Simplex is developed by a person who has a rather difficult view of the world. I would not recommend using it as long as this person is responsible for it.
Holding and openly expressing these abhorrent views probably encourages him to focus on security and privacy more than others.
But it does risk his app being associated with that and therefore discouraging everyday users. I wouldn't be surprised if it ends up as the next EncroChat.
Focusing on security and privacy is great, but I expected some downsides. I'm glad you decided to emphasize the dedication of the creator of SimpleX instead.
EncroChat was not open-source, so it was much easier to be infiltrated.
You can self-host SimpleX and it is open source, otherwise I have no idea what you mean by associated with his views. If the project is as promised, then why would you care about the views of the developer?
I came here to write just that. It is all over the place as well. I find it a bit disturbing with regard to how one defines struggle against power. What does those views mean with regards to the long term priorities of the software?
Oh, it's very simple: those views mean nothing. Unless you can point to the part of the source code where they are expressed and explain us how this part undermines the project's technological goals.
If you're so eager on encouraging cancel-culture, would you be so kind to elaborate on why exactly you want to cancel this programmer instead of just vaguely pointing in the direction of a closed platform?
Here is perhaps a simpler metric. If the creator of a security focused software is this awful at protecting their own anonymity- why would I trust them in the first place?
If they are revealing their identity so that we can vet their credentials, then it makes sense that they would want us to judge them based on their online persona.
If we believe all of this to be true - it’s not really cancel culture, it’s by design that the creator of SimpleX has implemented this filtering mechanism for their users.
False dychotomy — there are more options than "protecting anonymity" and "revealing identity so that credentials can be vetted". He just writes what he believes under his own name, it doesn't necessarily have anything to do with establishing his authority.
I don't know what you're mentioning, but let's not forget that whatever view he might have, it changes nothing in the technology he creates. It's open source, it's auditable, and the code does not have worldviews of its own.
Your comment promotes cancel-culture, and as filthy as it is in general, it's even more so in the technology world. Don't do it. Please.
As long as you are not auditing every bit of code you run yourself AND are sufficiently knowledgeable to detect even obfuscated malicious code, you need some basis of trust.
Evident world views far off reason, reality, compassion and pragmatic self-regulation, don't speak for a stable, predictable and reasonable personality.
If a person thinks some humans deserve less rights than others, how could you trust any update to not reflect this world view?
Additionally you may be becoming technologically dependent on a person whose actions may be detrimental to your safety or wellbeing in other parts of your life.
You may also just don't like to promote this person's work.
It's fair to inform others about the person behind the software they are running. Everybody can make their own informed choices.
And the appropriate basis of trust in the technology world would be source code audits, not scraping some individual's Twitter posts.
If the users' communications are encrypted — which they are — there is no way for the creator to "reflect his world view", whatever it might be, in the form of undermining the security or privacy for some part of the user base.
I like your point that if a developer is a vocal neo nazi then only people capable of regularly conducting their own thorough code reviews should rely on the products that they make. I agree with you that regular folks that can’t do code audits should not trust neo nazis with their private communications. It is good to know that we’re on the same page about not implicitly trusting the simplex code
This is not my point. Trusting someone else's code audit is infinitely more valuable than trusting any "vibe check", since it touches the actual subject matter.
Anyway, since we're talking concrete software, could you point to such code reviews from vibe-independent auditors for continuous verifiable simplex builds targeting common communication platforms?
If not, your point is moot for the subject at hand. Decisions have to be made on the basis of reality not cozy fantasies.
I am not sure I run a single piece of software where this is done. Sporadic audits tend to bring evidence of soundness and security, not continuous absence of malicious functionality.
> I am not sure I run a single piece of software where this is done.
And yet you run it. Have you vibe-checked every such software? Did that bring you enough information about individuals creating it? If not, if there are no readily available signs, have you vetted their own, private beliefs otherwise — in order to ensure they don't clash with your own?
What if Linus Torvalds turned out to be secretly a Nazi pedophile for the whole time? Would that make you stop using Linux?
You are moving the goalpost. There is no constructive discussion possible, if you can't concede weak arguments.
But yes, I vibe checked the software projects I use. They are mostly large enough, where single individual failings are of no consequence and unhinged people are usually removed from executive control through various means. But it's trust based on feelings and the information I got. Most people involved in these projects are mature and controlled enough to not mix politics with their work. It's not a good sign to not be in control of such impulses.
And I rather take a chance with the unknown bad, than rationalize the known. Luckily most people with a collectivist FOSS mindset don't turn out to be monsters. Who could have predicted that?!
I was just asking to know your thought process, but this discussion probably won't lead to anything anyway — in my view a person's stance on vaccines, gay rights, what have you, doesn't make you any worse developer. If the technology is sound — which I can vibe-check (by a glimpse on how the code is maintained, documented etc.) — I have no reason to peek into one's private views. Your opinion is different, I still don't fully understand it, but we'll just have to agree to disagree.
We are not talking private opinions, we're talking public ones. Lol.
If you fail to understand why human rights and state repression stances don't matter evaluating trust in secure and private communication means, we indeed don't need to discuss any further. It is a bit silly tho.
>could you point to such code reviews from vibe-independent auditors for continuous verifiable simplex builds targeting common communication platforms?
and sandblast has written a lot of words that indicate “no”, so they’ve been pretty consistently arguing not to use simplex.
This makes sense. Trusting a stranger’s code is bad but trusting a stranger’s opinions about code is good.
Unless you mean that only users personally capable of walking through the code line by line and their immediate friends and family should run code written by neo nazis
If I wanted to make a honeypot that undermines users' privacy and anonymity, I would make sure to be as nice to everyone as possible. The "vibe check" is irrelevant, the false positives are far too common.
However, human being human beings, they find it very hard to sequester their beliefs, emotions from their work. It's a common human failing. Often they are not even aware of it.
Having politically or socially divisive beliefs publicly also makes such a person a target of coercion and encouragement to yield to a "harmless" temptation by way of appropriate 3 letter like agencies.
To ensure that this does not happen will require maintaining a paranoid level of vigilance on the code all the time. That is a lot of work, very expensive and is unlikely to happen. Perhaps not fair to his creation, but that's just how it goes.
My comment is at a high level. This is the first time I heard of Simplex chat, so I don't even know what views its developer has.
