Using SimpleX over XMPP (OMEMO)

nani · June 11, 2025, 6:56am

This is written by a quite respected cryptographer with 10 years of experience. I’m not saying we should add his quotes, but we can reference this article in the wiki - experienced users can familiarize themselves with this XMPP review for additional information. Or “Some experts believe that the OMEMO version should be studied in various clients—old versions may not have been updated for a long time, while new versions may still be in the testing phase (experimental)”.
A disclaimer in bold red font: WARNING? I think test functions should only be applied in a tester environment. I don’t think you would recommend using Whonix test functions even with a note saying ‘caution: for testers only!’. Yes, users should make their own choice, but this can also be indicated. Yesterday, I showed this to a friend who uses XMPP on his phone. It caused him surprise and now he is in doubt about which client to use - one with stable function versions or one with experimental features.

But I will trust your opinion, Patrick, If you think these are weak arguments that are not worth considering, then I trust your judgment. The opinion of a security developer is key in this matter.

Patrick · June 11, 2025, 4:41pm

There’s a large number of software labeled “alpha” or “beta”. That has to be taken with a grain of salt. This does not necessarily imply “security issues”.

Due to the inflationary use of these words, I introduced tags such as “developers-only” and “testers-only” tags because alpha, beta seems to be not well understood terminology by many readers.

Also version numbers lower than 1.0 imply “issues”, “unfinished”, “alpha” or “beta”. But there are many. [1] That does not necessarily imply “insecurity” either.

It has to be clarified what “testing” and “experimental” is supposed to mean. Does it mean that the protocol might make incompatible changes in the future to optimize performance or does it mean that authors are worried that plaintext might be send instead of encryption or that the encryption can be decrypted? This should not be assumed. It needs to be asked or stated directly.

For example, Tor used to state in its log message after start:

This is experimental software. Do not rely on it for strong anonymity.

It required opening a ticket to clarify this and change this wording.

Similar discussion for Whonix: Whonix experimental for how long

Minor contradictions, confusing, outdated or non-deal wording might also be found in the wiki. Once reported, things can be updaetd, clarified.

In conclusion, these words are not to be over interpreted after extended periods of time. Simply nobody working on rewording from nowadays perspective.

[1]

dpkg -l | grep --fixed-strings " 0."

[2] Confusing log about "experimental software" with stable versions (#2474) · Issues · Legacy / Trac · GitLab

Please provide references.

I’ve tried to find references using perplexity:

soatok cryptographer
soatok cryptographer vs djb

arraybolt3 · June 27, 2025, 4:54am

I don’t have the deep knowledge of cryptography needed to have a whole lot of opinion on that post, but it’s probably the least compelling cryptography-related post of theirs I’ve read so far. Most of the gripes are about issues with clients and implementations (which are very valid complaints and definitely worth pointing out). Only the section labeled “OMEMO Problem 2: YOLO Crypto” is actually complaining about the protocol itself, and it seems the practical issues they have with the protocol are things that have been resolved in newer versions of the protocol (which as they point out doesn’t mean anyone’s implemented the newer version, but it does mean the protocol itself isn’t necessarily something to avoid at all costs). Implementation issues are something we’re definitely not a stranger to, most of the chat-related threads in Whonix’s wiki are the result of virtually every chat client being broken or non-ideal in one way or another.

(FWIW, me adding links to someone’s blog in documentation isn’t an endorsement of them or even the articles I added links to, it’s just me seeing data that looks valuable and sharing it for other people’s reference.)

Patrick · July 21, 2025, 11:09am

Serverless / peer to peer / onion to onion

Yes, client to unidirectional SimpleX routing (server does not store data)

SimpleX blog: SimpleX network: private message routing, v5.8 released with IP address protection and chat themes

serverless (definition of serverless) might need clarification. This is not only about a central server not storing data (in plaintext), which is of course a nice feature.

It’s only really serverless in case all SimpleX servers hosted by its developers are being shut down and the software and network still being functional. Is this the case with SimpleX?

What are examples of being fully decentralized, serverless? As far as I know:

Kademlia - Wikipedia
BitTorrent with DHT
Bitcoin

SashaGoldman · August 20, 2025, 2:00pm

Seems like SimpleX team are now reproducing release assets built by github actions. No idea how they did that though.

nani · August 21, 2025, 6:47am

@Patrick I made edits to the wiki. Please check and add it. thank you

Patrick · August 21, 2025, 9:36am

github.com/simplex-chat/simplex-chat

[Bug]: Cryptographically sign CLI releases (PGP)

opened 08:28PM - 09 Jun 25 UTC

maltfield

enhancement

### Is there an existing issue for this? - [x] I have searched the existing iss…ues ### Platform Linux ### OS version Debian 12 ### App version * ### Current Behavior ### Description Currently it is not possible to verify the authenticity or cryptographic integrity of the CLI app after downloading from github.com or elsewhere because the releases are not cryptographically signed. This makes it hard for SimpleX users to safely obtain the CLI software, and it introduces them (and potentially their contact's data) to watering hole attacks. ### Expected Behavior A few things are expected: 1. I should be able to download the SimpleX PGP key out-of-band from popular third-party keyservers (eg https://keys.openpgp.org/) 2. I should be able to download a cryptographic signature of the release (or, better, the releases' digest file, such as a `SHA256SUMS.asc` file) along with the release itself 3. The downloads page itself should include a link to the documentation page that describes how to do the above two steps ## Actual behavior: [What actually happened] There's just literally no information on verifying the CLI client after download, and it appears that it is not possible to do so. ### Steps To Reproduce 1. Go to the simplex website 2. Navigate to the CLI download/install documentation https://simplex.chat/docs/cli.html#download-chat-client 3. See instructions for `curl` piped to `bash` 4. Cringe 5. Look for the information on verifying the signature between download and install 7. ??? 8. Open Bug Report

chadsec · August 21, 2025, 10:40am

Bit late to the party, but this messenger doesn’t even compare to XMPP + OTR. Even OMEMO is better than it.

Ther are a lot more to a secure messenger than just some shady unverified claims of metadata protection.

I think CoyIM should be recommended as the preferred XMPP client. It is the most secure XMPP + OTR implementation currently available, which potentially makes it one of the most secure messengers in the world.

arraybolt3 · August 22, 2025, 4:14am

Upon opening CoyIM’s website (https://coy.im/), the following message is featured prominently on the front page:

Not yet audited. Do not use for anything sensitive. Read more

Parts of SimpleX Chat has been audited in at least two separate audits by Trail of Bits, with no catastrophic cryptography handling failures discovered either time. ( publications/reviews/SimpleXChat.pdf at master · trailofbits/publications · GitHub , simplex-chat/docs/SimpleX_Design_Review_2024_Summary_Report_12_08_2024.pdf at stable · simplex-chat/simplex-chat · GitHub ) Based on the above, I would lean towards trusting SimpleX a bit more.

CoyIM also appears to be unmaintained, the last commit was two years ago according to GitHub - coyim/coyim: coyim - a safe and secure chat client . The installation instructions refer to end-of-life distributions such as Debian Stretch, Fedora 30, and Ubuntu 17.10.

chadsec · August 22, 2025, 7:55am

GUI not audited, OTR implementation has been audited.

coyim/coyim: coyim - a safe and secure chat client

Security warning

CoyIM is currently under active development. The code for our OTR implementation has been audited, with good results. You can find out more information on our website. However, the rest of CoyIM still has not received an audit. This is worth keeping in mind if you are using CoyIM for something sensitive.

chadsec · August 22, 2025, 7:56am

Project Status & Forking Intent · Issue #870 · coyim/coyim

Thanks for your interest, and sorry for taking some time to respond. The project is still alive, and the team is planning on starting work in September, cleaning up issues and pull requests and adding some new functionality as well.

arraybolt3 · August 22, 2025, 7:41pm

True, but if upstream is worried enough about it to put a disclaimer there, and you trust them to write non-malicious code, I’d listen to them if they say something may be unsafe. I believe more than just the cryptographic code has been audited in SimpleX, but I can easily imagine CoyIM might become better if development does resume.

Good to know, thank you for linking that.

Worthy of note, it looks like CoyIM used to be included in Whonix but was removed due to it being removed from Debian: Instant Messenger Chat I wonder if it’s back again now?

Patrick · August 23, 2025, 10:01am

→ coyIM in Whonix - development discussion - #21 by Patrick