Session Private Messenger

Is it a good idea to use session messenger which is based on Lokinet inside Whonix or better not? Is this TOR over TOR?

1 Like

That would be similar to:



It can most likely be used in Whonix:

(Whonix is based on Kicksecure.)

(But I am not saying (yet) that it should be. I haven’t researched Session enough yet. First impression however is very good.)

2 Likes
1 Like
1 Like

Session disabled forward secrecy:

Has no support for wayland:

2 Likes
2 Likes

Session messenger is quite centralized - they can block your account without the ability to create a new one.

If we block your account for a breach of our Terms, you will not create another account without our permission.

And here are some interesting thoughts on Session and LokiNet:

3 Likes

I am not sure that follows. Maybe that text was written by lawyers. Or copied from somewhere. That certainly doesn’t sound nice. I would hope by that, they means a blocked account on their centralized project website getsession.org in case of opening a support request [1] (or perhaps a forum in the future or something). Or maybe their GitHub organisation.

You could ask them on GitHub for clarification.

[1] Submit a request – Session - English

1 Like

I sent them a message. I will post their response if they get back to me

2 Likes

Probably best to ask on GitHub. That way it’s in public and their reply is verifiable for all readers, we can document and use their statement + hyperlink as a reference / evidence.

1 Like

I will wait for their response (they write “up to 48 hours”). Then, I will ask on github (or ask why nobody answered me and what’s going on)

2 Likes

I received a response from the support service. It seems you are right. They told me that account blocking is only possible in group chats.

2 Likes

taken from this forum Messengers in wiki - Website - Kicksecure Forums

3 Likes

Good read, thanks for sharing.

yeah the removal of PFS was a red flag which i posted here in 2022 (with other tickets), and from that time never looked back at session to be anything new or better.

3 Likes

Specialists from PrivacyGuides have removed Session and Element/Matrix from the list of recommended messengers The Best Private Instant Messengers - Privacy Guides. The main reason for the removal is the lack of forward secrecy:

These messengers do not have forward secrecy, and while they fulfill certain needs that our previous recommendations may not, we do not recommend them for long-term or sensitive communications. Any key compromise among message recipients would affect the confidentiality of all past communications.

Old

Now

ps @Patrick, I will mention the problem of forward secrecy in the Matrix and Element sections and add a links in wiki Instant Messenger Chat. And I will remove the duplicate mention of CVE in the Matrix section.

2 Likes