Oddbean new post about | logout
 Yes I agree it sucks he removed forward secrecy.
Yes I agree that simpleX hides metadata better when BOTH parties want to be invisible.
Yes I agree that he should make the pin and notification on devices would be good.
Yes I agree it would be better if you could pick your entrance node like Tor.

This isn’t a real debate because I have no say in what KeeJef does.  Remember, I am a USER of session, and NOT a developer.  So my goal is to educate people on the pros and cons.  We use a Session bot we made to distribute content, I’d like to do the same for SimpleX in the future.  But I’m not going to do it if it’s a toxic culture.

What I do like about Session is a complete separation of physical locations from identity or communication, the ability to own your identity like a crypto wallet, and rotate the key to a new identity via the blockchain.  As we outlined in our uncensored discussion for it’s use on a VPS.
http://simplifiedprivacy.com/uncensored
This makes Session more suited for pure censorship, unlike simpleX with government domain name identities.

If you think about it, SimpleX heavily relies on a secure off-band mode of communication to begin with, to prevent bogus URLs from being sent as man in the middle.  Now, you said you’re adding PGP keys, and that’s great.  I look forward to it.  But I’m still relying on the regular government internet stack to deliver me the public key.

SimpleX excels at TWO way anonymity.
Session excels at ONE way anonymity, since anyone can quickly tap into your blockchain name and verify it easily.  Many people in life may want to be invisible, but in most cases you don’t.
A journalist doesn’t want to be invisible, I want to know that I’m talking to the right journalist.
A crypto-trader doesn’t want to be invisible, I want to know that I’m sending funds to the right trader.
Additionally, users can achieve the same thing as SimpleX by having multiple Session identities on Linux.

I like SimpleX, and I’m excited you have made progress.  I’m NOT saying don’t use it.  I’ve just grown frustrated over the last few months with the simpleX linux clients having errors that caused me to abandon accounts, which makes the whole thing real vulnerable to phising attacks.  As I mentioned in chat previously, SimpleX’s reliance on android first is one I disagree with as mobile devices are not secure.  Also, the motivation to host your own server is somewhat confusing, if using your own server causes you to stand out.  I hope your voucher system fixes this.

At the end of the day, I’m not looking to cause fighting for the sake of drama.  I get excited about freedom technology for the love it.  I wonder if you bashing Session 24/7 while adopting very similar features is in the same vein.  I think KeeJef should be the one to debate with you, not me.