As most people here might know, Session utilises a TOR-like onion routing system with some changes to route traffic. The username is the public key whilst the password is the private key.

Recently, a new project built on top of this seems to be in the works: https://simplifiedprivacy.com/freespeech/

I’d like to know the community’s opinion of session and how much would you trust its technology. Thanks!

  • LWD@lemm.ee
    link
    fedilink
    arrow-up
    31
    arrow-down
    2
    ·
    11 months ago

    Simplifiedprivacy dot com needs to be blacklisted from Lemmy communities, it’s a blog trying to sell some really silly services.

    As for Session, they’ve never made an original product that I’ve ever seen - they took Signal and Monero, peeled off the labels, and made them (especially Signal, IMO) worse in both aesthetics and privacy protection.

    And the company behind this is in Australia, a country where you need to weaken products (by adding backdoors) upon government request.

    • Possibly linux@lemmy.zip
      link
      fedilink
      English
      arrow-up
      4
      ·
      edit-2
      11 months ago

      Session is very much not a clone of Signal. They forked it way back and the entire back end and front end are different. Session uses the lokinet behind the scenes which stores messages encrypted and routes traffic. Session isn’t completely decentralized to my knowledge as its a work in progress but for now it is harder to block or censor compared to signal.

      Even if you have your doubts, its been audited and found to be reasonably secure so it shouldn’t be a security risk. I still don’t use it due to its lack of invites but if they add stable calls I might just switch. For now I use it to send text between my devices.

          • Pantherina@feddit.de
            link
            fedilink
            arrow-up
            1
            ·
            11 months ago

            Localsend can also do text!

            An alternative that I use is QR codes

            Android:

            Linux:

            • Decoder with the fix mentioned on the Link. That at least deals with autodeletion of history, but the text still has no password function. (Basically I use the awesomeness of Flatpak app storage and always delete it after the process is finished, works flawlessly and can be used with every app)
  • Desyn0xox@lemmy.ml
    link
    fedilink
    arrow-up
    5
    ·
    11 months ago

    I think it’s an interesting project. However I am not a fan of their decision to omit forward secrecy, and have thus passed on using it. At least for now.

    • MigratingtoLemmy@lemmy.worldOP
      link
      fedilink
      arrow-up
      4
      ·
      11 months ago

      I didn’t know they did that. Unless it’s a technical limitation of Loki Net (which should be worked on if that’s the case), this is borderline unacceptable for a product made for privacy. Thanks for pointing it out

  • Corroded@leminal.space
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    1
    ·
    edit-2
    11 months ago

    I posted about preferring Session over SimpleX chat before and it seems like the big gripe is the crypto currency tie-in with Session

    • Possibly linux@lemmy.zip
      link
      fedilink
      English
      arrow-up
      6
      ·
      edit-2
      11 months ago

      The crypto tie in is either the greatest idea in a while or is going to turn out to be a massive disaster.

      For now I’m hesitant to say either way. I though about running a node on Lokinet a while back ended up not doing it due to cost.

      To be honest with you I would be way more trusting of something that had servers that could be setup easily.

      There is also Jami but Jami seems to be riddled with issues and is lacking a security audit.

  • jet@hackertalks.com
    link
    fedilink
    English
    arrow-up
    3
    ·
    edit-2
    11 months ago

    https://www.securemessagingapps.com/

    The lack of perfect forward secrecy is very concerning, and the fact they had it when they forked signal but stripped it out because their infrastructure couldn’t handle it is a huge red flag.

    The simplified privacy people/person? Only likes session because they are name squatting a bunch of oxen names and want to resell them at a profit.

  • Steve@slrpnk.net
    link
    fedilink
    arrow-up
    2
    ·
    11 months ago

    I have Session. Given that it’s a fork of Signal and more anonymous I’m inclined to trust it from a privacy standpoint but can’t say I have the knowledge to really critique it’s tech. People aren’t really on there yet, at least nobody I know, so I don’t have much use for it yet but I would if it catches on a bit more at some point.

    • Pantherina@feddit.de
      link
      fedilink
      arrow-up
      1
      arrow-down
      1
      ·
      11 months ago

      It is not a fork of signal. They use the Signal protocol for encryption and probably the way messages are composed, thats basically it.

      • Steve@slrpnk.net
        link
        fedilink
        arrow-up
        2
        ·
        11 months ago

        Thanks. They’ve referred to themselves as a fork of Signal but maybe a bit of an oversimplification

        • jet@hackertalks.com
          link
          fedilink
          English
          arrow-up
          2
          ·
          11 months ago

          Yeah it’s signal with perfect forward secrecy removed and a onion network added on top.

          Bonus points all attachments are centralized to servers in Canada…

  • Possibly linux@lemmy.zip
    link
    fedilink
    English
    arrow-up
    2
    ·
    11 months ago

    Session is secure and has been audited to verify that. However, I do have concerns over the size and obscurity of Lokinet. I don’t know if that will ever change or not.