I'm aware that Session has been discussed twice before on this community, but the last thread was 6 months old so excuse my starting a new one.
There's one big concern I wanted to bring up, which is the disagreements over whether it has forward secrecy. The spec says it does, but I've found two other sources saying it doesn't:
https://restoreprivacy.com/secure-encrypted-messaging-apps/session/ (search for "Perfect Forward Secrecy removed") https://www.securemessagingapps.com
Why are they saying this? Is there a critical caveat to Session's forward secrecy (does it not have it in closed groups?), or are both sources just wrong?
(I've also heard one source say its closed groups are limited to 10 members which would be a showstopper for me and another source say they're limited to 100 and the spec says 500 so i don't know what to believe.)
I'm also concerned about it being built on top of a blockchain and cryptocurrency, not because I'm suspicious of cryptocurrency in general but because I find it difficult to understand, and because that it costs thousands of dollars to run a Session node seems to me like the network is bound to be owned exclusively by a few rich companies and investors. Is it? Is there a place I can see who owns how much of it, particularly how much is owned by the Oxen developers?
UPDATE: I believe I've just learned that Sesison DOES NOT have forward secrecy or deniability; the whitepaper linked on their CURRENT website is outdated. https://getsession.org/blog/session-protocol-technical-information
btw, at least one of the developers is connected with the alt-right scene
https://nitter.net/WPalant/status/1281578526932705281
So I've heard, but if the software doesn't give such developers control over us (or does so to a lesser extent than its alternatives), that doesn't really matter to me. If bad people want to write tools that good people can take advantage of, let them.
mhh i dont see it like this. open source is much more then the finished "product" there is a communitie around, they have a youtube channel, social media channels. the developers get more attention if the messenger is more used.
Good point.
There was this post a while ago on lemmy.ml, where the CTO at oxen came in as well.
The CTO lied and said they didn't have any connection to 8kun, while
It's a very interesting thread to say the least.
Seems the alt-right developer for Lokinet has been told to cut that shit out. And he's apparently not connected to Session's development directly. Just some possible okay news lol.
Very interesting though, hadn't heard of that.
do you have a source for this? and session, oxen and lokinet are the same companie
I found it by looking around that thread, where the OP tweeted that they had responded. I'll try to find the exact link when I get home, but they said he wasn't neurotypical and didn't understand, which I don't really believe because he didn't say racist things on Twitter, but I also don't have experience with that.
And I just meant that he wasn't directly working on session, but does develop other projects
i mean at the end everyone has decide for themselve. i also tried session and found it really interesting. but then i found this and for me that means that i dont wanna use or support this project at all. and if people read this and say "i still wanna use it" then just do it. but then you at least know whats going on there
yikes, just uninstalled it
sadly just in german, but around minute 27 they speak about lokinet https://media.ccc.de/search/?q=lets+play+infokrieg
https://nitter.net/WPalant/status/1281540005190672384
Is the developer really connected to the "alt-right", or connected with free speech?
in the video they speak about alt right. i mean whats also a bit weird for me is, if i would be accused as company to have this connections to alt right. but its just the users of my services that have this connections and i cant control it. i still could put out a statement. like the devs from mastodon. their its also that their open source software is used by gab and now trump social. but their find a way that i trust them that they really dont like whats happing with their software. with session i dont have the feeling. correct me if their are informationen that the dev is not working their anymore because of the connections
So? Who cares? What has your comment anything to do with software? The most up voted comment on a software post is some political whining. Why should anyone care about what devs are doing in their personal life? I didn't see that level of criticism when Tusky devs blocked gab.com in the app for ideological reasons, which is actually very concerning. Seriously, what the hell is wrong with you?
You can't separate people from their products.
You can, you have to do it. When someone's doing software, ask yourself software related questions. You just can't go with "this guy's Trump supporter" or "this guy's a communist". Just forget about it as long as the software doesn't reflect those facts (you should never have or care about that information in the first place). Stop politicizing software, stick to the technical aspect of it. Imagine science like "this paper is brilliant... but it's from someone tied to a political scene we don't support, so we'll just ignore it". How stupid is this?
That's happening a lot and some circles like to p-hack their way to success. You can't completely separate the author from their work.
Also if on the basis of that science they are going to be in a powerful position (leading a project), that should be criticized.