SimpleX front page lied by omission about it having no identifiers. The fine print threat model did not mention the server has access to your IP addresses, and the mitigation to create "decentralized" system of users talking via separate servers ran into the problem of there being two VPS companies hosting the entire public server infrastructure. These issues were major as SimpleX advertised itself as an improvement over Cwtch, which should've meant superset of metadata had been protected. But that obviously wasn't the case.
The thing is, there's Akamai and Runonflux, two companies hosting the entire public SimpleX infrastructure. If you're not using Tor and SimpleX Onion Services with your buddies, these two companies can perform end-to-end correlation attacks to spy on which IPs are conversing, and TelCos know which IPs belong to which customers at any given time. Mandatory data retention laws about the assigned IPs aren't rare.
Yes, that's why I said I don't like their relays. It doesn't even have to be Akamai, you need to trust SimpleX first that not to track your IP. I'd rather use a messenger where something is not possible (or even hard) than trust.
As long as IP leaks are possible, I'd rather also use Signal, where at least the rest is battle tested and state of the art.
My concern with Signal is they'll either comply or move out of the EU with the incoming Chat Control, and I'd rather have a fully decentralized messenger with as few leaks as possible.
The CEO vanished from the discussion (again) so my proposals to improve ease of use of Tor never reached them. You can catch up on the discussion at https://discuss.privacyguides.net/t/simplex-vs-cwtch-who-is-...