I would not recommend it. Session is a signal fork that deliberately removes forward secrecy from the protocol and uses weaker keys. The removal of forward security means that if your private key is ever exposed all your past messages could be decrypted.
Comment on ‘There isn’t really another choice:’ Signal chief explains why the encrypted messenger relies on AWS
qwerty@discuss.tchncs.de 1 day ago
Session is a decentralized alternative to signal. It doesn’t require a phone number and all traffic is routed through a tor like onion network. Relays are run by the community and relay operators are rewarded with some crypto token for their troubles. To prevent bad actors from attacking the network, in order to run a relay you have to stake some of those tokens first and if your node misbehaves thay will get slashed.
e8d79@discuss.tchncs.de 21 hours ago
arcterus@piefed.blahaj.zone 1 day ago
The main issue with Session is they removed PFS when they redesigned everything. Also, it’s admittedly been years since I tried it, but I remember the app being noticeably buggy.
unabart@sh.itjust.works 21 hours ago
It’s gotten more usable over the past couple of years. Sadly, I just got done getting all my family/friend contacts to get on Signal (they’d much prefer to use WhatsApp) so Session remains a lonely place for me. I seem to use it solely as a place to stash notes for myself, even though I do this with Signal as well.
I don’t know that we’ll ever see a messenger that both appeals to everyone and has all the features we want (from privacy to visual appeal).
arcterus@piefed.blahaj.zone 20 hours ago
I feel like this about SimpleX. It was a hellish struggle to get people to use Signal (and still a bunch only use Instagram or insist on doing plain phone calls/SMS). Some of my family continuously complain that Signal is too complicated despite the interface being pretty much exactly the same as whatever app they want to use. I really don’t want to try to get them to use another app ever again.
balance8873@lemmy.myserv.one 18 hours ago
This is a bad tool but even if it weren’t the no phone number thing is an anti-feature for most of the population.
qweertz@programming.dev 18 hours ago
Just use Briar or SimpleX instead of this clowns service with no perfect forward secrecy
hash@slrpnk.net 23 hours ago
I found it workable when I tried it recently, but wound up going with simpleX. I like the multi identity system and you can proxy it through tor. Found the app customization more flushed out too.
tengkuizdihar@programming.dev 1 day ago
shame their entire node system relies on cryptobros tech.
tor doesnt need currency to back it up. i2p doesnt need currency to back it up. why the hell lokinet does?
qwerty@discuss.tchncs.de 1 day ago
Tor relays only relay the traffic, they don’t store anything (other than HSDirs, but that’s miniscule). Session relays have to store all the messages, pictures, files until the user comes online and retrieves them. Obviously all that data would be too much to store on every single node, so instead it is spread across only 5-7 nodes at a time. If all of those nodes ware to go offline at the same time, messages would be lost, so there has to be some mechanism that discourages taking nodes offline without giving a notice period to the network. Without the staking mechanism, an attacker could spin up a bunch of nodes and then take them all down for relatively cheap, and leave users’ messages undelivered. It also incentivizes honest operators to ensure their node’s reliability and rewards them for it, which, even if you run your node purely for altruistic reasons, is always a nice bonus, so I don’t really see any downside to it, especially since the end user doesn’t need to interact with it at all.
hanke@feddit.nu 23 hours ago
Where does the reward come from?
Who pays the node maintainers for keeping stable nodes online?
qwerty@discuss.tchncs.de 22 hours ago
Inflation, those are new tokens generated by the network, the same way new bitcoin is generated by the miners roughly every 10 minutes, just without the proof of work mining part. It’s called proof of stake, ethereum uses it as well.
Natanael@infosec.pub 21 hours ago
I2P already did that with their DHT network (remember DHT?). I2P Bote uses that for messaging
vacuumflower@lemmy.sdf.org 15 hours ago
Eh, no. A DHT doesn’t solve offline storage of data, when the source node is already offline, and the target node is not yet online.
tengkuizdihar@programming.dev 19 hours ago
yet they couldve done this with volunteer nodes or even their own, because not even the server knows the content, right?
FauxLiving@lemmy.world 1 day ago
Can you think of another way for people across the world to easily pay each other directly?
tengkuizdihar@programming.dev 19 hours ago
lokinet is for data transfer, like a message from your phone to mine, not a currency. Thats why its odd it uses staking instead of any nodes.
anomnom@sh.itjust.works 16 hours ago
Sounds like the staking is a way to incentivize individual node uptime. Also you need to pay into the stake to get going so there is some financial pain involved in neglecting, or worse, manipulating it. Though is sounds like €1000 per node, so it’s not really going to slow down governments or billion dollar commercial competitors.