I believe your technical understanding is flawed, I’m a IT-Specialist for application development and Session is indeed a good competitor, thought they had some flaws which there upcoming V2 protocol would’ve fixed.
Flaws they introduced by removing PFS (Perfect Forward Secrecy) and Cryptographic Deniability, just to name two big ones, which they got free from Signal. For anyone not aware, they removed these security features because it made development more difficult for them, not because it was in the interest of their users.
Additional, more technical details on why you shouldn’t use Sessions:
Session has responded to that blog post, mostly debunking it. There is also a response from Soatok to their response, and they edited their original response afterward to address Soatok’s response to Session’s original blog post. Session was also audited by third parties, which had already pointed out some of the things Soatok mentioned in his blog post, and that does not mean Session is insecure or unable to compete with SimpleX, Threema, DeltaChat, Briar, and many other “private messengers.” Signal requires a phone number, which in Germany where I live, is by law attached to your identity and is also a unique identifier and an attack surface. I use and prefer Signal over Session, but Signal also has many small flaws.
Its interesting that you assumed that my objections stemmed from technical problems. Why is that?
Its not, its from usability and trust and poor decisions.
The fact that they’re going to run out of money and the entire platform will just cease to exist is itself my primary objection, much the same as Signal and other centralized services.
The fact that it even costs so much to run is another.
And thirdly, their involvement in crypto shenanigans is an instant dealbreaker.
I believe your technical understanding is flawed, I’m a IT-Specialist for application development and Session is indeed a good competitor, thought they had some flaws which there upcoming V2 protocol would’ve fixed.
Appeal to authority.
Unfounded claim.
Flaws they introduced by removing PFS (Perfect Forward Secrecy) and Cryptographic Deniability, just to name two big ones, which they got free from Signal. For anyone not aware, they removed these security features because it made development more difficult for them, not because it was in the interest of their users.
Has yet to be seen, although if they bring back PFS, they will have at least reached Signal’s level of privacy/security from over a decade ago
Edit:
Additional, more technical details on why you shouldn’t use Sessions: https://soatok.blog/2025/01/14/dont-use-session-signal-fork/
?
I’ve done my research.
I’m relatively confident that they well do the things they’ve promised.
https://getsession.org/blog/session-protocol-v2
Session has responded to that blog post, mostly debunking it. There is also a response from Soatok to their response, and they edited their original response afterward to address Soatok’s response to Session’s original blog post. Session was also audited by third parties, which had already pointed out some of the things Soatok mentioned in his blog post, and that does not mean Session is insecure or unable to compete with SimpleX, Threema, DeltaChat, Briar, and many other “private messengers.” Signal requires a phone number, which in Germany where I live, is by law attached to your identity and is also a unique identifier and an attack surface. I use and prefer Signal over Session, but Signal also has many small flaws.
https://soatok.blog/2025/01/20/session-round-2/
https://getsession.org/blog/a-response-to-recent-claims-about-sessions-security-architecture
I will also not continue this conversation further if nothing that I have not already clarified is brought up.
Its interesting that you assumed that my objections stemmed from technical problems. Why is that?
Its not, its from usability and trust and poor decisions.
The fact that they’re going to run out of money and the entire platform will just cease to exist is itself my primary objection, much the same as Signal and other centralized services.
The fact that it even costs so much to run is another.
And thirdly, their involvement in crypto shenanigans is an instant dealbreaker.