Published: Oct 22, 2020
-https://simplex.chat
-I'd really appreciate your feedback, criticism and suggestions on the open-source idea I was slowly working on since early 2020. I recently made the demo server for the low-level message queue protocol ("simplex messaging protocol") and the website to try to explain the chat idea that would use this protocol.
-Haskell protocol implementation: https://github.com/simplex-chat/simplexmq
-In short, the protocol defines a minimalist set of commands and server responses (just 7 commands and 5 responses sent over TCP) to operate encrypted message queues with in-memory persistence - the implementation uses STM.
-If anything, it was definitely helping to get to know Haskell types etc. much deeper than before :)
-Any criticism would be great - thank you in advance!
-Originally published at https://www.reddit.com/r/haskell/comments/jg6uh4/simplex_chat/
diff --git a/blog/20210512-simplex-chat-terminal-ui/index.html b/blog/20210512-simplex-chat-terminal-ui/index.html deleted file mode 100644 index 893d878d2d..0000000000 --- a/blog/20210512-simplex-chat-terminal-ui/index.html +++ /dev/null @@ -1,18 +0,0 @@ -Published: May 12, 2021
-For the last six months me and my son Efim have been working to bring you a working prototype of SimpleX Chat. We're excited to announce SimpleX Chat terminal client is now available here on Linux, Windows and Mac (you can either build from source or download the binary for Linux, Windows or Mac from the latest release).
-We’ve been using the terminal client between us and a few other people for a couple of months now, eating our own “dog food”, and have developed up to version 0.3.1, with most of the messaging protocol features we originally planned
-We're building a new kind of chat network - the only network that lets you control your chat. We'd really appreciate your feedback, criticism and support - a star on the github repo, signing up to the mailing list or any contribution to the project will help. There is so much more to do!
-Originally published at https://www.reddit.com/r/haskell/comments/naw6lz/simplex_chat_prototype_terminal_ui_made_in_haskell/
diff --git a/blog/20210914-simplex-chat-v0.4-released/index.html b/blog/20210914-simplex-chat-v0.4-released/index.html deleted file mode 100644 index c111f21a67..0000000000 --- a/blog/20210914-simplex-chat-v0.4-released/index.html +++ /dev/null @@ -1,22 +0,0 @@ -Published: Sep 14, 2021
-We are building a new platform for distributed Internet applications where privacy of the messages and the network matter. SimpleX Chat is our first application, a chat application built on the SimpleX platform that serves as an example of the power of the platform and as a reference application.
-We recognised that there is currently no messaging application which respects user privacy and guarantees metadata privacy -- in other words, messages could be private, but a third party can always see who is communicating with whom by examining a central service and the connection graph. SimpleX, at it's core, is designed to be truly distributed with no central server. This allows for enormous scalability at low cost, and also makes it virtually impossible to snoop on the network graph.
-The first application built on the platform is Simplex Chat, which for now is terminal (command line) based with mobile apps in the pipeline. The platform can easily support a private social network feed and a multitude of other services, which can be developed by the Simplex team or third party developers.
-We're exicted to announce that SimpleX Chat now supports group chat and file transfer!
-To create a group use the /g <group> command. You can then invite contacts to the group by entering the /a <group> <name> command. Your contact(s) will need to use the /j accept command to accept the invitation to the group. To send messages to the group, simply enter #<group> <message>.
Please note: Groups are not stored on any server; they are maintained as a list of members in the app database. Sending a message to the group sends a message to each member of the group.
-
Sharing files is simple! To send a file to a contact, use the /f @<contact> <file_path> command. The recipient will have to accept before the file is sent.
We'd really appreciate your comments, criticism and support - a star on the GitHub repo, downloading and testing the chat or any contribution to the project will help a lot – thank you for all your support!
-Please note: SimpleX Chat is in early stage development: we are still iterating protocols, improving privacy and security, so if you have communication scenarios requiring high security, you should consider some other options for now.
-Our goal is to create a new kind of chat platform that lets you control your chat!
-Originally published at https://www.reddit.com/r/selfhosted/comments/poal79/simplex_chat_an_opensource_decentralized_chat/
diff --git a/blog/20211208-simplex-chat-v0.5-released/index.html b/blog/20211208-simplex-chat-v0.5-released/index.html deleted file mode 100644 index 729505f81d..0000000000 --- a/blog/20211208-simplex-chat-v0.5-released/index.html +++ /dev/null @@ -1,17 +0,0 @@ -Published: Dec 08, 2021
-We are building a new platform for distributed Internet applications where privacy of the messages and the network matter. SimpleX Chat is our first application, a chat application built on the SimpleX platform that serves as an example of the power of the platform and as a reference application.
-We recognised that there is currently no messaging application which respects user privacy and guarantees metadata privacy -- in other words, messages could be private, but a third party can always see who is communicating with whom by examining a central service and the connection graph. SimpleX, at it's core, is designed to be truly distributed with no central server. This allows for enormous scalability at low cost, and also makes it virtually impossible to snoop on the network graph.
-The first application built on the platform is Simplex Chat, which for now is terminal (command line) based with mobile apps in the pipeline. The platform can easily support a private social network feed and a multitude of other services, which can be developed by the Simplex team or third party developers.
-Users can now create long-term chat addresses that they can share with many people (e.g. in email signature, or online), so that any chat user can send them a connection request.
-This is an ALPHA feature, and we have not yet added any protection against spam contact requests. However, if the address you created starts receiving spam connection requests, you can simply delete it without losing any of your accepted connections and create another address - as many times as you like!
-We'd really appreciate your comments, criticism and support - a star on the GitHub repo, downloading and testing the chat or any contribution to the project will help a lot – thank you for all your support!
-Please note: SimpleX Chat is in early stage development: we are still iterating protocols, improving privacy and security, so if you have communication scenarios requiring high security, you should consider some other options for now.
-Our goal is to create a new kind of chat platform that lets you control your chat!
-Originally published at https://www.reddit.com/r/haskell/comments/rc0xkn/simplex_chat_the_first_chat_platform_that_is_100/
diff --git a/blog/20220112-simplex-chat-v1-released/index.html b/blog/20220112-simplex-chat-v1-released/index.html deleted file mode 100644 index f37be02840..0000000000 --- a/blog/20220112-simplex-chat-v1-released/index.html +++ /dev/null @@ -1,30 +0,0 @@ -Published: Jan 12, 2022
-We are building a new platform for distributed Internet applications where privacy of the messages and the network matter. SimpleX Chat is our first application, a messaging application built on the SimpleX platform.
-There is currently no messaging application which respects user privacy and guarantees metadata privacy - in other words, messages could be private, but a third party can always see who is communicating with whom by examining a central service and the connection graph. SimpleX, at it's core, is designed to be truly distributed with no central server. This allows for enormous scalability at low cost, and also makes it virtually impossible to snoop on the network graph.
-The first application built on the platform is Simplex Chat, which for now is terminal (command line) based with mobile apps in the pipeline. The platform can easily support a private social network feed and a multitude of other services, which can be developed by the Simplex team or third party developers.
-All releases from v1 onwards will be forwards and backwards compatible.
-SimpleX Chat v1 now uses:
-SimpleX now uses ephemeral Ed448 keys to sign and verify client commands to the servers. As before, these keys are different per message queue and do not represent a user's identity.
-Instead of ad-hoc encrypted transport we now use TLS 1.2+ limited to the most performant and secure cipher with forward secrecy (ECDHE-ECDSA-CHACHA20POLY1305-SHA256), Curve448 groups and Ed448 keys.
-Server identity is validated as part of TLS handshake - the fingerprint of offline server certificate is used as a permanent server identity which is included in server address, to protect against MITM attacks between clients and servers.
-SimpleX also uses tls-unique channel binding in each signed client command to the server to protect against replay attacks.
-We switched from inefficient text-based low level protocol encodings, that simplified early development, to space and performance efficient binary encodings, reducing protocol overhead from circa 15% to 3.7% of transmitted application message size.
-Further details on platform objectives and technical design are available here.
-SimpleX Chat client can be used in the terminal on all major desktop platforms (Windows/Mac/Linux) and also on Android devices with Termux.
-SimpleX also allows people to host their own servers and own their own chat data. SimpleX servers are exceptionally lightweight and require a single process with the initial memory footprint of under 20 Mb, which grows as the server adds in-memory queues (even with 10,000 queues it uses less than 50Mb, not accounting for messages).
-We look forward to your feedback and suggestions - via GitHub issues or via SimpleX Chat - you can connect to the team with /simplex command once you run the chat.
Published: Feb 14, 2022
-Our new iPhone app is very basic - right now it only supports text messages and emojis.
-Even though the app is new, it uses the same core code as our terminal app, that was used and stabilized over a long time, and it provides the same level of privacy and security that has been available since the release of v1 a month ago:
-You can read more details in our recent v1 announcement.
-Install the app via TestFlight, connect to us (via Connect to SimpleX team link in the app) and to a couple of your friends you usually send messages to - and please let us know what you think!
-We would really appreciate any feedback to improve the app and to decide which additional features should be included in our public release in March.
-Should it be:
-Please vote on the features you think are the most needed in our app roadmap.
-We are building a new platform for distributed Internet applications where privacy of the messages and the network matter.
-We aim to provide the best possible protection of messages and metadata. Today there is no messaging application that works without global user identities, so we believe we provide better metadata privacy than alternatives. SimpleX is designed to be truly distributed with no central server, and without any global user identities. This allows for high scalability at low cost, and also makes it virtually impossible to snoop on the network graph.
-The first application built on the platform is Simplex Chat, which is available for terminal (command line in Windows/Mac/Linux) and as iOS public beta - with Android app coming in a few weeks. The platform can easily support a private social network feed and a multitude of other services, which can be developed by the Simplex team or third party developers.
-SimpleX also allows people to host their own servers to have control of their chat data. SimpleX servers are exceptionally lightweight and require a single process with the initial memory footprint of under 20 Mb, which grows as the server adds in-memory queues (even with 10,000 queues it uses less than 50Mb, not accounting for messages). It should be considered though that while self-hosting the servers provides more control, it may reduce meta-data privacy, as it is easier to correlate the traffic of servers with small number of messages coming through.
-Further details on platform objectives and technical design are available in SimpleX platform overview.
diff --git a/blog/20220308-simplex-chat-mobile-apps/index.html b/blog/20220308-simplex-chat-mobile-apps/index.html deleted file mode 100644 index e7b35aa909..0000000000 --- a/blog/20220308-simplex-chat-mobile-apps/index.html +++ /dev/null @@ -1,46 +0,0 @@ -Published: March 8, 2022
-We have now released iPhone and Android apps to Apple AppStore and Google Play Store, APK for Android is also available for direct download.
-Please note: the current version is only supported on iPhone 8+ and on Android 10+ - we are planning to add support for iPad and older devices very soon, and we will announce it on our Reddit and Twitter channels - please subscribe to follow our updates there.
-We are building a new platform for distributed Internet applications where privacy of the messages and the network matter.
-We aim to provide the best possible protection of messages and metadata. Today there is no messaging application that works without global user identities, so we believe we provide better metadata privacy than alternatives. SimpleX is designed to be truly distributed with no central server, and without any global user identities. This allows for high scalability at low cost, and also makes it virtually impossible to snoop on the network graph.
-The first application built on the platform is Simplex Chat. The platform can easily support a private social network feed and a multitude of other services, which can be developed by the Simplex team or third party developers.
-Further details on platform objectives and technical design are available in SimpleX platform overview.
-Evgeny (SimpleX Chat founder): I have been working on this platform for a long time to provide a place where all people can communicate freely with each other, without fear of persecution because of what they said and who they are connected with. Not sharing information about your connections is very important, particularly for people living in oppressive regimes. Because of the terrible conflict between Russia and Ukraine, people of both countries – I have friends and family there – could be at risk when sharing their opinions or just from being connected to people who were prosecuted. Every messenger app that knows who you are can end up sharing all of your connections with undesirable third parties, either as a result of a court order or as a result of attack - so even Signal, which has strong encryption, cannot protect your connection graph. I hope our messenger can help people living in the oppressive regimes to express their opinions without fear and risk of prosecution.
-Thanks a lot to everybody who helped testing and improving the apps!
-If you have a TestFlight version installed you can continue using it.
-We plan to keep it as stable as we can, and it will give you access to all new features 1-2 weeks earlier - it's limited to 10,000 users, so you can grab it while it's available. You can still communicate with people who use a public version – we are committed to maintaining backwards compatibility.
-You can always migrate from a public App Store version to a TestFlight version. The opposite migration - from TestFlight to public version - is only possible when we have the same app versions released, as there are usually some database migrations that cannot be reversed. To migrate to public version you have to disable automatic updates on TestFlight, wait until public version catches up and then install it from App Store. In any case, it is safe installing the public version, but it might crash if you have a newer version from TestFlight - in this case you just need to re-install the app from TestFlight and install App Store version a bit later - you would not lose any of your data.
-The apps use the same core code as our terminal app, that was used and stabilized over a long time, and it provides the same level of privacy and security that has been available since the release of v1 earlier this year:
-You can read more technical details in our recent v1 announcement.
-A big thank you to @angerman for making it possible to compile our Haskell code to mobile platforms and getting it approved on app stores - it has been a non-trivial project, and it is still ongoing.
-Once you install the app, you can connect to anybody:
-Please let us know what else you think is important and if you find any bugs.
diff --git a/blog/20220404-simplex-chat-instant-notifications/index.html b/blog/20220404-simplex-chat-instant-notifications/index.html deleted file mode 100644 index 3d672d1ebf..0000000000 --- a/blog/20220404-simplex-chat-instant-notifications/index.html +++ /dev/null @@ -1,87 +0,0 @@ -Published: April 04, 2022
-Since we released SimpleX Chat mobile apps couple of weeks ago we've had a lot of excitement from our users - nearly 2000 people downloaded the app after the announcement!
-Huge thanks to everybody who downloaded and connected to us via the chat - there were many great questions and suggestions, and on some days I spent most of the time chatting to our users :)
-Since we released the app, we've added and released:
-Once you install the app, you can connect to anybody:
-See demo video that shows how two users connect and send the first messages.
-We are building SimpleX Chat because we believe that privacy is a fundamental human right, and that protecting our personal network of contacts is even more important than the content of the messages - sharing this network can lead to various adverse consequences, from manipulating us into buying goods we don't need, manipulating election processes, and in some cases, prosecuting innocent people. For example, Mohamedou Ould Salahi was detained in Guantanamo prison for 15 years after a single "wrong" phone call. His story is told in his memoir and in The Mauritanian movie.
-Our first users realized that what we take for granted in messaging apps - instant message notifications - is missing in our first release of SimpleX Chat apps. Quite a few people thought that it was a bug, rather than a missing feature. Sorry to disappoint!
-SimpleX Chat is the first and the only messenger we know of that operates without user identities of any kind. There are no phone numbers, emails, usernames, public keys, or any other addresses or identifiers to uniquely identify the users to the network or servers. That is why we say it is 100% private by design, and fundamentally different than other chat platforms.
-Instead, SimpleX Chat assigns these identifiers to unidirectional message queues. What looks to SimpleX Chat users like contacts and groups [1], to SimpleX servers looks like an unorganized and unrelated collection of unidirectional message queues. Our servers do not know which queues belong to which users, contacts or groups. Even a single conversation can happen via two different servers (one for sent and another for received messages). This makes our personal network of contacts invisible to the servers.
-But it also creates a problem for instant notifications - all push notification services require having a device token.
-So, how can we operate without identities and still have instant notifications?
-[1] yes, we have groups in our terminal app, and the UI to manage them is coming to mobile apps soon. Some users have already firgured out how to create groups via chat console.
-After some research into how push notifications work on Android, and open-source alternatives to Google push notifications, we discovered how to avoid sharing device tokens with any servers.
-We have implemented message reception as a background service (in Android terminology, a "foreground service" showing a notification icon when the service is running) following the same design as ntfy.sh created by Philipp Heckel, who, in turn, credits the design to the blog post by Roberto Huertas. Big thanks to them!
-How does it work? When the app is first started on an Android device, it starts the background service that keeps the TCP connections to the messaging servers open with almost no traffic (only doing periodic checks that connections still exist). It consumes only a few percents of battery per day, depending on how stable your internet connection is, and delivers message notifications as soon as messages arrive.
-This service continues running when the app is switched off, and it is restarted when the device is restarted even if you don't open the app - so the message notifications arrive instantly every time. To maximize battery life, it can be turned off by switching off "Private notifications". You will still receive notifications while the app is running or in the background.
-So, for Android we can now deliver instant message notifications without compromising users' privacy in any way. The app version 1.5 that includes private instant notifications is now available on Play Store, in our F-Droid repo and via direct APK downloads!
-Please let us what needs to be improved - it's only the first version of instant notifications for Android!
-iOS is much more protective of what apps are allowed to run on the devices, and the solution that worked on Android is not viable on iOS.
-We already have background refresh in the iOS app that periodically checks for new messages, and if you use the app every day it delivers notifications within 10 or 20 minutes. It is not instant, but it may be usable for some. If you use the app infrequently, however, this delay can become several hours, or your phone may stop checking for the new messages completely. This is not ideal!
-The only solution known to us is using Apple's push notifications service (APN) to deliver push notifications.
-We planned for it, so we added to v1 of SMP (the protocol used by our servers) an extension allowing the client to subscribe to notifications from message queues, via separate queue addresses, and using separate cryptographic keys for each queue. This has to be enabled by the client for each queue separately. We haven't used this extension so far, and now we are building a SimpleX notification service based on it.
-If the user enables push notifications, then for each contact the app would enable a notification subscription and pass credentials to the notification server together with the device token required to deliver push notifications to user's device.
-The notification server will subscribe to these notifications from SMP servers. The notifications do not include any message content, only the signal that a message has arrived to the server. Notification server is only allowed to send 2-3 hidden notifications per hour to the device. The notification is end-to-end encrypted and contains information about which server has a message, so that the client can connect to the server, retrieve and decrypt the message, and show the notification to the users including sender name and the message content. None of this information is shared with any server.
-If the user receives more than 2-3 messages per hour, the notification server can send additional visible notifications that would simply say "you have a new message", and the user will have to open the app to receive and see these messages. We are also investigating whether we can use "mutable-content" notifications that allow doing some processing when the notification arrives before showing it to the users.
-It is a substantial amount of development, we are aiming to release it later this month.
-This design is a compromise between privacy and convenience. The notification server will have to have a device token to deliver notifications. Several things we did (or plan to do) to improve this compromise:
-So, with the notification servers added, our network design will look like this:
- User's iOS device Internet Servers
---------------------- | ------------------------ | -------------------------
- | |
- | | (can be self-hosted now)
-+--------------+ | | +----------------+
-| SimpleX Chat | -------------- TLS --------------- | SimpleX |
-| client |------> SimpleX Messaging Protocol (SMP) ---> | Messaging |
-+--------------+ ---------------------------------- | Server |
- ^ | | | +----------------+
- | | | | | |
- | | | | | S | T
- | | | | | M | L
- | | | | | P | S
- | | | | | |
- | | | | +----------------+ +----------------+
- | | -------------- TLS --------------- | SimpleX | | SimpleX |
- | |-----------> Notifications management ----> | Notifications | ----> | Push |
- | ---------------------------------- | Subscriber | | Server |
- | | | +----------------+ +----------------+
- | | | (can be self-hosted |
- | | | in the future) |
- | | | V
- | -------------- TLS --------------- +-----------------+
- |----------------- Notification delivery <----------------------------- | Apple PN server |
- ---------------------------------- +-----------------+
- | |
-Please let us know what you think about this design and about this privacy / usability trade-off:
-Thank you!
diff --git a/blog/20220511-simplex-chat-v2-images-files/index.html b/blog/20220511-simplex-chat-v2-images-files/index.html deleted file mode 100644 index a84e02aa80..0000000000 --- a/blog/20220511-simplex-chat-v2-images-files/index.html +++ /dev/null @@ -1,22 +0,0 @@ -Published: May 11, 2022
-To send image and files SimpleX Chat uses privacy-preserving system components, both in iOS and Android apps. We do not ask for permission to access multiple or selected files, as, for example, Signal and Telegram do - it compromises either privacy or convenience.
-How does it work? The gallery and files are accessed from a system provided dialogue that runs in a separate process, and provides a temporary URI to access only one file selected by the user, only until the app is restarted.
-To make file and images work for mobile apps we made a breaking change in SimpleX Chat core. The current version can exchange files with the previous version 1.6 of the terminal app, but not with the version before that.
-In the mobile app, to send and receive files both devices must have version 2.0 installed - so please check it with your contacts. Receiving images works in the previous version, so even if your contacts did not yet upgrade the app, they should be able to receive the images.
-To protect identities of users and their connections, SimpleX Chat has no user identifiers visible to the network – unlike any other messaging platform.
-Many people asked: if SimpleX has no user identifiers, how can it deliver messages?
-To deliver mesages, instead of user IDs used by all other platforms, SimpleX has identifiers for message queues, separate for each of your contacts. In the current version of the protocol each queue is used until the contact is deleted. Later this year we plan to add queue rotation to the client protocol, so that even conversations don't have long term identifiers visible to the network. This design prevents leaking any users metadata on the application level.
-You define which server(s) to use to receive the messages, your contacts – the servers you use to send the messages to them. It means that every conversation is likely to use two different servers - one for each message direction.
-Only client devices store user profiles, contacts, groups, and messages sent with 2-layer end-to-end encryption.
-Read more in SimpleX whitepaper.
-Once you install the app, you can connect to anybody:
-
diff --git a/blog/20220524-simplex-chat-better-privacy/index.html b/blog/20220524-simplex-chat-better-privacy/index.html
deleted file mode 100644
index 6173449414..0000000000
--- a/blog/20220524-simplex-chat-better-privacy/index.html
+++ /dev/null
@@ -1,9 +0,0 @@
-Published: May 24, 2022
-In this version you can irreversibly delete individual messages after they were deleted by a sender, and also completely clear the conversation.
-The only way to do it before this version was by deleting the contact, now you can keep the connection when you clear the conversation.
-
See v1 announcement for information on how SimpleX protects the security of the messages.
-See v2 announcement for more information about SimpleX platform and how it works.
-Read about SimpleX design in whitepaper.
diff --git a/blog/20220604-simplex-chat-new-privacy-security-settings/index.html b/blog/20220604-simplex-chat-new-privacy-security-settings/index.html deleted file mode 100644 index fa5eea8cf1..0000000000 --- a/blog/20220604-simplex-chat-new-privacy-security-settings/index.html +++ /dev/null @@ -1,27 +0,0 @@ -Published: June 4, 2022
-See v2 announcement for more information about SimpleX platform and how it protects your privacy by avoiding user identities of any kind in its design - SimpleX, unlike any other messaging platfom, has no identity keys or any numbers that identify its users.
-
-To protect your chats you can enable SimpleX Lock. Every time you open the chat after it was in the background for 30 second, you will need to pass biometric or pin code authentication to use the app (provided it is enabled for your device).
-In case you want to save your mobile data or to avoid showing to your contacts that you are online, you can disable automatic image downloads. For many users it is more convenient to have images downloaded automatically, so it is enabled by default.
-Low resolution image previews would still be shown, the senders have no way to see if you received them or not.
-When you receive the links that include link previews, it is fully private - these previews are generated by the sender, and they do not expose your IP address in any way.
-When you send the links, the app automatically downloads the link description and the picture from the website of the link. While it is convenient, it exposes your IP address to the website. To avoid it you can disable sending link previews.
-The app tracks the integrity of the messages you receive by cheching their sequential numbers and by validating that the hash of the previous message matches the hash included in the message – each conversation, effectively, is two blockchains that only you and your contact have access to.
-In case some of the messages are lost, you would see it in the chat. It can happen because of one the following reasons:
-You can discover additional features we are currently testing in Experimental Features - they will be announced later!
-See v1 announcement for information on how SimpleX protects the security of the messages.
-Read about SimpleX design in whitepaper.
diff --git a/blog/20220711-simplex-chat-v3-released-ios-notifications-audio-video-calls-database-export-import-protocol-improvements/index.html b/blog/20220711-simplex-chat-v3-released-ios-notifications-audio-video-calls-database-export-import-protocol-improvements/index.html deleted file mode 100644 index 483d40c917..0000000000 --- a/blog/20220711-simplex-chat-v3-released-ios-notifications-audio-video-calls-database-export-import-protocol-improvements/index.html +++ /dev/null @@ -1,60 +0,0 @@ -Published: Jul 11, 2022
-I wrote previously about our design for iOS notifications - this is now released. The app will offer to migrate the database when updated, and then you need to choose notifications mode – instant or periodic push notifications, or previously available periodic background refresh that does not use push notifications.
-To deliver the notifications to iOS devices we use our notification server, as there is a single private key that Apple issues for the app. This server has minimal amount of information about your chat activity:
-
-Please note: for periodic notifications to work the app has to be in the background - if the app is completely stopped (removed from the recent apps), it will not check the new messages and you will not receive notifications. Instant notifications work even when the app is completely stopped.
-You can now call your contacts via WebRTC, connecting via SimpleX Chat relay servers or peer-to-peer, and in the near future you will be able to configure your own STUN/TURN servers used to establish the connection. The calls are end-to-end encrypted - the key is negotiated via the connection you already have with your contact in the chat, that is also used as a signalling layer for WebRTC - in most cases only three messages in total have to be sent by your and your contact's clients for the call to start, including the initial call invitation.
-
-The calls are still quite limited, especially on iOS, - for example, you cannot continue the call while the app is in the background.
-Quite a few users asked - how can I move my chat profile to a new device? SimpleX Chat v3 has a solution for that - you can now export chat database from one device and import it into another - even to another platform, e.g. you can move chat database from Android phone to iOS or to the terminal (console) client.
-
-Some important limitations:
-This feature can be useful in some other scenarios:
-Adding push notifications for iOS required SimpleX Messaging Protocol changes. We managed not just to keep the same level of meta-data privacy from passive observers, but to improve it - now all message meta-data that is passed from the server to the recipient is included into the same encrypted envelope as the message itself - as before, there is no identifiers or ciphertext in common inside TLS traffic between received and sent traffic of the server, and now there is no message timestamp inside TLS as well.
-We also improved the protocol flow for establishing bidirectional connection between two users - it is substantially faster now, consuming much less network traffic and battery. It improves the time it takes to connect to your contacts and to start delivering images and files.
-All these changes did not affect backward compatibility - if your contact has the previous version of the client, or you are connecting to a previous version of the server, the previous version of the protocol will be used - SimpleX has independent version negotiation in 4 protocol layers since v1, allowing us to evolve the protocols without any disruption to the users.
-We are building a new platform for distributed Internet applications where privacy of the messages and the network matter. SimpleX Chat is our first application, a messaging application built on the SimpleX platform.
-To protect identities of users and their connections, SimpleX Chat has no user identifiers visible to the servers and the network – unlike any other messaging platform. Not only SimpleX doesn't use phone numbers or emails, as Signal and many other platforms, it also does not have any persistent identifiers to identify users - unlike many other messengers considered private - Session, Cwtch, Ricochet, Briar, Jami, etc., - all these platforms have global user identifiers, uniquely identifying their users and creating the risks of de-anonymising the users.
-When each user has a unique identifier on the platform, even if this is just a random number, e.g. as a Session ID, it creates risks that whoever gains access to the platform data can observe how the users are connected and how many messages are transmitted between them, and then correlate this information with the existing public social networks, determining the real identities of some users. Even with the most private messengers built on top of Tor network, having a persistent identity means that if you talk to two different users via the same profile they can prove that they communicate with the same person, as they would use the same address to send messages.
-SimpleX platform avoids these risks by not having any user identity in its design - so even if you talk to two different people from the same chat profile, they would not be able to prove they are talking to the same person - only that user profiles look the same. And we are planning to add a feature allowing to have a different display name for each contact you connect to - quite a few users asked for it.
-Many people asked: if SimpleX has no user identifiers, how can it deliver messages?
-I wrote about it in v2 release announcement and you can get more information about SimpleX platform objectives and technical design in the whitepaper.
-I will get straight to the point: I ask you to support SimpleX Chat with donations.
-We are prioritizing users privacy and security - it would be impossible without your support we were lucky to have so far.
-We are planning a 3rd party security audit for the app, and it would hugely help us if some part of this $20000+ expense could be covered with donations.
-Our pledge to our users is that SimpleX protocols are and will remain open, and in public domain, - so anybody can build the future implementations for the clients and the servers. We are building SimpleX platform based on the same principles as email and web, but much more private and secure.
-If you are already using SimpleX Chat, or plan to use it in the future when it has more features, please consider making a donation - it will help us to raise more funds. Donating any amount, even the price of the cup of coffee, would make a huge difference for us.
-It is possible to donate via GitHub, which is commission-free for us, or via OpenCollective, that also accepts donations in crypto-currencies, but charges a commission.
-Thank you,
-Evgeny
-SimpleX Chat founder
diff --git a/blog/20220723-simplex-chat-v3.1-tor-groups-efficiency/index.html b/blog/20220723-simplex-chat-v3.1-tor-groups-efficiency/index.html deleted file mode 100644 index 89d8e329d1..0000000000 --- a/blog/20220723-simplex-chat-v3.1-tor-groups-efficiency/index.html +++ /dev/null @@ -1,77 +0,0 @@ -Published: Jul 23, 2022
-
-While SMP protocol is focussed on protecting application-level meta-data by using pairwise connection identifiers instead of user identifiers (that are used by all other messaging platforms), there are scenarios when it is important for the users to protect their IP addresses from the servers - quite a few users have been somewhat disappointed that we didn't add it earlier.
-This release of terminal app supports accessing the servers via Tor, but the servers themselves are still available on their usual addresses. We are planning to add .onion addresses (v3 hidden service) to all messaging servers we provide, and the users who self-host the servers will also be able to have dual servers addresses - so that one party in the conversation can access the servers via .onion address without necessarily requiring that the other party uses Tor as well.
-To access SimpleX servers via Tor you need to install Tor proxy and run simplex-chat with -x option. See terminal app docs for more information.
As this is a beta release, to install it you need to use this command:
-curl -o- https://raw.githubusercontent.com/simplex-chat/simplex-chat/stable/install.sh | sh -s -- v3.1.0-beta.0
-
Groups have been supported by SimpleX Chat core for a very long time, but there was no user interface in the mobile apps to use them - users had to use chat console to create groups, add members, and accept invitations.
-This release allows accepting the invitations to join groups via mobile apps UI, making it much easier to create groups - only one user (a group owner) needs to use chat console, while all other groups members just need to tap a button in the UI to join or leave the group. Full group UI is coming in v3.1 in 1-2 weeks, but you can already start using groups today by installing beta-versions of mobile apps via TestFlight, Google PlayStore Beta and APK download.
-To manage groups via terminal app or via chat console in the mobile apps you have to use these commands:
-/g <group_name> [<description>]/a <group_name> <contact_name> [owner/admin/member]/rm <group_name> <contact_name>Accepting group invitations, leaving and deleting groups no longer requires using console commands.
-To reduce battery and traffic usage this release updated SMP protocol to allow batching multiple server commands (up to 90!) into one traffic block – provided both the server and the client are upgraded. It means that if you have 90 contacts (or group members) on one server, to subscribe to all messaging queues you now need to send only one 16kb block instead of ~1.5Mb of traffic (90 blocks). It also hides how many contacts you have from any attackers who observe your network.
-You might notice that sending commands to multiple queues in one block would allow the server to correlate that all these queues belong to the same user, even though the current server implementation we use does not do it. But even without batching, as the commands are sent via the same TCP connection, this correlation was already possible, so compared with the previous version it has no downsides.
-To mitigate the risk of servers correlating your messaging queues we will soon add an option to access each queue via a separate TCP connection, which will have to be used together with access via Tor (as otherwise the servers would still see the same IP address). While it will increase battery and traffic consumption, it will also provide the highest level of privacy.
-When we released SimpleX Chat v3 two weeks ago many users wanted to host messaging servers in docker containers. So, we are now offering two versions of docker configurations:
-Let us know how it works for you!
-We are building a new platform for distributed Internet applications where privacy of the messages and the network matter. SimpleX Chat is our first application, a messaging application built on the SimpleX platform.
-To protect identities of users and their connections, instead of user identifiers visible to the servers and/or the network (that are used by all other messaging platforms), SimpleX Chat uses pairwise identifiers of connections between the users – there are two queues in each connection, each queue having 2 different identifiers to send and to receive the messages. It increases the number of used identifiers to the square of the number of users, making it more difficult (or impossible) to determine who is talking to whom. I wrote previously why it is bad for the users' privacy to have any identifiers, even random numbers, associated with their profiles.
-I wrote about it in v2 release announcement and you can get more information about SimpleX platform objectives and technical design in the whitepaper.
-SimpleX design follows "defence in depth" security principles having multiple overlapping defensive mechanisms to protect users privacy and security:
-What we plan to add soon to further improve privacy and security:
-SimpleX Chat README page has more details about it.
-I will get straight to the point: I ask you to support SimpleX Chat with donations.
-We are prioritizing users privacy and security - it would be impossible without your support we were lucky to have so far.
-We are planning a 3rd party security audit for the app, and it would hugely help us if some part of this $20000+ expense could be covered with donations.
-Our pledge to our users is that SimpleX protocols are and will remain open, and in public domain, - so anybody can build the future implementations for the clients and the servers. We are building SimpleX platform based on the same principles as email and web, but much more private and secure.
-If you are already using SimpleX Chat, or plan to use it in the future when it has more features, please consider making a donation - it will help us to raise more funds. Donating any amount, even the price of the cup of coffee, would make a huge difference for us.
-It is possible to donate via GitHub, which is commission-free for us, or via OpenCollective, that also accepts donations in crypto-currencies, but charges a commission.
-Thank you,
-Evgeny
-SimpleX Chat founder
diff --git a/blog/index.html b/blog/index.html deleted file mode 100644 index 26a1b7ee9a..0000000000 --- a/blog/index.html +++ /dev/null @@ -1,64 +0,0 @@ - - - - - - -
- 
- 
- 
- 
- You can download terminal chat app from GitHub or using this command:
-
- curl -o- https://raw.githubusercontent.com/simplex-chat/simplex-chat/master/install.sh | bash
-
- Copy to clipboard
- 
-
-
- SimpleX ensures data and meta-data privacy
-with a new protocol design – it delivers messages
-without using senders' and recipients' identifiers,
-unlike any other messaging platform.
-Two-layer encryption and communication integrity
-Your contacts and messages are stored on your device
-Easy to add contacts and start talking
-Alice sends the key to Bob (e.g. via p2p network or via chat server)
-
- Now Bob can send encrypted messages to Alice - he believes it is secure!
-
- But the key can be intercepted and substituted by Tom (the attacker)
-
- Now the attacker can read the messages without Alice or Bob knowing
-
-
- To create secure encrypted channel you need an existing secure channel
-
where you can pass the encryption key (or key fingerprint).
-
Any alternative solution can be compromised.
-
- Adding a contact in mobile app will require sharing your one-time QR code.
-
In the terminal UI you need to share an invitation with your contact.
-
1.
Show QR code or share link
- 
- 2.
Your contact scans QR code or opens link
-
- 3.
A private connection is established
-
- 4.
Now you can chat privately!
- | - |  SimpleX chat |
- Signal, big platforms | -XMPP, Matrix | -P2P protocols | -
|---|---|---|---|---|
| Requires global identity | -No - private | -Yes 1 | -Yes 2 | -Yes 3 | -
| Possibility of MITM | -No - secure | -Yes 4 | -Yes | -Yes | -
| Dependence on DNS | -No - resilient | -Yes | -Yes | -No | -
| Single or centralized network | -No - decentralized | -Yes | -No - federated 5 | -Yes 6 | -
| Central component or other network-wide attack | -No - resilient | -Yes | -Yes 2 | -Yes 7 | -
- Simplex messaging protocol
- (SMP) for messaging via secure persistent queues will serve as the low level protocol for
- SimpleX chat - see
- demo server implementation.
- It uses different encryption keys for each message queue - the key is passed via existing
- secure channel - e.g. QR code or another simplex queue.
-
- - Each chat uses two (or more) simplex queues for duplex communication. Each message contains the - hash of the previous message to detect if messages are lost or changed. -
-
-
- SimpleX chat terminal client
- v2.0.0 is
- released!
- – groups and files
- – two-layer E2E encryption, with double-ratchet algorithm
- – protocol is compatible with mobile apps
-
- You can use our servers or deploy your own, e.g. using - - StackScript on Linode. -
-- Sign up to be updated about the new releases. -
- -
- The project can move faster with your help.
- We develop it in Haskell.
-
- - opencollective.com/simplex-chat (now accepts crypto) -
-
- 
- 
- 
- 
- If you already installed SimpleX Chat for the - terminal v1.0.0+, copy the command below and use it in the chat: -
- -
-
-
- Copy to clipboard
- 
-
-
- Scan QR code from mobile app
-- To make a connection: -
-- use this command: -
-curl -o- https://raw.githubusercontent.com/simplex-chat/simplex-chat/master/install.sh
- |
- bash
-
- Copy to clipboard
-
-
-
- See SimpleX Chat
- GitHub repository
- 
- for the instructions how to download or compile it from the source code.
-
- SimpleX chat terminal client
- v2.0.0 is
- released!
- – groups and files
- – two-layer E2E encryption, with double-ratchet algorithm
- – protocol is compatible with mobile apps
-
- You can use our servers or deploy your own, e.g. using - - StackScript on Linode. -
-- Sign up to be updated about the new releases. -
- -
- The project can move faster with your help.
- We develop it in Haskell.
-
- - opencollective.com/simplex-chat (now accepts crypto) -
-
-- Good
- - Bad
-
- --- Usually based on a phone number, in some cases on usernames
- - DNS-based addresses
- - Public key or some other globally unique ID
- - If operator’s servers are compromised
- - Does not protect users' metadata
- -
- While P2P are distributed, they are not federated - they operate as a single network
-
- -
- P2P networks either have a central authority or the whole network can be compromised -
- see
- here
-
-
-