Oddbean new post about | logout
Kanzan | 1 months ago (raw) | root | parent | reply | flag +1 
 Is there any way to verify how many servers Session is running?
I don't think they're financial model (shitcoining) is working out for them and oxen is running them all.
I run my own Simplex relays.

AND they're not using double ratchet encryption. intercepted messages can be decrypted if an adversary gets access to the sending device.
Simplex uses model Signal encryption.

so a small number of servers run by a single entity not using modern encryption.

doesn't sound very secure to me.
I'd prefer a organization with a viable financial model.
Jacob | Five Eye Tea | 1 months ago (raw) | root | parent | reply | flag +1 
 I don't know. Possibly, but I have no idea.

Also, I don't know how we can hate on Oxen/Session Token when it's pretty much touted as primarily being used as a means of securing the network. Having the network 100% open is one of Tor's main weaknesses due to sybil attacks, something far less likely on Session. Plus, the onion routing aspect means your packets are fully decentralized and anonymized.

That said, I do agree that Session should have kept PFS but due to how the network works, it'd be difficult to decrypt enough messages to deanonymize.
Kanzan | 1 months ago (raw) | root | parent | reply | flag 
 I don't mind if that's how they incentivize people to help secure their network *if it works.* 
I'm just pointing out that it doesn't seem to have actually succeeded in doing that.

And as far as anybody can tell, it's only them running nodes, so it's basically a single centralized third party.

That said, I have used Session and it's improved a lot. The UX used to be terrible, but now it's pretty nice.
It just seems like their security model didn't work out the way they hoped it would.