App Review

SimpleX Chat Review (2026): The Messenger That Doesn't Even Have Your User ID

No user IDs anywhere — not even random ones

8.4
/ 10
★ 4.2 / 5

SimpleX is the most privacy-obsessed messenger in the mainstream space. There are no user IDs of any kind — not even random ones — and the protocol is designed so that even SimpleX Chat Ltd cannot tell that two conversations belong to the same person. We rate it 8.4 / 10: the right tool for journalists and activists who distrust server operators, not the right tool for everyday chat with family.

Reviewed by the xchat.directory editorial team · Last reviewed

SimpleX Chat at a glance

Price Free
Encryption Default (E2EE)
Owner Commercial · United Kingdom
Phone required No
Open source Yes (clients + server)
Platforms iOS / Android / Desktop
Group size 500 members
Founded 2021

What Is SimpleX Chat?

SimpleX Chat is an open-source messenger developed by SimpleX Chat Ltd, a small UK-registered company founded in 2021 by EPFL researcher Evgeny Poberezkin. SimpleX takes one idea and pushes it further than any other messenger: even the operator should not be able to link your conversations together.

There is no phone number, no email, no username, and not even a random user ID. Every conversation is a separate pair of queues on SimpleX relay servers, and each queue pair uses different keys. The result: SimpleX Chat Ltd can see encrypted traffic flowing through its relays, but it cannot tell which conversations belong to the same user, who is talking to whom, or even how many users are on the platform (it can only count active queues, not active users).

The trade-off is usability. There is no contact list in the traditional sense — you add a friend by scanning their QR code or by clicking on a one-time invite link. You can have many simultaneous "profiles" inside a single install (work, friends, sources), each with its own set of conversations. It's a more disciplined workflow than Signal or WhatsApp, and not everyone will love it. For people whose threat model includes operator-level metadata surveillance, however, it is the cleanest design in the field.

Privacy & Security — Why Even the Operator Can't Correlate You

SimpleX's protocol is unusual enough that it deserves a careful walkthrough. Most messengers, including Signal and WhatsApp, work on a model where every user has an account on a central server. The server knows your phone number (or username), your public key, and who you are chatting with. The server doesn't know what you are saying (because the content is end-to-end encrypted), but it knows the social graph.

SimpleX rejects that model entirely. The protocol uses an out-of-band message queue model with the following properties:

No global user IDs

There is no account, no profile, no persistent identifier that ties your conversations together. When you start a new chat, the app generates a fresh pair of message queues with fresh cryptographic keys. Your contact learns about those specific queues through an invite link — there is no global "look up this user" mechanism at all.

Each conversation is isolated

Even if SimpleX Chat Ltd wanted to know whether two of your conversations involved the same person, they couldn't. Each conversation uses an independent pair of queues with independent keys. A server that sees a message going through queue A and another going through queue B cannot tell that A and B belong to the same user.

Relays, not servers

SimpleX uses relay servers to move messages between users, but those relays do not store user accounts. They are simple queues: an encrypted blob arrives, sits for a while, gets picked up by the recipient, and disappears. The relay operator could in principle count traffic patterns, but cannot link messages to identities.

E2E encryption by default

Every chat, file, voice, and video call is end-to-end encrypted using a double-ratchet implementation similar to the Signal Protocol but developed independently by SimpleX Chat Ltd. There is no opt-out, no "cloud chat" mode, no unencrypted backup option.

Open-source and audited

All client apps (iOS, Android, macOS, Windows, Linux) and the relay server reference implementation are open source on GitHub. The protocol has been independently audited by Trail of Bits and other firms. The SimpleX Chat Ltd business model is funded by donations and a paid premium tier with extra features (customizable themes, higher message limits); user data is not the product.

Features — Lean by Design

SimpleX ships the features you need and skips the ones that would force identity correlation:

  • 1:1 chats with end-to-end encryption, disappearing messages, file sharing, voice notes
  • Group chats up to ~500 members, also E2EE
  • Voice and video calls on iOS and Android (desktop support is in active development)
  • Multiple chat profiles inside one app install — useful for separating work and personal life
  • Self-hosted relay support — you can run your own SimpleX relays if you want full control
  • No stories, no channels, no public profiles — anything that would require a public identity is intentionally absent
  • No contact list in the traditional sense — contacts exist only after you scan their QR code or accept their invite

Cost — Free, With Optional Premium

SimpleX Chat is free to download and use on every platform. There is an optional SimpleX Premium subscription (a few dollars per month) that unlocks larger message queues, custom themes, and faster push notifications — but every privacy and encryption feature is available for free. SimpleX Chat Ltd also accepts donations to fund relay server hosting and protocol development.

Who Should Use SimpleX Chat?

SimpleX is the right choice if:

  • Your threat model includes a hostile or coerced server operator — SimpleX's design is the strongest in the field against this
  • You are a journalist or activist handling high-risk sources and need to keep separate conversations rigorously separated
  • You are uncomfortable with the idea that any messenger assigns you an identifier, even a random one
  • You can tolerate the workflow overhead of invite-link-based contact management
  • You want open-source code, audited protocol, and a small focused team behind it

SimpleX is the wrong choice if you need to chat with people who expect an app with a contact list and a familiar UX. For everyday encrypted chat with a large install base, Signal or Threema are easier to live with. For internet-shutdown resistance, Briar still wins. For metadata stripping with a polished UX, Session is a reasonable middle ground.

SimpleX vs Signal vs Threema vs Session — Quick Comparison

Vs Signal: Signal seals the sender in encrypted metadata (sealed sender) but the central server still knows who-is-talking-to-whom in some forms. SimpleX goes further: even the operator cannot link your conversations. Signal has a 70-million-user base; SimpleX has under a million. For high-risk threat models, SimpleX. For everyone else, Signal.

Vs Threema: Threema is paid-once, has a polished UI, and assigns you a random Threema ID. The operator (Threema GmbH, Switzerland) sees who-is-talking-to-whom but cannot read message bodies. SimpleX is free, has a more idiosyncratic UX, and prevents even the social-graph leak. Threema is friendlier; SimpleX is more private.

Vs Session: Session uses onion routing to hide IP addresses and metadata from the routing layer, but Session still assigns you a Session ID. SimpleX has no IDs at all. Both are strong picks; the difference is philosophical — Session is "you have a random ID that nobody can de-anonymize," SimpleX is "you don't have an ID, period."

Vs Briar: Briar is the only messenger that works without the internet at all (Bluetooth mesh). SimpleX is the only mainstream messenger that has zero user IDs. They address different threat models and can be used together — Briar for civil-liberties emergencies, SimpleX for maximum-stripping everyday chat.

The Honest Verdict

SimpleX Chat is the most privacy-respecting messenger that still feels like a real messaging app. The protocol design is rigorous, the audit history is solid, the operator's incentive structure (donations + premium) doesn't depend on harvesting user data, and the open-source code lets researchers verify every claim.

The catch is the user experience. You cannot search for a friend by username, you cannot grow a public profile, and onboarding non-technical contacts requires you to walk them through invite-link setup. For most users in 2026, this friction is too high to be the primary messenger.

Our recommendation: use Signal or Threema for everyday encrypted chat. Add SimpleX as a second app for the specific conversations where you need maximum metadata stripping — whistleblower contact, sensitive research, anything where the social-graph leak matters. The two-app setup is the realistic posture for serious privacy use in 2026.

What we like

  • No user IDs anywhere — even the operator can't correlate users
  • Open-source, audited
  • Disposable invite links per conversation

What we don't

  • Smaller user base than alternatives
  • No public group directory
  • Voice/video calls only on mobile

Common questions

How is SimpleX different from Signal?

Signal uses your phone number as your identifier and has central servers that know who is talking to whom (though not what). SimpleX has no user IDs of any kind — not even random ones — and uses a different queue for every conversation, so the operator cannot correlate users across conversations even if they wanted to. The trade-off is usability: no contact list, no global username directory.

Does SimpleX require a phone number or email?

No. SimpleX requires no phone number, no email, no username, and no persistent identifier at all. Each conversation gets its own disposable link or QR code, and those are the only way to start a chat. If you delete a conversation, the link is gone forever. This is the most aggressive identity-stripping approach of any mainstream messenger.

Is SimpleX safer than Signal?

For maximum metadata protection: yes. SimpleX's design prevents the operator from correlating your conversations, which is structurally stronger than Signal's sealed-sender model. For everyday encrypted messaging with a large install base: Signal is more practical. SimpleX has ~500,000 users globally and no global contact graph; Signal has 70 million. Pick by threat model.

How does SimpleX work without user IDs?

Instead of a central user database, SimpleX assigns each conversation a unique pair of message queues held on SimpleX relay servers. The two participants in a chat share those queue addresses via an invite link, but no third party — including SimpleX Chat Ltd — can tell that those two queues belong to the same person or that they are part of the same user's conversation history.

Can I make voice and video calls on SimpleX?

Yes — voice and video calls are end-to-end encrypted and supported on iOS and Android. Desktop apps do not yet support calls as of mid-2026. Call quality depends on which relay servers are between you and your contact; on good networks it is comparable to Signal, on slow networks it can stutter.

Is SimpleX safe to use?

Yes, with the caveat that "safe" depends on which risks you mean. SimpleX end-to-end encrypts every chat, voice, and video call by default, has no user IDs, and is open source and independently audited. The trade-off is its own kind of risk: because there is no global user directory, you have to manage contacts out of band with invite links, so screenshot or forward behavior on the recipient side is the same as anywhere else. For privacy against the operator, SimpleX is among the strongest; for protection against malicious contacts, no messenger can do more than warn you.

Is SimpleX encrypted?

Yes, end-to-end by default. SimpleX uses a double-ratchet implementation similar to the Signal Protocol and developed independently by SimpleX Chat Ltd. Every chat, file, voice, and video call is E2EE; there is no server-readable mode, no cloud backup of plaintext, and no admin recovery option. The relay servers only see encrypted blobs and short routing envelopes.

Can SimpleX be traced?

SimpleX makes tracing significantly harder than most messengers because there are no user IDs to anchor an investigation. A relay sees encrypted blobs; it does not know which queues belong to the same user or which two users are chatting. However, the network still sees your IP address and the relay you connect to, your device fingerprint is still a device fingerprint, and a powerful traffic analyst may still correlate connections over time. SimpleX reduces, but does not eliminate, traceability.

Is SimpleX open source?

Yes. All SimpleX client apps (iOS, Android, macOS, Windows, Linux) and the reference relay server are open source under the AGPL-3.0 license. The protocol has been independently audited by Trail of Bits and other firms. SimpleX Chat Ltd publishes audit summaries on its blog, and the code is publicly reviewable on GitHub.

Can police recover SimpleX messages?

Mostly no, with caveats. SimpleX relay servers do not store decrypted message content, and the protocol is designed so the operator cannot correlate your conversations. However, police with a valid legal request can obtain the encrypted blobs sitting on a relay and can compel a company under its jurisdiction to preserve metadata that does exist (queue addresses, IP access logs, push-notification tokens). E2EE protects message content; it does not erase the operational reality of running internet infrastructure. Self-hosting your own relay removes most of those server-side metadata trails.

How big can SimpleX groups get?

SimpleX supports group chats up to about 500 members. Group communication is end-to-end encrypted and uses a separate queue architecture from 1:1 chats. Unlike Signal or WhatsApp, there is no public group directory — you join a group via an invite link shared by an existing member.