(no title)
epoberezkin | 1 year ago
Every server that user connects to of course knows IP address of the user, be it Tor relay, VPN provider, Nym node, or SimpleX relay - the user chooses which server to trust.
Neither of the approaches guarantees transport anonymity.
Recently added private message routing protects IP addresses of the users from the destination servers: https://simplex.chat/blog/20240604-simplex-chat-v5.8-private... , which was #1 point of criticism that IP addresses are not protected by default.
maqp|1 year ago
>We believe that Tor may be the wrong solution for some users for one of the reasons: much higher latency, error rate and resource usage.
Yet you provide no options for Tor, as in https://simplex.chat/docs/server.html your idea for anonymizing users is... For the user to hop through roughly 20 page document of dozens of commands to create the equivalent of personal VPN server, and amidst it, to connect anonymously to contacts' servers, you need to install... Tor https://simplex.chat/docs/server.html#tor-installation-and-c...
So if you don't have any options for Tor, maybe you should just default to Tor.
As for the hoops, you know, you can just write an install script for the user to auto-configure this stuff correctly. In its current state it's definitely something an average Joe is going to do. If this is there just to shut down criticism, maybe you should instead address the criticism, and make it metadata-private by default, without these insane hoops.
If it doesn't get to the point of anonymity by copying a one-liner that runs an install script, i.e. if it's not on par with
sudo apt install simplex,
it's not going to catch on.
Also, your technical documentation how this stuff actually works has 404 issues https://github.com/simplex-chat/simplexmq/blob/stable/rfcs/2...
epoberezkin|1 year ago
You need to understand things you criticise. There is no contradiction here. We don't think Tor should be default, because Tor has bad threat model for many people, and bad usability for most people.
This is a separate conversation, but you think that Tor is panacea for anonymity and that it provides "good enough" anonymity for most people, you need to read this rather old presentation: https://ritter.vg/p/tor-v1.6.pdf, in particular the pages titled "Guards - Math". In short, the conclusion should be that Tor provides ok anonymity for web browsing, with only occasional streams being de-anonymised, but it provides really bad anonymity for hidden services, because it is enough to deanonymise one stream to deanonymise the hidden service IP address - which is a catastrophic failure of threat model.
So, persistent hidden services simply should not be used as means to provide anonymity, and yet they are used as permanent user addresses in Cwtch... If you think I am wrong, we can debate it further, but you really should not be recommending Tor as panacea without understanding limitations of its threat model.
Yet, some people do like using Tor, both to access servers via onion addresses that we provide on preset servers, and to host their own servers, either because they don't understand or because they accept the risks of hidden service deanonymisation.
The nice side effect of private routing is that it allows people who don't use Tor, send messages to SMP servers available only as Tor hidden services.
> As for the hoops, you know, you can just write an install script for the user to auto-configure this stuff correctly. In its current state it's definitely something an average Joe is going to do.
I believe that an average Joe must not host his own server, and for people who understand what they are doing following these steps takes 10 minutes.
> If this is there just to shut down criticism, maybe you should instead address the criticism, and make it metadata-private by default, without these insane hoops.
Meta-data is private by default, without any hoops, and Tor is not required for it - it is absolutely optional. Tor configuration is only needed to allow users using Tor access servers, and to bridge non-Tor users to Tor servers - so it is about better network connectivity, and not about metadata privacy.
> Also, your technical documentation how this stuff actually works has 404 issues
Moved to "done" folder, will update. You could have guessed ;)
https://github.com/simplex-chat/simplexmq/blob/stable/rfcs/d...
It's also included in protocol spec now:
https://github.com/simplex-chat/simplexmq/blob/stable/protoc...