[trust problem] I can not trust simplex.chat when it send traffic to servers that is not deploy by myself. #1431
Replies: 12 comments 1 reply
-
I know that ios push notifications stuff must use a server that is not deploy by myself. |
Beta Was this translation helpful? Give feedback.
-
That is 100% not the case, it may use other servers, but they are not hidden :) You can check which servers are used to send and receive messages for each contact in the contact page (tap contact avatar on top of the chat). If it has one of simplex.im servers that would explain what you observe. If you have your servers there and you are certain that they are unreachable I'd love to investigate it further. I wasn't quite clear what is in different networks - for the test you describe it should be devices and servers, the devices would never communicate directly. We will be adding a feature allowing to manually and automatically migrate to other servers - it is coming soon.
What you are asking is an option for "trusted servers" - we are considering it. We were thinking to only constrain the new connections though, not to prevent the existing contacts to work (as you seem to want), but it can be extended to be more restrictive and inform users that there are X contacts using non-trusted servers and that they would stop working. |
Beta Was this translation helpful? Give feedback.
-
I am not an expert in IT networks but I use logic. |
Beta Was this translation helpful? Give feedback.
-
No, in my tests, it looks like the configure of smp and webrtc address can not stop new contacts to use the default(hidden) servers . It may be a bug? (First configure to differents address, than add the contacts, then talks to eath others.) |
Beta Was this translation helpful? Give feedback.
-
You decide which message queue (think, like a mailbox) to use for each contact. If you want to move this mailbox to another server it requires some communication and agreement with that contact. Right now, it can only be done manually, by creating a new contact. v4.2 or maybe 4.3 will have experimental feature allowing you to switch contact to another server manually, by clicking a button. Later this year we will adding automatic migration of the contacts, and optionally it will be happening regularly too, but it cannot be instant - it will be happening over some short period of time. And if the current server is broken then the automatic change won't be possible - you would have to send the new address out of band, in the same way the initial connection was made. The expectation that changing the server should instantly change how you communicate with your contacts is based on the idea that each user has some global address and the servers are used to route messages between these addresses. But it's not how SimpleX is designed - users do not have any global addresses, and a server is part of the pair-wise address used to send or receive messages to one contact only, so changing this address requires some communication.
Have you changed the configuration on both clients before creating the connection? Your client only determines which servers will be used to receive messages, your contact's client determines which server is used by you to send messages (that is, both clients define the servers where they receive messages). If after you change configuration on both clients the new connection is still established via the default servers, we need to look into it, but let's make a test first:
We might have a bug if:
I don't think either can be the case though, but I absolutely can be wrong :) Thank you for testing it! |
Beta Was this translation helpful? Give feedback.
-
No , my expectation is that I will setup my server after I download the app , and do not change it when the server is normal. I do not need that changing the server should instantly change how you communicate with your contacts is based on right now. I may need it when the server is broken , but not now.(I may expect two servers may solve this problem when one is broken) When i change it , the old contacts are not important, i can always add my contact again face to face. I will do the test again, later. |
Beta Was this translation helpful? Give feedback.
-
Understood. Since I don't have the IT background to contribute to security improvements, I fully rely on your expertise and that of your team, and I am sure you will do everything you can to protect our communications from potentially aggressive and oppressive governments. Thank you for the explanations and for what you do. |
Beta Was this translation helpful? Give feedback.
-
Could you add a "make a donation to the collective" button within the app? I would like to be catapulted to the crypto donation page. I do not want to support the centralized FIAT (currency) system. Even better if you directly include a Bitcoin address of yours to which I can send funds directly. And let's get the "middlemen" out of the way to whom you have to pay the fee... |
Beta Was this translation helpful? Give feedback.
-
There are ways to donate here: https://github.com/simplex-chat/simplex-chat#help-us-pay-for-3rd-party-security-audit thank you! |
Beta Was this translation helpful? Give feedback.
-
Hello! https://ci.zw3rk.com/build/494539/download/1/pkg-aarch64-android-libsimplex.zip but on them I got http error 500. Can you help me get the required libraries? |
Beta Was this translation helpful? Give feedback.
-
I'm second to the poster in the aspect that I cannot trust a 3rd party chat server directly connected to my phone when I have my own SMP servers and I would like to have full control on the sender server (my sovereignty and no need to put trust in 3rd party). So I cannot wait the coming SMP proxies (at least) to have them as shield but still, I'd want to use my own my servers for sending our my own messages from my phone and not someone else's. If I could pick, I'd chose the sending server instead of the receiving server. suggestion: both, the sending and receiving servers to be chosen locally from the preset pool of SMPs (which can include only the client's self hosted ones). |
Beta Was this translation helpful? Give feedback.
-
These two things are equivalent - sending proxies would allow you exactly that - choosing the servers you use to send the messages, and they will be chosen from the same servers you use to receive - sending proxies would not be a new kind of servers, but rather an extension of messaging protocol, that would make each message delivered via 2 hops, when both sides choose both sending and receiving servers - similar to how email operated, but without any user accounts or identities. |
Beta Was this translation helpful? Give feedback.
-
I am a user in a team that care about privacy of logs of chat messages history and contracts .
I do not trust what simplex.chat said in the first place, so I did a test:
I deploy two servers, ip a and ip b.
I config ip a to ios device c.
I config ip b to ios device d.
I put ios device c and device d into different nat , so it can not direct connect in ip .it must need some servers to relay.
I find that device c can send message to device d successfully.
So I am sure that are it send traffic to some hidden servers that is not deploy by myself.
So I will not trust simplex.chat only base on those tests, I can not sure the servers that is not deploy myself can not read/log my message.
I may trust simplex.chat by reading and verified all source code myself.
Suggestion:
Beta Was this translation helpful? Give feedback.
All reactions