simplex-chat
paper-research-privacy-matrix.org
Our great sponsors
simplex-chat | paper-research-privacy-matrix.org | |
---|---|---|
247 | 16 | |
5,264 | 112 | |
4.0% | 0.0% | |
9.9 | 1.5 | |
6 days ago | about 1 year ago | |
Haskell | HTML | |
GNU Affero General Public License v3.0 | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
simplex-chat
-
What are your favorite End-to-End encrypted tools for online privacy?
For messaging I'm currently on Olvid (E2E with physical key exchange) but since it still use their servers, I'm currently testing SimpleX where I can host my own servers.
- Apple reveals 'push notification spying' by foreign governments
- simplex bugs/ missing features
- Launching Default End-to-End Encryption on Messenger
-
Apple Confirms Governments Using Push Notifications to Surveil Users
Notice how SimpleX (https://simplex.chat/) has no push notifications by default because of this issue.
- Possible today in Signal? Disable link preview
-
SMS Security and Privacy Gaps
I've been using SimpleX [0] with a couple of friends recently. It appears to work as advertised.
[0] https://simplex.chat
- SimpleX Chat v5.3.0 – Local file encryption and delivery receipts
-
U.K. Abandons, for Now, Legislation That Would Have Banned End-to-End Encryption
If you have a mobile phone number, the domestic intelligence agency knows exactly where you are at all times and any LEO (without a warrant) can also find you. In addition, there have been numerous CCC presentations showing how insecure the global (excluding US) and (separately) US carriers are guilty of promiscuous metadata trafficking ($$) and insecure SS7 setups. As a consequence, for low $, you can go to any one of several shady websites and find the last location of almost any phone number (person unique ID) globally. There are additional varying exploitable vulnerabilities depending on the exact combination of {handset x carrier x country} to impersonate them, tap their line, reveal their exact location, and redirect their phone number through a third-party handset or even a PBX. These are more expensive and some capabilities are forbidden for all but a few selective intelligence uses.
Session (Signal fork) doesn't use phone numbers. It's pretty well-designed overall and uses an onion routing approach. It's already a superset of Signal except it doesn't use phone numbers. https://getsession.org
Also look interesting:
* (unproven) https://www.olvid.io/technology
* (unproven) https://simplex.chat
PS: Using regular TOR on home broadband or cloud servers is relatively risky and inefficient. Sybil attacks on it are common. And to network operators and security agencies it gives an easy "flow tag" of your uplink and exit node data traffic as automatically suspicious.
-
Re: Profile Pictures
Why not open up a Feature request on https://github.com/simplex-chat/simplex-chat/issues
paper-research-privacy-matrix.org
-
An actually private messaging self hosted server
I am trying to find something similar to discord that is actually private. Matrix phones home with a nasty amount of info: https://github.com/libremonde-org/paper-research-privacy-matrix.org/tree/master/part1, Snikket seems like a decent alternative, i just havent audited it for security purposes. Any suggestions? All im trying to maintain is the multiple-channels aspect of Discord, voice/video are optional, but preferred if possible
- MinesTRIX, A privacy focused social media based on matrix
-
XMPP Group Chat & Introduction
I present to you a MUC I've created on the XMPP (also informally known as Jabber) network. I've put some thought into which network would be best fit and decided that, while IRC is an excellent way to chat, there is an apparent lack of mobile support and perhaps lacks the ability to choose a server of your choice. Furthermore, I've concluded for many years that Matrix isn't a good choice for multiple concerning reasons, the most impactful being the Matrix Foundation itself receiving large amounts of metadata and being overly centralized over the entirety of the network. Matrix also utilizes CloudFlare (a popular CDN service) which, according to W3Techs, provides services for 19.2% of all websites. I don't believe CloudFlare is a bad actor but they certainly can MITM any websites utilizing their free tier plan. One can easily check if a website is using the free tier SSL certificate by checking here. You can see that in the "subject" area, it shows the SSL domain name as sni.cloudflaressl.com. CloudFlare's free SSL operates by encrypting only the data sent from you to the CDN, leaving the data that is sent from the CDN back to Matrix.org unencrypted. This isn't necessarily problematic for the entirety of the network, however, it shows the Matrix Foundation has an apparent lack of privacy/security practices while advertising their project as a privacy-oriented chat solution. I won't ramble on too much about Matrix's suspected privacy issues, instead, I'll leave you these two write-ups to read for yourself, here and here.
-
Why do people still recommend Matrix.
it's an entire paper written by a nonprofit dedicated to user privacy. it's also last updated 6 months ago? you can view all the commits here (https://github.com/libremonde-org/paper-research-privacy-matrix.org/commits/master)
- Communist Linux Discord server.
-
SimpleX Chat v1 released - the most private and secure chat and application platform!
I found this to be an interesting read about Matrix. https://github.com/libremonde-org/paper-research-privacy-matrix.org/blob/master/part2/README.md
- XMPP: the secure communication protocol that respects privacy
-
Element One – All of Matrix, WhatsApp, Signal and Telegram in One Place
Not sure what exactly they were referring to, but here are some of them: https://github.com/libremonde-org/paper-research-privacy-mat...
- What are some open source apps that are actually terrible for privacy?
- Which real time communication do you use and why?
What are some alternatives?
Element - A glossy Matrix collaboration client for the web.
matrix.to - A simple stateless privacy-protecting URL redirecting service for Matrix
session-android - A private messenger for Android.
weechat-matrix - Weechat Matrix protocol script written in python
nostr - a truly censorship-resistant alternative to Twitter that has a chance of working
simplexmq - ⚙️ SimpleXMQ - A reference implementation of the SimpleX Messaging Protocol for simplex queues over public networks.
Signal-Android - Fork from a private messenger for Android with extra options added: full backup and (partial, ony text) xml backup of messages. Restore can happen at any time, not only after a fresh install. Import SMS database. Import of (unencrypted) WhatsApp databases. Removed apk expire. Choose between passphrase protection and the Android screenlock. Choice for the backup location (internal or removable storage on Android < 11 (on 11 and higher this is already possible)). Set the maptype in the place picker. Option to treat view-once media as normal media. Option to ignore remote deletion. Choose between FCM or websocket notification delivery.
RetroShare - RetroShare is a Free and Open Source cross-platform, Friend-2-Friend and secure decentralised communication platform.
termpair - View and control terminals from your browser with end-to-end encryption 🔒
paper-research-privacy-mat
Signal-Server - Server supporting the Signal Private Messenger applications on Android, Desktop, and iOS
gomuks - A terminal based Matrix client written in Go.