Anøm claimed to offer total security — but claims are worthless without independent verification.

We make some big claims too: we're onion-routed and decentralised with anonymous sign-up.

The difference is, our security audit by @quarkslab@twitter.com proves it.

nytimes.com/2021/06/08/world/a

Follow

You can check out our audit here 👇

getsession.org/session-code-au

· · Mastodon Twitter Crossposter · 1 · 1 · 2

@session
TL:DR

Better than

being in a 5-eyes country, might still be forced to give out metadata (connections between users) to authorities.

Until there is full decentralization of servers I would still go for or

@nmke_de @session

Yes got a great update recently. is cool too.

However many people require asynchronous comms, so not comparing.

@jcast
@session

1. Is this a #Signal fork?

2. Any particular reason for it not to be in *the* #FDroid repo?

The real value of that repo lies on its strict acceptance and listing policies.

@0 @session

Yes, it was forked from Signal afaik.
I think you can get it from @IzzyOnDroid repo.
The proliferation of repos will blur the lines, but that's the price of decentralization.

@0 @session

1. Yes
2. Non-Free dependencies (GMS, Firebase)

Wish more apps would drop FCM in favor of @unifiedpush – whoever then wants to stick with FCM still can, others can use e.g. Gotify-UP from #fdroid – and F-Droid could include such apps.

3. @jcast is right: apt.izzysoft.de/fdroid/index/a

Thanks @IzzyOnDroid 👍

It's always good to know why a given app hasn't made the cut for the #FDroid repo.

In this case I'm very much uninterested in the service or technology anyway, but still curious enough to keep an eye on who's out there doing what. 🙂

@session @jcast

@0 @session @jcast using the web browser with my repo you can always figure such things for apps available there: scroll down to the APK details, toggle the library section open, and check fo all those ⓉⓃⒹs 😉 Especially the latter – as other than with F-Droid itself, with my repo they usually mean the app itself contains a non-free library.

@NBN @0 @session

Weird decision. Not able to keep up with fdroid requirements? Smooth.

@jcast @NBN @0

F-Droid wants all our dependencies to be hosted in a few specific places. We inherit a bunch of the dependencies from Signal, so moving them would be a huge amount of work. We'd also have to remove anything that uses Google services, like FCM (which means no push notifications anymore for anyone using F-Droid).

@session

Thank you for clarifying. It does go to show that #Signal is just as “free” as #Whatsapp.

Technologically it's nowhere near as proven as #XMPP, which twenty years later still remains the answer for instant messaging and presence.

@jcast @NBN

@NBN

Yeah I'd seen that. That's why I said *the* #FDroid repo. ☝️

@jcast @session

@0 @jcast

1. Yes

2. Same reason Signal isn't — basically we need to refactor a lot of their code and it isn't worth the time.

@Br0m3x

Was not aware at all, never got one, even when using Tor. Thanks for calling out.

From the discussion in github, they seem to support *any* captcha, not specifically reCaptcha, but disappointing anyway.

@jcast @session

Let's say 14 Eyes instead of 5 Eyes, since that jurisdictional issue extends to those countries in most ways as well :)

Finland, Seychelles, Romania, San Marino all have pretty good privacy laws, yet some of them are still listed as 3rd party nations due to their association w/NATO.

Even a business based in a 5 Eyes (perhaps 14 Eyes) country may be subject to compliance with Intelligence agencies even if their physical infrastructure assets are located outside of this sphere.

Security is relative, so the first question one needs to ask is, "What is it that is occurring on the machinery or network that needs to be safeguarded?"

For example, Finland has great privacy laws, but blocking/filtering Pr0n is an option for providers in that country.

Germany (a 14 Eyes nation), is quite strict with software piracy and copyright infringement.

Romania, purportedly has very strong privacy laws and favored by many, but it's also not really a friendly place for pr0n. Romania also rejects EU regulations to the contrary of their own privacy regulations as unlawful.

A lot of people like Switzerland and The Netherlands, but the latter falls squarely within the 9 Eyes layer of the lasagna.

Again, it's important to check the country of registration of the provider too.

I like to examine exactly what it is that the customer does or is looking to do, and then make determinations upon that and other information I have for them.

Most folks having, nothing to worry about other than which country they want their IP addy's originating from for the television programming they're interested in, or perhaps some cryptocurrency accounts or other VoIP or banking activities.

Very few domestic terrorists exist in comparison to folks who are either just paranoid or insist on their right to privacy as a matter of principle, and if I ever had a customer that I found was some kind of terroristic miscreant I would likely save the government the court costs and simply dispatch them to Valhalla myself.

@tallship @session
Well being centralized makes it extremely easy to systematically gather metadata and gag the service provider.

That is more difficult with small or self hosted provider, or at least it doesn't tend to happen.

The 5 eyes countries are more assiduous and aggressive in this.

@tallship @session
I'm talking about intelligence agencies not sys admins.

@tallship @session

Privacy law don't apply to intelegence agencies, in many places they're above the law, and nearly always above accountability.

Big data companies can afford to say they comply and then covertly send data to their home country. There was a report on MicroSoft in EU regarding how untraceable is the sensitive data they process... MS is linked to PRISM are so this is not just simple people worrying, nations are affected and lose power, control and governance.

@jcast

I don't think big data companies sending data to their corporate headquarters in the country they're registered with is much of a concern, considering the fact that most folks have, by virtue of agreeing to the Terms of Service before they were permitted to use big data company's free social network, granted express permission to sell commercially that users private information.

Law enforcement doesn't need a warrant to obtain the locations you visited and the timestamps from your cellular provider when they can just buy it (giving them **probable cause**) from the clearing houses big data company sold your data to 📡☠️

You tell people that they're just willfully bending over so they can take it dry right up their puckered hoosegows by these companies - Microsoft, Faceplant, Twatter, Google.... and they just smile and say they understand, as if it's not happening to them.

It's happened to all of us in varying degrees of having been violated.

@session

#tallship #Vger #privacy #data_mining



.
randomTemp19109917856992251366.…

@emunster @session

And yes EU governments that have leverage are taking notice and acting.

@jcast @emunster @session

Acting like this? ;)

https://pleroma.cloud/notice/A8QLhNCyYMf1sNzdaa

I suppose we just gotta have a little bit of faith in our Governments to do the right thing and then everything will be alright, lolz.

@tallship @session @emunster

Ahah Portugal hardly has any leverage. But again governments having such secret or not so secret data sharing agreements is not new unfortunately.

@tallship @session @emunster

Governments have contradictory actions often, like enforcing GDPR and forcing companies to have data centers in Europe on one hand and then using Microsoft to treat medical data and having secret data sharing agreements.

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!