Should we consider using Simplex instead of the current default and by Whonix documentation preferred XMPP with OMEMO encryption?
I found following statements:
1. Metadata on XMPP chat
XMPP server can see your digital identity like your public key (this is important for the comparison); who is communicating with whom; when one is communicating (the precise timeframe); for how long the session goes; login-logout times; whole social graph; size of the messages; packet patterns; the encryption is quantum-nonresistant.
2. MITM attack XMPP chat
The XMPP server can act as a Man In The Middle and if the attack is successful, the server can read the messages of the communicating parties in the plain, unencrypted. The only protection is to check the fingerprints of the communicating parties through a separate secure channel.
Advantages of Simplex over XMPP
basically no metadata leaking to the servers
there are no identities, not even random numbers, server don’t have any way to identify a “user” because there are no “users” to spy on
multilayer connection padding where every message has the same size (this even improves on Tor), frustrating the adversarial message size attack. Servers and network observers cannot distinguish in between messages - all messages have precisely the same size.
all messages are mixed, so the order in which they were received is not the same order they were sent out (this even improves on Tor), frustrating the correlation attacks
the SimpleX uses quantum resistant NTRU as a very robust encapsulation mechanism combining the standard encryption with the PQC, battle-proved in the wild for many years instead of the KEM that seems to be sensitive to some attacks, because it is based on latices
you can have a unique connection to your every contact with the Incognito mode functionality, in a single app, using completely different channels and servers (that don’t see a shit) for every contact
it is MITM resistant, no need to manually prove anything
e2ee voice messages, voice calls, video calls
it has not only PFS but also the BIR (Break In Recovery) feature
it has the Unidirectional Message Queues, that frustrate the adversary analysis of packet direction flows
no need to check the fingerprint manually through a different secure channel - MITM is not possible
no identity to spy on, not even a temporary numbers
every single contact can be connected to you through a different channel - no social graph building possible
message padding - no size analysis possible
message mixing - all deanon attacks related to the order of the messages are dead. This even improves Tor anonymity.
PQ encryption for 10+ years of information protection lifetime
I could not find information about OMEMO and post-quantum security.
SimpleX’s user interface on desktop sucks right now. Quite minimal, spartan, and also ugly (the UI elements are disproportionate, the look and feel is so much Apple-ish (for whatever the reason)). However, the chat functionality works without a problem.
That is unfortunate. However considering SimpleX seems rather solid from a technical perspective I hope others will see the merits and hopefully there will eventually be a better client built on memory-safe primitives.
I believe that Onionshare used to be included in Whonix by default (I saw a different youtube video with it included by default on an earlier version of Whonix). However, it does not appear to be so anymore. I do not know if it was causing a tor-over-tor situation or a stream isolation issue or something. But I presume the same could be the case for SimpleX.
The absence of permanent identifiers is a unique protection.
Message queue randomization on servers and separate server chains for incoming and outgoing messages is a unique protection.
Excellent stealth mode: creating an infinite number of separate anonymous chats with different names for the same interlocutor, creating groups/channels under anonymous names is a unique protection.
Quantum protection through multi-layer encryption is a unique protection.
You can create an infinite number of users.
You can set a fake PIN to destroy the database.
You can run your own servers (support for onion servers).
The messenger is actively updated and has an active support service, with which you can communicate incognito.
It respects Tor and recommends its use for additional protection.
It doesn’t force the use of Tor - no Tor over Tor.
There are proxy settings, and even a dedicated proxy is provided to bypass blocks in heavily censored countries.
The creator of Simplex is highly respected in the Monero community and has been giving talks at Monero conferences for several years.
An alternative very secure recommended messenger is Cwtch. It’s written about in this forum Cwtch messaging Cwtch ranks 3rd in this rating (after Simplex Chat and Briar) https://privacyspreadsheet.com/messaging-apps. But Briar does not solve the problem of Tor over Tor, which has been an issue for many years Briar Desktop in Whonix - #21 by nyxnor The creator of Simplex Chat also highlighted Cwtch for its security at last year’s Monero conference, and said that the Cwtch team helped resolve some issues in Simplex.
Yes, there is an important nuance - Simplex stores all conversation history locally (unlike XMPP/Matrix, Signal, Wire…). This enhances security. But you need to back up the database to ensure access to messages in case of a Whonix failure or if you run Whonix in live mode. Security increases in live mode - you can create an account in Simplex, then run live mode in Whonix and everything you do in Simplex Chat will be destroyed - after rebooting, you will have a clean account with no chats