Is it a good idea to use session messenger which is based on Lokinet inside Whonix or better not? Is this TOR over TOR?
That would be similar to:
It can most likely be used in Whonix:
(Whonix is based on Kicksecure.)
(But I am not saying (yet) that it should be. I haven’t researched Session enough yet. First impression however is very good.)
Session disabled forward secrecy:
Has no support for wayland:
Session messenger is quite centralized - they can block your account without the ability to create a new one.
If we block your account for a breach of our Terms, you will not create another account without our permission.
And here are some interesting thoughts on Session and LokiNet:
I am not sure that follows. Maybe that text was written by lawyers. Or copied from somewhere. That certainly doesn’t sound nice. I would hope by that, they means a blocked account on their centralized project website getsession.org
in case of opening a support request [1] (or perhaps a forum in the future or something). Or maybe their GitHub organisation.
You could ask them on GitHub for clarification.
I sent them a message. I will post their response if they get back to me
Probably best to ask on GitHub. That way it’s in public and their reply is verifiable for all readers, we can document and use their statement + hyperlink as a reference / evidence.
I will wait for their response (they write “up to 48 hours”). Then, I will ask on github (or ask why nobody answered me and what’s going on)
I received a response from the support service. It seems you are right. They told me that account blocking is only possible in group chats.
taken from this forum Messengers in wiki - Website - Kicksecure Forums
Good read, thanks for sharing.
yeah the removal of PFS was a red flag which i posted here in 2022 (with other tickets), and from that time never looked back at session to be anything new or better.
Specialists from PrivacyGuides have removed Session and Element/Matrix from the list of recommended messengers The Best Private Instant Messengers - Privacy Guides. The main reason for the removal is the lack of forward secrecy:
These messengers do not have forward secrecy, and while they fulfill certain needs that our previous recommendations may not, we do not recommend them for long-term or sensitive communications. Any key compromise among message recipients would affect the confidentiality of all past communications.
Old
Now
ps @Patrick, I will mention the problem of forward secrecy in the Matrix and Element sections and add a links in wiki Instant Messenger Chat. And I will remove the duplicate mention of CVE in the Matrix section.