https://restoreprivacy.com/secure-encrypted-messaging-apps/session/
Desktop, Android and iOS apps
Lots of technical detail:
Session messenger is making a play for the position as the best secure messaging app. In this, it is going up against some intense
competition from the likes of Signal <https://restoreprivacy.com/secure-encrypted-messaging-apps/signal/> and the other top apps
we cover in our Best Secure and Encrypted Messaging Apps review <https://restoreprivacy.com/secure-encrypted-messaging-apps/>. In
this updated Session review, we’ll look at Session’s capabilities — both those active today and those comings soon.
Signal merits special mention in this Session review. That’s because Session is a fork
<https://en.wikipedia.org/wiki/Fork_(software_development)> of Signal, meaning that much of the guts of Session originally came
from Signal. This is excellent since Signal has long been considered the most secure of the secure messaging services. Thanks to
the excellent end-to-end (E2E) encryption provided by the Signal Protocol, Signal is about as secure as a messenger app can be.
But Signal isn’t as strong on privacy as it is on security. It collects some metadata and doesn’t have a corporate sponsor like
Facebook sucking up and monetizing that metadata. More importantly, *Signal requires you to submit a phone number* to create an
account. Signal also relies on central servers to manage message flow and hold the metadata it does collect.
Because Session is a fork of Signal, it inherited Signal’s strong security. From there, the Session team built an anonymized,
decentralized system that provides superior privacy and anonymity for its users. Are you ready to learn more about this challenger
for the throne of the best secure and private messenger app? Then let’s dive in with this Session review.
...
Concerns about Australia and data security
On the topics of privacy and the security of your data, we must discuss where Session is based. As noted above, Session is based
in Australia. Unfortunately, Australia is not a very good privacy jurisdiction for a few reasons.
As we recently discussed in our guide on the best VPNs for Australia <https://restoreprivacy.com/vpn/best/australia/>, the country
passed a law to undermine encryption and data security in 2018. Here’s a quick overview
<https://www.nytimes.com/2018/12/06/world/australia/encryption-bill-nauru.html> of this law:
The Australian Parliament passed a contentious encryption bill on Thursday
to require technology companies to *provide law
enforcement and security agencies with access to encrypted communications*.
Privacy advocates, technology companies and other
businesses had strongly opposed the bill, but Prime Minister Scott
Morrison’s government said it was needed to thwart
criminals and terrorists who use encrypted messaging programs to
communicate.
The Loki Foundation that is behind Session addressed this thorny issue in a blog post
<https://loki.network/2018/12/10/lokis-response-to-the-assistance-and-access-bill-2018/>:
Obviously, we were terrified when we first saw this bill. The potential for
the project to be entirely undermined by this
legislation did not go unnoticed. We had begun to consider how we might set
up failsafes to allow people to catch bad code
being injected into our codebase, or to pay someone external to Loki to do
regular inspections of our binaries that we release
and ensure they are not leaking extra information or mismatching the
codebase in some way. If we were to be issued a TCN
[Technical Capability Notice], we would not be able to tell anyone about
it. If we set up some sort of canary system, we could
be imprisoned. So whatever failsafe we did set up would have to be external
to Loki, and would have to be regularly auditing
us to make sure we haven’t been compromised before a TCN was issued.
Ultimately, the Loki Foundation believes they can still operate a secure messenger service in this perilous legal environment.
Their blog post <https://loki.network/2018/12/10/lokis-response-to-the-assistance-and-access-bill-2018/> on the topic really goes
deep into technical and legal details, which you can investigate if you have the time and inclination. In addition, they address
the issue in the FAQ topic titled, ” Does the Australian government’s anti-encryption stance pose a risk to Session?” as well as
in this update to their original blog post <https://loki.network/2019/12/06/the-assistance-and-access-bill-one-year-later/>.
...
Other privacy concerns with Australia
It’s also worth noting that the anti-encryption legislation is not the only
privacy issue that plagues Australia. Consider this:
* *Mandatory data retention* – In 2017, Australia implemented a mandatory
data retention framework. This forces all internet
providers and telephone companies to store connection data for government
agencies for a full two years.
* *Five Eyes* – We have also noted before that Australia is a member of the
Five Eyes
<https://restoreprivacy.com/5-eyes-9-eyes-14-eyes/> surveillance alliance.
This alliance works together to collect and share
mass surveillance data.
--
Kim Holburn
IT Network & Security Consultant
+61 404072753
mailto:[email protected] aim://kimholburn
skype://kholburn - PGP Public Key on request
_______________________________________________
Link mailing list
[email protected]
https://mailman.anu.edu.au/mailman/listinfo/link
