Opinions on Session?
from 0laura@lemmy.dbzer0.com to privacy@lemmy.ml on 21 Aug 22:47
https://lemmy.dbzer0.com/post/26372018
from 0laura@lemmy.dbzer0.com to privacy@lemmy.ml on 21 Aug 22:47
https://lemmy.dbzer0.com/post/26372018
It seems really cool but I’m a bit wary of it due to the crypto stuff.
#privacy
threaded - newest
My experience is that I tried to use it years ago and it didn’t work, so I continued using Signal. Straight up could not receive messages. That’s probably fixed now but if I wanted to move away, I’d try SimpleX instead.
Yeah it work now lol
Simplex is the better choice imo.
Yea seems better, I installed it. Is there a way to allow certain SimpleX contacts to bypass DND? I was able to do it with Signal but it seems not possible with SimpleX
Not that I’m aware of, no. But I don’t have much reason to use that, so I haven’t really looked for something like that either.
VC funded, not exactly a community project, I’m skeptical, and worried about it’s future
The saving grace is it is licensed under AGPLv3 so community can take over if something happen.
That assumes the community can maintain enough public queue servers to deliver on its privacy promises and provide a good level of service.
Well, there are enough public XMPP or even Matrix servers, so doesn’t seem THAT unlikely…
Wait until you see where Signal’s funding comes from. And for that matter, Tor, the Internet, and computers.
From what I can gather, they don’t intend on adding multi device capabilities for technical reasons. A big requirement for me is to be able to use both mobile and desktop without losing the history.
From two days ago:
lemmy.ml/comment/13108576
There is multi device support.
On SimpleX? No, there is not. LAN tethering is not multi-device support.
I’m in a group chat but I’m unable to send a direct message to a group member, that’s annoying, but would substantiate the claim that they don’t have general user IDs.
Their queue IDs are user IDs. Each one points to a specific user. You can call it a queue ID, or an account ID, or a user ID, or an elephant, but that doesn’t change what it is.
They crate a different ID to share with each contact in 1:1 chats, but that doesn’t make them anything less than user IDs. You can do the same thing on any other chat service by creating a different account to reveal to each contact. (This is obviously easier to manage on clients that support multiple accounts, but again, that doesn’t change what the IDs do.)
And in group chats, they don’t even do that; they reveal the same ID to all group members.
Do I understand it correctly that the queue ID is specific to the group chat? How is that a user ID, then? The point is that the user doesn’t have an ID, and so you can’t find them in any other group chats unless they have introduced themselves. It basically only identifies the destination, and you really can’t avoid that, can you? Well, unless all messages are basically broadcasts, and everyone receives them, generating unimaginably larger traffic
What would you consider ready for general use? I feel like this is being unnecessarily harsh to the majority of potential users.
I don’t know why you would think it harsh to point out shortcomings in software. It’s not a matter of opinion. These limitations exist, plain and simple, and some of them are not easily discovered from a quick visit to the SimpleX home page.
By listing them here, it saves everyone else the time and trouble of having to investigate on their own. (Unless they assume I’m lying or don’t know what I’m talking about, but I can’t help them with that.) It might also save some people from starting to build their network of contacts on a particular messenger, only to later discover a deal-breaking problem and have to start all over, asking all their contacts to switch again.
I can’t make a single suggestion to fit everyone else’s needs, because there is no messenger that addresses everyone’s needs. All of them have different tradeoffs, so we have to prioritize the things we want.
For myself and my contacts, Matirx does all the things we must have: Free, anonymous, good crypto, audited, multi-platform, multi-device, not centralized, self-hostable, reasonably easy to use, and delivers messages (without time limits) even when we’re offline. It even supports some nice extras, like screen sharing and voice calls.
Matrix detractors generally complain about certain metadata not being encrypted, which is technically true: A few things like the usernames that have joined a room, and avatars (if you set one), have not yet been moved to the encrypted channel and can therefore be seen by your homeserver admin. Frankly, it’s not a high enough priority for us to be driven away from a tool that meets our needs. Protecting the content is our priority. We could self-host a server to protect the metadata, but we don’t bother, because it’s not part of our threat model.
Would I recommend Matrix for high-risk work, where state authorities finding out who you’re talking to could threaten your safety? No, at least not in its current state. Communications like that demand very specific protections, and those protections don’t exist in any messenger that has the conveniences and features that I expect from a modern chat service. That’s (one of the reasons) why whistleblowers and targeted journalists turn to special tools. Having a separate tool/platform for high-risk work is fine; giving up features to meet those needs is a perfectly appropriate tradeoff.
But again, that metadata issue is not a risk factor for us. We’re certainly not going to reject a uniquely useful chat platform because of it.
Back to your question:
I don’t post on social media telling everyone to use the same tool I do, because I don’t know everyone’s needs, and I do know that a few people have very specific needs that don’t match mine.
However, it turns out that the vast majority of the people I’ve talked to about this stuff have needs similar to mine, so Matrix (the protocol) often ends up at the top of the list of things to consider.
My main reservation in suggesting Matrix for general use right now is that the official reference clients (they’re called Element on every platform) still have some rough edges. For example, occasionally sending messages that cannot be immediately decrypted by the recipient unless they jump through some troubleshooting hoops, and a search feature that isn’t implemented in all clients yet. The underlying bugs have been steadily disappearing, so these issues are becoming less and less common, but since they’re not entirely solved yet, I use an alternative client and avoid suggesting Matrix to mom and dad for now.
I already use it daily with friends (who I can help if a problem comes up) and people who are comfortable with troubleshooting on their own. It’s visibly moving in the right direction.
We made a diff acc for each device and then added them all to groups
Works for us ymmv
That does seem like a decent workaround for the multi-device problem, if you only communicate in small groups and each member only has a couple of devices. Directly addressing each other could get unwieldy fast as a group (or the number of devices) grows, but I’m guessing you’re not in that situation. Nice work.
Yeah, that’s super-creative; I would never have thought of that.
… because we shouldn’t need to in the first place!
It’s my go to messenger, idc about the crypto stuff, it’s just a way to reward volunteers who use their servers for all the mathematical conversions, and I have been thinking of running a node myself, to make the network more decentralized
It has some downsides though, you can’t send larger files than 8mb, and if you lose your recovery phrase, you’re compromised, and you can’t edit messages
I used to tell people to use Signal or Element, but I noticed many can’t even sign up, Session just generates a random ID for you, and voila…
I think the biggest issue for most privacy/security people is the removal of PFS.
Yea, but creating a node requires a BIG initial stake. So wonder how likely it is that you’d at least break even with this.
It’s a scam and dying.
Never was a scam. What are you on about?
Cope. It’s based on a shitcoin and now they’re rug pulling their node operators and forcing an even less privacy-oriented premined ethereum-based shitcoin that’ll further enrich only the devs.
Things I didn’t like about Session when I looked at it:
Yeah I agree with these
Unclear that their profit model will work out for them
Development is so slow it’s genuinely hard to believe.
Usability is rather lacking.
I’d say avoid it for the time being and I say that as former long time user.
My issue is effective impossibility to selfhost. XMPP, Simplex, even Matrix are very possible to run on your own, while a Session node would be insanely, arbitrarily expensive (requires around $1000 now, IIRC used to be more). A hobbyist like me and you would not want to pour this much into something they provide out of the goodness of their heart.
Seriously, if you have this much disposable money, you’d be better off running a few Tor nodes in various places).
I still don’t get their “privacy coin” based network. I think their luck would look a lot better if they use the existing tor network instead of lokinet.
It’s nice, reliable and super quick to on board people since no sign up required. Technology seems interesting and novel, and it’s also transparent since it even shows the node path (in addition to being FOSS)
Do I trust it? No, but I don’t trust technology in general