید
- SimpleX protects the privacy of your profile, contacts and metadata, hiding it from SimpleX network servers and any observers. + SimpleX حریم خصوصی پروفایل، مخاطبین و فرادادههای شما را محافظت میکند و آنها را از سرورهای شبکه SimpleX و هر ناظر دیگری پنهان میسازد.
- Unlike any other existing messaging network, SimpleX has no identifiers assigned to the users — not even random numbers. + برخلاف هر شبکه پیامرسان دیگری، SimpleX هیچ شناسهای به کاربران اختصاص نمیدهد — حتی شمارههای تصادفی نیز وجود ندارد.
Optional
access via Tor
+ دسترسی اختیاری از طریق
Tor
To protect your IP address you can access the servers via Tor or some other transport Overlay network.
+برای محافظت از آدرس IP خود، میتوانید از طریق Tor یا برخی دیگر از شبکههای حمل و نقل پوششی به سرورها دسترسی پیدا کنید.
-To use SimpleX via Tor please install Orbot app and enable SOCKS5 proxy (or VPN on iOS).
+برای استفاده از SimpleX از طریق Tor، لطفاً برنامه Orbot را نصب کرده و پروکسی SOCKS5 (یا VPN در iOS) را فعال کنید.
Tap to close
+برای بستن ضربه بزنید
Unidirectional
message queues
+ صفهای پیام یکطرفه
Each message queue passes messages in one direction, with the different send and receive addresses.
+هر صف پیام، پیامها را در یک جهت منتقل میکند و آدرسهای ارسال و دریافت متفاوتی دارد.
-It reduces the attack vectors, compared with traditional message brokers, and available meta-data.
+این کار نسبت به کارگزارهای پیام سنتی و فرادادههای موجود، بردارهای حمله را کاهش میدهد.
Tap to close
+برای بستن ضربه بزنید
Multiple layers of
Content padding
+ چندین لایه از
پدینگ محتوا
SimpleX uses Content padding for each encryption layer to frustrate message size attacks.
+SimpleX از padding محتوا برای هر لایه رمزنگاری استفاده میکند تا از حملات اندازه پیام جلوگیری کند.
-It makes messages of different sizes look the same to the servers and network observers.
+این کار باعث میشود که پیامهای با اندازههای مختلف برای سرورها و ناظران شبکه یکسان به نظر برسند.
Tap to close
+برای بستن ضربه بزنید
SimpleX Network
-Simplex Chat provides the best privacy by combining the advantages of P2P and federated networks.
+شبکه SimpleX
+چت SimpleX بهترین حریم خصوصی را با ترکیب مزایای شبکههای P2P و شبکههای فدرال ارائه میدهد.
Unlike P2P networks
+برخلاف شبکههای P2P
- All messages are sent via the servers, both providing better metadata privacy and reliable asynchronous message delivery, while avoiding many problems of P2P networks. + تمام پیامها از طریق سرورها ارسال میشوند که هم حریم خصوصی فراداده را بهتر تأمین میکند و هم تحویل پیامهای غیرهمزمان قابل اعتماد را فراهم میآورد، در حالی که از بسیاری از مشکلات جلوگیری میکند. مشکلات شبکههای P2P.
Comparison with P2P messaging protocols
+مقایسه با پروتکلهای پیامرسانی P2P
- P2P messaging protocols and apps have various problems that make them less reliable than SimpleX, more complex to analyse, and vulnerable to several types of attack. + پروتکلها و برنامههای پیامرسانی P2P مشکلات متعددی دارند که آنها را نسبت به SimpleX کمتر قابل اعتماد، تحلیل آنها را پیچیدهتر و در برابر چندین نوع حمله آسیبپذیر میکند.
- - P2P networks rely on some variant of DHT to route messages. DHT designs have to balance delivery guarantee and latency. SimpleX has both better delivery guarantee and lower latency than P2P, because the message can be redundantly passed via several servers in parallel, using the servers chosen by the recipient. In P2P networks the message is passed through O(log N) nodes sequentially, using nodes chosen by the algorithm. + شبکههای P2P به نوعی از DHT برای مسیریابی پیامها وابسته هستند. طراحیهای DHT باید بین تضمین تحویل و تأخیر تعادل برقرار کنند. SimpleX هم تضمین تحویل بهتری دارد و هم تأخیر کمتری نسبت به P2P، زیرا پیام میتواند به صورت اضافی از طریق چندین سرور به طور موازی منتقل شود و از سرورهای انتخابشده توسط گیرنده استفاده کند. در شبکههای P2P، پیام به صورت ترتیبی از طریق O(log N) گره منتقل میشود و این گرهها توسط الگوریتم انتخاب میشوند.
- - SimpleX design, unlike most P2P networks, has no global user identifiers of any kind, even temporary, and only uses temporary pairwise identifiers, providing better anonymity and metadata protection. + طراحی SimpleX، برخلاف اکثر شبکههای P2P، هیچ شناسه کاربری جهانی از هیچ نوعی، حتی موقتی، ندارد و فقط از شناسههای جفتبهجفت موقتی استفاده میکند که این امر حریم خصوصی و محافظت از فراداده را بهتر فراهم میکند.
- - P2P does not solve MITM attack problem, and most existing implementations do not use out-of-band messages for the initial key exchange. SimpleX uses out-of-band messages or, in some cases, pre-existing secure and trusted connections for the initial key exchange. + P2P مشکل حملات MITM را حل نمیکند و بیشتر پیادهسازیهای موجود از پیامهای خارج از باند برای تبادل کلید اولیه استفاده نمیکنند. SimpleX از پیامهای خارج از باند یا در برخی موارد، از اتصالات امن و مورد اعتماد پیشین برای تبادل کلید اولیه استفاده میکند.
- - P2P implementations can be blocked by some Internet providers (like BitTorrent). SimpleX is transport agnostic — it can work over standard web protocols, e.g. WebSockets. + پیادهسازیهای P2P میتوانند توسط برخی از ارائهدهندگان اینترنت (مانند BitTorrent) مسدود شوند. SimpleX مستقل از نوع حمل و نقل است — این امکان را دارد که بر روی پروتکلهای وب استاندارد، مانند WebSockets، کار کند.
- - All known P2P networks may be vulnerable to Sybil attack, because each node is discoverable, and the network operates as a whole. Known measures to mitigate it require either a centralized component or expensive proof of work. SimpleX network has no server discoverability, it is fragmented and operates as multiple isolated sub-networks, making network-wide attacks impossible. + تمام شبکههای P2P شناختهشده ممکن است در معرض حمله Sybil قرار بگیرند، زیرا هر گره قابل شناسایی است و شبکه بهعنوان یک کل عمل میکند. تدابیر شناختهشده برای کاهش آن نیاز به یک مؤلفه متمرکز یا اثبات کار پرهزینه دارند. شبکه SimpleX هیچ کشفپذیری سروری ندارد، تکهتکه است و بهعنوان چندین زیرشبکه ایزوله عمل میکند، که حملات در سطح شبکه را غیرممکن میسازد.
- - P2P networks may be vulnerable to DRDoS attack, when the clients can rebroadcast and amplify traffic, resulting in network-wide denial of service. SimpleX clients only relay traffic from known connection and cannot be used by an attacker to amplify the traffic in the whole network. + شبکههای P2P ممکن است در معرض حمله DRDoS قرار بگیرند، زمانی که کلاینتها میتوانند ترافیک را دوباره پخش و تقویت کنند که منجر به عدم دسترسی به خدمات در سطح شبکه میشود. کلاینتهای SimpleX تنها ترافیک را از اتصالات شناختهشده منتقل میکنند و نمیتوانند توسط یک مهاجم برای تقویت ترافیک در کل شبکه استفاده شوند.
Unlike federated networks
+برخلاف شبکههای فدرال
- SimpleX relay servers do NOT store user profiles, contacts and delivered messages, do NOT connect to each other, and there is NO servers directory. + سرورهای رله SimpleX پروفایلهای کاربری، مخاطبین و پیامهای تحویلشده را ذخیره نمیکنند، به یکدیگر متصل نمیشوند و هیچ دایرکتوری سروری وجود ندارد.
SimpleX network
+شبکه SimpleX
- servers provide unidirectional queues to connect the users, but they have no visibility of the network connection graph — only the users do. + سرورها صفهای یکطرفه را برای اتصال کاربران فراهم میکنند، اما هیچ دیدگاهی از نمودار ارتباطات شبکه ندارند — تنها کاربران این دید را دارند.
SimpleX explained
+توضیحات در مورد SimpleX
- You can create contacts and groups, and have two-way conversations, as in any other messenger. + شما میتوانید مخاطبین و گروهها را ایجاد کنید و مانند هر پیامرسان دیگری، مکالمات دوطرفه داشته باشید.
- How can it work with unidirectional queues and without user profile identifiers? + چگونه میتواند با صفهای یکطرفه و بدون شناسههای پروفایل کاربر کار کند؟
- For each connection you use two separate messaging queues to send and receive messages via different servers. + برای هر اتصال، شما از دو صف پیام جداگانه برای ارسال و دریافت پیامها از طریق سرورهای مختلف استفاده میکنید.
- Servers only pass messages one way, without having the full picture of user's conversations or connections. + سرورها فقط پیامها را به یک سمت منتقل میکنند و از جزئیات کامل مکالمات یا ارتباطات کاربران بیخبر هستند.
- The servers have separate Anonymous credentials for each queue, and do not know which users they belong to. + سرورها برای هر صف دارای اعتبارنامههای جداگانه و ناشناس هستند و نمیدانند که این اعتبارنامهها به کدام کاربران تعلق دارند.
- Users can further improve metadata privacy by using Tor to access servers, preventing corellation by IP address. + کاربران میتوانند با استفاده از Tor برای دسترسی به سرورها، حریم خصوصی فراداده را بیشتر بهبود بخشند و از شناسایی بر اساس آدرس IP جلوگیری کنند.
Comparison with other protocols
+مقایسه با سایر پروتکلها
| Signal, big platforms | -XMPP, Matrix | -P2P protocols | +سیگنال، پلتفرمهای بزرگ | +XMPP، Matrix | +پروتکلهای P2P | ||||
|---|---|---|---|---|---|---|---|---|---|
| Requires global identity | -No - private | -Yes 1 | -Yes 2 | -Yes 3 | +نیاز به هویت جهانی دارد | +خیر - خصوصی | +بله 1 | +بله 2 | +بله 3 |
| Possibility of MITM | -No - secure 4 | -Yes 5 | -Yes | -Yes | +امکان حمله MITM | +خیر - امن 4 | +بله 5 | +بله | +بله |
| Dependence on DNS | -No - resilient | -Yes | -Yes | -No | +وابستگی به DNS | +خیر - مقاوم | +بله | +بله | +خیر |
| Single or Centralized network | -No - decentralized | -Yes | -No - federated 6 | -Yes 7 | +شبکه تک یا متمرکز | +خیر - غیرمتمرکز | +بله | +خیر - فدرال 6 | +بله 7 |
| Central component or other network-wide attack | -No - resilient | -Yes | -Yes 2 | -Yes 8 | +مؤلفه مرکزی یا حملهای در سطح شبکه | +خیر - مقاوم | +بله | +بله 2 | +بله 8 |
- -
-
- Usually based on a phone number, in some cases on usernames -
- DNS-based addresses -
- Public key or some other globally unique ID -
- SimpleX relays cannot compromise e2e encryption. Verify security code to mitigate attack on out-of-band channel -
- If operator’s servers are compromised. Verify security code in Signal and some other apps to mitigate it -
- Does not protect users' metadata privacy -
- While P2P are distributed, they are not federated — they operate as a single network -
- P2P networks either have a central authority or the whole network can be compromised - see here +
- معمولاً بر اساس شماره تلفن و در برخی موارد بر اساس نامهای کاربری +
- آدرسهای مبتنی بر DNS +
- کلید عمومی یا برخی دیگر از شناسههای منحصربهفرد جهانی +
- رلههای SimpleX نمیتوانند رمزنگاری انتها به انتها را به خطر بیندازند. توصیه میشود کد امنیتی را برای کاهش حمله در کانال out-of-band تأیید کنید +
- اگر سرورهای اپراتور به خطر بیفتند. کد امنیتی را در سیگنال و برخی دیگر از برنامهها تأیید کنید تا این خطر را کاهش دهید +
- از حریم خصوصی فرادادههای کاربران محافظت نمیکند +
- در حالی که شبکههای P2P توزیعشده هستند، اما فدرال نیستند — آنها بهعنوان یک شبکه واحد عمل میکنند +
- شبکههای P2P یا دارای یک نهاد مرکزی هستند یا کل شبکه میتواند به خطر بیفتد - اینجا را ببینید
Join SimpleX
-We invite you to join the conversation
+پیوستن SimpleX
+ما شما را به پیوستن به گفتگو دعوت میکنیم
Sign up to receive our updates
+برای دریافت بهروزرسانیهای ما ثبتنام کنید
Address portability
Similarly to phone number portability (the ability of the customer to transfer the service to another provider without changing the number), the address portability means the ability of a communication service customer to change the service provider without changing the service address. Many federated networks support SRV records to provide address portability, but allowing service users to set up their own domains for the addresses is not as commonly supported by the available server and client software as for email.
Federated network
Federated network is provided by several entities that agree upon the standards and operate the network collectively. This allows the users to choose their provider, that will hold their account, their messaging history and contacts, and communicate with other providers' servers on behalf of the user. The examples are email, XMPP, Matrix and Mastodon.
The advantage of that design is that there is no single organization that all users depend on, and the standards are more difficult to change, unless it benefits all users. There are several disadvantages: 1) the innovation is slower, 2) each user account still depends on a single organization, and in most cases can't move to another provider without changing their network address – there is no address portability, 3) the security and privacy are inevitably worse than with the centralized networks.
Anonymous credentials
The credential that allows proving something, e.g. the right to access some resource, without identifying the user. This credential can either be generated by a trusted party or by the user themselves and provided together with the request to create the resource. The first approach creates some centralized dependency in most cases. The second approach does not require any trust - this is used in SimpleX network to authorize access to the messaging queues.
Anonymous credentials
The credential that allows proving something, e.g. the right to access some resource, without identifying the user. This credential can either be generated by a trusted party or by the user themselves and provided together with the request to create the resource. The first approach creates some centralized dependency in most cases. The second approach does not require any trust - this is used in SimpleX network to authorize access to the messaging queues.
Blockchain
In a wide sense, blockchain means a sequence of blocks of data, where each block contains a cryptographic hash of the previous block, thus providing integrity to the whole chain. Blockchains are used in many communication and information storage systems to provide integrity and immutability of the data. For example, BluRay disks use blockchain. SimpleX messaging queues also use blockchain - each message includes the hash of the previous message, to ensure the integrity – if any message is modified it will be detected by the recipient when the next message is received. Blockchains are a subset of Merkle directed acyclic graphs.
Blockchain
In a wide sense, blockchain means a sequence of blocks of data, where each block contains a cryptographic hash of the previous block, thus providing integrity to the whole chain. Blockchains are used in many communication and information storage systems to provide integrity and immutability of the data. For example, BluRay disks use blockchain. SimpleX messaging queues also use blockchain - each message includes the hash of the previous message, to ensure the integrity – if any message is modified it will be detected by the recipient when the next message is received. Blockchains are a subset of Merkle directed acyclic graphs.
In a more narrow sense, particularly in media, blockchain is used to refer specifically to distributed ledger, where each record also includes the hash of the previous record, but the blocks have to be agreed by the participating peers using some consensus protocol.
Merkle directed acyclic graph
Also known as Merkle DAG, a data structure based on a general graph structure where node contains the cryptographic hashes of the previous nodes that point to it. Merkle trees are a subset of Merkle DAGs - in this case each leaf contains a cryptographic hash of the parent.
This structure by design allows to verify the integrity of the whole structure by computing its hashes and comparing with the hashes included in the nodes, in the same way as with blockchain.
The motivation to use DAG in distributed environments instead of a simpler linear blockchain is to allow concurrent additions, when there is no requirement for a single order of added items. Merkle DAG is used, for example, in IPFS and will be used in decentralized SimpleX groups.
Break-in recovery
Also known as break-in recovery, it is the quality of the end-to-end encryption scheme allowing to recover security against a passive attacker who observes encrypted messages after compromising one (or both) of the parties. Also known as recovery from compromise or break-in recovery. Double-ratchet algorithm has this quality.
Break-in recovery
Also known as break-in recovery, it is the quality of the end-to-end encryption scheme allowing to recover security against a passive attacker who observes encrypted messages after compromising one (or both) of the parties. Also known as recovery from compromise or break-in recovery. Double-ratchet algorithm has this quality.
Double ratchet algorithm
It is used by two parties to exchange end-to-end encrypted messages. The parties will use some key agreement protocol to agree on the initial shared secret key.
Double Ratchet algorithm provides perfect forward secrecy and post-compromise security. It is designed by Signal, and used in SimpleX Chat and many other secure messengers. Most experts consider it the state-of-the-art encryption protocol in message encryption.
Centralized network
Centralized networks are provided or controlled by a single entity. The examples are Threema, Signal, WhatsApp and Telegram. The advantage of that design is that the provider can innovate faster, and has a centralized approach to security. But the disadvantage is that the provider can change or discontinue the service, and leak, sell or disclose in some other way all users' data, including who they are connected with.
Centralized network
Centralized networks are provided or controlled by a single entity. The examples are Threema, Signal, WhatsApp and Telegram. The advantage of that design is that the provider can innovate faster, and has a centralized approach to security. But the disadvantage is that the provider can change or discontinue the service, and leak, sell or disclose in some other way all users' data, including who they are connected with.
Content padding
Also known as content padding, it is the process of adding data to the beginning or the end of a message prior to encryption. Padding conceals the actual message size from any eavesdroppers. SimpleX has several encryption layers, and prior to each encryption the content is padded to a fixed size.
Content padding
Also known as content padding, it is the process of adding data to the beginning or the end of a message prior to encryption. Padding conceals the actual message size from any eavesdroppers. SimpleX has several encryption layers, and prior to each encryption the content is padded to a fixed size.
Decentralized network
Decentralized network is often used to mean "the network based on decentralized blockchain". In its original meaning, decentralized network means that there is no central authority or any other point of centralization in the network, other than network protocols specification. The advantage of decentralized networks is that they are resilient to censorship and to the provider going out of business. The disadvantage is that they are often slower to innovate, and the security may be worse than with the centralized network.
The examples of decentralized networks are email, web, DNS, XMPP, Matrix, BitTorrent, etc. All these examples have a shared global application-level address space. Cryptocurrency blockchains not only have a shared address space, but also a shared state, so they are more centralized than email. Tor network also has a shared global address space, but also a central authority. SimpleX network does not have a shared application-level address space (it relies on the shared transport-level addresses - SMP relay hostnames or IP addresses), and it does not have any central authority or any shared state.
Defense in depth
Originally, it is a military strategy that seeks to delay rather than prevent the advance of an attacker, buying time and causing additional casualties by yielding space.
In information security, defense in depth represents the use of multiple computer security techniques to help mitigate the risk of one component of the defense being compromised or circumvented. An example could be anti-virus software installed on individual workstations when there is already virus protection on the firewalls and servers within the same environment.
SimpleX network applies defense in depth approach to security by having multiple layers for the communication security and privacy:
-
+
- double ratchet algorithm for end-to-end encryption with perfect forward secrecy and post-compromise security,
- additional layer of end-to-end encryption for each messaging queue and another encryption layer of encryption from the server to the recipient inside TLS to prevent correlation by ciphertext,
- TLS with only strong ciphers allowed, @@ -2118,7 +2118,7 @@ window.addEventListener("load", function () {
- mitigation of man-in-the-middle attack on client-client out-of-band channel when sending the invitation,
- rotation of delivery queues to reduce efficiency of traffic analysis,
- etc. -
Address portability
Similarly to phone number portability (the ability of the customer to transfer the service to another provider without changing the number), the address portability means the ability of a communication service customer to change the service provider without changing the service address. Many federated networks support SRV records to provide address portability, but allowing service users to set up their own domains for the addresses is not as commonly supported by the available server and client software as for email.
Federated network
Federated network is provided by several entities that agree upon the standards and operate the network collectively. This allows the users to choose their provider, that will hold their account, their messaging history and contacts, and communicate with other providers' servers on behalf of the user. The examples are email, XMPP, Matrix and Mastodon.
The advantage of that design is that there is no single organization that all users depend on, and the standards are more difficult to change, unless it benefits all users. There are several disadvantages: 1) the innovation is slower, 2) each user account still depends on a single organization, and in most cases can't move to another provider without changing their network address – there is no address portability, 3) the security and privacy are inevitably worse than with the centralized networks.
Anonymous credentials
The credential that allows proving something, e.g. the right to access some resource, without identifying the user. This credential can either be generated by a trusted party or by the user themselves and provided together with the request to create the resource. The first approach creates some centralized dependency in most cases. The second approach does not require any trust - this is used in SimpleX network to authorize access to the messaging queues.
Blockchain
In a wide sense, blockchain means a sequence of blocks of data, where each block contains a cryptographic hash of the previous block, thus providing integrity to the whole chain. Blockchains are used in many communication and information storage systems to provide integrity and immutability of the data. For example, BluRay disks use blockchain. SimpleX messaging queues also use blockchain - each message includes the hash of the previous message, to ensure the integrity – if any message is modified it will be detected by the recipient when the next message is received. Blockchains are a subset of Merkle directed acyclic graphs.
In a more narrow sense, particularly in media, blockchain is used to refer specifically to distributed ledger, where each record also includes the hash of the previous record, but the blocks have to be agreed by the participating peers using some consensus protocol.
Merkle directed acyclic graph
Also known as Merkle DAG, a data structure based on a general graph structure where node contains the cryptographic hashes of the previous nodes that point to it. Merkle trees are a subset of Merkle DAGs - in this case each leaf contains a cryptographic hash of the parent.
This structure by design allows to verify the integrity of the whole structure by computing its hashes and comparing with the hashes included in the nodes, in the same way as with blockchain.
The motivation to use DAG in distributed environments instead of a simpler linear blockchain is to allow concurrent additions, when there is no requirement for a single order of added items. Merkle DAG is used, for example, in IPFS and will be used in decentralized SimpleX groups.
Break-in recovery
Also known as break-in recovery, it is the quality of the end-to-end encryption scheme allowing to recover security against a passive attacker who observes encrypted messages after compromising one (or both) of the parties. Also known as recovery from compromise or break-in recovery. Double-ratchet algorithm has this quality.
Double ratchet algorithm
It is used by two parties to exchange end-to-end encrypted messages. The parties will use some key agreement protocol to agree on the initial shared secret key.
Double Ratchet algorithm provides perfect forward secrecy and post-compromise security. It is designed by Signal, and used in SimpleX Chat and many other secure messengers. Most experts consider it the state-of-the-art encryption protocol in message encryption.
Centralized network
Centralized networks are provided or controlled by a single entity. The examples are Threema, Signal, WhatsApp and Telegram. The advantage of that design is that the provider can innovate faster, and has a centralized approach to security. But the disadvantage is that the provider can change or discontinue the service, and leak, sell or disclose in some other way all users' data, including who they are connected with.
Content padding
Also known as content padding, it is the process of adding data to the beginning or the end of a message prior to encryption. Padding conceals the actual message size from any eavesdroppers. SimpleX has several encryption layers, and prior to each encryption the content is padded to a fixed size.
Decentralized network
Decentralized network is often used to mean "the network based on decentralized blockchain". In its original meaning, decentralized network means that there is no central authority or any other point of centralization in the network, other than network protocols specification. The advantage of decentralized networks is that they are resilient to censorship and to the provider going out of business. The disadvantage is that they are often slower to innovate, and the security may be worse than with the centralized network.
The examples of decentralized networks are email, web, DNS, XMPP, Matrix, BitTorrent, etc. All these examples have a shared global application-level address space. Cryptocurrency blockchains not only have a shared address space, but also a shared state, so they are more centralized than email. Tor network also has a shared global address space, but also a central authority. SimpleX network does not have a shared application-level address space (it relies on the shared transport-level addresses - SMP relay hostnames or IP addresses), and it does not have any central authority or any shared state.
Defense in depth
Originally, it is a military strategy that seeks to delay rather than prevent the advance of an attacker, buying time and causing additional casualties by yielding space.
In information security, defense in depth represents the use of multiple computer security techniques to help mitigate the risk of one component of the defense being compromised or circumvented. An example could be anti-virus software installed on individual workstations when there is already virus protection on the firewalls and servers within the same environment.
SimpleX network applies defense in depth approach to security by having multiple layers for the communication security and privacy:
End-to-end encryption
A communication system where only the communicating parties can read the messages. It is designed to protect message content from any potential eavesdroppers – telecom and Internet providers, malicious actors, and also the provider of the communication service.
End-to-end encryption requires agreeing cryptographic keys between the sender and the recipient in a way that no eavesdroppers can access the agreed keys. See key agreement protocol. This key exchange can be compromised via man-in-the-middle attack, particularly if key exchange happens via the same communication provider and no out-of-band channel is used to verify key exchange.
Forward secrecy
Also known as perfect forward secrecy, it is a feature of a key agreement protocol that ensures that session keys will not be compromised even if long-term secrets used in the session key exchange are compromised. Forward secrecy protects past sessions against future compromises of session or long-term keys.
Post-compromise security
Also known as break-in recovery, it is the quality of the end-to-end encryption scheme allowing to recover security against a passive attacker who observes encrypted messages after compromising one (or both) of the parties. Also known as recovery from compromise or break-in recovery. Double-ratchet algorithm has this quality.
Man-in-the-middle attack
The attack when the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other.
This attack can be used to compromise end-to-end encryption by intercepting public keys during key exchange, substituting them with the attacker's keys, and then intercepting and re-encrypting all messages, without altering their content. With this attack, while the attacker does not change message content, but she can read the messages, while the communicating parties believe the messages are end-to-end encrypted.
Such attack is possible with any system that uses the same channel for key exchange as used to send messages - it includes almost all communication systems except SimpleX, where the initial public key is always passed out-of-band. Even with SimpleX, the attacker may intercept and substitute the key sent via another channel, gaining access to communication. This risk is substantially lower, as attacker does not know in advance which channel will be used to pass the key.
To mitigate such attack the communicating parties must verify the integrity of key exchange - SimpleX and many other messaging apps, e.g. Signal and WhatsApp, have the feature that allows it.
Message padding
Also known as content padding, it is the process of adding data to the beginning or the end of a message prior to encryption. Padding conceals the actual message size from any eavesdroppers. SimpleX has several encryption layers, and prior to each encryption the content is padded to a fixed size.
Key agreement protocol
Also known as key exchange, it is a process of agreeing cryptographic keys between the sender and the recipient(s) of the message. It is required for end-to-end encryption to work.
End-to-end encryption
A communication system where only the communicating parties can read the messages. It is designed to protect message content from any potential eavesdroppers – telecom and Internet providers, malicious actors, and also the provider of the communication service.
Forward secrecy
Also known as perfect forward secrecy, it is a feature of a key agreement protocol that ensures that session keys will not be compromised even if long-term secrets used in the session key exchange are compromised. Forward secrecy protects past sessions against future compromises of session or long-term keys.
Key exchange
Also known as key exchange, it is a process of agreeing cryptographic keys between the sender and the recipient(s) of the message. It is required for end-to-end encryption to work.
Key exchange
Also known as key exchange, it is a process of agreeing cryptographic keys between the sender and the recipient(s) of the message. It is required for end-to-end encryption to work.
MITM attack
The attack when the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other.
MITM attack
The attack when the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other.
This attack can be used to compromise end-to-end encryption by intercepting public keys during key exchange, substituting them with the attacker's keys, and then intercepting and re-encrypting all messages, without altering their content. With this attack, while the attacker does not change message content, but she can read the messages, while the communicating parties believe the messages are end-to-end encrypted.
Such attack is possible with any system that uses the same channel for key exchange as used to send messages - it includes almost all communication systems except SimpleX, where the initial public key is always passed out-of-band. Even with SimpleX, the attacker may intercept and substitute the key sent via another channel, gaining access to communication. This risk is substantially lower, as attacker does not know in advance which channel will be used to pass the key.
To mitigate such attack the communicating parties must verify the integrity of key exchange - SimpleX and many other messaging apps, e.g. Signal and WhatsApp, have the feature that allows it.
Non-repudiation
Onion routing
A technique for anonymous communication over a computer network that uses multiple layers of message encryption, analogous to the layers of an onion. The encrypted data is transmitted through a series of network nodes called "onion routers," each of which "peels" away a single layer, revealing the data's next destination. The sender remains anonymous because each intermediary knows only the location of the immediately preceding and following nodes.
The most widely used onion network is Tor.
Some elements of SimpleX network use similar ideas in their design - different addresses for the same resource used by different parties, and additional encryption layers. Currently though, SimpleX messaging protocol does not protect sender network address, as the relay server is chosen by the recipient. The delivery relays chosen by sender that are planned for the future would make SimpleX design closer to onion routing.
Overlay network
Nodes in the overlay network can be thought of as being connected by virtual or logical links, each of which corresponds to a path, perhaps through many physical links, in the underlying network. Tor, for example, is an overlay network on top of IP network, which in its turn is also an overlay network over some underlying physical network.
Overlay network
Nodes in the overlay network can be thought of as being connected by virtual or logical links, each of which corresponds to a path, perhaps through many physical links, in the underlying network. Tor, for example, is an overlay network on top of IP network, which in its turn is also an overlay network over some underlying physical network.
SimpleX Clients also form a network using SMP relays and IP or some other overlay network (e.g., Tor), to communicate with each other. SMP relays, on another hand, do not form a network.
Non-repudiation
The property of the cryptographic or communication system that allows the recipient of the message to prove to any third party that the sender identified by some cryptographic key sent the message. It is the opposite to repudiation. While in some context non-repudiation may be desirable (e.g., for contractually binding messages), in the context of private communications it may be undesirable.
Repudiation
The property of the cryptographic or communication system that allows the sender of the message to plausibly deny having sent the message, because while the recipient can verify that the message was sent by the sender, they cannot prove it to any third party - the recipient has a technical ability to forge the same encrypted message. This is an important quality of private communications, as it allows to have the conversation that can later be denied, similarly to having a private face-to-face conversation.
See also non-repudiation.
Pairwise pseudonymous identifier
Generalizing the definition from NIST Digital Identity Guidelines, it is an opaque unguessable identifier generated by a service used to access a resource by only one party.
In the context of SimpleX network, these are the identifiers generated by SMP relays to access anonymous messaging queues, with a separate identifier (and access credential) for each accessing party: recipient, sender and and optional notifications subscriber. The same approach is used by XFTP relays to access file chunks, with separate identifiers (and access credentials) for sender and each recipient.
Peer-to-peer
Peer-to-peer (P2P) is the network architecture when participants have equal rights and communicate directly via a general purpose transport or overlay network. Unlike client-server architecture, all peers in a P2P network both provide and consume the resources. In the context of messaging, P2P architecture usually means that the messages are sent between peers, without user accounts or messages being stored on any servers. Examples are Tox, Briar, Cwtch and many others.
The advantage is that the participants do not depend on any servers. There are multiple downsides to that architecture, such as no asynchronous message delivery, the need for network-wide peer addresses, possibility of network-wide attacks, that are usually mitigated only by using a centralized authority. These disadvantages are avoided with proxied P2P architecture.
Proxied peer-to-peer
Network topology of the communication system when peers communicate via proxies that do not form the network themselves. Such design is used in Pond, that has a fixed home server for each user, and in SimpleX, that uses multiple relays providing temporary connections.
Perfect forward secrecy
Also known as perfect forward secrecy, it is a feature of a key agreement protocol that ensures that session keys will not be compromised even if long-term secrets used in the session key exchange are compromised. Forward secrecy protects past sessions against future compromises of session or long-term keys.
Post-quantum cryptography
Any of the proposed cryptographic systems or algorithms that are thought to be secure against an attack by a quantum computer. It appears that as of 2023 there is no system or algorithm that is proven to be secure against such attacks, or even to be secure against attacks by massively parallel conventional computers, so a general recommendation is to use post-quantum cryptographic systems in combination with the traditional cryptographic systems.
Recovery from compromise
Also known as break-in recovery, it is the quality of the end-to-end encryption scheme allowing to recover security against a passive attacker who observes encrypted messages after compromising one (or both) of the parties. Also known as recovery from compromise or break-in recovery. Double-ratchet algorithm has this quality.
User identity
In a communication system it refers to anything that uniquely identifies the users to the network. Depending on the communication network, it can be a phone number, email address, username, public key or a random opaque identifier. Most messaging networks rely on some form of user identity. SimpleX appears to be the only messaging network that does not rely on any kind of user identity - see this comparison.