mastodon.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
The original server operated by the Mastodon gGmbH non-profit

Administered by:

Server stats:

373K
active users

1. Main reasons why the app isn't recommended: Provide a transparency report

It is available online and updated at least quarterly, or if anything changes: simplex.chat/transparency/

simplex.chatTransparency Reports

2. Company jurisdiction: UK

We disagree that there are any jurisdictions that are particularly good for privacy. Also, this might be important for centralised services, like Threema, where the users can't host servers, and much less important for decentralized network, such as SimpleX, where there are hundreds (if not thousands) of servers that we don't control.

3. Cryptographic primitives: Curve25519 / XSalsa20 256 / Poly1305 (downgraded for the absence of PQ encryption).

We added PQ encryption in March this year: simplex.chat/blog/20240314-sim

This is done in the same way as Apple describes as PQ3 here: security.apple.com/blog/imessa

simplex.chatSimpleX Chat v5.6 (beta): adding quantum resistance to Signal double ratchet algorithm

4. Directory service could be modified to enable a MITM attack? Yes

This is incorrect, as there is no user directory service, and MITM by relays is not possible by design, even without optional security code verification (that exists to mitigate MITM by the channel you used to pass one-time invitation link, e.g. email).

SimpleX Chat

5. Does the company log timestamps/IP addresses? Yes

This is incorrect, we never logged IP addresses and access timestamps of the users.

Further, the private message routing that is now enabled by default for all users prevents such logging by any 3rd party servers with modified code:

simplex.chat/blog/20240604-sim

simplex.chatSimpleX network: private message routing, v5.8 released with IP address protection and chat themes

6. Is the design well documented? Somewhat

The design documentation was reviewed in preparation for design security audit - report is about to be published.

Thanks to our users who highlighted these inaccuracies to us!

@simplex but there are quite a few UI bugs in the dark mode iOS app

@simplex Does it make sense to enable private message routing for all servers, including simplex servers, in the settings?

@sk8er @simplex I have the Private Routing option set to "Always use private routing", and the Allow Downgrade option set to "When IP Hidden". This keeps Private Routing active by default, but will send messages directly when the destination server doesn't support private routing as long as your IP is hidden (by tor). I think this is the best configuration for maximizing privacy as it minimizes required trust, and errs on the side of caution.