Session is an Australian conpany afaik. The entire app reeks of entrapment. Australian laws are all about no privacy for you.
this post was submitted on 24 Feb 2025
11 points (58.0% liked)
Privacy
34425 readers
851 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
They recently relocated to Switzerland, after the AFP visited an employee, unannounced, at their home.
what in the fucking dystopia are they doing.
Don't use Session! It's not secure with the recent changes!
Not sure, I've never used session but I think less tech savvy people would want to use signal because it is similar to Whatsapp, which they are used to.
I used to think session is a way to go, but now..well simplex is literally all you need for communication with anyone
You can easily re-roll usernames in Signal, and profiles in SimpleX. I couldn’t find an equivalent feature in Session.
First impression: why another messaging system?
It may be fine, but what does it bring that Signal/Briar/Matrix/XMPP+Omemo doesn't have? Does it use existing standard protocol or encryption that's compatible with other messengers, to avoid fragmentation?
I think it has tor routing by default, so different in that way?
Briar use Tor by default as well for Internet connections, so I don't think Session is unique in that way. And both appear decentralized.
A difference is that Briar is Android-only, whereas session is available on more platforms https://sourceforge.net/software/compare/Briar-vs-Session-vs-Signal/
It's good that people are working on privacy-preserving tools. But I wish they'd coordinate to avoid fragmentation. Work on common/standard messenging protocols, so that people can talk to each other even using different software.
Currently it feels like going back to the 1990s-2000s, with ICQ/AIM/MSNM being all incompatible, and every single one being unable to communicate with a large fraction of your contacts.
Fair, I've never used Briar, so I was mostly responding to the others. I complete agree though, the fact that there are so many is super frustrating.
Dear god, just don't.
https://soatok.blog/2025/01/14/dont-use-session-signal-fork/
As soon as I saw the furry reaction images, I knew this was going to be a detailed and informative blog post.
Wasn’t this the blog who also got a response from session asking for a PoC and then they replied with (paraphrasing) “well it’s not my job to provide one”?
So everything in that blog post is theoretical at best?
Really bad idea, session copied signal, stripped out forward secrecy, and uses centralized file transfer servers.
This link has a helpful graphic, thank you! 🙂👍
The real alternative to Signal for myself is SimpleX. The project is still in his beginning but it's the best instant messaging we could have once polished finished
As a centralized system, nothing has been shown to improve on Signal yet. For decentralized systems, I haven’t seen anything better than Matrix yet? SimpleX is slightly more secure, but harder to spin up and easier to break.
Session… there have been multiple articles written on how it is flawed and untrustworthy.
"Harder to spin up"? Hard disagree. Matrix's main server implementation is very resource-heavy, and alternatives like Conduit are not full-featured (and broke in some ways for me when interacting with mateix dot org). Meanwhile Simplex servers are pretty light and aside from a couple errors in the documentation that took a while to figure out, it has been easier than Conduit. And unlike Matrix, it has never broken for me so far.
Matrix is not decentralized but rather federated and distributed. Also synapse (matrix sevrer) have poor performance, especially when you federate your instance to others.
What do you mean poor performance ?
My synapse used to run on a 5€/mo VPS besides other stuff and ran fine and now runs on one of my on-premise servers (and not even my fastest, just some old ryzen 2700) with A BUNCH of other stuff besides it. Multiple users, a bunch of large federated rooms, bridges to other messengers ... And it just runs fine with 0 issues.
Are you talking about running a synapse server for like a thousand people or on absolute potato hardware or what is the issue ?
I'm not running a Synapse server myself so I can only speak on behalf of people I know who are. From what they told me they love the matrix protocol but it's not the same for the synapse implementation. A non-federated server can have somewhat great performance but a federated one was not worth it for them so they decided to switch to another alternative. They are not running for thousands of users more something like 40 I would say and while I don't know their server specs, I assume it's not a potato though.
I think that SimpleX is more innovative and ground-breaking than Session.
But it's a difficult concept for the average person to not have an account, but everything is device oriented. Same problem with people not using gpg for email. Having to maintain a thing similar to a private key that's not memorizable like a username and password and back that up in case your device is lost. Is a big hurdle for many. And then additionally having to share a qr code or link through some external means for someone to connect with you rather than just telling them to download an app and enter your username HSS always been difficult.
So, IMHO, Signal has the best implementation possible with the level of usability that many nontechnical people expect in a chat application, even if it's not the most secure. I am interested to see how SimpleX solves these issues in the future, though.
load more comments
(2 replies)
Use separate profile for different devices. Make a group when you chat with others.
load more comments
(7 replies)
Briar doesn't even use a central server, all connections go through tor
load more comments
(13 replies)
There's nothing about Signal that requires savvines.
They probably meant tech-savviness compared to other Signal alternatives.
Although even then XMPP with modern clients is simple enough for my mom to use, so I don't entirely buy the "complication" argument either.
is simple enough for my mom to use
The bar is so low. I just had to visit somebody today to help them fix their computer. There was dirt on the fingerprint reader, and they forgot their password. I told them their password was their user name. I.e. hunter / hunter and it didn't work.... (I chose this because of their modest tech experience)
They were using hunter / Hunter instead.
Idk, I meant my personal experience. She doesn't see much difference between ease of use of her XMPP client compared to, say, Whatsapp.
The main turnoff for me is that it is essentially impossible to selfhost - you use random nodes from the network, and to host such a node, you have to lock up a whole fortune (last time I looked I remember it being around $1500, might've changed) in their own cryptocurrency. They do promise returns, but I am skeptical - where would they take so much money to guarantee compensation for everyone within a sane amount of time? They claim it is against a Sybil attack, but it seems to me that it would be a lot easier for a government/company to have more nodes in a situation when "competition" is reduced like this.
load more comments
(2 replies)
view more: next ›