Session | Send Messages, Not Metadata. | Private Messenger
getsession.org
Session is a private messenger that aims to remove any chance of metadata collection by routing all messages through an onion routing network.

Especially for the less tech-savvy among us?

  • pineapple@lemmy.mlEnglish
    1·
    2 hours ago

    Not sure, I’ve never used session but I think less tech savvy people would want to use signal because it is similar to Whatsapp, which they are used to.

  • Hanrahan@slrpnk.netEnglish
    6·
    12 hours ago

    Session is an Australian conpany afaik. The entire app reeks of entrapment. Australian laws are all about no privacy for you.

  • grehund@beehaw.org
    3·
    12 hours ago

    You can easily re-roll usernames in Signal, and profiles in SimpleX. I couldn’t find an equivalent feature in Session.

  • lemmus@szmer.info
    4·
    14 hours ago

    I used to think session is a way to go, but now…well simplex is literally all you need for communication with anyone

  • Hirom@beehaw.org
    2·
    12 hours ago

    First impression: why another messaging system?

    It may be fine, but what does it bring that Signal/Briar/Matrix/XMPP+Omemo doesn’t have? Does it use existing standard protocol or encryption that’s compatible with other messengers, to avoid fragmentation?

  • foremanguy@lemmy.ml
    221·
    1 day ago

    The real alternative to Signal for myself is SimpleX. The project is still in his beginning but it’s the best instant messaging we could have once polished finished

    • chi-chan~@lemmy.world
      15·
      1 day ago

      Because his grandma can’t type a password 30 characters long just to restore her messages.

      They are so smart and still make some choices that are so, so, *so dumb*. ‘No history on a new PC for you, it’s a ״feature״’. Seriously? c’mon.

      • FauxLiving@lemmy.world
        7·
        1 day ago

        History isn’t stored on the server so it can’t be automatically populated on a new device. That is a feature. The alternative, storing the messages on the server or having the means for one device to clone all of its messages to another device, would be insecure.

        A 30 character long password is required in order to have enough bits of entropy so that the backed up messages are actually secure.

        Grandma isn’t moving her data to a new PC without assistance, the person that is assisting her should be competent enough to operate Signal.

  • Em Adespoton@lemmy.ca
    14·
    1 day ago

    As a centralized system, nothing has been shown to improve on Signal yet. For decentralized systems, I haven’t seen anything better than Matrix yet? SimpleX is slightly more secure, but harder to spin up and easier to break.

    Session… there have been multiple articles written on how it is flawed and untrustworthy.

    • Sonalder@lemmy.ml
      7·
      1 day ago

      Matrix is not decentralized but rather federated and distributed. Also synapse (matrix sevrer) have poor performance, especially when you federate your instance to others.

    • Xanza@lemm.eeEnglish
      33·
      1 day ago

      Briar doesn’t make sense to me because you’re trading a central server for a central service… If tor is down, you can’t message. It’s the same POF as cellular, which is insane to me.

        • Xanza@lemm.eeEnglish
          11·
          1 day ago

          It’s also a specific procol, which can absolutely be blocked. I don’t know where this notion that it’s impossible to block tor because it was designed to be censorship resistant came from, but you can absolutely stop people from using it.

          It’s not even that hard and there’s nothing end users can do about it if they don’t know how to circumvent it…

          • FauxLiving@lemmy.world
            21·
            24 hours ago

            Being able to be blocked is a completely different thing than being centralized service.

            […] there’s nothing end users can do about it if they don’t know how to circumvent it…

            I mean, if users don’t know how to circumvent something, by definition there is nothing that they can do about it.

            However, unless this hypothetical censoring country is blocking all encrypted network traffic it is trivial to access TOR via a VPN or an SSH tunnel

        • Xanza@lemm.eeEnglish
          11·
          1 day ago

          You’re missing the point. Of course tor is decentralized, but the tor protocol can be locked at which time you have no connectivity at all… Your super secure messenger doesn’t work. It makes no sense.

            • Xanza@lemm.eeEnglish
              2·
              1 day ago

              Unless you obfuscate tor traffic, it’s trivial to block it via any number of IDS products. The entirety of public tor exit nodes are publicly available: https://check.torproject.org/torbulkexitlist

              Here’s tor exit node blocking in production with 14 lines of bash

              It’s significantly easier than you’ve obviously been led to believe. When it becomes not easy is when someone understands the protocol and understands how to circumvent these measures, but I can assure you that 99.8% of all tor users don’t fall within that category…

              • Umbrias@beehaw.org
                11·
                1 day ago

                oh sure, but you can get around these blocks and this sort of block is ultimately always a possibility short of building your own network infrastructure. and as blocks like that become more common it becomes more common to circumvent them too.

                “significantly harder than youve been lead to believe”, no, you just werent clear in your description of the problem. if your problem with tor is “governments can play whack-a-mole blocking ips and traffic” there is no technology which doesnt have that as a downside.

                • Xanza@lemm.eeEnglish
                  1·
                  1 day ago

                  but you can get around these blocks

                  They create a better ad, so they create a better adblock, which forces them to discover anti-adblock methods, which forces adblocker’s to adapt, which forces anti-adblocker’s to adapt, ad infinitum.

                  This isn’t anything new. Of course you can circumvent these blocks, but they can always adapt to make them useful again. It’s not a good argument at all.

    • irotsoma@lemmy.blahaj.zone
      61·
      1 day ago

      But it’s a difficult concept for the average person to not have an account, but everything is device oriented. Same problem with people not using gpg for email. Having to maintain a thing similar to a private key that’s not memorizable like a username and password and back that up in case your device is lost. Is a big hurdle for many. And then additionally having to share a qr code or link through some external means for someone to connect with you rather than just telling them to download an app and enter your username HSS always been difficult.

      So, IMHO, Signal has the best implementation possible with the level of usability that many nontechnical people expect in a chat application, even if it’s not the most secure. I am interested to see how SimpleX solves these issues in the future, though.

      • Sonalder@lemmy.ml
        2·
        1 day ago

        Of course it is, that’s the innovating part of it ! My opinion was that I rather use SimpleX if I wanted to switch away from Signal, if not I’ll simply use Signal not Session. But my threat model isn’t everyone’s.

        I think as people will be more educated on cryptography in there digital lives we will have better UX to the point of it not be as difficult as sending on e-mail in the late 80s. Innovation like Bitcoin, nostr, U2F, passkeys etc… will be more accessible over time. Today sending a message on Signal is infinity more easy, secure and private than the majority of e-mails of the 21th century.

    • Alas Poor Erinaceus@lemmy.mlOPEnglish
      31·
      1 day ago

      Grr! Ok, but damned if I could get that to work! It seems like you can’t use the desktop and mobile client at the same time! You have to scan a QR code to switch between them! And it has issues with firewalls and VPNs! Old and clueless here, maybe part of the problem. 🙁

        • Alas Poor Erinaceus@lemmy.mlOPEnglish
          41·
          1 day ago

          I didn’t have an issue with fireballs either, thankfully, because I made my saving throws before they got to me.🔥😉

      • Sonalder@lemmy.ml
        32·
        1 day ago

        Yes SimpleX isn’t mature from a UX perspective and that is due to it’s innovative approach. If you need to have device sync and don’t want Signal, Session could be a better optioon to you.