I use whatsapp to communicate with my mother and that's it

I just use xmpp via Conversations on my phone. Signed up with xmpp.jp, very easy all around.

WhatsApp... Just to keep in contact with family, I don't use messengers otherwise!

>>144728
which xmpp client do you use?

I tried simplex once and it seemed fine, though I didn't use it for long. But I use matrix because that's what the people I talk to use.

>>144794
What platform did you try SimpleX on? Also did you join big groups or only talk to a few people? I've heard one of SimpleX's biggest problems is handling groups with large user sizes (which I joined a ton of) so I think that might be part of the reason why it was working so badly for me. Also what Matrix client do you use? Back when I used to use Matrix (I remember back in the day the big debate was to use Matrix vs XMPP) I used the Element client for mobile devices and Mirage (its dead now but theres a fork here https://mx-moment.xyz/) for my Linux desktop

>>144736
I see a lot of people using whatsapp for family. Just why? Why whatsapp in particular? It's a really terrible messenger.

>>144799
it's what my family uses and they refuse to switch to anything else

>>144799
its hard to escape whatsapp when you live in a country where everyone uses it

xmpp ftw

Do you guys know about Session?
It's a signal fork that has its own network of nodes (run on a blockchain) and user IDs are shared via long hexadecimal codes.

I don't have friends to message (´・ω・｀)

>>144805
I've read from a few different sources that the encryption has a serious flaw. I don't know enough about technology to elaborate sadly. I was going to copypaste one of the sources but it's down...

>>144798
Android, and yeah I only talked to one person.

>>144805
the only people I've ever seen mention session were actual feds trying to bait people into sharing CP (・∀・)
never saw anyone talk about using it for anything legitimate until now ┐(ﾟ～ﾟ)┌

>>144805
everything i read about session is people shitting on it. i dont really understand it enough myself so i will just link what ive seen online
https://soatok.blog/2025/01/14/dont-use-session-signal-fork/

>>144824
pt. 2

>>144824
>>144826
I've also heard that the guy who owns Session vehemently hates pedophiles, so he maybe sabotaged the encryption intentionally to get people v&. And yea only retarded Pawooners and feds use Session.

what about matrix?

>>144837
Security wise, I've never heard any complaints about it. And all the most obvious fedposters seem to never use it and instead use Session.

It can be kinda slow and fucky though, especially if you join large group chats. But all the encrypted messengers seem to be like that.

>>144838
lol fag

>>144799
it is what ordinary non-technical people installed
that's it really
no one I know in my family really chose it deliberately, it just ended up being the easiest option

OP here, after researching SimpleX some more, I wouldn't recommend it to anybody who likes their IP being private. This guy explained it better than I could

SimpleX is not the program you want to use.

I have on several occasions tried to get epoberezkin to answer basic questions, but every time they run to the hills.

SimpleX prides itself with having no identifiers. The most revealing identifier would be your name, then phone number, then your IP, then your email, then your username. SimpleX server knows your IP-address by default. But the CEO pretends this is not an issue. They ignore the fact IP-addresses are constantly used to determine identity of copyright infringers using torrents etc. They either tie to the household, or to the person if they live alone.

SimpleX uses something called queues. Which are basically random persistent tokens that allow fetching data from the server. The server generates the token for Alice, and Alice shares them to Bob off-band.

Alice can use queue ID to_bob1 to send a package for Bob, who can then fetch it with queue ID from_alice1. Same, vice versa.

SimpleX is not transparent enough about the fact the server can trivially correlate the IP addresses that converse.

There is queue rotation, but since unauthorized users must not be able to change the queues between Alice and Bob, the server must authenticate Alice before this action. This means Alice is recognized by the server, regardless of which IP-address they connect.

So Alice can’t rotate their queues without the server knowing which queue pair Alice and Bob use next.

Since the server knows the queue ID between two users in long term (that is, unless they re-register for Simplex and start fresh), the server can keep accumulating all queue IDs associated with Alice and Bob. The server can also associate every IP-address it has seen Alice connect from to that user.

If Alice and Bob use Tor from day one, and somehow never fail to misconfigure Tor and leak their IP, SimpleX is probably OK. If they ever fail, then the user is permanently deanonymized.

This is why SimpleX sucks compared to Cwtch. Cwtch uses anonymous Tor IDs, that are trivial to spin up, and take down. You can have as many user IDs as you want, even 1:1 mapping for all contacts to micromanage your online status for every contact.

Cwtch forces connections through Tor, Onion Services can not operate without you having anonymity.

My huge issue with SimpleX, is the CEO is vacillating between the positions of “Tor has vulnerabilities, therefore it’s not 100% solution”, and at the same time offering Tor as an opt-in solution for paranoid users (their words, not mine.)

Tor is obviously not a panacea, but the CEO conveniently forgets, is

There is for now, nothing better. We haven’t seen any improvements to the concepts of onion routing since NSA slides crowned Tor the “King of Anonymity solutions”.

IF the anonymity provided by Tor fails, all that happens is, your IP address will leak to a third party. Which is what’s happening with SimpleX by default.

Cwtch solved the problem of IP-addresses get revealed due to accidental misconfiguration, which is an actual threat.

SimpleX solved the non-issue of usernames and offered the same IP-address protection as every bog-standard messaging app: None.

Evgeny, again, if you want to offer improvement over existing software like Cwtch, you need to expand on what they solved (like I did with TFC by solving endpoint security which Cwtch does not solve), not pretend the first thing metadata-resistant communication solves, does not matter, and then boast about being “first to have no persistent IDs”

Your system has a persistent ID. It is the

[(alice_tor_ip_address1, queue_id1),
(alice_tor_ip_address2, queue_id1),
(alice_tor_ip_address2, queue_id2),
(alice_tor_ip_address3, queue_id2),
(alice_tor_ip_address3, queue_id3),
(alice_home_ip_address, queue_id3),
(alice_tor_ip_address4, queue_id3)]

list of tuples collected by the server over time.

First HN. Now PrivacyGuides. You’re running out of hills to run with your snake oil. Please stop running and address these issues.
https://discuss.privacyguides.net/t/simplex-vs-cwtch-who-is-right/19256/29

I think ure required/forced to add backdoors in some way. This is teh reason things like tox or maybe bitmessage are developed anonymously.

Oh.. both are actually not , some people behind the projects are even named on Wikipedia. Okay, but maybe being a CEO, maybe raising funds, is different...

>>145110
>>145111
the simplex dev is an asshole as well, i tried to ask him about this and he basically said USE TOR OR A VPN OR ITS UR FAULT IF YOU GET FUCKED