A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
- Don’t promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
- 0 users online
- 57 users / day
- 383 users / week
- 1.5K users / month
- 5.7K users / 6 months
- 1 subscriber
- 3.13K Posts
- 78.3K Comments
- Modlog
I really like the idea of creating a decentralized network that has a fair monetization model built right in, instead of relying on donations like the Fediverse. Crypto got a very bad rep, but this kind of stuff is exactly what it’s good for imo.
It also has some core features that are missing from other similar messengers, like multi-device sync. And lastly, the devs seem pretty capable and open as well. They are very transparent with their work and seem to have the right ideas about where things should go and which trade-offs to make. E.g. their reasoning for not using the Signal protocol seems solid to me.
So I’m hopeful, but time will tell if it all works out.
I was one of their strongest advocates, but their progress is unbearably slow. SimpleX for example has advanced a lot more in the same timeframe.
To me it seems like at the current pace they will need another two to three years to solve their problems.
When I last looked it over (maybe a year or so ago) these problems stood out:
Its design showed some neat ideas, but it was not practical for my needs.
Also, I have read more recently that Session removed forward secrecy, which rather undermines its value proposition.
What’s “Forward Secrecy”?
https://en.wikipedia.org/wiki/Forward_secrecy
I use it, it works pretty good tbh.
I really do wonder why more people aren’t using Delta Chat.
spoiler
Me included.
Anyway. I remember using Session for a few months a couple of years ago. Something about the interface was bugging me. It felt sluggish.
It’s an email front-end with opportunistic PGP, including all the drawbacks thereof.
Not really comparable to a modern e2ee instant messenger.
removed by mod
Yup, it’s sad. Oxen is/was a Monero fork, with some actual privacy. Now their pivot to a centralized, VC-backed PoS like Eth that has no privacy is just overall disappointing. It more or less confirms my earlier suspicions that Session devs only care about enriching themselves. The “Sybil resistance” excuse for requiring such a high amount of capital to contribute a node is just a bunch of BS.
removed by mod
I use it for our family chat. It’s okay. The biggest issue is sometimes messages are delayed (up to half-an-hour at times). Other than that, it’s fine. It meets our needs.
removed by mod
It’s not an option. It doesn’t work on all our phones.
Which phones doesn’t it work on?
Old ones.
It just is less flexible and has a more complex UI.
removed by mod
Interesting idea, but the removal of perfect forward secrecy and Stuff like that is just a no. I have it just to play with, but nothing serious. I use SimpleX and Signal, and Matrix.
The session developers are interesting. But I don’t recommend anybody use session.
They took the signal protocol, and removed perfect forward secrecy because they found it hard to implement.
That’s crazy.
Also all of the file transfers on session go through servers in Canada. Centralized.
I give them kudos for trying to make the network self-sustainable through their crypto thing, but they never found a way to actually monetize it, there’s no paper use, it feels like the idea is kind of dead in the water at this point. I would not recommend session for any serious non-experimental usage
That’s just a blatant lie. There’s an entire blog post about it. You don’t have to lie about it just because you’re not smart enough to understand it.
https://getsession.org/blog/session-protocol-technical-information
It’s not a lie. I have read their post. And my interpretation reading between the lines is they dropped it because of complexity
You can interpret it however you like but that’s not what it says.
Fair enough. They did not explicitly say they removed it for complexity.
The facts are: they started with a protocol that had perfect forward secrecy, and they removed it, but not for philosophical reasons.
They were not opposed to perfect forward secrecy
In today’s ecosystem there are products that use onion networks and provide perfect for secrecy like simple x, and briar over tor…
You’re welcome to make any decision you like, if you want to use session go right ahead. I’m not going to stop you, and I’m happy you’re doing so. We’re all better for choice
Is there a feature request to add PFS again?
https://getsession.org/session-protocol-technical-information
Nope. Whenever anybody ask them, they refer to this and close the ticket
I find their technical rationale, while welcome, a lot of hand waving to say they couldn’t figure out how to implement it, but it was not important because it’s not a big threat, because if somebody has the device they can get all the messages on the device anyway…
Losing perfect forward secrecy for “simpler code” is a strong design choice they made. I respect them for documenting this, I wish them the best of success, but that’s not a trade-off I’m willing to make for no benefit
Their network seems to run on some crypto bs, don’t see a reason to use it over Briar or SimpleX for that matter
Like I can just host a Tor node or self host SimpleX
I wouldn’t see a reason to use Session over SimpleX
My use of session is limited to my kids, wife and a couple of friends. I had high hopes for it when I started using it, but its devs have fallen incredibly short. I have also tried SimpleX on and off, but for some reason, it drinks battery like there’s no tomorrow, so I’m off of it for now.
Hello! In the latest v5.8 of SimpleX there are various improvements that might be of interest, including for battery consumption.
Yup. Just tried it again with a few paranoid friends like me, and the battery drain is now gone. Just moved the FAM over too 🤣🤣
Multi client sync.
Kind of a workaround, but you can add all your devices to a group chat
That’s actually fine. I wish the docs made that more clear.
I think the server infrastructure is different? SimpleX is similar to a federation network, isn’t it? Session uses an Onion-based approach like Tor.
Yes. The difference is that you need to pay to host a Session node, and pay BIG money. That locks out most people that aren’t cryptobros, companies or government agencies. While both a Tor/i2p node and Simplex server (or XMPP, or Matrix) are decidedly easy to set up.
Each SimpleX release gets me closer to using it. The upcoming v5.8 update is no exception:
And another round of security audits:
Looking good.
Edit: SimpleX v5.7.5 is 313 MB without Data/Cache on Android. Yikes.
My opinion: it’s good. I would use it on a daily basis if someone would ask me to text on it with her. But I’d never ask someone else to use it because there are, in my opinion, better options like matrix and signal which I mandate people to use.
deleted by creator