this post was submitted on 06 Mar 2024
321 points (87.2% liked)
Privacy
32177 readers
565 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Session was at first a fork of Signal without usernames.
Now by design it uses their own custom tor-like service (instead of just... using tor) and does not support forward secrecy or deniable authentication, so anyone who collects the messages in transit can either find a vulnerability in the encryption scheme, or spend enough GPU resources to crack it, and they have confirmation of who sent and received the message and what the contents of the message are. And is headquartered in Australia, which is 5EYES and much more against encryption than the US. Oh, and the server is closed-source.
Regarding Australia's 2018 bill...
Regarding the 'vulnerability or cracking them later' bit...
From Session's own FAQ:
I wouldn't touch it with a 12ft ladder.
Between forking Signal to make their desktop and mobile clients, and forking Monero to make their cryptocurrency... I'm surprised they came up with Lokinet.
Edit: I'm pretty Session doesn't even use Lokinet. So much for the claimed resiliency from "hackers"
Session does use the Oxen network which is the renamed Lokinet, unless they made a change I'm wholly unaware of.
I must have been thinking of their past implementations. Their FAQ says things were different:
It was even less clear to me because this is what it says in the app itself:
Not "the Oxen network" but "Session's network."
And then it has a graph of
You're not wrong. Lokinet and Session are both products from the same parent company. Lokinet was renamed to the Oxen protocol, and they run all the servers AFAIK, so it would be like tor, if tor ran every guard, entry, and exit node. AKA worthless. So you're spot on, it's a joy to the intelligence community and after the Encrochat debacle and Session stopped using Signal's encryption algorithms and code, I would suggest no one use it for anything sensitive.