The table is quite big (190+ lines of hand-written HTML) and it doesn’t fit on mobile phone screens unless you zoom out. It should be fine on desktop. It also specifies the criteria followed and has analysis of some of the IMs in the table (not close to all of them, I hope to add more analysis in the future).

Counter-arguments are always welcome. Sources and additional information too. Note that the typical privacy recommendation (Signal) is not recommended here. It does not meet our criteria, being centralized and requiring a phone number. I don’t want to hate on Signal since it’s doing a decent job spreading the importance of E2EE, however we can not recommend it for the given reasons.

  • poVoq@slrpnk.net
    link
    fedilink
    arrow-up
    7
    arrow-down
    1
    ·
    1 year ago

    SimpleX being a hybrid p2p model means that it leaks more metadata to 3rd parties than XMPP for example.

    They explicitly recommend using Tor with Simplex for that reason.

    I would suggest you change the “meta data” field for it to “probably ok”, but the design of the system makes it a risk factor, so without Tor it is probably more of a “barely ok”.

    • sir_reginald@lemmy.worldOP
      link
      fedilink
      arrow-up
      4
      ·
      1 year ago

      What metadata is leaked? AFAIK, the relays you connect to don’t even know who you are because there’s no single identifier tied to you.

      • poVoq@slrpnk.net
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        IP addresses mainly, which is the worst kind of meta-data as it can be linked to your real location and name relatively easily.

        • sir_reginald@lemmy.worldOP
          link
          fedilink
          arrow-up
          6
          ·
          1 year ago

          I mean, XMPP also leaks your IP to the server if you don’t use Tor or a VPN. If you don’t trust the server, it’s a must to hide your IP.

          I don’t think that changes anything in the comparison. Except Briar, which uses Tor by default, I think that every other messenger reveals your IP to the server if you aren’t actively hiding it. That’s just how it works. At least SimpleX and XMPP can be used through onion services, something that others don’t offer.

          • poVoq@slrpnk.net
            link
            fedilink
            arrow-up
            2
            ·
            1 year ago

            The vital difference is that with XMPP you consciously choose a server host (or self-host) that is acting like a proxy for you and thus protects your privacy, even if you don’t use Tor.

            With SimpleX there is basically a random list of relays that you know next to nothing about, and which could in fact be mostly honey-pots, and you are connecting directly to them, which makes Tor almost mandatory.

            For me it boils down to the fact that there is no such thing as trust-less communication, so you should choose carefully whom to trust and minimize the number of people you need to trust. XMPP is IMHO the clear winner on that, because it’s basically only your home-server you need to trust.

            • sir_reginald@lemmy.worldOP
              link
              fedilink
              arrow-up
              4
              ·
              1 year ago

              yeah I agree that XMPP is currently the best option.

              But SimpleX is also self-hostable, you can configure it to only connect to your own relay server. Or just use .onion servers. So SimpleX is a close second IMO.