I’m aware that Session has been discussed twice before on this community, but the last thread was 6 months old so excuse my starting a new one.

There’s one big concern I wanted to bring up, which is the disagreements over whether it has forward secrecy. The spec says it does, but I’ve found two other sources saying it doesn’t:

https://restoreprivacy.com/secure-encrypted-messaging-apps/session/ (search for “Perfect Forward Secrecy removed”) https://www.securemessagingapps.com

Why are they saying this? Is there a critical caveat to Session’s forward secrecy (does it not have it in closed groups?), or are both sources just wrong?

(I’ve also heard one source say its closed groups are limited to 10 members which would be a showstopper for me and another source say they’re limited to 100 and the spec says 500 so i don’t know what to believe.)

I’m also concerned about it being built on top of a blockchain and cryptocurrency, not because I’m suspicious of cryptocurrency in general but because I find it difficult to understand, and because that it costs thousands of dollars to run a Session node seems to me like the network is bound to be owned exclusively by a few rich companies and investors. Is it? Is there a place I can see who owns how much of it, particularly how much is owned by the Oxen developers?

UPDATE: I believe I’ve just learned that Sesison DOES NOT have forward secrecy or deniability; the whitepaper linked on their CURRENT website is outdated. https://getsession.org/blog/session-protocol-technical-information

  • schnuppikarotti@lemmy.ml
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    3 years ago

    in the video they speak about alt right. i mean whats also a bit weird for me is, if i would be accused as company to have this connections to alt right. but its just the users of my services that have this connections and i cant control it. i still could put out a statement. like the devs from mastodon. their its also that their open source software is used by gab and now trump social. but their find a way that i trust them that they really dont like whats happening with their software. with session i dont have the feeling. correct me if there are information that the dev is not working there anymore because of the connections and this posts.