News Feed
  • DrugHub has agreed to fully refund all users who lost money in the SuperMarket exit scam.  
  • Retro Market has gone offline. Circumstances of the closure unknown.  
  • SuperMarket has closed following an exit scam by one of the admins.  
  • The admin of Incognito Market, Pharoah, has been arrested by the FBI several months after exit scamming.  
  • Silk RoadTorhoo mini logo
  • darknet markets list
  • Popular P2P exchange LocalMonero has announced it is closing.  

Opsec Introduction - Public Chats / Private Chats / Anonymous Chats / Deniable Chats : OpSec | Torhoo darknet markets

⚠️link to the blogpost⚠️
Hello everyone, in this blogpost (which was contributed by xmronly) we go over how SimpleX meets all the opsec requirements for public use, private use, anonymous use, and deniable use.

I know there's a ton of chat apps out there, some which may look better than others. But opsec is opsec. Each intended use has opsec requirements attached to it.

Public use = none, everything you send is public knowledge.
Private use = FOSS software only, E2EE, can self-host the serverside
Anonymous use = does not require a phone number nor any user ID to sign up, and supports .onion domains out of the box
Deniable use = has disappearing messages, to be able to deny having ever sent those messages.

As usual, let us know if we missed anything, constructive feedback is always welcome. (⚠️how to write criticism⚠️)
/u/miner21 P
2 points
3 months ago
Thanks for putting in the work guys!
/u/restless0
2 points
3 months ago
Nihilist is the GOAT.
We need you a lot more on dread! Thanks for your work.
/u/Harlom
1 points
3 months ago
Great post! I would love to see SimpleX become a household name, especially in the fraud world it is frustrating to see many users still cling to Telegram and other outdated apps, SX is my only recommendation for phone-based messaging services.
/u/underd0g
1 points
3 months ago
Nice post! SimpleX is the best currently.
/u/Grindah
1 points
3 months ago
Decent blog, you just tested simplex and nothing else.

Maybe worth looking at other messengers too perhaps?
/u/nihilist1 📢 Professionals Have Standards
1 points
3 months ago*
i used to recommend XMPP, it's the closest to simplex, being also suitable for private / anonymous / sensitive use when configured correctly.

thing is, you still rely on usernames with xmpp, and the e2ee is not there by default (need to enable OMEO manually) it's not really much of a problem but that's the only drawback i see.

Simplex doesnt even have user IDs, and the e2ee is there by default for private chats, which is stellar.
And lastly the fact that simplex made achieving this super easy to use adds up to the tool choice immensely.

The first goal is of course to make the technology work to protect your opsec, but then the second goal is to lower the complexity barrier to use it, it's clear that they understood that.

i think its a good ratio. having a tool that can achieve all of your opsec needs that easily while at the same time satisfy 90% of the noobs out there, is a HUGE plus
/u/Yugong P I can move mountains ⛰️
1 points
3 months ago
Really good introduction post to the topic itself. I like the classification putting ground work and the fact you mentioned self hosting your own servers of SimpleX an underestimated opsec tip.

One question or rather criticism to the classification itself is why should Anonymous or Deniable chats offer Tor support out the box? What is the definition of out of the box? Is it like Tox running entirely on it? Is it like Jabber? Majority of messengers if not all support setting local proxies in the settings.

/u/Grindah has a good suggestion and I agree other messengers should be explored. Given you've named the blog post Introduction I presume they will be.

While SimpleX is FOSS by definition since your blog is opsec and security focused you should mention with big bold (red?) letters SimpleX has no reproducible builds last I checked. You can't compile the source code means a trust me bro binary. SimpleX is by far the better alternative than Telegram but SimpleX does some overstating of facts too for marketing purposes and they've been called out for it. Some of those points I mentioned at the end /post/4b79f32f636b2f52a0d4/#c-4b098d061319e3ea5b
/u/nihilist1 📢 Professionals Have Standards
1 points
3 months ago*
>why should Anonymous or Deniable chats offer Tor support out the box?
to enable anonymity on the IP layer simply. for both the clientside and the serverside. coming from matrix this is the main complaint i had with their clearnet requirement, it should just not be necessary imho.

You should be able to compile it yourself however, in case if you don't trust the binaries being distributed by simplex.
/u/Yugong P I can move mountains ⛰️
1 points
3 months ago

coming from matrix this is the main complaint i had with their clearnet requirement, it should just not be necessary imho.

I understand the reasoning now and what you meant thanks.


You should be able to compile it yourself however, in case if you don't trust the binaries being distributed by simplex.

Should but can't. Are you able to compile it currently? It has been a constant topic of debate over on their reddit page search for reproducible build. I find it lets use the word weird such messenger is recommended more so extensively on Dread and you can't compile the source code to begin with.
/u/nihilist1 📢 Professionals Have Standards
1 points
3 months ago
I didnt try to compile it myself to be frank but its detailed here from when i last checked:
https://github.com/simplex-chat/simplex-chat/blob/stable/docs/CLI.md#build-from-source
https://github.com/simplex-chat/simplex-chat/blob/stable/docs/CONTRIBUTING.md

Will try to compile it myself when i get the time and keep you posted
/u/Yugong P I can move mountains ⛰️
1 points
3 months ago
Their official github page states


We plan to add:
Reproducible clients builds – this is a complex problem, but we are aiming to have it in 2025 at least partially.

Not serious from security or opsec perspective to be recommending a communication medium the messenger of who can't be compiled. Until those client reproducible builds come in full not partially like they say planned, you should definitely put the disclaimer as it isn't a small detail to ignore.

Although by many measures it is better than Telegram and I'd prefer it over, without being able to compile everything yourself in pure security principles (FOSS first rule right?) SimpleX isn't better than other closed source options ironically like Telegram.
/u/nihilist1 📢 Professionals Have Standards
1 points
3 months ago
yeah i definitely agree, it needs to be explored how to compile the client.
will schedule that on the blog actually, it definitely makes sense to showcase how to compile it yourself
/u/Yugong P I can move mountains ⛰️
1 points
3 months ago
I'm not sure you understood what I mean exactly. I'll expand on the matter.

Isn't about showing how to compile it yourself (though it is a good idea for article) but the fact you can't do it with SimpleX client source code. Results in a security risk for using SimpleX.

There's a reason why it is in their plan. Means it isn't possible right now not a case of you compiling it or others not knowing how to compile it. I'm actually amazed people don't know this and blindly recommend SimpleX.

You need same build process for same byte to byte output. FOSS and security rules dictate you shouldn't trust source code you can't compile on your own as it is bad practice. By extension can't trust the binaries by SimpleX if no compiling is possible.


What is a Reproducible Build?

Builds are reproducible when they give the exact same output no matter when or where they’re run. A reproducible build produces the same byte-for-byte output no matter what computer you run on, what time you run it, and what external services are accessible from the network.


As such you should put a disclaimer when advertising SimpleX as a secure communication method.
/u/nihilist1 📢 Professionals Have Standards
1 points
3 months ago*
i've done some probing with my community around that specifically this afternoon,

i've put it on priority to showcase how to compile the simplex-desktop appimage,
http://git.nowherejezfoltodf4jiyl6r56jnzintap5vyjlia7fkirfsnfizflqd.onion/nihilist/blog-contributions/issues/230#issuecomment-2428
some anon guy in there sent me a set of instructions to supposedly do that but i didnt test it yet.

I also requested ep directly to just give me the list of current steps to compile the appimage so that i can document the current way of doing it right now, hopefully they come back to me with the full recipe that i can showcase myself.

Anyway, my idea is that once i know how to compile the thing i'll be able to publish somewhere the hashes i'm getting and verify them against the official builds. (so don't worry i understood what you meant)
/u/Yugong P I can move mountains ⛰️
1 points
3 months ago
Great we are on same page and thanks for being proactive about the issue.

If it works you should send a pull request to SimpleX github as the devs themselves have been battling with this since inception perhaps you've finally solved it (make sure to document verifiable proof). Reproducible builds are a big criticism for SimpleX and quite weird for me personally they haven't put a priority to solve it.
/u/nihilist1 📢 Professionals Have Standards
1 points
3 months ago
oh yeah definitely not a problem for me to put it in markdown format and then just send it as a PR
  • Sponsors
VigorSwap Instant Crypto Exchange
FraudGPT

  • Explore Torhoo!

© Torhoo! 2025

All links are for educational and research purposes only. Torhoo! does not vouch for any site.

Advertise on Torhoo