@@ -609,7 +609,7 @@ window.addEventListener('scroll',changeHeaderBg);
سأل العديد من المستخدمين: إذا لم يكن لدى SimpleX معرفات مستخدم، فكيف يمكنها معرفة مكان تسليم الرسائل؟
- لتقديم الرسائل، بدلاً من معرفات المستخدم التي تستخدمها جميع المنصات الأخرى، يستخدم SimpleX معرفات مزدوجة مؤقتة مجهولة الهوية لقوائم انتظار الرسائل، مختلفة لكل اتصال من اتصالاتك — لا توجد معرفات مستخدم دائمة.
+ لتوصيل الرسائل، بدلاً من معرفات المستخدم التي تستخدمها جميع المنصات الأخرى، يستخدم SimpleX معرفات مزدوجة مؤقتة مجهولة الهوية لقوائم انتظار الرسائل، مختلفة لكل اتصال من اتصالاتك — لا توجد معرفات مستخدم دائمة.
أنت تحدد الخادم (الخوادم) المراد استخدامه لتلقي الرسائل وجهات الاتصال الخاصة بك — الخوادم التي تستخدمها لإرسال الرسائل إليهم. من المرجح أن تستخدم كل محادثة خادمين مختلفين.
diff --git a/ar/invitation/index.html b/ar/invitation/index.html
index 185c02100b..dfcb88b667 100644
--- a/ar/invitation/index.html
+++ b/ar/invitation/index.html
@@ -177,7 +177,7 @@
You received an address to connect on SimpleX Chat
+
Scan the QR code with the SimpleX Chat app on your phone or tablet.
+
+ The public keys and message queue address in this link are NOT sent over the network when you view this page — they are contained in the hash fragment of the link URL.
+
+
Not downloaded the SimpleX Chat yet?
+
Use the links below to download the app.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Scan QR code from mobile app
+
+
+
+
+
+
+
+
+
+
+
+
You received an address to connect on SimpleX Chat
+ The public keys and message queue address in this link are NOT sent over the network when you view this page — they are contained in the hash fragment of the link URL.
+
Similarly to phone number portability (the ability of the customer to transfer the service to another provider without changing the number), the address portability means the ability of a communication service customer to change the service provider without changing the service address. Many federated networks support SRV records to provide address portability, but allowing service users to set up their own domains for the addresses is not as commonly supported by the available server and client software as for email.
Federated network
Federated network is provided by several entities that agree upon the standards and operate the network collectively. This allows the users to choose their provider, that will hold their account, their messaging history and contacts, and communicate with other providers' servers on behalf of the user. The examples are email, XMPP, Matrix and Mastodon.
The advantage of that design is that there is no single organization that all users depend on, and the standards are more difficult to change, unless it benefits all users. There are several disadvantages: 1) the innovation is slower, 2) each user account still depends on a single organization, and in most cases can't move to another provider without changing their network address – there is no address portability, 3) the security and privacy are inevitably worse than with the centralized networks.
The credential that allows proving something, e.g. the right to access some resource, without identifying the user. This credential can either be generated by a trusted party or by the user themselves and provided together with the request to create the resource. The first approach creates some centralized dependency in most cases. The second approach does not require any trust - this is used in SimpleX network to authorize access to the messaging queues.
In a wide sense, blockchain means a sequence of blocks of data, where each block contains a cryptographic hash of the previous block, thus providing integrity to the whole chain. Blockchains are used in many communication and information storage systems to provide integrity and immutability of the data. For example, BluRay disks use blockchain. SimpleX messaging queues also use blockchain - each message includes the hash of the previous message, to ensure the integrity – if any message is modified it will be detected by the recipient when the next message is received. Blockchains are a subset of Merkle directed acyclic graphs.
In a more narrow sense, particularly in media, blockchain is used to refer specifically to distributed ledger, where each record also includes the hash of the previous record, but the blocks have to be agreed by the participating peers using some consensus protocol.
Also known as Merkle DAG, a data structure based on a general graph structure where node contains the cryptographic hashes of the previous nodes that point to it. Merkle trees are a subset of Merkle DAGs - in this case each leaf contains a cryptographic hash of the parent.
This structure by design allows to verify the integrity of the whole structure by computing its hashes and comparing with the hashes included in the nodes, in the same way as with blockchain.
The motivation to use DAG in distributed environments instead of a simpler linear blockchain is to allow concurrent additions, when there is no requirement for a single order of added items. Merkle DAG is used, for example, in IPFS and will be used in decentralized SimpleX groups.
Also known as break-in recovery, it is the quality of the end-to-end encryption scheme allowing to recover security against a passive attacker who observes encrypted messages after compromising one (or both) of the parties. Also known as recovery from compromise or break-in recovery. Double-ratchet algorithm has this quality.
Double Ratchet algorithm provides perfect forward secrecy and post-compromise security. It is designed by Signal, and used in SimpleX Chat and many other secure messengers. Most experts consider it the state-of-the-art encryption protocol in message encryption.
Centralized network
Centralized networks are provided or controlled by a single entity. The examples are Threema, Signal, WhatsApp and Telegram. The advantage of that design is that the provider can innovate faster, and has a centralized approach to security. But the disadvantage is that the provider can change or discontinue the service, and leak, sell or disclose in some other way all users' data, including who they are connected with.
Content padding
Also known as content padding, it is the process of adding data to the beginning or the end of a message prior to encryption. Padding conceals the actual message size from any eavesdroppers. SimpleX has several encryption layers, and prior to each encryption the content is padded to a fixed size.
Decentralized network is often used to mean "the network based on decentralized blockchain". In its original meaning, decentralized network means that there is no central authority or any other point of centralization in the network, other than network protocols specification. The advantage of decentralized networks is that they are resilient to censorship and to the provider going out of business. The disadvantage is that they are often slower to innovate, and the security may be worse than with the centralized network.
The examples of decentralized networks are email, web, DNS, XMPP, Matrix, BitTorrent, etc. All these examples have a shared global application-level address space. Cryptocurrency blockchains not only have a shared address space, but also a shared state, so they are more centralized than email. Tor network also has a shared global address space, but also a central authority. SimpleX network does not have a shared application-level address space (it relies on the shared transport-level addresses - SMP relay hostnames or IP addresses), and it does not have any central authority or any shared state.
Defense in depth
Originally, it is a military strategy that seeks to delay rather than prevent the advance of an attacker, buying time and causing additional casualties by yielding space.
In information security, defense in depth represents the use of multiple computer security techniques to help mitigate the risk of one component of the defense being compromised or circumvented. An example could be anti-virus software installed on individual workstations when there is already virus protection on the firewalls and servers within the same environment.
SimpleX network applies defense in depth approach to security by having multiple layers for the communication security and privacy:
additional layer of end-to-end encryption for each messaging queue and another encryption layer of encryption from the server to the recipient inside TLS to prevent correlation by ciphertext,
+
TLS with only strong ciphers allowed,
+
mitigation of man-in-the-middle attack on client-server connection via server offline certificate verification,
+
mitigation of replay attacks via signing over transport channel binding,
+
multiple layers of message padding to reduce efficiency of traffic analysis,
+
mitigation of man-in-the-middle attack on client-client out-of-band channel when sending the invitation,
+
rotation of delivery queues to reduce efficiency of traffic analysis,
A communication system where only the communicating parties can read the messages. It is designed to protect message content from any potential eavesdroppers – telecom and Internet providers, malicious actors, and also the provider of the communication service.
End-to-end encryption requires agreeing cryptographic keys between the sender and the recipient in a way that no eavesdroppers can access the agreed keys. See key agreement protocol. This key exchange can be compromised via man-in-the-middle attack, particularly if key exchange happens via the same communication provider and no out-of-band channel is used to verify key exchange.
Also known as perfect forward secrecy, it is a feature of a key agreement protocol that ensures that session keys will not be compromised even if long-term secrets used in the session key exchange are compromised. Forward secrecy protects past sessions against future compromises of session or long-term keys.
Also known as break-in recovery, it is the quality of the end-to-end encryption scheme allowing to recover security against a passive attacker who observes encrypted messages after compromising one (or both) of the parties. Also known as recovery from compromise or break-in recovery. Double-ratchet algorithm has this quality.
Man-in-the-middle attack
The attack when the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other.
This attack can be used to compromise end-to-end encryption by intercepting public keys during key exchange, substituting them with the attacker's keys, and then intercepting and re-encrypting all messages, without altering their content. With this attack, while the attacker does not change message content, but she can read the messages, while the communicating parties believe the messages are end-to-end encrypted.
Such attack is possible with any system that uses the same channel for key exchange as used to send messages - it includes almost all communication systems except SimpleX, where the initial public key is always passed out-of-band. Even with SimpleX, the attacker may intercept and substitute the key sent via another channel, gaining access to communication. This risk is substantially lower, as attacker does not know in advance which channel will be used to pass the key.
To mitigate such attack the communicating parties must verify the integrity of key exchange - SimpleX and many other messaging apps, e.g. Signal and WhatsApp, have the feature that allows it.
Also known as content padding, it is the process of adding data to the beginning or the end of a message prior to encryption. Padding conceals the actual message size from any eavesdroppers. SimpleX has several encryption layers, and prior to each encryption the content is padded to a fixed size.
Also known as key exchange, it is a process of agreeing cryptographic keys between the sender and the recipient(s) of the message. It is required for end-to-end encryption to work.
Also known as key exchange, it is a process of agreeing cryptographic keys between the sender and the recipient(s) of the message. It is required for end-to-end encryption to work.
A technique for anonymous communication over a computer network that uses multiple layers of message encryption, analogous to the layers of an onion. The encrypted data is transmitted through a series of network nodes called "onion routers," each of which "peels" away a single layer, revealing the data's next destination. The sender remains anonymous because each intermediary knows only the location of the immediately preceding and following nodes.
Some elements of SimpleX network use similar ideas in their design - different addresses for the same resource used by different parties, and additional encryption layers. Currently though, SimpleX messaging protocol does not protect sender network address, as the relay server is chosen by the recipient. The delivery relays chosen by sender that are planned for the future would make SimpleX design closer to onion routing.
Nodes in the overlay network can be thought of as being connected by virtual or logical links, each of which corresponds to a path, perhaps through many physical links, in the underlying network. Tor, for example, is an overlay network on top of IP network, which in its turn is also an overlay network over some underlying physical network.
SimpleX Clients also form a network using SMP relays and IP or some other overlay network (e.g., Tor), to communicate with each other. SMP relays, on another hand, do not form a network.
Generalizing the definition from NIST Digital Identity Guidelines, it is an opaque unguessable identifier generated by a service used to access a resource by only one party.
In the context of SimpleX network, these are the identifiers generated by SMP relays to access anonymous messaging queues, with a separate identifier (and access credential) for each accessing party: recipient, sender and and optional notifications subscriber. The same approach is used by XFTP relays to access file chunks, with separate identifiers (and access credentials) for sender and each recipient.
Peer-to-peer
Peer-to-peer (P2P) is the network architecture when participants have equal rights and communicate directly via a general purpose transport or overlay network. Unlike client-server architecture, all peers in a P2P network both provide and consume the resources. In the context of messaging, P2P architecture usually means that the messages are sent between peers, without user accounts or messages being stored on any servers. Examples are Tox, Briar, Cwtch and many others.
The advantage is that the participants do not depend on any servers. There are multiple downsides to that architecture, such as no asynchronous message delivery, the need for network-wide peer addresses, possibility of network-wide attacks, that are usually mitigated only by using a centralized authority. These disadvantages are avoided with proxied P2P architecture.
Network topology of the communication system when peers communicate via proxies that do not form the network themselves. Such design is used in Pond, that has a fixed home server for each user, and in SimpleX, that uses multiple relays providing temporary connections.
Perfect forward secrecy
Also known as perfect forward secrecy, it is a feature of a key agreement protocol that ensures that session keys will not be compromised even if long-term secrets used in the session key exchange are compromised. Forward secrecy protects past sessions against future compromises of session or long-term keys.
Any of the proposed cryptographic systems or algorithms that are thought to be secure against an attack by a quantum computer. It appears that as of 2023 there is no system or algorithm that is proven to be secure against such attacks, or even to be secure against attacks by massively parallel conventional computers, so a general recommendation is to use post-quantum cryptographic systems in combination with the traditional cryptographic systems.
Also known as break-in recovery, it is the quality of the end-to-end encryption scheme allowing to recover security against a passive attacker who observes encrypted messages after compromising one (or both) of the parties. Also known as recovery from compromise or break-in recovery. Double-ratchet algorithm has this quality.
User identity
In a communication system it refers to anything that uniquely identifies the users to the network. Depending on the communication network, it can be a phone number, email address, username, public key or a random opaque identifier. Most messaging networks rely on some form of user identity. SimpleX appears to be the only messaging network that does not rely on any kind of user identity - see this comparison.
+ Other apps have user IDs: Signal, Matrix, Session, Briar, Jami, Cwtch, etc. SimpleX does not, not even random numbers. This radically improves your privacy.
+
+ When users have persistent identities, even if this is just a random number, like a Session ID, there is a risk that the provider or an attacker can observe how the users are connected and how many messages they send.
+
+
+ They could then correlate this information with the existing public social networks, and determine some real identities.
+
+
+ Even with the most private apps that use Tor v3 services, if you talk to two different contacts via the same profile they can prove that they are connected to the same person.
+
+
+ SimpleX protects against these attacks by not having any user IDs in its design. And, if you use Incognito mode, you will have a different display name for each contact, avoiding any shared data between them.
+
+ Many users asked: if SimpleX has no user identifiers, how can it know where to deliver messages?
+
+
+ To deliver messages, instead of user IDs used by all other platforms, SimpleX uses temporary anonymous pairwise identifiers of message queues, separate for each of your connections — there are no long term identifiers.
+
+
+ You define which server(s) to use to receive the messages, your contacts — the servers you use to send the messages to them. Every conversation is likely to use two different servers.
+
+
+ This design prevents leaking any users' metadata on the application level. To further improve privacy and protect your IP address you can connect to messaging servers via Tor.
+
+
+ Only client devices store user profiles, contacts and groups; the messages are sent with 2-layer End-to-end encryption.
+
+ The video shows how you connect to your friend via their 1-time QR-code, in person or via a video link. You can also connect by sharing an invitation link.
+
+ Many large companies use information about who you are connected with to estimate your income, sell you the products you don't really need, and to determine the prices.
+
+
+ Online retailers know that people with lower incomes are more likely to make urgent purchases, so they may charge higher prices or remove discounts.
+
+
+ Some financial and insurance companies use social graphs to determine interest rates and premiums. It often makes people with lower incomes pay more — it is known as 'poverty premium'.
+
+
+ SimpleX platform protects the privacy of your connections better than any alternative, fully preventing your social graph becoming available to any companies or organizations. Even when people use servers provided by SimpleX Chat, we do not know the number of users or their connections.
+
+ Not so long ago we observed the major elections being manipulated by a reputable consulting company that used our social graphs to distort our view of the real world and manipulate our votes.
+
+
+ To be objective and to make independent decisions you need to be in control of your information space. It is only possible if you use private communication platform that does not have access to your social graph.
+
+
+ SimpleX is the first platform that doesn't have any user identifiers by design, in this way protecting your connections graph better than any known alternative.
+
+ Everyone should care about privacy and security of their communications — harmless conversations can put you in danger, even if you have nothing to hide.
+
+
+ One of the most shocking stories is the experience of Mohamedou Ould Salahi described in his memoir and shown in The Mauritanian movie. He was put into Guantanamo camp, without trial, and was tortured there for 15 years after a phone call to his relative in Afghanistan, under suspicion of being involved in 9/11 attacks, even though he lived in Germany for the previous 10 years.
+
+
+ Ordinary people get arrested for what they share online, even via their 'anonymous' accounts, even in democratic countries.
+
+
+ It is not enough to use an end-to-end encrypted messenger, we all should use the messengers that protect the privacy of our personal networks — who we are connected with.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Make sure your messenger can't access your data!
+
+
+
+
+
+
+
Why SimpleX is unique
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
#1
+
You have complete privacy
+
+
+
+
+
+
+ SimpleX protects the privacy of your profile, contacts and metadata, hiding it from SimpleX platform servers and any observers.
+
+
+ Unlike any other existing messaging platform, SimpleX has no identifiers assigned to the users — not even random numbers.
+
+ Because you have no identifier or fixed address on the SimpleX platform, nobody can contact you unless you share a one-time or temporary user address, as a QR code or a link.
+
Full privacy of your identity, profile, contacts and metadata
+
+
+
+
+
+ Unlike other messaging platforms, SimpleX has no identifiers assigned to the users. It does not rely on phone numbers, domain-based addresses (like email or XMPP), usernames, public keys or even random numbers to identify its users — we don't know how many people use our SimpleX servers.
+
+
+ To deliver messages SimpleX uses pairwise anonymous addresses of unidirectional message queues, separate for received and sent messages, usually via different servers. Using SimpleX is like having a different “burner” email or phone for each contact, and no hassle to manage them.
+
+
+ This design protects the privacy of who you are communicating with, hiding it from SimpleX platform servers and from any observers. To hide your IP address from the servers, you can connect to SimpleX servers via Tor.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
The best protection from spam and abuse
+
+
+
+
+
+ Because you have no identifier on the SimpleX platform, nobody can contact you unless you share a one-time or temporary user address, as a QR code or a link.
+
+
+ Even with the optional user address, while it can be used to send spam contact requests, you can change or completely delete it without losing any of your connections.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Ownership, control and security of your data
+
+
+
+
+
+ SimpleX Chat stores all user data only on client devices using a portable encrypted database format that can be exported and transferred to any supported device.
+
+
+ The end-to-end encrypted messages are held temporarily on SimpleX relay servers until received, then they are permanently deleted.
+
+
+ Unlike federated networks servers (email, XMPP or Matrix), SimpleX servers don't store user accounts, they only relay messages, protecting the privacy of both parties.
+
+
+ There are no identifiers or ciphertext in common between sent and received server traffic — if anybody is observing it, they cannot easily determine who communicates with whom, even if TLS is compromised.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Fully decentralised — users own the SimpleX network
+
+
+
+
+
+ You can use SimpleX with your own servers and still communicate with people who use the pre-configured servers provided by us.
+
+
+ SimpleX platform uses an open protocol and provides SDK to create chat bots, allowing implementation of services that users can interact with via SimpleX Chat apps — we're really looking forward to see what SimpleX services you can build.
+
+
+ If you are considering developing for the SimpleX platform, for example, the chat bot for SimpleX app users, or the integration of the SimpleX Chat library into your mobile apps, please get in touch for any advice and support.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Features
+
+
+
+
+
+
+
+
+
E2E-encrypted messages with markdown and editing
+
+
+
+
+
+
+
+
E2E-encrypted images and files
+
+
+
+
+
+
+
+
Decentralized secret groups — only users know they exist
+
+
+
+
+
+
+
+
E2E-encrypted voice messages
+
+
+
+
+
+
+
+
Disappearing messages
+
+
+
+
+
+
+
+
E2E-encrypted audio and video calls
+
+
+
+
+
+
+
+
Portable encrypted database — move your profile to another device
+
+
+
+
+
+
+
+
Incognito mode — unique to SimpleX Chat
+
+
+
+
+
+
+
+
+
+
What makes SimpleX private
+
+
+
+
+
+
+
+
+
+
+
+
Temporary anonymous pairwise identifiers
+
+
+
SimpleX uses temporary anonymous pairwise addresses and credentials for each user contact or group member.
+
+
It allows to deliver messages without user profile identifiers, providing better meta-data privacy than alternatives.
+
+
+
Tap to close
+
+
+
+
+
+
+
+
+
+
Out-of-band Key exchange
+
+
+
Many communication platforms are vulnerable to MITM attacks by servers or network providers.
+
+
To prevent it SimpleX apps pass one-time keys out-of-band, when you share an address as a link or a QR code.
+
+
+
Tap to close
+
+
+
+
+
+
+
+
+
+
2-layers of End-to-end encryption
+
+
+
Double-ratchet protocol — OTR messaging with perfect Forward secrecy and Break-in recovery.
+
+
NaCL cryptobox in each queue to prevent traffic correlation between message queues if TLS is compromised.
+
+
+
Tap to close
+
+
+
+
+
+
+
+
+
+
Message integrity verification
+
+
+
To guarantee integrity the messages are sequentially numbered and include the hash of the previous message.
+
+
If any message is added, removed or changed the recipient will be alerted.
+
+
+
Tap to close
+
+
+
+
+
+
+
+
+
+
Additional layer of server encryption
+
+
+
Additional layer of server encryption for delivery to the recipient, to prevent the correlation between received and sent server traffic if TLS is compromised.
+
+
+
Tap to close
+
+
+
+
+
+
+
+
+
+
Message mixing to reduce correlation
+
+
+
SimpleX servers act as low latency mix nodes — the incoming and outgoing messages have different order.
+
+
+
Tap to close
+
+
+
+
+
+
+
+
+
+
Secure authenticated TLS transport
+
+
+
Only TLS 1.2/1.3 with strong algorithms is used for client-server connections.
+
+
Server fingerprint and channel binding prevent MITM and replay attacks.
+
+
Connection resumption is disabled to prevent session attacks.
+
+
+
Tap to close
+
+
+
+
+
+
+
+
+
+
Optional access via Tor
+
+
+
To protect your IP address you can access the servers via Tor or some other transport Overlay network.
+
+
To use SimpleX via Tor please install Orbot app and enable SOCKS5 proxy (or VPN on iOS).
+
+
+
Tap to close
+
+
+
+
+
+
+
+
+
+
Unidirectional message queues
+
+
+
Each message queue passes messages in one direction, with the different send and receive addresses.
+
+
It reduces the attack vectors, compared with traditional message brokers, and available meta-data.
+
+
+
Tap to close
+
+
+
+
+
+
+
+
+
+
Multiple layers of Content padding
+
+
+
SimpleX uses Content padding for each encryption layer to frustrate message size attacks.
+
+
It makes messages of different sizes look the same to the servers and network observers.
+
+
+
Tap to close
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
SimpleX Network
+
Simplex Chat provides the best privacy by combining the advantages of P2P and federated networks.
+
+
+
+
+
+
+
+
+
Unlike P2P networks
+
+ All messages are sent via the servers, both providing better metadata privacy and reliable asynchronous message delivery, while avoiding many problems of P2P networks.
+
+
+
+
+
Comparison with P2P messaging protocols
+
+
+
+
+
+ P2P messaging protocols and apps have various problems that make them less reliable than SimpleX, more complex to analyse, and vulnerable to several types of attack.
+
+
+
+ P2P networks rely on some variant of DHT to route messages. DHT designs have to balance delivery guarantee and latency. SimpleX has both better delivery guarantee and lower latency than P2P, because the message can be redundantly passed via several servers in parallel, using the servers chosen by the recipient. In P2P networks the message is passed through O(log N) nodes sequentially, using nodes chosen by the algorithm.
+
+
+ SimpleX design, unlike most P2P networks, has no global user identifiers of any kind, even temporary, and only uses temporary pairwise identifiers, providing better anonymity and metadata protection.
+
+
+ P2P does not solve MITM attack problem, and most existing implementations do not use out-of-band messages for the initial key exchange. SimpleX uses out-of-band messages or, in some cases, pre-existing secure and trusted connections for the initial key exchange.
+
+
+ P2P implementations can be blocked by some Internet providers (like BitTorrent). SimpleX is transport agnostic - it can work over standard web protocols, e.g. WebSockets.
+
+
+ All known P2P networks may be vulnerable to Sybil attack, because each node is discoverable, and the network operates as a whole. Known measures to mitigate it require either a centralized component or expensive proof of work. SimpleX network has no server discoverability, it is fragmented and operates as multiple isolated sub-networks, making network-wide attacks impossible.
+
+
+ P2P networks may be vulnerable to DRDoS attack, when the clients can rebroadcast and amplify traffic, resulting in network-wide denial of service. SimpleX clients only relay traffic from known connection and cannot be used by an attacker to amplify the traffic in the whole network.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Unlike federated networks
+
+ SimpleX relay servers do NOT store user profiles, contacts and delivered messages, do NOT connect to each other, and there is NO servers directory.
+
+
+
+
+
+
+
+
+
+
+
+
+
SimpleX network
+
+ servers provide unidirectional queues to connect the users, but they have no visibility of the network connection graph — only the users do.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Simplex explained
+
+
+
+
1. What users experience
+
2. How does it work
+
3. What servers see
+
+
+
+
+
+
+
+
+
+
1. What users experience
+
+
+
+ You can create contacts and groups, and have two-way conversations, as in any other messenger.
+
+
+ How can it work with unidirectional queues and without user profile identifiers?
+
+
+
+
+
+
2. How does it work
+
+
+
+ For each connection you use two separate messaging queues to send and receive messages via different servers.
+
+
+ Servers only pass messages one way, without having the full picture of user's conversation or connections.
+
+
+
+
+
+
3. What servers see
+
+
+
+ The servers have separate Anonymous credentials for each queue, and do not know which users they belong to.
+
+
+ Users can further improve metadata privacy by using Tor to access servers, preventing corellation by IP address.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Comparison with other protocols
+
+
+
+
+
+
+
+
+
+
+
Signal, big platforms
+
XMPP, Matrix
+
P2P protocols
+
+
+
+
+
Requires global identity
+
No - private
+
Yes 1
+
Yes 2
+
Yes 3
+
+
+
Possibility of MITM
+
No - secure
+
Yes 4
+
Yes
+
Yes
+
+
+
Dependence on DNS
+
No - resilient
+
Yes
+
Yes
+
No
+
+
+
Single or Centralized network
+
No - decentralized
+
Yes
+
No - federated 5
+
Yes 6
+
+
+
Central component or other network-wide attack
+
No - resilient
+
Yes
+
Yes 2
+
Yes 7
+
+
+
+
+
+
+
+
+
+
+
Usually based on a phone number, in some cases on usernames
+
DNS-based addresses
+
Public key or some other globally unique ID
+
If operator’s servers are compromised
+
Does not protect users' metadata
+
While P2P are distributed, they are not federated - they operate as a single network
+
P2P networks either have a central authority or the whole network can be compromised - see here
Similarly to phone number portability (the ability of the customer to transfer the service to another provider without changing the number), the address portability means the ability of a communication service customer to change the service provider without changing the service address. Many federated networks support SRV records to provide address portability, but allowing service users to set up their own domains for the addresses is not as commonly supported by the available server and client software as for email.
Federated network
Federated network is provided by several entities that agree upon the standards and operate the network collectively. This allows the users to choose their provider, that will hold their account, their messaging history and contacts, and communicate with other providers' servers on behalf of the user. The examples are email, XMPP, Matrix and Mastodon.
The advantage of that design is that there is no single organization that all users depend on, and the standards are more difficult to change, unless it benefits all users. There are several disadvantages: 1) the innovation is slower, 2) each user account still depends on a single organization, and in most cases can't move to another provider without changing their network address – there is no address portability, 3) the security and privacy are inevitably worse than with the centralized networks.
The credential that allows proving something, e.g. the right to access some resource, without identifying the user. This credential can either be generated by a trusted party or by the user themselves and provided together with the request to create the resource. The first approach creates some centralized dependency in most cases. The second approach does not require any trust - this is used in SimpleX network to authorize access to the messaging queues.
Anonymous credentials
The credential that allows proving something, e.g. the right to access some resource, without identifying the user. This credential can either be generated by a trusted party or by the user themselves and provided together with the request to create the resource. The first approach creates some centralized dependency in most cases. The second approach does not require any trust - this is used in SimpleX network to authorize access to the messaging queues.
In a wide sense, blockchain means a sequence of blocks of data, where each block contains a cryptographic hash of the previous block, thus providing integrity to the whole chain. Blockchains are used in many communication and information storage systems to provide integrity and immutability of the data. For example, BluRay disks use blockchain. SimpleX messaging queues also use blockchain - each message includes the hash of the previous message, to ensure the integrity – if any message is modified it will be detected by the recipient when the next message is received. Blockchains are a subset of Merkle directed acyclic graphs.
In a more narrow sense, particularly in media, blockchain is used to refer specifically to distributed ledger, where each record also includes the hash of the previous record, but the blocks have to be agreed by the participating peers using some consensus protocol.
Also known as Merkle DAG, a data structure based on a general graph structure where node contains the cryptographic hashes of the previous nodes that point to it. Merkle trees are a subset of Merkle DAGs - in this case each leaf contains a cryptographic hash of the parent.
This structure by design allows to verify the integrity of the whole structure by computing its hashes and comparing with the hashes included in the nodes, in the same way as with blockchain.
The motivation to use DAG in distributed environments instead of a simpler linear blockchain is to allow concurrent additions, when there is no requirement for a single order of added items. Merkle DAG is used, for example, in IPFS and will be used in decentralized SimpleX groups.
Also known as break-in recovery, it is the quality of the end-to-end encryption scheme allowing to recover security against a passive attacker who observes encrypted messages after compromising one (or both) of the parties. Also known as recovery from compromise or break-in recovery. Double-ratchet algorithm has this quality.
Break-in recovery
Also known as break-in recovery, it is the quality of the end-to-end encryption scheme allowing to recover security against a passive attacker who observes encrypted messages after compromising one (or both) of the parties. Also known as recovery from compromise or break-in recovery. Double-ratchet algorithm has this quality.
Double Ratchet algorithm provides perfect forward secrecy and post-compromise security. It is designed by Signal, and used in SimpleX Chat and many other secure messengers. Most experts consider it the state-of-the-art encryption protocol in message encryption.
Centralized network
Centralized networks are provided or controlled by a single entity. The examples are Threema, Signal, WhatsApp and Telegram. The advantage of that design is that the provider can innovate faster, and has a centralized approach to security. But the disadvantage is that the provider can change or discontinue the service, and leak, sell or disclose in some other way all users' data, including who they are connected with.
Centralized network
Centralized networks are provided or controlled by a single entity. The examples are Threema, Signal, WhatsApp and Telegram. The advantage of that design is that the provider can innovate faster, and has a centralized approach to security. But the disadvantage is that the provider can change or discontinue the service, and leak, sell or disclose in some other way all users' data, including who they are connected with.
Content padding
Also known as content padding, it is the process of adding data to the beginning or the end of a message prior to encryption. Padding conceals the actual message size from any eavesdroppers. SimpleX has several encryption layers, and prior to each encryption the content is padded to a fixed size.
Content padding
Also known as content padding, it is the process of adding data to the beginning or the end of a message prior to encryption. Padding conceals the actual message size from any eavesdroppers. SimpleX has several encryption layers, and prior to each encryption the content is padded to a fixed size.
Decentralized network is often used to mean "the network based on decentralized blockchain". In its original meaning, decentralized network means that there is no central authority or any other point of centralization in the network, other than network protocols specification. The advantage of decentralized networks is that they are resilient to censorship and to the provider going out of business. The disadvantage is that they are often slower to innovate, and the security may be worse than with the centralized network.
The examples of decentralized networks are email, web, DNS, XMPP, Matrix, BitTorrent, etc. All these examples have a shared global application-level address space. Cryptocurrency blockchains not only have a shared address space, but also a shared state, so they are more centralized than email. Tor network also has a shared global address space, but also a central authority. SimpleX network does not have a shared application-level address space (it relies on the shared transport-level addresses - SMP relay hostnames or IP addresses), and it does not have any central authority or any shared state.
Defense in depth
Originally, it is a military strategy that seeks to delay rather than prevent the advance of an attacker, buying time and causing additional casualties by yielding space.
In information security, defense in depth represents the use of multiple computer security techniques to help mitigate the risk of one component of the defense being compromised or circumvented. An example could be anti-virus software installed on individual workstations when there is already virus protection on the firewalls and servers within the same environment.
SimpleX network applies defense in depth approach to security by having multiple layers for the communication security and privacy:
additional layer of end-to-end encryption for each messaging queue and another encryption layer of encryption from the server to the recipient inside TLS to prevent correlation by ciphertext,
+
TLS with only strong ciphers allowed,
+
mitigation of man-in-the-middle attack on client-server connection via server offline certificate verification,
+
mitigation of replay attacks via signing over transport channel binding,
+
multiple layers of message padding to reduce efficiency of traffic analysis,
+
mitigation of man-in-the-middle attack on client-client out-of-band channel when sending the invitation,
+
rotation of delivery queues to reduce efficiency of traffic analysis,
A communication system where only the communicating parties can read the messages. It is designed to protect message content from any potential eavesdroppers – telecom and Internet providers, malicious actors, and also the provider of the communication service.
End-to-end encryption requires agreeing cryptographic keys between the sender and the recipient in a way that no eavesdroppers can access the agreed keys. See key agreement protocol. This key exchange can be compromised via man-in-the-middle attack, particularly if key exchange happens via the same communication provider and no out-of-band channel is used to verify key exchange.
Also known as perfect forward secrecy, it is a feature of a key agreement protocol that ensures that session keys will not be compromised even if long-term secrets used in the session key exchange are compromised. Forward secrecy protects past sessions against future compromises of session or long-term keys.
Also known as break-in recovery, it is the quality of the end-to-end encryption scheme allowing to recover security against a passive attacker who observes encrypted messages after compromising one (or both) of the parties. Also known as recovery from compromise or break-in recovery. Double-ratchet algorithm has this quality.
Man-in-the-middle attack
The attack when the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other.
This attack can be used to compromise end-to-end encryption by intercepting public keys during key exchange, substituting them with the attacker's keys, and then intercepting and re-encrypting all messages, without altering their content. With this attack, while the attacker does not change message content, but she can read the messages, while the communicating parties believe the messages are end-to-end encrypted.
Such attack is possible with any system that uses the same channel for key exchange as used to send messages - it includes almost all communication systems except SimpleX, where the initial public key is always passed out-of-band. Even with SimpleX, the attacker may intercept and substitute the key sent via another channel, gaining access to communication. This risk is substantially lower, as attacker does not know in advance which channel will be used to pass the key.
To mitigate such attack the communicating parties must verify the integrity of key exchange - SimpleX and many other messaging apps, e.g. Signal and WhatsApp, have the feature that allows it.
Also known as content padding, it is the process of adding data to the beginning or the end of a message prior to encryption. Padding conceals the actual message size from any eavesdroppers. SimpleX has several encryption layers, and prior to each encryption the content is padded to a fixed size.
Also known as key exchange, it is a process of agreeing cryptographic keys between the sender and the recipient(s) of the message. It is required for end-to-end encryption to work.
A communication system where only the communicating parties can read the messages. It is designed to protect message content from any potential eavesdroppers – telecom and Internet providers, malicious actors, and also the provider of the communication service.
Forward secrecy
Also known as perfect forward secrecy, it is a feature of a key agreement protocol that ensures that session keys will not be compromised even if long-term secrets used in the session key exchange are compromised. Forward secrecy protects past sessions against future compromises of session or long-term keys.
Key exchange
Also known as key exchange, it is a process of agreeing cryptographic keys between the sender and the recipient(s) of the message. It is required for end-to-end encryption to work.
Key exchange
Also known as key exchange, it is a process of agreeing cryptographic keys between the sender and the recipient(s) of the message. It is required for end-to-end encryption to work.
A technique for anonymous communication over a computer network that uses multiple layers of message encryption, analogous to the layers of an onion. The encrypted data is transmitted through a series of network nodes called "onion routers," each of which "peels" away a single layer, revealing the data's next destination. The sender remains anonymous because each intermediary knows only the location of the immediately preceding and following nodes.
Some elements of SimpleX network use similar ideas in their design - different addresses for the same resource used by different parties, and additional encryption layers. Currently though, SimpleX messaging protocol does not protect sender network address, as the relay server is chosen by the recipient. The delivery relays chosen by sender that are planned for the future would make SimpleX design closer to onion routing.
Nodes in the overlay network can be thought of as being connected by virtual or logical links, each of which corresponds to a path, perhaps through many physical links, in the underlying network. Tor, for example, is an overlay network on top of IP network, which in its turn is also an overlay network over some underlying physical network.
Overlay network
Nodes in the overlay network can be thought of as being connected by virtual or logical links, each of which corresponds to a path, perhaps through many physical links, in the underlying network. Tor, for example, is an overlay network on top of IP network, which in its turn is also an overlay network over some underlying physical network.
SimpleX Clients also form a network using SMP relays and IP or some other overlay network (e.g., Tor), to communicate with each other. SMP relays, on another hand, do not form a network.
Generalizing the definition from NIST Digital Identity Guidelines, it is an opaque unguessable identifier generated by a service used to access a resource by only one party.
In the context of SimpleX network, these are the identifiers generated by SMP relays to access anonymous messaging queues, with a separate identifier (and access credential) for each accessing party: recipient, sender and and optional notifications subscriber. The same approach is used by XFTP relays to access file chunks, with separate identifiers (and access credentials) for sender and each recipient.
Peer-to-peer
Peer-to-peer (P2P) is the network architecture when participants have equal rights and communicate directly via a general purpose transport or overlay network. Unlike client-server architecture, all peers in a P2P network both provide and consume the resources. In the context of messaging, P2P architecture usually means that the messages are sent between peers, without user accounts or messages being stored on any servers. Examples are Tox, Briar, Cwtch and many others.
The advantage is that the participants do not depend on any servers. There are multiple downsides to that architecture, such as no asynchronous message delivery, the need for network-wide peer addresses, possibility of network-wide attacks, that are usually mitigated only by using a centralized authority. These disadvantages are avoided with proxied P2P architecture.
Network topology of the communication system when peers communicate via proxies that do not form the network themselves. Such design is used in Pond, that has a fixed home server for each user, and in SimpleX, that uses multiple relays providing temporary connections.
Perfect forward secrecy
Also known as perfect forward secrecy, it is a feature of a key agreement protocol that ensures that session keys will not be compromised even if long-term secrets used in the session key exchange are compromised. Forward secrecy protects past sessions against future compromises of session or long-term keys.
Any of the proposed cryptographic systems or algorithms that are thought to be secure against an attack by a quantum computer. It appears that as of 2023 there is no system or algorithm that is proven to be secure against such attacks, or even to be secure against attacks by massively parallel conventional computers, so a general recommendation is to use post-quantum cryptographic systems in combination with the traditional cryptographic systems.
Also known as break-in recovery, it is the quality of the end-to-end encryption scheme allowing to recover security against a passive attacker who observes encrypted messages after compromising one (or both) of the parties. Also known as recovery from compromise or break-in recovery. Double-ratchet algorithm has this quality.
User identity
In a communication system it refers to anything that uniquely identifies the users to the network. Depending on the communication network, it can be a phone number, email address, username, public key or a random opaque identifier. Most messaging networks rely on some form of user identity. SimpleX appears to be the only messaging network that does not rely on any kind of user identity - see this comparison.
You received a 1-time link to connect on SimpleX Chat
+
Scan the QR code with the SimpleX Chat app on your phone or tablet.
+
+ The public keys and message queue address in this link are NOT sent over the network when you view this page — they are contained in the hash fragment of the link URL.
+
+
Not downloaded the SimpleX Chat yet?
+
Use the links below to download the app.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
Scan QR code from mobile app
+
+
+
+
+
+
+
+
+
+
+
+
You received a 1-time link to connect on SimpleX Chat
+ The public keys and message queue address in this link are NOT sent over the network when you view this page — they are contained in the hash fragment of the link URL.
+
Similarly to phone number portability (the ability of the customer to transfer the service to another provider without changing the number), the address portability means the ability of a communication service customer to change the service provider without changing the service address. Many federated networks support SRV records to provide address portability, but allowing service users to set up their own domains for the addresses is not as commonly supported by the available server and client software as for email.
Federated network
Federated network is provided by several entities that agree upon the standards and operate the network collectively. This allows the users to choose their provider, that will hold their account, their messaging history and contacts, and communicate with other providers' servers on behalf of the user. The examples are email, XMPP, Matrix and Mastodon.
The advantage of that design is that there is no single organization that all users depend on, and the standards are more difficult to change, unless it benefits all users. There are several disadvantages: 1) the innovation is slower, 2) each user account still depends on a single organization, and in most cases can't move to another provider without changing their network address – there is no address portability, 3) the security and privacy are inevitably worse than with the centralized networks.
The credential that allows proving something, e.g. the right to access some resource, without identifying the user. This credential can either be generated by a trusted party or by the user themselves and provided together with the request to create the resource. The first approach creates some centralized dependency in most cases. The second approach does not require any trust - this is used in SimpleX network to authorize access to the messaging queues.
In a wide sense, blockchain means a sequence of blocks of data, where each block contains a cryptographic hash of the previous block, thus providing integrity to the whole chain. Blockchains are used in many communication and information storage systems to provide integrity and immutability of the data. For example, BluRay disks use blockchain. SimpleX messaging queues also use blockchain - each message includes the hash of the previous message, to ensure the integrity – if any message is modified it will be detected by the recipient when the next message is received. Blockchains are a subset of Merkle directed acyclic graphs.
In a more narrow sense, particularly in media, blockchain is used to refer specifically to distributed ledger, where each record also includes the hash of the previous record, but the blocks have to be agreed by the participating peers using some consensus protocol.
Also known as Merkle DAG, a data structure based on a general graph structure where node contains the cryptographic hashes of the previous nodes that point to it. Merkle trees are a subset of Merkle DAGs - in this case each leaf contains a cryptographic hash of the parent.
This structure by design allows to verify the integrity of the whole structure by computing its hashes and comparing with the hashes included in the nodes, in the same way as with blockchain.
The motivation to use DAG in distributed environments instead of a simpler linear blockchain is to allow concurrent additions, when there is no requirement for a single order of added items. Merkle DAG is used, for example, in IPFS and will be used in decentralized SimpleX groups.
Also known as break-in recovery, it is the quality of the end-to-end encryption scheme allowing to recover security against a passive attacker who observes encrypted messages after compromising one (or both) of the parties. Also known as recovery from compromise or break-in recovery. Double-ratchet algorithm has this quality.
Double Ratchet algorithm provides perfect forward secrecy and post-compromise security. It is designed by Signal, and used in SimpleX Chat and many other secure messengers. Most experts consider it the state-of-the-art encryption protocol in message encryption.
Centralized network
Centralized networks are provided or controlled by a single entity. The examples are Threema, Signal, WhatsApp and Telegram. The advantage of that design is that the provider can innovate faster, and has a centralized approach to security. But the disadvantage is that the provider can change or discontinue the service, and leak, sell or disclose in some other way all users' data, including who they are connected with.
Content padding
Also known as content padding, it is the process of adding data to the beginning or the end of a message prior to encryption. Padding conceals the actual message size from any eavesdroppers. SimpleX has several encryption layers, and prior to each encryption the content is padded to a fixed size.
Decentralized network is often used to mean "the network based on decentralized blockchain". In its original meaning, decentralized network means that there is no central authority or any other point of centralization in the network, other than network protocols specification. The advantage of decentralized networks is that they are resilient to censorship and to the provider going out of business. The disadvantage is that they are often slower to innovate, and the security may be worse than with the centralized network.
The examples of decentralized networks are email, web, DNS, XMPP, Matrix, BitTorrent, etc. All these examples have a shared global application-level address space. Cryptocurrency blockchains not only have a shared address space, but also a shared state, so they are more centralized than email. Tor network also has a shared global address space, but also a central authority. SimpleX network does not have a shared application-level address space (it relies on the shared transport-level addresses - SMP relay hostnames or IP addresses), and it does not have any central authority or any shared state.
Defense in depth
Originally, it is a military strategy that seeks to delay rather than prevent the advance of an attacker, buying time and causing additional casualties by yielding space.
In information security, defense in depth represents the use of multiple computer security techniques to help mitigate the risk of one component of the defense being compromised or circumvented. An example could be anti-virus software installed on individual workstations when there is already virus protection on the firewalls and servers within the same environment.
SimpleX network applies defense in depth approach to security by having multiple layers for the communication security and privacy:
additional layer of end-to-end encryption for each messaging queue and another encryption layer of encryption from the server to the recipient inside TLS to prevent correlation by ciphertext,
+
TLS with only strong ciphers allowed,
+
mitigation of man-in-the-middle attack on client-server connection via server offline certificate verification,
+
mitigation of replay attacks via signing over transport channel binding,
+
multiple layers of message padding to reduce efficiency of traffic analysis,
+
mitigation of man-in-the-middle attack on client-client out-of-band channel when sending the invitation,
+
rotation of delivery queues to reduce efficiency of traffic analysis,
A communication system where only the communicating parties can read the messages. It is designed to protect message content from any potential eavesdroppers – telecom and Internet providers, malicious actors, and also the provider of the communication service.
End-to-end encryption requires agreeing cryptographic keys between the sender and the recipient in a way that no eavesdroppers can access the agreed keys. See key agreement protocol. This key exchange can be compromised via man-in-the-middle attack, particularly if key exchange happens via the same communication provider and no out-of-band channel is used to verify key exchange.
Also known as perfect forward secrecy, it is a feature of a key agreement protocol that ensures that session keys will not be compromised even if long-term secrets used in the session key exchange are compromised. Forward secrecy protects past sessions against future compromises of session or long-term keys.
Also known as break-in recovery, it is the quality of the end-to-end encryption scheme allowing to recover security against a passive attacker who observes encrypted messages after compromising one (or both) of the parties. Also known as recovery from compromise or break-in recovery. Double-ratchet algorithm has this quality.
Man-in-the-middle attack
The attack when the attacker secretly relays and possibly alters the communications between two parties who believe that they are directly communicating with each other.
This attack can be used to compromise end-to-end encryption by intercepting public keys during key exchange, substituting them with the attacker's keys, and then intercepting and re-encrypting all messages, without altering their content. With this attack, while the attacker does not change message content, but she can read the messages, while the communicating parties believe the messages are end-to-end encrypted.
Such attack is possible with any system that uses the same channel for key exchange as used to send messages - it includes almost all communication systems except SimpleX, where the initial public key is always passed out-of-band. Even with SimpleX, the attacker may intercept and substitute the key sent via another channel, gaining access to communication. This risk is substantially lower, as attacker does not know in advance which channel will be used to pass the key.
To mitigate such attack the communicating parties must verify the integrity of key exchange - SimpleX and many other messaging apps, e.g. Signal and WhatsApp, have the feature that allows it.
Also known as content padding, it is the process of adding data to the beginning or the end of a message prior to encryption. Padding conceals the actual message size from any eavesdroppers. SimpleX has several encryption layers, and prior to each encryption the content is padded to a fixed size.
Also known as key exchange, it is a process of agreeing cryptographic keys between the sender and the recipient(s) of the message. It is required for end-to-end encryption to work.
Also known as key exchange, it is a process of agreeing cryptographic keys between the sender and the recipient(s) of the message. It is required for end-to-end encryption to work.
A technique for anonymous communication over a computer network that uses multiple layers of message encryption, analogous to the layers of an onion. The encrypted data is transmitted through a series of network nodes called "onion routers," each of which "peels" away a single layer, revealing the data's next destination. The sender remains anonymous because each intermediary knows only the location of the immediately preceding and following nodes.
Some elements of SimpleX network use similar ideas in their design - different addresses for the same resource used by different parties, and additional encryption layers. Currently though, SimpleX messaging protocol does not protect sender network address, as the relay server is chosen by the recipient. The delivery relays chosen by sender that are planned for the future would make SimpleX design closer to onion routing.
Nodes in the overlay network can be thought of as being connected by virtual or logical links, each of which corresponds to a path, perhaps through many physical links, in the underlying network. Tor, for example, is an overlay network on top of IP network, which in its turn is also an overlay network over some underlying physical network.
SimpleX Clients also form a network using SMP relays and IP or some other overlay network (e.g., Tor), to communicate with each other. SMP relays, on another hand, do not form a network.
Generalizing the definition from NIST Digital Identity Guidelines, it is an opaque unguessable identifier generated by a service used to access a resource by only one party.
In the context of SimpleX network, these are the identifiers generated by SMP relays to access anonymous messaging queues, with a separate identifier (and access credential) for each accessing party: recipient, sender and and optional notifications subscriber. The same approach is used by XFTP relays to access file chunks, with separate identifiers (and access credentials) for sender and each recipient.
Peer-to-peer
Peer-to-peer (P2P) is the network architecture when participants have equal rights and communicate directly via a general purpose transport or overlay network. Unlike client-server architecture, all peers in a P2P network both provide and consume the resources. In the context of messaging, P2P architecture usually means that the messages are sent between peers, without user accounts or messages being stored on any servers. Examples are Tox, Briar, Cwtch and many others.
The advantage is that the participants do not depend on any servers. There are multiple downsides to that architecture, such as no asynchronous message delivery, the need for network-wide peer addresses, possibility of network-wide attacks, that are usually mitigated only by using a centralized authority. These disadvantages are avoided with proxied P2P architecture.
Network topology of the communication system when peers communicate via proxies that do not form the network themselves. Such design is used in Pond, that has a fixed home server for each user, and in SimpleX, that uses multiple relays providing temporary connections.
Perfect forward secrecy
Also known as perfect forward secrecy, it is a feature of a key agreement protocol that ensures that session keys will not be compromised even if long-term secrets used in the session key exchange are compromised. Forward secrecy protects past sessions against future compromises of session or long-term keys.
Any of the proposed cryptographic systems or algorithms that are thought to be secure against an attack by a quantum computer. It appears that as of 2023 there is no system or algorithm that is proven to be secure against such attacks, or even to be secure against attacks by massively parallel conventional computers, so a general recommendation is to use post-quantum cryptographic systems in combination with the traditional cryptographic systems.
Also known as break-in recovery, it is the quality of the end-to-end encryption scheme allowing to recover security against a passive attacker who observes encrypted messages after compromising one (or both) of the parties. Also known as recovery from compromise or break-in recovery. Double-ratchet algorithm has this quality.
User identity
In a communication system it refers to anything that uniquely identifies the users to the network. Depending on the communication network, it can be a phone number, email address, username, public key or a random opaque identifier. Most messaging networks rely on some form of user identity. SimpleX appears to be the only messaging network that does not rely on any kind of user identity - see this comparison.
We can also add you to the group of translators for any questions and updates - please connect to the developers via chat (when you just install the app or later, via "Send questions and ideas" in the app settings).
-
Translation progress
+
Translation process
+
It's easier to translate Android app first, and then iOS app, as Android app strings are set up as a glossary for iOS.
Please start from Android app, both when you do the most time-consuming initial translation, and add any strings later. Firstly, iOS strings can be a bit delayed from appearing in Weblate, as it requires a manual step from us before they are visible. Secondary, Android app is set up as a glossary for iOS app, and 2/3 of all strings require just to clicks to transfer them from Android to iOS (it still takes some time, Weblate doesn't automate it, unfortunately).
Once all strings in Android app are translated, please review it to ensure consistent style and language, so that the same words are consistently used for similar user actions, same as in English. Sometimes, you will have to use different words in cases when English has just one, please try to use these choices consistently in similar contexts, to make it easier for the end users.
+
+
Please also review reverse translations using Chrome browser and Translate to English feature in the Browse mode of weblate - this is what we will be reviewing before translations are released. Fix any mistakes, and please add comments in cases when a sufficiently different translations are justified - it will make review much faster.
+
Releasing Android app translations
+
Once Android app is translated, please let us know.
+
We will then:
+
+
review all the translations and suggest any corrections - it also takes a bit of time :)
+
merge them to the source code - while we do it weblate will be locked for changes.
+
create beta releases of both iOS and Android apps - we can also add you to the internal tester groups, so you can install the apps before anybody else.
+
release it to our beta users - it's more than a thousand people who use our beta versions.
+
release the app and include the new language in the announcement.
+
+
Translating iOS app
+
-
When you translate iOS app, a large part of the strings are exactly the same - they can be copied over in one click in glossary section. The visual hint that it can be done is that the whole source string is highlighted in yellow. Many other strings are very similar, they only differ in interpolation syntax or how bold font is used - they require minimal editing. There are some strings that are unique to iOS platform - they need to be translated separately.
+
When you translate iOS app, a large part of the strings are exactly the same - they can be copied over in one click in glossary section. The visual hint that it can be done is that the whole source string is highlighted in yellow. Many other strings are very similar, they only differ in interpolation syntax or how bold font is used - they require minimal editing. There are some strings that are unique to iOS platform - they need to be translated separately
-
Once you have done all translations, please review reverse translations using Chrome and Translate to English feature - this is what we will be reviewing before translations are released. Fix any mistakes, and please add comments in cases when a sufficiently different translations are justified - it will make review much faster.
+
Please review iOS translations in the same way as Android and let us know when it's ready for review - we will repeat the same process for iOS app.
Thanks a lot! This is a huge effort and a huge help for SimpleX Network to grow.
"Moderate" / "moderated". These words means "to delete message of another member" and "deleted by admin" respectively. This feature is used when a member sends the message that is not appropriate for the group. Many languages have similar words.
-
Once translation is completed
-
Once both Android and iOS apps are translated, please let us know.
-
We will then:
-
-
review all the translations and suggest any corrections - it also takes a bit of time :)
-
merge them to the source code - while we do it weblate will be locked for changes.
-
create beta releases of both iOS and Android apps - we can also add you to the internal tester groups, so you can install the apps before anybody else.
-
release it to our beta users - it's more than a thousand people who use our beta versions.
-
release the app and include the new language in the announcement.
-
-
Please note: we aim to keep app functions consistent between Android and iOS platforms, when possible, so we will release and announce a new language once both platforms have been translated. It doesn't mean you have to do it, but we will have to wait until somebody else translates the second platform. But if you start from Android, iOS usually takes 3-4x less time to add.
-
We can make an exception and release the language for Android only in case there are a lot of users in your country installed the app (Google Play Store and Apple App Store share these statistics with us).
How we review the translations
-
To validate the correctness of the translations we review reverse translations by browsing Weblate pages in Google Chrome browser in "Translate to English" mode. E.g., to review the German translations of Android interface somebody from our team scrolled through these 49 pages.
+
To validate the correctness of the translations we review reverse translations by browsing Weblate pages in Google Chrome browser in "Translate to English" mode. E.g., to review the German translations of Android interface somebody from our team scrolled through these 68 pages.
We are not looking for reverse translation being exactly the same as the original, it is rarely the case, only that it is generally correct.
You would make the review much easier if you could review it in advance in the same way, and comment on any cases where reverse translations are completely different (there may be valid cases for that).
- Andere apps hebben gebruikers ID's: Signal, Matrix, Session, Briar, Jami, Cwtch, enz. SimpleX niet, zelfs geen willekeurige getallen. Dit verbetert uw privacy.
+ Andere apps hebben gebruikers-ID's: Signal, Matrix, Session, Briar, Jami, Cwtch, enz. SimpleX niet, zelfs geen willekeurige getallen. Dit verbetert uw privacy.
Waarom zijn gebruikers ID's slecht voor de privacy?
+
Waarom zijn gebruikers-ID's slecht voor de privacy?
@@ -571,7 +571,7 @@ window.addEventListener('scroll',changeHeaderBg);
Zelfs met de meest privé apps die Tor v3-services gebruiken, als je met twee verschillende contacten via hetzelfde profiel praat, kunnen ze bewijzen dat ze met dezelfde persoon verbonden zijn.
- SimpleX beschermt tegen deze aanvallen door geen gebruikers ID's in het ontwerp te hebben. En als u de incognitomodus gebruikt, heeft u voor elk contact een andere weergavenaam, waardoor gedeelde gegevens tussen hen worden vermeden.
+ SimpleX beschermt tegen deze aanvallen door geen gebruikers-ID's in het ontwerp te hebben. En als u de incognitomodus gebruikt, heeft u voor elk contact een andere weergavenaam, waardoor gedeelde gegevens tussen hen worden vermeden.
- Veel gebruikers vroegen: als SimpleX geen gebruikers ID's heeft, hoe kan het dan weten waar berichten moeten worden afgeleverd?
+ Veel gebruikers vroegen: als SimpleX geen gebruiker-ID's heeft, hoe kan het dan weten waar berichten moeten worden afgeleverd?
- Om berichten te bezorgen, gebruikt SimpleX in plaats van gebruikers ID's die door alle andere platforms worden gebruikt, tijdelijke anonieme paarsgewijze identifiers van berichten wachtrijen, gescheiden voor elk van uw verbindingen — er zijn geen identificatiegegevens op lange termijn.
+ Om berichten te bezorgen, gebruikt SimpleX in plaats van gebruikers-ID's die door alle andere platforms worden gebruikt, tijdelijke anonieme paarsgewijze identifiers van berichten wachtrijen, gescheiden voor elk van uw verbindingen — er zijn geen identificatiegegevens op lange termijn.
U definieert welke server(s) u wilt gebruiken om de berichten te ontvangen. Uw contacten de servers die u gebruikt om de berichten naar hen te verzenden. Elk gesprek gebruikt waarschijnlijk twee verschillende servers.
@@ -822,7 +822,7 @@ window.addEventListener('scroll',changeHeaderBg);
Om objectief te zijn en onafhankelijke beslissingen te kunnen nemen, moet u de controle hebben over uw informatie. Het is alleen mogelijk als u een privé communicatieplatform gebruikt dat geen toegang heeft tot uw sociale grafiek.
- SimpleX is het eerste platform dat standaard geen gebruikers ID's heeft, waardoor uw verbindingsgrafiek beter wordt beschermd dan welk alternatief dan ook.
+ SimpleX is het eerste platform dat standaard geen gebruikers-ID's heeft, waardoor uw verbindingsgrafiek beter wordt beschermd dan welk alternatief dan ook.
SimpleX gebruikt tijdelijke anonieme paarsgewijze adressen en inloggegevens voor elk gebruikers contact of groepslid.
-
Het maakt het mogelijk om berichten te bezorgen zonder gebruikers profiel ID's, wat een betere privacy van metagegevens biedt dan alternatieven.
+
Het maakt het mogelijk om berichten te bezorgen zonder gebruikers profiel-ID's, wat een betere privacy van metagegevens biedt dan alternatieven.
Tik om te sluiten
@@ -1619,7 +1619,7 @@ window.addEventListener('scroll',changeHeaderBg);
P2P netwerken vertrouwen op een variant van DHT om berichten te routeren. DHT ontwerpen moeten een balans vinden tussen leveringsgarantie en latentie. SimpleX heeft zowel een betere leveringsgarantie als een lagere latentie dan P2P, omdat het bericht redundant via meerdere servers parallel kan worden doorgegeven, met behulp van de servers die door de ontvanger zijn gekozen. In P2P netwerken wordt het bericht achtereenvolgens door O(log N)-knooppunten geleid, met behulp van door het algoritme gekozen knooppunten.
- SimpleX ontwerp heeft, in tegenstelling tot de meeste P2P netwerken, geen globale gebruikers ID's van welke soort dan ook, zelfs niet tijdelijk en gebruikt alleen tijdelijke paarsgewijze ID's wat een betere anonimiteit en metadata bescherming biedt.
+ SimpleX ontwerp heeft, in tegenstelling tot de meeste P2P netwerken, geen globale gebruikers-ID's van welke soort dan ook, zelfs niet tijdelijk en gebruikt alleen tijdelijke paarsgewijze ID's wat een betere anonimiteit en metadata bescherming biedt.
P2P lost het probleem MITM-aanval niet op en de meeste bestaande implementaties gebruiken geen out-of-band berichten voor de initiële sleuteluitwisseling. SimpleX gebruikt out-of-band berichten of, in sommige gevallen, reeds bestaande veilige en vertrouwde verbindingen voor de eerste sleuteluitwisseling.
@@ -1745,7 +1745,7 @@ window.addEventListener('scroll',changeHeaderBg);
U kunt contacten en groepen maken en tweerichtings gesprekken voeren, zoals in elke andere messenger.
- Hoe kan het werken met unidirectionele wachtrijen en zonder gebruikers profiel ID's?
+ Hoe kan het werken met unidirectionele wachtrijen en zonder gebruikers profiel-ID's?
@@ -607,7 +607,7 @@ window.addEventListener('scroll',changeHeaderBg);
Багато користувачів запитували: якщо SimpleX не має ідентифікаторів користувачів, як він може знати, куди доставляти повідомлення?
- Для доставки повідомлень замість ідентифікаторів користувачів, які використовують всі інші платформи, SimpleX використовує тимчасові анонімні парні ідентифікатори черг повідомлень, окремі для кожного з ваших з'єднань — немає ніяких довгострокових ідентифікаторів.
+ Для доставки повідомлень замість ідентифікаторів користувачів, які використовуються всіма іншими платформами, SimpleX використовує тимчасові анонімні парні ідентифікатори черг повідомлень, окремі для кожного з ваших з'єднань — немає ніяких довгострокових ідентифікаторів.
Ви визначаєте, який сервер(и) використовувати для отримання повідомлень, ваші контакти — сервери, які ви використовуєте для надсилання їм повідомлень. У кожній розмові, швидше за все, будуть використовуватися два різних сервери.
@@ -1420,7 +1420,7 @@ window.addEventListener('scroll',changeHeaderBg);
Багато комунікаційних платформ вразливі до MITM-атак з боку серверів або мережевих провайдерів.
-
Щоб запобігти цьому, додатки SimpleX передають одноразові ключі поза смугою пропускання, коли ви ділитеся адресою у вигляді посилання або QR-коду.
+
Щоб запобігти цьому, програми SimpleX передають одноразові ключі поза смугою, коли ви надаєте адресу як посилання або QR-код.
Сервери SimpleX працюють як змішані вузли з низькою затримкою — вхідні та вихідні повідомлення мають різний порядок.
+
Сервери SimpleX працюють як вузли змішування з низькою затримкою - вхідні та вихідні повідомлення йдуть в різному порядку.
Натисніть, щоб закрити
@@ -1619,7 +1619,7 @@ window.addEventListener('scroll',changeHeaderBg);
Мережі P2P покладаються на певний варіант DHT для маршрутизації повідомлень. Дизайн DHT має балансувати між гарантією доставки та затримкою. SimpleX має кращу гарантію доставки і меншу затримку, ніж P2P, тому що повідомлення може бути передано через кілька серверів паралельно, використовуючи сервери, обрані одержувачем. У P2P-мережах повідомлення передається через O(log N) вузлів послідовно, використовуючи вузли, обрані алгоритмом.
- Дизайн SimpleX, на відміну від більшості P2P-мереж, не має жодних глобальних ідентифікаторів користувачів, навіть тимчасових, а використовує лише тимчасові парні ідентифікатори, що забезпечує кращу анонімність та захист метаданих.
+ Дизайн SimpleX, на відміну від більшості мереж P2P, не має жодних глобальних ідентифікаторів користувачів, навіть тимчасових, а використовує тимчасові ідентифікатори лише парами, забезпечуючи кращу анонімність і захист метаданих.
P2P не вирішує атаки MITM проблема, і більшість існуючих реалізацій не використовують позасмугові повідомлення для початкового обміну ключами. SimpleX використовує позасмугові повідомлення або, в деяких випадках, уже існуючі безпечні та надійні з’єднання для початкового обміну ключами.
diff --git a/uk/invitation/index.html b/uk/invitation/index.html
index a5620bf71c..9fc2375bf3 100644
--- a/uk/invitation/index.html
+++ b/uk/invitation/index.html
@@ -177,13 +177,13 @@
+ 
+
+
+
+
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+
+
+
+ 
+
+ 
+ 
+ 
+ 
+
+ 
+
+ 
+
+ 
+
+ 
+ 
+
+
+
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+
+ 
+
+ 
+
+ 
+
+ 
+
+ 
+
+ 
+
+ 
+
+ 
+
+ 
+
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+
+
+
+ 
+ 
+ 
+ 
+ 
+ 
+
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+ 
+