Privacy

31918 readers

955 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

Session messenger (getsession.org)

submitted 3 years ago* (last edited 3 years ago) by Yujiri@lemmy.ml to c/privacy@lemmy.ml

46 comments fedilink hide all child comments

I'm aware that Session has been discussed twice before on this community, but the last thread was 6 months old so excuse my starting a new one.

There's one big concern I wanted to bring up, which is the disagreements over whether it has forward secrecy. The spec says it does, but I've found two other sources saying it doesn't:

https://restoreprivacy.com/secure-encrypted-messaging-apps/session/ (search for "Perfect Forward Secrecy removed") https://www.securemessagingapps.com

Why are they saying this? Is there a critical caveat to Session's forward secrecy (does it not have it in closed groups?), or are both sources just wrong?

(I've also heard one source say its closed groups are limited to 10 members which would be a showstopper for me and another source say they're limited to 100 and the spec says 500 so i don't know what to believe.)

I'm also concerned about it being built on top of a blockchain and cryptocurrency, not because I'm suspicious of cryptocurrency in general but because I find it difficult to understand, and because that it costs thousands of dollars to run a Session node seems to me like the network is bound to be owned exclusively by a few rich companies and investors. Is it? Is there a place I can see who owns how much of it, particularly how much is owned by the Oxen developers?

UPDATE: I believe I've just learned that Sesison DOES NOT have forward secrecy or deniability; the whitepaper linked on their CURRENT website is outdated. https://getsession.org/blog/session-protocol-technical-information

you are viewing a single comment's thread
view the rest of the comments

[–] tekcaj@lemmy.ml 6 points 3 years ago

You might be interested in GNU Taler. I heard Stallman talking about it in some podcast about Monero (I think Monero Talk). He was saying it's being designed to be private for payers, but not payees, for tax purposes.

It was a dreadful listen though. The host just wanted RMS's stamp of approval, kept trying to get him to say he liked Monero; and Stallman is the absolute worst, most obtuse podcast guest I've ever listened to lol.