Remove Session from Instant Messaging

Why should this tool be removed?

Now that SimpleX has IP protection, Session isn’t needed anymore, (is there a use case where it could be useful?)
Even Signal could be removed, but since SimpleX is VC Funded (Signal is not) and many people use Signal (hard to get them to switch), it might be a while to wait.

Session meets PG criteria, removing it would require changing it.

2 Likes

Most people just need their conversations encrypted. You don’t need to be anonymous to your co-workers/friends/family.

Threema meets PG criteria. It isn’t added because PG prefers quality over quantity and dont want to “divide” user base more than it already is.

Large group chats?

(to be honest I personally wouldn’t really have a problem with adding Threema nowadays too, but that’s a separate discussion)

1 Like

Threema is centralized, the servers aren’t open-source, it doesn’t offer anything that current recommendations don’t offer, and it also costs money.

3 Likes

It offers various things other messenger apps don’t offer (clear business model, option to make polls, etc.) But as @jonah said, this is not the place to discuss it.

SimpleX is currently working on large groups, communities and public channels:

SimpleX is also working right now in “Improve experience for the new users” (according to their GitHub page, the link you shared)

Session shouldn’t have been there from the first place, very sketchy background.

I am glad that SimpleX is improving, very good news for the privacy community.

There’s an argument to be made specifically for messengers that because not everyone uses every messenger, it might be beneficial to list more messengers and not just the absolute best one. Also wouldn’t be opposed to guides on very popular ones like WhatsApp since they can be configured to be more private than they are ootb.

2 Likes

Session’s CTO responded here to someone asking about it. He makes good points. x.com

Could you just post a reply here? Many of us don’t want to create an account on that garbage platform just to read a post or a reply.

2 Likes

Sure!

1 Like

User: Now that SimpleX offers IP protection (its main criticism), is there any case where it is still better to use @ Session, @ JefferysKee? Is there anything Session still has?Does [sic] Session have any advantages over simplex in any respect?

Session CTO (Kee Jefferys): Depends on what percent of SimpleX Chat users are using self hosted relays? I assume a very small percent. For the majority of users this “Private routing” adds very little privacy, since both servers in your route will likely be run by SimpleX Chat LTD.

In this case it would be fairly simple to correlate the routes? Compared to Session where there’s a network of 2000+ community operated nodes which participate in 3 hop Onion Routing for all users. Maybe I’m wrong about the details?

User: I don’t think it would be easy to correlate (see picture).
Don’t you think is a matter of time SimpleX users start operating nodes in a similar quantity as your’s? Is cheaper than running a Session node. And people will run them even if they don’t get rewarded, altruistically. [Quote from SimpleX blog announcement:] “At the same time, the relays chosen by the sending clients to forward the messages cannot observe to which connections (messaging queues) the messages are sent, because of the additional layer of end-to-end encryption between the sender and the destination relay, similar to how onion routing works in Tor network, and also thanks to the protocol design that avoids any repeated or non-random identifiers associated with the messages, that would otherwise allow correlating the messages sent to different connections as sent by the same user. Each message forwarded to the destination relay is additionally encrypted with one-time ephemeral key, to be independent of messages sent to different connections.”

An [sic] from SimpleX FAQ: There will also be a revenue-sharing model from customers to network operators, to provide an incentive for them to continue running nodes, which will increase decentralization and reliability of the network.

CTO: If relay A knows the exact packets it will send to relay B, then all relay B needs to do is listen for those exact packets and the path is correlated, assuming A and B are run by the same operator. Seems to be a very trivial deanonimisation technique. Above protections dont help?

Most people won’t run relays, look at any public access network like Tor, or federated protocols like Matrix, 99% of users use someone else’s server. I don’t see this changing dramatically in the future

[Answering SimpleX FAQ]: Making relays pay for use without clever monetization can make things worse, centralizing use around free servers. There’s very few successful paid only messengers.

1 Like

I thought if you wanted onion routing on simplex then you would just put your traffic through tor. They even seem to have an option for that in the official client?

Yeah there’s an option to route through proxy SOCKS and activate only .onion hosts.

According to this, maybe we should wait until there are more servers hosted, or at least until the code is audited. What do you think, @jonah?

To be fair at least in the main chat correlation attacks discussed very vaguely. Especially the certificate forging for fake relay points. My opinion is that this is a naiscant project but it really has a few issues to solve, main one being it’s completely centralized no external relays are allowed. Also usability and battery drain on devices is getting better but you cannot use it as an instant messager yet.

Polls are an option in Element iirc