@richardstephens I would assume it's something like just popularity among userbase.

That tells me all I need to know about who the developers' communities they got their seed users from were.

@triskelion LOL not surprising.

I just bring this up again and again because I see it (SimpleX) and other similar shit promoted way too often on fedi. Contrarian edgelord brainworms kinda thrive here and we need to be calling that shit out before it takes hold. Nazi bar theory.

And I just saw this post: mstdn.social/@rysiek/114630877… xD

Michał "rysiek" Woźniak · 🇺🇦

2025-06-05 12:59:43

Hey @simplex is this really your founder? 👀
xcancel.com/epoberezkin

#SimpleX #InfoSec

Evgeny (@epoberezkin)

@SimpleXChat (http://simplex.chat) founder - the 1st chat network without user IDs. Created Ajv #JSON validator used by millions of JS apps.

^Nitter

@Ember Thanks for the citation.

For those who don't need to actually see the vile receipts (don't click thru unless you really do), the lead dev of SimpleX posts vile shit on birdchan (of course) in favor of abuse of trans children.

DO NOT USE SIMPLEX. DO NOT PROMOTE SIMPLEX. CALL FOLKS OUT WHEN THEY DO.

@Altair You have multiple other legitimate cryptographic marvels you could be using to protect yourselves. VeilidChat and Cwtch are the two strongest. Signal is still far better than SimpleX in all ways that actually matter, but if you're opposed to it, use one of the two that's actually legit.

SimpleX is a fucking honeypot run by nazis. Eventually the client is going to ship malware. If it isn't already. It's going to have intentional "bugs" that compromise your privacy.

There is utterly no reason to defend using it as self-preservation.

VeilidChat is a _proof of concept_, categorically _not_ real competition at this point.
Cwtch is good to a degree, and probably the best option for highly specific use cases, but in addition to the fact that it isn't available for iOS users (and while you can say users who care about privacy shouldn't be using iOS and be correct, we're talking about actually protecting beings as they exist here, not what they _should_ be doing — especially if that then leads to "well, buy a new phone then", which would be an incredibly privileged take), the Android version is buggy to the point of unusability, and it always has the pure P2P messenger issue of requiring both contacts to be online simultaneously to function.

Add that all up, and you get something that is _not_ going to attain wider adoption, nor be practically usable for a majority of possible users. If you argue that VeilidChat, Cwtch, and Signal are the options, well, that's down to just Signal now, and I already explained why that isn't always usable at all.

The concern about the trustworthiness of SimpleX's codebase is valid, and their code releases should be watched very closely for compromising updates, but saying that an open-source program _is_ unsafe without citation of any specific issues comes across as scaremongering. In particular, I note that throughout the history of the internet, wholly unsubstantiated accusations that such-and-such is a "honeypot" have been _widely_ used to scare users away from secure software so the government can continue monitoring them without issue. I'm not saying that you, in particular, are a fed, but what I am saying is that _that kind of thinking_ is exactly what they promoted and what they want.

@Altair
No it's not. Decentralized, foss, security model includes metadata by avoiding getting it and protecting it. It was audited by trail of bits, well respected. That is just not true.

And I'm very worried about the Nazis around it. We should be ready to fork it.

@zeh "Experts who've looked seem to say it doesn't."
You're going to have to be more specific. While I acknowledge that the Trail of Bits audit isn't terribly relevant at this point since it was so long ago, and I am aware of some well-founded criticisms of SimpleX as a technology, such as their use of client-side moderation (is this really worse than the server-side moderation most services use?), or the protection provided by their IP-hiding system being overstated (so use a VPN or Tor like with everything else),

I have yet to be aware of any serious issues that aren't trivially mitigated or present in competitors also. Frankly, if you're aware of serious and relevant issues, you should have _led_ with citing them, as it would have made your message much more effective — which makes the fact that you _aren't_ being specific indicative that you don't actually have any specifics to give.

I am not here to do technical research for a nazi team to convince people who demand technical arguments to dismiss the idea of trusting nazis not to have fucked up (intentionally or by incompetence that comes with being nazis) making a high stakes cryptographic product that will put in danger people targeted by nazis if anything is wrong with it.

If you are demanding technical teardown when there are already abundant human reasons not to step anywhere near SimpleX, that's a you problem I can't fix. And it makes me seriously distrust you as someone I'd want to interact with.

lol this motherfucker really just made an account to stan the fash

CC: @dalias@hachyderm.io

@praveen Why would you want to?

You use and potentially fork Firefox because it's currently the only non-Chrome option in its domain, and because it's going to take very large amounts of time, money, and effort to build a complete replacement.

None of this applies to SimpleX. There's no big asset there. It was not some astronomical effort to build. You don't need it for interoperability with the existing web. It's an over-hyped piece of garbage designed to make money and influence for nazis who built it. It does not solve any problem anyone has.

for example see this answer fosstodon.org/@cwtch/114660341…

No other app correctly balances server and peer to peer (no metadata on server) yet. More clients could do that in future for sure, but right now Simplex Chat has a unique proposition and I don't want to give up on that value because I disagree with its founder. Being Free Software means we have more options than a simple boycott when a project we care about does things we don't agree with.

@praveen Even if SimpleX had useful privacy characteristics, folks need to realize that getting people onto the platform is immensely harmful to their safety.

You're getting them to install a mobile app that a known-bad-actor can publish updates for at any time. Updates that may compromise the privacy of their past or future conversations, add trackers that compromise their identity and location, or try to dupe them into doing things against their interests.

I don't buy the technical claims to begin with, but if you do, get them verified by someone willing to do that (who's not paid by SimpleX) and fork *now* not later. Or better yet, don't fork but use whatever concepts make sense (I suspect it will turn out to be very few) in a completely new implementation. It's not like they've built something giant and elaborate that's hard to replicate.