this post was submitted on 01 Jun 2024
46 points (96.0% liked)
Privacy
32159 readers
642 users here now
A place to discuss privacy and freedom in the digital world.
Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.
In this community everyone is welcome to post links and discuss topics related to privacy.
Some Rules
- Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
- Don't promote proprietary software
- Try to keep things on topic
- If you have a question, please try searching for previous discussions, maybe it has already been answered
- Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
- Be nice :)
Related communities
much thanks to @gary_host_laptop for the logo design :)
founded 5 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
The concept behind Session is nice, but the implementation is poor. im gonna give a full review here for future generations and their posterity and all that, since I have a lot of experience with it.
First if all, their org is based in Australia, one of the worst countries on earth for privacy. They have openly admitted that the government there can secretly force them to ship backdoored binaries and packages. Huge red flag.
Session runs on the oxen network, an onion relay that runs on crypto stakes instead of straight up volunteering. however, a node requires 15000 OXEN tokens to run, which currently is about 2500USD. in the past it was much more expensive. so the barrier of entry is high. you can say that it makes it more secure or less sure. i think they should lower it now that sybil attacks are much less likely, with most of the tokens locked up in nodes.
The oxen network is SLOW. I mean really slow. For conparison, try running both SimpleX over TOR, and Session, side by side, for a few days, you will notice a huge difference. Trying to message someone in Session is a crapshoot. you will either wait 1 second or 10 seconds for message delivery, sometimes more. I've experienced message delivery times of up to two minutes. Face paced messaging is not a thing.
the oxen network can stored messages for up to two weeks, and this is nice for that centralized app experience while being a decentralized app, when the sync works correctly. but also it may be uncomfortable for some people to keep them stored on-chain.
User experience is ABYSMAL in the long term. Device sync, message deletion, file transfer, just to name a few things that are buggy as hell, confusing, or plain dont work half the time. im not gonna go into it, let's just say that it can get sucky in the long term, weird stuff happens. messages may not be truly deleted either. And of course, we have the slow message delivery, among other little stupid bugs. it's definitely not a "just werks" app.
The UX is made worse by the fact that their apps are just poorly maintained forks of Signal. the phone app is okay I guess. the desktop app is worse. The desktop signal app was already not that great, just thrown-together Electron garbage. but Session didnt even bother to make their own electron app. And electron is extremely insecure by the way. and slow. not what you want for secure messaging. also the electron version hasnt been updated in a while, so there are many zero days in both signal and session apps. signal and session both screwed up on this whole thing.
Also somehow even though Signal accomplished it themselves, Session couldn't seem to accomplish Perfect Forward Secrecy while also keeping multi-device sync. Generally everything about the Session team screams "we aren't that smart"
Session has two notification settings, one is for google cloud messaging which does work with MicroG too, the other spins the app up once in a while and checks for messages. both of these have been unreliable for me in different instances though, especially in work profiles. but in main profile with microG it's actually 90%+ reliable to be honest.
Session has some good points. There are no signups obviously. The Session ID / User Id model is easy for newbies to understand. easier to share than a long af SimpleX link. even if buggy sometimes, you can easily link your ID with other devices and message from them, which is something that is not easy with SimpleX currently. it also provides you onion routing out of the box without having to run Orbot in the background which takes up a decent amount of battery power.
Recently-ish, Session/Oxen team announced that they are going to make a network overhaul at some point. Yet despite having built nothing at all yet, they have already minted an erc20 token and begun presales and all the usual crypto token bullcrap that comes with the standard scammy overtones of a lot of crypto projects and random eth tokens. It's pretty sad.
Overall, session is decent out of the box for a quick need but not for long term stable UX.
Yup, it's sad. Oxen is/was a Monero fork, with some actual privacy. Now their pivot to a centralized, VC-backed PoS like Eth that has no privacy is just overall disappointing. It more or less confirms my earlier suspicions that Session devs only care about enriching themselves. The "Sybil resistance" excuse for requiring such a high amount of capital to contribute a node is just a bunch of BS.
all good points.
yeahh i completely forgot that oxen is a monero fork. damn, the concepts behind the network were really good, the ideas and everything, and had a huge amount of potential, but just terrible choice after choice althroughout the implementation. sad indeed.