It seems encrypted messengers are turning into cryptocurrency ponzi scam projects.
Keybase -> Stellar
Session -> Oxen/Loki
Whatsapp -> Diem/Novi
Signal -> Mobilecoin [0]
There really is no defence of introducing this at all and it's sad that this is becoming a trend, looks like one has to look at Threema, Wire and possibly Element as our only hope.
I generally agree, but in the specific case of Session, the crypto scam is a feature. The crypto scam provides for the thousand or so independent nodes that makes a ProtonMail-style law enforcement order useless.
Any centralized service like Threema is vulnerable to a court order to log, at the very least, connection metadata.
It's a LOT more expensive for LE to launch a Sybil attack on Loki than to get some bootlicking judge to compel logging and/or silent client update.
But yeah, I totally agree that the crypto scam is long-term unsustainable and Session needs to find a way for the users of Session to have to pay for Loki network access to keep it running.
To the point above, the biggest weakness of Session, by far, is that its official packages are released and signed in Australia. There is no doubt in my mind that .AU will eventually come down hard and compel signing of compromised binary releases. They HAVE to distribute official release building and signing to multiple developers around the world, and soon.
I sort of understand people feeling like Signal/Mobilecoin is a get-rich-quick scam (though I really don't think it is), but I don't understand why, beyond the ickiness if that were the case, it actually matters.
Does it somehow reduce the effectiveness of Signal Messenger?
The argument against Signal here seems to rest on the weakest foundation. As I understand it, it's something like:
- This could be a get-rich cryptocurrency scheme. We don't have any evidence for it, but you can assume the worst.
- The project embarking on this scheme shows they don't have users' best interests at heart.
- If they don't have users' best interests at heart, how can I trust any of their other decisions?
This is not an argument I'd want to hang my hat on.
Where is the scam part? I don't need to use their crypto, its just built in, and its not dishonest in any way. There is no monopoly, and suggesting they should run encryption and servers all day with no compensation and free isn't sustainable, in fact that makes me even more suspicious that it is a govenment run system.
I prefer that I can at least see it being sustainable, and if its a P2P protocol it could be free, but if they paid the developers well I would feel even better for various reasons.
You could flip that argument too and say that the thousands of dollars one must pay to run an Oxen node is a threshold that intelligence agencies and governments can easily afford. While the idealists who just want to support the onion routing with bandwidth for a few bucks a month are shut out.
That's why tor is so massive, because anyone can support it. But that's also what makes tor vulnerable to sybil attacks. It's a catch 22.
Either way, my warnings bells go off when someone asks for thousands of dollars for crypto coins that have no real advantage like Monero.
Another question that comes up with Oxen is what happens if it's adopted. Because afaik each onion routing node is also calculating the blockchain. So the more transactions happen, the heavier these calculations get, right? So each onion routing node will require a lot of resources eventually, if this ever takes off.
Your statement on the intelligence agencies is incorrect. You need oxen to run the nodes not dollars, and obtaining oxen has an exponential cost due to market forces.
If you want to run 1 node you can obtain the oxen pretty easily. If you want to obtain enough oxen to control 50% of the network you will need to buy more oxen than is in existence.
Also the oxen blockchains state growth is pretty mild. Its currently 20gb after 4 years. Even moneros blockchain is pretty mild which gets heavy use (sub 100gb i believe).
State growth is an issue all blockchains face, but there are ways of addressing it. If oxens blockchain gets to 200gb in 40 years though i dont think that is an unreasonable expectation to put on the people running nodes.
It's been slow because the coin hasn't been adopted by anyone yet. I'd imagine that if it was actually adopted by some real market, giving it real value, it would grow a lot faster.
So it is an issue to combine those two features, onion routing and blockchain. Because onion routing only requires bandwidth donation.
Take a look a Signal, which the whole of Signal is to be a private WhatsApp alternative not a trojan horse to introduce a cryptocurrency pump and dump scam. [0]
So for Session, I am unfortunately also sceptical on them as well, I would say they are arguably worse since their project is embedded within cryptocurrencies and it won't be long until they force their Loki/Oxen coin in their apps.
It's sad Tox never succeeded in getting widely used, as it solved a lot of problems (almost, multi-device was in a beta branch last time I used it).
Fully distributed (while current solutions are centralized or, at best, federated), no single entity to be attacked, no dependency on phone numbers, being blessed by a server, or strange coins.
The political view on cryptocurrency that causes you to label it as a bad thing means you blanket category something that adds a lot of features to session.
I think tors uptake in general was limited because the FBI was able to still to track people, and here the cryptocurrency element fights against exactly that.
In sessions case the cryptocurrency is a protective measure thats stops eve from spinning up loads of nodes on their backend and snooping the message packets.
XMPP is better than anything else I have seen for this sort of thing in that it is federated and gives you a choice of servers. There is no single point of failure.
Here is what that looks like using Conversations on Android:
I told a person I know to use XMPP to which they said
"Which XMPP app should I use"
To which I dismissed XMPP its own as a viable alternative to anything, there might be hope for Jami as long as it is not linked to anything cryptocurrency and the security is sound.
> Don't project that laziness onto the entire populace, enabling others to feel comfortable that it's "too hard" to use Signal....that's awful.
Unfortunately WhatsApp has a lot more staying power and social inertia than you would ever realise, regardless of how large a social circle is, and your anecdote doesn't change that either.
Until Signal supports all or most of WhatsApp's features I don't see this changing.
I've had a lot of success getting people to move over to Signal personally. I have 400ish contacts on WhatsApp, and at least 150 on Signal, from like 5 or 6 before the T&C update from WhatsApp.
It would be a lot better to get people on federating networks like XMPP (the Internet standard for IM) or Matrix (currently has a better iOS client) instead of moving them from one walled garden to another.
1) I don't have the infrastructure or the time to self host at the moment, and almost none of my contacts have the ability.
2) My XMPP experience (using Conversations and a couple of free servers online) was inconsistent. No attachments were delivered, message storage was limited to the client side, and a few niggles in general.
3) Matrix.org tended to be slow and unreliable for me, definitely more so than Signal. And as mentioned, I can't self-host right now.
If I could, I would have moved them to an open network, but for the reasons I mentioned and others, it's just not at the same level of convenience or usability yet. I might be more tolerant of these issues for advocacy's sake, but my contacts certainly wouldn't be.
I hear you (and others), which is why we're trying to solve these kinds of barriers to XMPP adoption, with Snikket. It's a preconfigured server that can be self-hosted, or there is a hosted service available (you can migrate between them). Also included in the project are client apps with consistent feature set and behaviours across platforms (currently Android/iOS). This includes things you mentioned such as smooth file sharing, server-side storage, end-to-end encryption, etc.
It's still relatively early days for the project (launched last year), but I guess my point is - if the things you listed are all that's holding you back from XMPP, try Snikket and give us some feedback :)
I've looked into this before a little. But no one seems concerned these guys are located in Australia. We (Australia) have what I'd call quite frankly, "Awful" encryption and privacy laws.
But AFAIK with the news laws nothing is stopping the feds from requesting them to upload a backdoored apk one of these days (if someone can shed more clarity on that, I'd be appreciative).
Even though the website looks like yet another "secure messenger scam", at least these guys check the important checkbox of having a reproducible build available at F-Droid. [or apparently not, see below for more]
This check box is actually quite import; I laugh at anyone who promises that "they won't reveal identities, not even under a court order" when the court can just force them to ship a silent binary update that does whatever the heck the court wants.
Indeed, from reading that issue, it appears their app cannot be bundled for the official F-Droid repository because it uses Google Play Services for notifications.
I understand why some apps need to distribute updates outside of f-droid.org repo because it's too slow to vet/build updates: for example Newpipe needs to update as quickly as Youtube breaks 3rd party clients, and F-Droid's update vetting process takes too much time for that. But i don't understand why an app like Session would setup their own repo and not try to push to f-droid.org repo without the Google trash. [1]
At least, they're not actively trying to shut down libre forks (with spyware removed) like Signal did to LibreSignal years ago, that's already a very good point for them!
[0] Exodus Privacy is pretty cool. It uses static analysis to find known trackers/malware in Android APKs, and is developed by a french non-profit. If you don't use only F-Droid apps, you should definitely use Exodus Privacy to know what kind of crapware you're setting up. (Spoiler alert: >90% of Google Play Store is malware).
[1] The argument in the ticket is about the notification system. Because some Android (and iOS!) phones have energy policies preventing most background connections (unless privileged like for Apple/Google notification servers). That is not a problem on a device you own (eg. Replicant/Lineage) but is definitely a problem on CrapDroids (like Samsung and Huawei i believe) and on all iPhones, and this produces a situation where users will miss notifications until phone goes out of sleep and will blame the app for that, while their OS is responsible for the loss. One of the many shameful consequences of letting evil corporations control our computing devices, that leads to further centralization of all network activities.
Strongly agree. I would also add that even if you as an app developer are not a malicious individual who would help law enforcement persecute political activists, Google will certainly give away all info it has on the persons who downloaded the app, and may as well publish targeted binary updates without anyone's knowledge, which is frightening.
On F-Droid on the other hand, the recipe is open source and the build process is automated and reproducible. That means if your threat model requires it, you can setup your own F-Droid build server and only download from it and/or verify all checksums of packages published on f-droid.org repo. Outside the Android ecosystem, that's precisely what GNU/guix project is doing with the guix challenge command: https://guix.gnu.org/manual/en/html_node/Invoking-guix-chall...
Apparently Loki has been renamed Oxen in the meantime. I'm curious if/how Session is usable without any form of "coin".
EDIT: So apparently their tokens are used to form market-based Sybil resistance:
> This supply-demand effect is further reinforced by something called lock-up. If Oxen is staked to a Service Node, it can’t be moved or traded — meaning that the purchasable supply reduces as the number of Service Nodes increases. If a prospective attacker attempted to buy up a massive amount of Oxen (in order to stake a large number of nodes), the cost would ramp up as they purchased, making it extremely expensive to actually conduct a successful Sybil attack. [0]
I find their FAQ very unclear so far (haven't read the whitepaper yet), but from what i understand Session is free-to-use because the servers (Oxen Service Nodes) are remunerated by cryptocurrency speculation (lock-up) and block rewards. I find it worrying though, that the entire threat model relies on the financial cost to mount an attack... I hope like with Tor, many different circuits can be built in parallel.
The whitepaper at [1] is more impressive than I expected it to be, not for what is built today (which on a quick read appears to be rather unexciting), but for the class of attacks recognised as unsolved, and identified as requiring future work.
Improvements identified include:
1) Encrypted messages should have a constant size (padded). Note that the Signal protocol used by Session currently uses variable length messages[2].
2) Encrypted messages should be sent as noise by clients through the onion network and back to themselves at random intervals frequent enough that messages to/from other parties are statistically indistinguishable to an eavesdropper from the noise generated.
3) Intermediate nodes in the onion network should hold and delay encrypted messages so they are adequately mixed before being sent forward. This makes it statistically difficult for an eavesdropper to match up a message entering a node and a message leaving a node. Ideally messages would be mixed across enough nodes of the onion network that to an eavesdropper, the full list of possible destinations is equal to the total number of clients on the network.
4) Proof of work should be replaced with a better technique for preventing degradation of service or spam attacks. The paper quite rightly identifies that proof of work would favour Eve who has setup a data center filled with custom ASICs solving proof of work problems, rather than favouring Alice or Bob with an energy efficient mobile phone SoC. CAPTCHAs are identified as a possible future solution to this class of attacks.
I doubt those improvements would have much application outside of labs and experiments though. Unless a significant part of the global economy surprisingly becomes dependent on a traffic analysis resistant anonymising protocol, it is too easy to just block such protocols similar to what China does with its Great Firewall.
There are so many encrypted messaging apps now but none has the feature-parity and convenience of Telegram. The user experience is just unparallel, and it is quite astonishing to see so high-quality software being produced by an actual company these days. However, there are a couple of drawbacks of Telegram which are seriously important to consider
- no self-hostable server option (of course they don't have a federated model so interoperability will not be easy even if they release the server source).
- the encryption protocol is non-standard, does not sync between devices, and is not enabled by default.
I would really love it if there is a client-side encryption app which uses established time-tested encryption protocol to encrypt and decrypt messages fully at client side and will just let me use something heavily feature-rich like Telegram for sending the messages.
> There are so many encrypted messaging apps now but none has the feature-parity and convenience of Telegram.
Perhaps because Telegram's servers store and have access to the entire message history (except for secret chats, that are very limited in features compared with both Signal and WhatsApp), and this really helps a lot when synchronizing among devices and managing groups -- all at cost of security and privacy. They also can selectively remove groups, and recently did it, so there is not a theoretical problem anymore.
Remember: they have all the information and can use it for anything once they turn evil (I call it "being bitten by a radioactive Zuckerberg").
Session is a cool fork from Signal. They adress the two biggest privacy issues, push tokens and IP addresses.
But I can't see it gaining too much main stream traction any time soon. Too me it feels like WhatsApp has hit the sweet spot for people who can't get themselfes to care about security and privacy.
I have doubts regarding its privacy, but I think WhatsApp's security is up to the mark[1]. A lot of secure messengers fall short of simplifying security stuff on their UI/UX, for the average user, and i genuinely think it's a hard thing to do. In fact you could argue that "Everything should be made as simple as possible, but no simpler.”
But maybe we'll get there, as more and more users understand the need for security
Looks good but it is centralised if I understand correctly. Same weakness as Signal or Threeema. Element [Matrix] should be prefered for decentralisation.
4) They insist on "French tech", which is an ultra nationalist startup-nation label which does not imply any form of security, but rather that they report to french intelligence services (DGSI/DGSE) not USA intelligence services
5) They claim on the website that they're the first messenger certified by ANSSI, which is true but misleading. ANSSI has previously certified other secure messaging components (such as PGP implementations), and has very likely been involved in approving (though not certifying for private use) the french government's fork of Element matrix client (Tchap) as the official secure messenger application of the French government.
All in all, it's just a french startup making claims to make money. Nothing to see there, unlike Session which has some actual source code and novel approaches to show off (despite my reluctance due to blockchain tech).
I've heard that claim so many times, yet very few startups hold their promise to open the source code. Especially for something branded as a secure messenger, how to give it any credibility without being able to inspect/audit the source?
> you can stop using Android or Apple phone i think
I use deblobbed android without google services -> replicant.us
> you can find "Loki Messenger" (old name of Session ) with two "spyware" inside too
I pointed it out in another comment so i'm aware. However these trackers have been removed in the meantime, and Session is actually free software which you can build from source.
> i trust the very skilled person
Good to see they've got a competent cryptographer, however competent cryptographers does not necessarily make a successful and secure decentralized messenger. See also Wire who had serious crypto and promises to open source everything, but to my knowledge the server side was never released, and Wire more or less failed as yet-another encrypted centralized messenger like Signal. Or GNU/Net who also has some solid research and practical applications [0], yet didn't grow so much over the years.
> Session is just another textsecure implementation
In fact not. It's certainly a TextSecure fork, but the only TextSecure implementation left is silence.im, whose maintainer is an employee of La Quadrature du Net from what i understand. But being SMS-based, silence.im leaks a lot of metadata (unique identifiers + timestamps).
And contrary to other TextSecure forks (like Signal), Session does not rely on a centralized infrastructure or sketchy "secure enclaves". Like i said i'm very critical of relying on a blockchain at all, but i have to admit Session looks (from a quick look) like a serious project.
Skeptical because Signal has reached critical mass so that even normal people are starting to use it. I hate how Signal requires phone numbers, something Session does not.
Of course they are. Next they sell to the same gullible audience as every other Ponzi scheme.
After all, they need a new communications solution for their next January 6th event after Parler handed over their comms and that sweet ultra secure alt-right phone turned out to be a rebranded budget set.
And big surveillance tech has allied with Team Blue to get away with surveillance capitalism and anti-competitive behavior, so anyone on Team Red must be unpersoned. One way to do this is by whipping the programmer minions of woke corporations into a stress session frenzy.
I dont know where you got that impression. It is not based on xmpp.
It is, more or less, a decentralised signal with onion routing.
Edit: apparently they switched away from the signal protocol 2021. It is no longer signal-with-onion-routing. It has diverged significantly sice they forked.
well, maybe decentralized Signal UI.
Since it does neither use Signal encryption nor does its encryption have the properties modern E2EE encryption has (Perfect Forward Secrecy, existing in Signal, Matrix, Wire and even WhatsApp), it cannot really be called Signal anymore
You are right: they have switched away from the signal protocol to their own session protocol during 2021. I did not know that. Last time I checked (late 2020) they were using signals protocol.
Looking at the web site, I can see how one might get that impression. The code base comes from signal, but the web site looks more than a bit like various XMPP things from a few years ago. It seems to say "we have features most XMPP clients don't" as I read it. Compare this to signal.org, which seems to be written from a list of FAQs/complaints. "Privacy" in the first sentence, four endorsements, and then a variety of FAQ points: "No creepy affiliates", "no SMS charges", "we have groups", "share GIFs freely".
- Session does not require phone numbers, which is Signal's greatest and well-known weakness and has led to a lot of (police/stalker) harassment
- Session uses some form of onion routing, and the messages arriving while you're offline are stored for a certain amount of time (TTL) by "Oxen service nodes" ; no centralized server controlled by Amazon & other evil corps relying on Intel's SGX "secure enclaves" (yes, that is actually Signal's threat model lol)
- Session appears to be involved with the Oxen blockchain where you can pay for a global username to be registered to your public key; i don't know if there's recovery mechanisms if you loose you key/device, but i do know it took me only two clicks from homepage to reach talk of blockchain and tokens and that does not inspire me confidence
- Session claims loud and clear to be developed by a non-profit and to be user/UX-oriented, which is great! Signal's finances and decision making have never been very transparent, and interviews published here in the past year implied they needed more users in order to monetize the platform (how?)
Keybase -> Stellar
Session -> Oxen/Loki
Whatsapp -> Diem/Novi
Signal -> Mobilecoin [0]
There really is no defence of introducing this at all and it's sad that this is becoming a trend, looks like one has to look at Threema, Wire and possibly Element as our only hope.
[0] https://www.wired.com/story/signal-mobilecoin-payments-messa...