diff options
Diffstat (limited to 'blog/2020-03-25-session-messenger.org')
| -rw-r--r-- | blog/2020-03-25-session-messenger.org | 127 |
1 files changed, 127 insertions, 0 deletions
diff --git a/blog/2020-03-25-session-messenger.org b/blog/2020-03-25-session-messenger.org new file mode 100644 index 0000000..5e79ab9 --- /dev/null +++ b/blog/2020-03-25-session-messenger.org @@ -0,0 +1,127 @@ +#+date: 2020-03-25 +#+title: Session Private Messenger + +* Privacy Warning + +The company behind Session (Loki Foundation) is from Australia. If you didn't +know, Australia has introduced [[https://parlinfo.aph.gov.au/parlInfo/download/legislation/bills/r6195_aspassed/toc_pdf/18204b01.pdf][legislation]] mandating companies comply with +government requests to build backdoor access into applications. For more +information, read my article on [[./2020-01-25-aes-encryption.html][AES Encryption]]. + +* About Session + +[[https://getsession.org][Session]] is a private, cross-platform messaging app from the [[https://loki.foundation][Loki Foundation]]. As +someone who has spent years looking for quality alternatives to major messaging +apps, I was excited when I first heard about Session. Reading through [[https://arxiv.org/pdf/2002.04609.pdf][Session's +white paper]], you can learn the technologies behind the Session app. Part of the +security of Session comes from the Signal protocol, which was forked as the +origin of Session. + +#+BEGIN_QUOTE +Session is an end-to-end encrypted messenger that removes sensitive metadata +collection, and is designed for people who want privacy and freedom from any +forms of surveillance. +#+END_QUOTE + +In general, this app promises security through end-to-end encryption, +decentralized onion routing, and private identities. The biggest change that the +Loki Foundation has made to the Signal protocol is removing the need for a phone +number. Instead, a random identification string is generated for any session you +create. This means you can create a new session for each device if you want to, +or link new devices with your ID. + +Since Session's website and white paper describe the details of Session's +security, I'm going to focus on using the app in this post. + +* Features + +Since most people are looking for an alternative to a popular chat app, I am +going to list out the features that Session has so that you are able to +determine if the app would suit your needs: + +- Multiple device linking (via QR code or ID) +- App locking via device screen lock, password, or fingerprint +- Screenshot blocking +- Incognito keyboard +- Read receipts and typing indicators +- Mobile notification customization +- Old message deletion and conversation limit +- Backups +- Recovery phrase +- Account deletion, including ID, messages, sessions, and contacts + +* Downloads + +I have tested this app on Ubuntu 19.10, Android 10, macOS Monterey, and iOS 15. +All apps have worked well without many issues. + +Below is a brief overview of the Session app on Linux. To get this app, you'll +need to go to the [[https://getsession.org/download/][Downloads]] page and click to link to the operating system +you're using. + +For Linux, it will download an AppImage that you'll need to enable with the +following command: + +#+BEGIN_SRC sh +sudo chmod u+x session-messenger-desktop-linux-x86_64-1.0.5.AppImage +#+END_SRC + +#+CAPTION: Session Download Options +[[https://img.0x4b1d.org/blog/20200325-session-private-messenger/session_downloads.png]] + +* Creating an Account + +Once you've installed the app, simply run the app and create your unique Session +ID. It will look something like this: +=05af1835afdd63c947b47705867501d6373f486aa1ae05b1f2f3fcd24570eba608=. + +You'll need to set a display name and, optionally, a password. If you set a +password, you will need to enter it every time you open the app. + +#+CAPTION: Session Login (Linux) +[[https://img.0x4b1d.org/blog/20200325-session-private-messenger/session_linux_login.png]] + +#+CAPTION: Session Login (macOS) +[[https://img.0x4b1d.org/blog/20200325-session-private-messenger/session_macos_login.png]] + +#+CAPTION: Password Authentication +[[https://img.0x4b1d.org/blog/20200325-session-private-messenger/session_password_authentication.png]] + +* Start Messaging + +Once you've created your account and set up your profile details, the next step +is to start messaging other people. To do so, you'll need to share your Session +ID with other people. From this point, it's fairly straightforward and acts like +any other messaging app, so I won't dive into much detail here. + +** macOS + +#+CAPTION: macOS Conversations +[[https://img.0x4b1d.org/blog/20200325-session-private-messenger/session_macos_conversations.png]] + +One key feature to note is that the desktop application now provides a helpful +pop-up box explaining the process that Session uses to hide your IP address: + +#+CAPTION: IP Address Help Box +[[https://img.0x4b1d.org/blog/20200325-session-private-messenger/session_ip.png]] + +** iOS + +The mobile app is quite simple and effective, giving you all the standard mobile +messaging options you'd expect. + +#+CAPTION: iOS App +[[https://img.0x4b1d.org/blog/20200325-session-private-messenger/session_ios.png]] + +* Potential Issues + +I've discovered one annoying issue that would prevent from using this app +regularly. On a mobile device, there have been issues with receiving messages on +time. Even with battery optimization disabled and no network restrictions, +Session notifications sometimes do not display until I open the app or the +conversation itself and wait a few moments. This is actually one of the reasons +I stopped using Signal (this seems fixed as of my updates in 2021/2022, +so I wouldn't worry about this issue anymore). + +Looking for another messenger instead of Session? I recommend Signal, Matrix, +and IRC. |