1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
|
#+title: Session Private Messenger
#+date: 2020-03-25
#+description: Exploring the Session Private Messenger application.
#+filetags: :privacy:
* Privacy Warning
The company behind Session (Loki Foundation) is from Australia. If you
didn't know, Australia has introduced
[[https://parlinfo.aph.gov.au/parlInfo/download/legislation/bills/r6195_aspassed/toc_pdf/18204b01.pdf][legislation]]
mandating companies comply with government requests to build backdoor
access into applications. For more information, read my article on
[[./2020-01-25-aes-encryption.html][AES Encryption]].
* About Session
[[https://getsession.org][Session]] is a private, cross-platform
messaging app from the [[https://loki.foundation][Loki Foundation]]. As
someone who has spent years looking for quality alternatives to major
messaging apps, I was excited when I first heard about Session. Reading
through [[https://arxiv.org/pdf/2002.04609.pdf][Session's white paper]],
you can learn the technologies behind the Session app. Part of the
security of Session comes from the Signal protocol, which was forked as
the origin of Session.
#+begin_quote
Session is an end-to-end encrypted messenger that removes sensitive
metadata collection, and is designed for people who want privacy and
freedom from any forms of surveillance.
#+end_quote
In general, this app promises security through end-to-end encryption,
decentralized onion routing, and private identities. The biggest change
that the Loki Foundation has made to the Signal protocol is removing the
need for a phone number. Instead, a random identification string is
generated for any session you create. This means you can create a new
session for each device if you want to, or link new devices with your
ID.
Since Session's website and white paper describe the details of
Session's security, I'm going to focus on using the app in this post.
* Features
Since most people are looking for an alternative to a popular chat app,
I am going to list out the features that Session has so that you are
able to determine if the app would suit your needs:
- Multiple device linking (via QR code or ID)
- App locking via device screen lock, password, or fingerprint
- Screenshot blocking
- Incognito keyboard
- Read receipts and typing indicators
- Mobile notification customization
- Old message deletion and conversation limit
- Backups
- Recovery phrase
- Account deletion, including ID, messages, sessions, and contacts
* Downloads
I have tested this app on Ubuntu 19.10, Android 10, macOS Monterey, and
iOS 15. All apps have worked well without many issues.
Below is a brief overview of the Session app on Linux. To get this app,
you'll need to go to the [[https://getsession.org/download/][Downloads]]
page and click to link to the operating system you're using.
For Linux, it will download an AppImage that you'll need to enable with
the following command:
#+begin_src sh
sudo chmod u+x session-messenger-desktop-linux-x86_64-1.0.5.AppImage
#+end_src
#+caption: Session Download Options
[[https://img.cleberg.net/blog/20200325-session-private-messenger/session_downloads.png]]
* Creating an Account
Once you've installed the app, simply run the app and create your unique
Session ID. It will look something like this:
=05af1835afdd63c947b47705867501d6373f486aa1ae05b1f2f3fcd24570eba608=.
You'll need to set a display name and, optionally, a password. If you
set a password, you will need to enter it every time you open the app.
#+caption: Session Login (Linux)
[[https://img.cleberg.net/blog/20200325-session-private-messenger/session_linux_login.png]]
#+caption: Session Login (macOS)
[[https://img.cleberg.net/blog/20200325-session-private-messenger/session_macos_login.png]]
#+caption: Password Authentication
[[https://img.cleberg.net/blog/20200325-session-private-messenger/session_password_authentication.png]]
* Start Messaging
Once you've created your account and set up your profile details, the
next step is to start messaging other people. To do so, you'll need to
share your Session ID with other people. From this point, it's fairly
straightforward and acts like any other messaging app, so I won't dive
into much detail here.
** macOS
#+caption: macOS Conversations
[[https://img.cleberg.net/blog/20200325-session-private-messenger/session_macos_conversations.png]]
One key feature to note is that the desktop application now provides a
helpful pop-up box explaining the process that Session uses to hide your
IP address:
#+caption: IP Address Help Box
[[https://img.cleberg.net/blog/20200325-session-private-messenger/session_ip.png]]
** iOS
The mobile app is quite simple and effective, giving you all the
standard mobile messaging options you'd expect.
#+caption: iOS App
[[https://img.cleberg.net/blog/20200325-session-private-messenger/session_ios.png]]
* Potential Issues
I've discovered one annoying issue that would prevent from using this
app regularly. On a mobile device, there have been issues with receiving
messages on time. Even with battery optimization disabled and no network
restrictions, Session notifications sometimes do not display until I
open the app or the conversation itself and wait a few moments. This is
actually one of the reasons I stopped using Signal (this seems fixed as
of my updates in 2021/2022, so I wouldn't worry about this issue
anymore).
Looking for another messenger instead of Session? I recommend Signal,
Matrix, and IRC.
|
