Signal is fine, stop with the FUD. Why not make posts about how session uses the Google notification servers, if you actually want to receive messages?
You have the option which way you decide to receive notifications.
Android
Session’s Android client has two options for notifications: background polling, and Firebase Cloud Messaging.
If you choose the background polling method, the Session application runs in the background and periodically polls its swarm for new messages. If a new message is found, it is presented to the user as a local notification.
If you choose Firebase Cloud Messaging (FCM), Session will use Google’s FCM push notification service to deliver push notifications. Your device IP and device ID are exposed to Google and a push notification server. The push notification server also knows your Session ID. However, this doesn’t mean much, because Google already knows your device IP and ID, and as long as you keep your Session ID private, the push notification server can’t do much with that information. Neither Google nor the Loki Foundation can see the contents of your messages, who you’re talking to, or exactly when messages are received.
The app explicitly tells me to not use background polling, because it doesn't work well.
So either signal gets phone number or google gets the fact that I'm using session. Neither service can't see the contents of my messages.
Do you know much about signal analysis? Comparing these two systems, if I'm to trust session and use FCM as it recommends, session is leaking more data. Especially if Signal is combined with a VPN.
I will add, ... use Signal or Session for all I care. If you are using stock Android or iOS it doesn't even matter. End to End encryption or Google-enabled notifications means jack shit if someone can peak into your device itself, which isn't even a question at this point.
Stock Android, when rooted, is good enough. You can kill extra services, install perimeter control, and tighten up SELinux. If you need more than that, you should be using a burner.
If I was a Lawyer, Cybersec employee, or any other person that needed pressing information alongside security, your "unreliable argument" might be compelling.
However since I am using Session to speak with normal people in which our conversations are not imperative to receive notifications of, availability is not a big loss.
Don't even come at me with those three primary components if you're not going to use situations to weigh each component differently.
Signal has it's place. It offers things that Session doesn't.. like VOIP.
But you're pulling weak arguments against Session that frankly seem emotionally driven in defense of Signal.
If I was a Lawyer, Cybersec employee, or any other person that needed pressing information alongside security, your "unreliable argument" might be compelling.
However since I am using Session to speak with normal people in which our conversations are not imperative to receive notifications of, availability is not a big loss.
Are you joking?
Why would I bother with security if what I was communicating was so unimportant that I don't care about availability?
What is the source for "keeping messages" on a central server? I thought the whole point was end to end encryption and messages were stored locally on devices, no? I thought I read that CIA have a back door for it anyways, but I'm not sure any digital communications is 100% secure if they really want your data. Would love some discussion on this. That being said, Session looks cool. Telegram is probably my next move after Signal though.
Signal relies on centralized servers that are maintained by Signal Messenger. In addition to routing Signal's messages, the servers also facilitate the discovery of contacts who are also registered Signal users and the automatic exchange of users' public keys. By default, Signal's voice and video calls are peer-to-peer.[17] If the caller is not in the receiver's address book, the call is routed through a server in order to hide the users' IP addresses.[17]
But even without your messages being sent to a central server, the fact that Signal requires a phone number and then scans your phone book is enough reason not to use it.
For Metadata, its can be more valuable for a company to build a relationship map with all your contacts - learning the frequency of activity between two or more parties and find degrees of separation - than to read your messages at times.
+1 on Session. Very easy to dump an account, easy to recover if you have the private key while being impossible if you don't. Easy to share. Managed to dump Whatsapp and get a surprise number of people onto Session.
Lacking a few minor features, but things always improving.
Signal is fine, stop with the FUD. Why not make posts about how session uses the Google notification servers, if you actually want to receive messages?
You have the option which way you decide to receive notifications.
The app explicitly tells me to not use background polling, because it doesn't work well.
So either signal gets phone number or google gets the fact that I'm using session. Neither service can't see the contents of my messages.
Do you know much about signal analysis? Comparing these two systems, if I'm to trust session and use FCM as it recommends, session is leaking more data. Especially if Signal is combined with a VPN.
I don't use FCM and Signal doesn't have my number, so your logic doesn't apply to me.
So you go against session's advice about how to use it? Opting for the unreliable method?
Security has three primary components, Confidentiality, Integrity, and Availability. Unreliable message delivery is an Availability failure.
This is just signal FUD from someone willing to accept a huge security fault, which you aren't disclosing up front.
I will add, ... use Signal or Session for all I care. If you are using stock Android or iOS it doesn't even matter. End to End encryption or Google-enabled notifications means jack shit if someone can peak into your device itself, which isn't even a question at this point.
GrapheneOS
CalyxOS
Those are your only options atm.
CalyxOS ships with Signal.
Stock Android, when rooted, is good enough. You can kill extra services, install perimeter control, and tighten up SELinux. If you need more than that, you should be using a burner.
That's a really weak argument.
If I was a Lawyer, Cybersec employee, or any other person that needed pressing information alongside security, your "unreliable argument" might be compelling.
However since I am using Session to speak with normal people in which our conversations are not imperative to receive notifications of, availability is not a big loss.
Don't even come at me with those three primary components if you're not going to use situations to weigh each component differently.
Signal has it's place. It offers things that Session doesn't.. like VOIP.
But you're pulling weak arguments against Session that frankly seem emotionally driven in defense of Signal.
Are you joking?
Why would I bother with security if what I was communicating was so unimportant that I don't care about availability?
What is the source for "keeping messages" on a central server? I thought the whole point was end to end encryption and messages were stored locally on devices, no? I thought I read that CIA have a back door for it anyways, but I'm not sure any digital communications is 100% secure if they really want your data. Would love some discussion on this. That being said, Session looks cool. Telegram is probably my next move after Signal though.
From their wiki:
But even without your messages being sent to a central server, the fact that Signal requires a phone number and then scans your phone book is enough reason not to use it.
For Metadata, its can be more valuable for a company to build a relationship map with all your contacts - learning the frequency of activity between two or more parties and find degrees of separation - than to read your messages at times.
+1 on Session. Very easy to dump an account, easy to recover if you have the private key while being impossible if you don't. Easy to share. Managed to dump Whatsapp and get a surprise number of people onto Session.
Lacking a few minor features, but things always improving.