Session Private Messenger - Really Understands Privacy!
Вставка
- Опубліковано 7 жов 2024
- The Session Private Messenger App is one of a select few platforms for hard core secure messaging that truly demonstrates real knowledge of privacy. This app knows that it's about data as well as meta-data, and understands the distinction between just security vs security and privacy.
Let me explain how this app and its entire infrastructure is different and why you should use it as your secure messaging platform instead of the many flawed but super popular apps like Signal, Whatsapp, and Telegram.
(This is not a sponsored video. This is my real opinion)
-----------------------------------
BraX2 Privacy Phone is now available on brax.me. Sign in to the platform to see the store.
-----------------------------------
Merch Store
my-store-c37a5...
-----------------------------------
I'm the Internet Privacy Guy. I'm a public interest technologist. I'm here to educate. You are losing your Internet privacy and Internet security every day if you don't fight for it. Your data is collected with endless permanent data mining. Learn about a TOR router, a VPN , antivirus, spyware, firewalls, IP address, wifi triangulation, data privacy regulation, backups and tech tools, and evading mass surveillance from NSA, CIA, FBI. Learn how to be anonymous on the Internet so you are not profiled. Learn to speak freely with pseudo anonymity. Learn more about the dangers of the inernet and the dangers of social media, dangers of email.
I like alternative communication technology like Amateur Radio and data communications using Analog. I'm a licensed HAM operator.
Support this channel on Patreon! www.patreon.co...
Contact Rob on the Brax.Me App (@robbraxman) for encrypted conversations (open source platform)
brax.me/home/rob Store for BytzVPN, BraxRouter, De-googled Privacy AOSP Phones, Linux phones, and merchandise
bytzvpn.com Premium VPN with Pi-Hole, Cloud-Based TOR Routing
whatthezuck.net Cybersecurity Reference
brax.me Privacy Focused Social Media - Open Source
Please follow me on
Odysee
odysee.com/$/i...
Rumble
rumble.com/c/r...
0:47 Session is more secure than Signal and Telegram
2:11 metadata
5:20 Session ID
7:43 no Central Server
8:44 Session traffic
9:25 Lybsodium Library
12:02 voice calling
13:05 voice recordings as attachments
13:35 storage
14:10 Session > Signal
15:00 Braxman social media app
16:00 Install Session
17:36 Generate the Session ID
18:28 if you lose Session ID
18:43 Oxen and Monero
Thanks fam 🙏🏽
@@cortspadet 😘
@@repeatish thanks man🙏🏻
Do you use it?
@@repeatish do you have Telegram? Can we talk on telegram?
Both thankful and grateful for your privacy tips Rob...keep up the good work :-)
You're obviously Morpheus of the UA-cam.
What do you mean by Morpheus?
@@julianocc you need to watch "The Matrix"
he's the Kazaa of UA-cam
do a meme with this and promote this channel. People need Rob's knowledge.
Yes, Morpheus of UA-cam. You now is Master of the words. Thank you.
When you don't know the technical stuff that matters............this man's advice is a good place to start.
Thanks to you, I never bring a phone with a SIM it on my person anymore! I just use my large, easier-to-read tablet if I HAVE TO consult the internet.
What is the OS of your tablet?
Excellent content. Session is by far the best privacy focused messenger!
SimpleX Chat?
Downloaded the app and really love it so far. I hope they will keep developing it
God bless you for tirelessly teaching people!
A really excellent informative video. I can't believe how much I've learned just from watching your videos. Keep them coming!
thank you Rob.. You have a natural leaning to freedom, and that is so appreciated
I appreciate you covering a product that competes with your own product.
Rob, you gotta do a video on the new Ring car camera. I know police & insurance companies will LOVE IT.
This is a great recomendation. Thank you Rob. It is a little nit more of a pain to get rolling but seems pretty bulletproof. Thank you
I tried session recently and thought it was good, apart from the poor notifications on Android and iOS if you choose not the use the Google or Apple services. (The use of which I cannot see is any different from metadata, Google or Apple will know every time you receive a session message, and this could be correlated will enough resources).
A small point, Telegram can be used without sharing your telephone number, the bad thing is that this is not the default.
How do u do that for tg?
To use any of these apps without using your phone number just use a soft phone number duh.
Telegram can be anonymous now. You do not need to register with a phone number. However you need to bid an account using their cryto currency. Bidding is now in the range of US$15 for one a/ac
This year we are hoping to look more into a robust solution for degoogled phones regarding notifications. Unfortunately most Android device manufactures servery limit the running of background tasks which means our background tasks which check for notifications get shutdown and the device is not notified quickly.
@@keejefferys2372grapheneOS
Can't wait for your Lokinet video :) Please, also show us how to set Session to start at startup on Win and Linux. There is no such option in the app.
It would be great if you could SHOW us how to do things, instead of just TELLing us. For example, show screenshots or a short video tutorial about the installation of an app, especially when you highlight that something might be tricky.
You are correct, but that is not his job. He covers a ton of privacy tech related topics and making a tutorial for a competitive product to his own privacy ecosystem is understandably not a privority.
I'll bet if he published his script, someone on here would be happy to volunteer to generate visuals for him.
It is no accident that you, Rob, have stopped showing up on my recommendations.
Rob, it is based in Australia, isn't that something of a concern.
This is awesome. Thanks for sharing this
A great video, sounds very similar to Jami messenger that has some pros and cons against Session when it comes to security. It would be interesting to your breakdown of Jami.
Could you please elaborate
Nice info Rob, Can you talk about Threema in future videos?
Is it a problem that’s it’s based in Australia? With the “AA Act”? And Ofcourse member of the Five Eyes.
What effect to the antiprivacy policies of the Australian government have on the privacy of Session?
Hello Rober
Who run Oxen nodes ? That's the point. How can be sure Oxen is not a honeypot ?
Rob you missed to tell, that Oxen (the company that developed Session) has its HQ in Melbourne. This means Oxen has to comply with Australian law! In 2019 the Australian government has passed a new piece of legislation that, at its core, permits government enforcement agencies to force businesses to hand over user info and data even though it’s protected by cryptography.
If firms don't have the power to intercept encrypted data for authorities, they will be forced to create tools to allow law enforcement or government to have access to their users’ data. Needless to say, this is unprecedented.
Session was a private & secure messaging app in the past, but not anymore with the current situation in Australia!
Since it is open source, the only effect of that would be move the presence of the infrastructure away from AU. It is out of the developer''s hands. The Oxen nodes can be located anywhere. The stupid leaders in AU think they can force decryption. We will watch but it's not executable and this world
@@robbraxmantechany updates about this?
Any updates?
I installed through Flatpack repository on my computer!
*I really enjoy all the videos that you do! Can i give you some feedback, though? Would you consider adding more Graphics, pictures, etc to your videos? It just draws are brain toward what you say and also feels less of a classroom setting and lecture, and it just allows the viewer to engage a little more. If not, i completely understand, no harm on asking :)*
he needs help with that. not everyone knows, maybe he doesn't make enough money to pay someone. Would be nice if fans would help. he could try Upwork to find someone there for less money than standard.
Thanks for the update and exceptional insights Rob. the thought occurs to me that perhaps session might be useful use as a paging service to share XMPP, chat links, and if it would be feasible to implement something like a connector object or app that would initiate XMPP chats into the Brax ecosystem?
Great content Rob, thank you...
Session is the best out there!
Always the best advice here !
Great channel , great knowledge !
Thank you
Would love a lokinet video 🙂
Some signal shills bash Session for not supporting perfect forwards secrecy but conveniently ignore to address that Session asks for nothing to create an account xd
Would love to hear another update considering the merge to Ethereum that is coming up..
Is Session still as good in 2024 as it was when you published this video?
edward snowden even says use signal... I have sessions as well but it's more complex as you said
Not anymore. Snowden says that Signal is no longer trustworthy.
@@SergeantExtremewhere did he say that?
@@experiment54 After Moxie Marlinspike stepped down as CEO, and Brian Acton took over in 2022.
@@SergeantExtreme thanks. What does he use now? SimpleX, threema, session?
he's still on the board and is an executive. He's just not the acting CEO anymore. @@SergeantExtreme
Thank you very much, was looking for an alternative to tell people.
your channel is great.
Thanks a lot for your contributions!!!!!!
I think Threema needs more attention. It's currently hard to use because few know about it.
Was thinking the same. I do not see any difference between session and threema
Thank for the information Brax.
You are very powerful. Thank you
Session has no Perfect Forward Secrecy (PFU) which is a basic requirement in cryptography for security and anonimity. It is a huge mistake. In Session you cannot change the database password to a stronger one than an unknown random, so AFU data extraction is more likely vs some others.
Your analysis may be fine for you but doesn't work for me and for the people I guide. The most sophisticated encryption has NO VALUE if I can identify who you are.
Good info, Rob. Do I understand correctly, then, that even on an iPhone Session meta-data would not be knowable to Apple?
that's correct. It goes through Lokinet (like TOR)
Please Braxman make a vid of Lokinet! :)
Tell me why that interests you. I don't know if will get views so that's my concern. . I did install Lokinet.
@@robbraxmantech I would be very interested in a video on Lokinet. I want to know if it could replace and be superior to using a VPN. I'm looking forward to the android release. I have yet to try the Linux version.
i also would be interested. i cant tell the difference between this and a vpn
If you share your Session ID on social media, couldn't someone search for the ID and find it linked to you?
Yes, it was noted that the second channel for sharing session id needs to be considered
i've heard criticism that erased messages have resurfaced when logged into a new device. Anyone able to verify?
Hi Rob, I seen some news the other day about government etc can read the information in the notifications when they are in transit to your phone. Have you talked about this?
Is this app owned by The Five Eyes (FVEY) is an intelligence alliance? Or is it actually decentralized?
Sounds great for private conversations though to communicate with most people, they use whatsapp. :-( I do wonder if the three letter agencies can see who downloads session. ~ X
ofc they do
I immediately said to all my friends and families to only talk thru session
The biggest issue with the Brax Phone is the substandard hardware Why is it that all "Secure devices" are always bottom of the barrel hardware when they ought to be top tier latest and greatest when they are launched
The only problem is that notifications on the iPhone don't work, regardless of whether you set them to fast or slow.
Session is nice! Good breakdown / video.🕶
Have this big question, what will ISP see when you are using session?
Hello Sir. What are your thoughts on a phone brand named "Vertu," and do you think the phones are as safe and secure as they have been marketed to be? If you have a moment, I would appreciate it if you could remark briefly. With best regards. Nero.
Rob, you say that Session is 100% open source, but why does F-droid mention as anti-feature that "The upstream source code is not entirely Free"?
As far as I know, all server code is on Github. Not true of Signal, Telegram, Whatsapp
@@robbraxmantech Maybe a mistake in F-droid. If so, it's a pity, as it can put people off on a wrong assumption.
Actually in F-droid docs "This does not mean that proprietary software is included in the app. Most likely, the F-Droid build has been patched in some way to remove the Non-Free code/libraries, and/or some functionality may be missing." But the interface doesn't make this very obvious.
If there are any variances to what I've posted, I'm hoping the session people will interject here directly. I've asked them to since I only know what I've researched.
This is due to the inclusion of Google play services for "Fast mode" notifications, users get the choice of which notification strategy to use when they download the app and setup and account for the first time. If slow mode notifications are chosen by the user then the Google play service code path is never visited. However F-droid flags this inclusion, even though its a completely optional code path that may never be visited.
Awesome thank you for sharing!
Session not based in Australia? And Australia have a anti encryption policy? 😮😮
Rob, is it possible to hide your computers hardware id serial in Linux? If yes, how?
I like your video.
Rob, What about Pryvate Messenger?
Does Briar still exist? Reviewed?
Use Session!
Would I use to pass my session ID with ease was create a QR code of just the hexadecimal code. And I passed the QR code to whomever I need to be in communications with. And then obfuscate QR code using an old school trick called, Steganography. 🤟🏾
Session generates the QR code for you already BUT of the PRIVATE KEY. LOL so not intended to be shared. It's for syncing up multiple devices
I'd be interested what makes xmpp better than matrix and how matrix fits in privacy wise
Matrix meta data centralized in Element. Matrix was not designed to hide meta data.
@@robbraxmantech Thank you for the insight.
Hello@@robbraxmantech
Element is the just the client no ? If the matrix server is not compromised, what is the risk ?
More the concern about session if who really run the oxen nodes that are really expensive as i read ? Could it be possible triple letters agencies ?
We need a video comparing matrix and session please
Can Sessions text and receive to/from non-secure messenger apps (sans security)? Or is it only useable if the other end has Sessions too? Signal's discouraging communicating with non-Signal apps. Kind'a reduces its use-case to zero?
Signal allowed SMS and took it out so now nothing can do that
Session to session only. Actually it is the same as most instant messenging apps. Not one major app can send and receive from other apps. Whatsapp can't. Signal can't. IOS's Imessage can't. Telegram can't. You name it and they all can't.
With Sekur messenger you can Chat by invite
On Windows when you install the app with Chocolatey in the user account, it is installed in the admin account, and you have no access to the app unless you switch to admin account :(
Have you reviewed Tox chat?
Thank you
Thanks Rob
What do you think about the Sekur messenger?
If you open/download media films on sessions is it stored on your device?
Thanks good info !
Thanks!
What are your thoughts on ricochet refresh?
Ricochet seems similar although claims to use tor rather than decentralized servers
Session has no Perfect Forward Secrecy (if 1 key gets bruteforced or decrypted you're fucked).
Session doesn't delete messages from its node swarm for at least 14 days, so even if you delete your own messages they can still be retrieved!
If Session would fix the 2 points above they would be the best IM app.
exist app without this "problem" ?
@@albertom75 Host your own XMPP server :) and be in control.
I researched that and that does not sound correct. You can clear data and it asks you if you want to clear data from the nodes. Perfect forward secrecy is stated in a comparison document. And that is not one of the issues raised in the audit document
Its a heart ach only fools play...................
It's worth pointing out that a 128-bit *private key* would be weaker because there are some tricks you can do to make it easier when you know that half the bits of the key are 0s. But that *isn't* what Session uses: rather it uses a 128-bit seed which then gets hashed to produce a 256-bit Ed25519 private key pair (then, for historical reasons that I wish weren't the case, this Ed25519 pubkey gets converted to an X25519 pubkey to force your Session ID, which is a bit of unfortunately Signal legacy).
So anyway: you have a 256-bit random quantity that only has 128 bits of entropy in it -- and because the hash function is cryptographically secure, you know nothing about the correlation of bits in that 256-bit value. Effectively what this means is that the keys are weaker for brute forcing, but that isn't really a concern with a 2^128 value. The weaknesses that would come from 128-bit keys, however, aren't happening in Session's key derivation scheme, because keys *aren't* 128-bit, they are still 256-bit.
(As an aside: Monero/Oxen seed words, on the other hand, *are* the private key directly, so for those, using a 12-word seed would indeed be a noticeable lessening of the key security).
is wechat dangerous for lets say european or american customers?
Better than Briar? :)
So which of these privacy messengers
Besides matrix can I get a username and password login
What do you think about Briar or SimpleX chat are those better than Session and what are the differences between them?
Briar at the moment is the best available app for privacy. Simplex is coming very close, but still uses servers in UK for messages in trasnit unlike Briar.
Does Session run on a Brax Phone? How well does Session work outside the US?
Session was invented in Australia.. session works great here in the mountains of Wyoming USA
what do you think about jami app?
How susceptible is Session to spam? Is there a way for those using an explorer or other tools to compile a list of public keys and spam them? Or is the network resistant to this? Anybody know?
Rob, what do u think about bitwarden password manger ?
I'm sure it's fine. I don't use it myself though
Do you have the same opinion as of today?
This is a new video
Well, 8 months old but got it 😊 What about Briar Rob?
What about Wire?
Rob, can dash cams also spy on us? if yes, please you do a video on it? Also, what about bluetooth stereos in vehicles?
Only if they have an internet connection. I dont think most do.
Do I have to pay for the app or is it free.
free
@@robbraxmantech thank you so much
First question that pops up in my head about the onion routing structure of lokinet is, "Is the same entry\exit node issues present the same way as tor entry\exit nodes are? As in, is it not just as possible to setup a final layer decryption exit node in order to gather the primary packet info which holds the identifiers?
I just want to ask a question about galaxyA13. Can this phone be degoogle
It depends on whether you can unlock the bootloader or not. As far as I know Galaxies are unlockabl in their international versions, but not in their US versions, or at least the option is obfuscated (I have read things like it appearing only a week after the dev options are opened or smthng like that; Idk I'm not in the US). After that you need to find a ROM compatible with your device model. Some Galaxies have them others don't. I'm still looking for one for my A31, although very close models like A32 have them.
You may try. I remember that I read some forum thread that people manage to unlock the bootloader with some tricks. Can't remember because I do not use that phone.
Latest version of Session allows you to set up a username really easily
I do not pay for signal
Did you say others you message must have the app as well 🤔?
Yes but it is really easy to install
Cheers Rob 👍
Keep up your Great work Man massive Respect 🙏⚔️🕊️
If and when I do , I'll have to convince anyone else to do the same , very time consuming my friend 😔
I really like the features , absolutely brilliant 👍
It took me nearly a year to get specific people to use signal 🤣
There must be a better way than that 🤔
My tech knowledge is very limited ,
What I do have now is just a c-phone , and am looking at getting a "D-G" phone in the future 🤔
Hope it works in my country new Zealand ?
I've shipped many BraX2 phones to NZ
@@robbraxmantech cool ,
Thank you man , oh how much $ ?
merci
There notifications is broken
SimpleX
It's available on the Google Store. How us that safe?
Everything is available on Google Play. So what's your point? You can clearly see in the video that you can install it without Google play. I don't have Google play on my de-Googled phone.
Huh, steak is available in grocery stores. How does Jim know that's safe? Beet go eat the bugs Jim, you know, for safety sake.
Here's an idea; just don't have any friends and communicate with family through carrier pigeons and number stations.
Kekw salted and hashed. Just like at a good diner.
I also recommend SimpleX. They have similar approach on messaging mechanism.
Session is amazing but it’s just getting people to switch to it that’s the issue
Great videos, my opinion, too long, shorten them and create more. Time is tight in the ioT world. Just saying
there is exaustion with switching messengers. signal not good enough? ok now everyone switch to sesssion. by the time they all do, the security of session might be obsolete as well.
k?