What do people think of #Session on here? https://getsession.org/

@Tutanota I've mentioned this before but SimpleX is more private secure and anonymous that signal threema and session.

SimpleX is decentralised meaning taking down a single group of servers or org wouldnt destroy the simplex network, people can run completely anonymous simplex servers over tor, this puts simplex ahead of Signal and Threema

SimpleX has quantum resistant encryption which puts it ahead of Threema and Session, the UK military[1] and NATO[2] both consider quantum computers to be a threat now because of store now decrypt later attacks

SimpleX has no user identifiers not even random strings, its essentially like having a "burner phone for every contact". Two or more compromised contacts could corroborate your messages by linking them to your signal username or your session id, but with simplex your contacts can't prove your identity even between eachother. This fact puts SimpleX above Signal Threema and Session

These technical details about the simplex protocol can all be found on the project website including the whitepaper[3]

[1]
https://www.ncsc.gov.uk/whitepaper/preparing-for-quantum-safe-cryptography

[2]
https://www.nato.int/docu/review/articles/2021/06/03/quantum-technologies-in-defence-security/index.html

[3]
http://isdb4l77sjqoy2qq7ipum6x3at6hyn3jmxfx4zdhc72ufbmuq4ilwkqd.onion/

#SimpleX #Threema #Signal #Session #PSA #Privacy #Security #Anonymity #NATO #UnitedKingdom #Tor #QuantumResistantEncryption

@Tutanota #molly #session are best alternative of waatapp 😁

This week in #FDroid (TWIF) is brought to you by SSSE3:

* Polish app guide? Fennec has great translations
* #ArcaneChat #DeltaChat w/ better onboarding
* #Kotatsu stopped development
* #Luanti #Minetest now on #OpenCollective
* #Notesnook caught up
* Anoher big #OSMAnd release
* #Session Messenger vs screenshots
* Repomaker at #DroidCon #Kampala
+ 15 new apps
& 197 updates
- 2 archived

And we have yet to unleash all its power: https://f-droid.org/2025/11/13/twif.html

This week in #FDroid (TWIF) is brought to you by SSSE3:

* Polish app guide? Fennec has great translations
* #ArcaneChat #DeltaChat w/ better onboarding
* #Kotatsu stopped development
* #Luanti #Minetest now on #OpenCollective
* #Notesnook caught up
* Anoher big #OSMAnd release
* #Session Messenger vs screenshots
* Repomaker at #DroidCon #Kampala
+ 15 new apps
& 197 updates
- 2 archived

And we have yet to unleash all its power: https://f-droid.org/2025/11/13/twif.html

@eff #Signal is not secure!

1
It supports #surveillance
https://www.counterpunch.org/2025/03/07/the-revolution-will-not-be-signaled/

2
#SignalApp is #Trump friendly
https://therecord.media/signal-no-longer-cooperating-with-ukraine

3
It collects your #Metadata like #WhatsApp
https://primal.net/e/note14hf9d3fkkhrsygkyzz8snuwyukckd4yqx0cq62z35cwp53a20a8suw457j

4
Everyone can spy you
https://heise.de/-10515774

#UnPlugTrump & #DeleteSignal

Check:

https://SecureMessagingApps.com

rate
🟩=3
🟨=1
🟥=0

=

86 #Threema = Winner

81 #SimpleXChat
80 #Signal
77 #Session
68 #Wire
56 #Element / #Matrix
37 #Apple #iMessage
32 #WhatsApp
27 #Telegram
26 #FB Messenger

Added 𝗨𝗣𝗗𝗔𝗧𝗘 𝟮 [UPDATE 2] to 𝗙𝗿𝗲𝗲𝗕𝗦𝗗 𝗗𝗲𝘀𝗸𝘁𝗼𝗽 - 𝗣𝗮𝗿𝘁 𝟮𝟳 - 𝗖𝗼𝗻𝗳𝗶𝗴𝘂𝗿𝗮𝘁𝗶𝗼𝗻 - 𝗡𝗲𝘁𝗳𝗹𝗶𝘅 𝗦𝗶𝗴𝗻𝗮𝗹 𝗧𝗲𝗹𝗲𝗴𝗿𝗮𝗺 [FreeBSD Desktop - Part 27 - Configuration - Netflix Signal Telegram] article.

https://vermaden.wordpress.com/2021/09/06/freebsd-desktop-part-27-configuration-netflix-signal-telegram#more

#verblog #session #deltachat #pidgin #freebsd #desktop #laptop @feld

Added 𝗨𝗣𝗗𝗔𝗧𝗘 𝟮 [UPDATE 2] to 𝗙𝗿𝗲𝗲𝗕𝗦𝗗 𝗗𝗲𝘀𝗸𝘁𝗼𝗽 - 𝗣𝗮𝗿𝘁 𝟮𝟳 - 𝗖𝗼𝗻𝗳𝗶𝗴𝘂𝗿𝗮𝘁𝗶𝗼𝗻 - 𝗡𝗲𝘁𝗳𝗹𝗶𝘅 𝗦𝗶𝗴𝗻𝗮𝗹 𝗧𝗲𝗹𝗲𝗴𝗿𝗮𝗺 [FreeBSD Desktop - Part 27 - Configuration - Netflix Signal Telegram] article.

https://vermaden.wordpress.com/2021/09/06/freebsd-desktop-part-27-configuration-netflix-signal-telegram#more

#verblog #session #deltachat #pidgin #freebsd #desktop #laptop @feld

Doing some first experiments, here's how a #JWT for #swad might look like, containing a custom property that has the "auth info" that's currently stored in the server-side #session ... 🤔

Now add a JOSE header, base64-encode and sign that beast...

@Tutanota
𝖴𝗉 𝗍𝗈 𝖽𝗈𝗐𝗇, 𝗅𝖾𝖿𝗍 𝗍𝗈 𝗋𝗂𝗀𝗁𝗍:
#DeepL; #VivaldiWebmail #Calendar; #Brave_Search/ #DuckDuckGo_Search; #ProtonPass; #Session; #VivaldiBrowser; #OnlyOffice; #Aurora_Store/ #FDroid; #e_OS (𝙣𝙤𝙩 𝙮𝙚𝙩); #Ente_Photo; #Logseq; #Heliboard; #ProtonMail/ #VivaldiWebmail/ #TutaMail; #MiroTalk_SFU; #Ente_Auth; #ProtonDrive/ #filen_io; #LibreTube; #OsmAnd

I now decided I'll at least aim for some middle grounds: Rework #swad so it only needs a (server-side) #session once a user is #authenticated!

This does have some implications, e.g. passing a redirect argument to the authentication endpoint won't work any more. But experimentation shows a workaround would be to use an "internal redirect" to the login endpoint in #nginx.

We'll see where I end up. Having sessions only for authenticated users should reduce the need for server-side RAM significantly, so I hope 😉

About the #random thingie ... I need random data in #swad to generate unpredictable #session IDs.

I previously had an implementation trying the #Linux-originating #getrandom if available, with a fallback to a stupid internal #xorshift#PRNG, which could be disabled because it's obviously NOT cryptographically secure, and WAS disabled for the generation of session IDs.

Then I learned #arc4random is available on many systems nowadays (#FreeBSD, #NetBSD, even Linux with a recent-enough glibc), so I decided to add a compile check for it and replace the whole mess with nothing but an arc4random call IF it is available.

arc4random originates from #OpenBSD and provides the only sane way to get cryptographically secure random data. It automatically and transparently (re-)seeds from OS entropy sources, but uses an internal CSPRNG most of the time (nowadays typically #ChaCha20, so it's a misnomer, but hey ...). It never fails, it never blocks. It just works. Awesome.