Info regarding privacy. #1585
-
https://github.com/simplex-chat/simplex-chat/blob/stable/PRIVACY.md#information-we-may-share
Can you state here for the people who have not read the terms and conditions in simple words what will be provided in case of a legal proceeding? |
Beta Was this translation helpful? Give feedback.
Replies: 11 comments 5 replies
-
The messaging servers, the server where we host our f-droid repo, the clients you connect to when you "connect to developers". Using 3rd parties as hosting providers would be the case for any communication platform, maybe with the exception of Google, Facebook etc. Specifically, we use Linode as hosting provider.
I don't believe it is contradictory – the encrypted data can be accessed by multiple parties in any communication platform, that includes hosting providers, ISPs, network operators, and the likes.
End-to-end encryption actually prevents the original messages from being accessed by the third parties. Possibly, you misread "encrypted messages can be accessed" as "original messages can be accessed"? Original messages cannot be accessed neither by servers nor by any third parties.
Not more than the data we have, and most likely less than that. We are currently formulating a legal framework for such requests – we most likely will be looking for a proof that the user indeed was using a specific server before providing any information, this is to be clarified. The data we have on the servers does not identify users in any way, it only includes queue addresses and public signature keys for recipient and sender, and undelivered encrypted messages are only temporarily persisted during server restarts, otherwise they are in server memory.
If there will be a sufficient legal basis for that from our point of view in the jurisdiction we operate, and we have these messages, we will comply. We will challenge any requests if our legal view is different from the one in the request. |
Beta Was this translation helpful? Give feedback.
-
Yes exactly, i misread. I apologize for that. Thanks for the explanation. |
Beta Was this translation helpful? Give feedback.
-
No worries! Maybe we should re-phrase it somehow to make it clearer, I will think about it.
Neither do I
Or the device is ceized and there are contacts on our servers when we will be provided with specific queue addresses. In which case we would have some information that we might be legally obliged to provide. All the policy says it is that there is such a possibility. |
Beta Was this translation helpful? Give feedback.
-
Thanks for the response once again. It is amazing that the owner/ developer is so dedicated to the project that he personally takes care of issues. |
Beta Was this translation helpful? Give feedback.
-
This is very good to know and what I think should be done on the website is to make a page call it transparency trust and have all this explained in the simplistic terms for people with pictures and a breakdown list of what is stored, when, how long, why & who can see what. I can see people confused with hosting providers for servers and configuring traffic routing people will want to know if the default settings are secure or not. Maybe explain where the servers are hosted because I bet a lot of people will wonder is this in switzerland because of their data laws. Probably explain how this works for people protected by the GDPR.
If your using the tor routing then all the ISP would see is this person is using Tor everything else should be unidentifiable. Am I mistaken about this? This actually makes me wonder have you considered adding as a second routing aside from Tor Lokinet? I hear the oxen nodes is more secure then Tor. |
Beta Was this translation helpful? Give feedback.
-
yes!
I was considering to show it in the app per server, mostly for the latency sake on the recipient side. Without having data from the user device the data from the servers is relatively useless, so I am less worried about differences between jurisdictions.
Correct, I was just making a general list. Tor relay operators can have some visibility in this case, although less so when the traffic doesn't leave Tor. If the whole Tor circuit is controlled by the same or collaborating parties, which isn't impossible, they would have visibility.
One of the reasons it's not embedded - I don't want to lock users into a specific transport anonymity layer, so even if we eventually embed something, we will keep general SOCKS proxy support so users can choose what better fits. |
Beta Was this translation helpful? Give feedback.
-
I guess that could work in the app it shows them which one they are connected to. I was thinking a list on the site.
Right which is why I mentioned how you have a use .onion when avaliable switch to use tor to make a second one set for Lokinet.
It doesn't have to lock them in does it? I thought it could work like a flipswitch how you have it with the Tor option just adding a second one below or above & Lokinet. |
Beta Was this translation helpful? Give feedback.
-
I don't think Lokinet can be used as a general purpose transport network that proxies TCP connections, or can it? Tor is not the only network - there are some others that can be used via SOCKS proxy. |
Beta Was this translation helpful? Give feedback.
-
I am almost certain that it can if tor can then yeah theres no reason why it shouldn't be able to as well. This is the protocol used in session so I believe SimpleX should be able to benefit from it as well. Take a look |
Beta Was this translation helpful? Give feedback.
-
yep, it indeed can be used in this way. Well, then somebody needs to make an Android app that provides Lokinet routing via SOCKS proxy and the job is done. Maybe, such an app already exists? |
Beta Was this translation helpful? Give feedback.
The messaging servers, the server where we host our f-droid repo, the clients you connect to when you "connect to developers". Using 3rd parties as hosting providers would be the case for any communication platform, maybe with the exception of Google, Facebook etc. Specifically, we use Linode as hosting provider.
I don't believe it is contradictory – the encrypted data can be accessed by multiple parties in any communication platform, that includes hosting providers, ISPs, network operators, and the likes.