• dirtfindr
    link
    fedilink
    arrow-up
    11
    arrow-down
    3
    ·
    edit-2
    5 years ago

    The fact that there is no mandatory phone reg. puts Session above Signal. But Session is still very dicey:

    • www.getsession.org is a CloudFlare site, which indicates that the staff on that project lack some basic knowledge about privacy - or they just don’t care. (note that Signal also uses CloudFlare)
    • the developers have some kind of alt-right tendencies: https://chaos.social/@laufi/103825791713996438 The problem is not just ethical but conservatives inherently do not value privacy. They value money very much. This is a bad combination for a platform that wants to be privacy-centric.
    • they put a lot of energy into having a professional appearance. This is consistent with corporations with profit-driven intentions and atypical of charitible free software projects. Their org chart has everyone’s photo (not characteristic of privacy advocates) and every single means of contact of every staff member is through Microsoft or Twitter.
    • website has links to privacy abusers (Facebook, MS Github, Twitter) and not a single link to any social networking service that self-respecting privacy proponents can use.
    • their email address traverses Google’s servers and has no PGP key.
    • their project is managed on Microsoft Github.

    BTW @AgreeableLandscape, itsfoss.com is not a good site to publicize; it’s also jailed in CloudFlare walled garden (thus calling into question the extent to which that site genuinely respects freedom).

    The only useful effect of Session is that it serves as a PR jab at Signal for requiring phones. And if it helps divide or shrink the Signal community that’s a good thing.

    • CuriousGoo@beehaw.org
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Could you elaborate on your point of them using Cloudflare ?

      My understanding is that their websites would be behind Cloudflare for their CDN and anti-DDoS services, maybe WAF as well. Solely looking at CDN services essentially the options come down to Cloudflare or Akamai who have a global domination of the market.

      • jet@hackertalks.com
        link
        fedilink
        English
        arrow-up
        4
        ·
        1 year ago

        The original commenter hasn’t posted anything in 3 years so you’re not going to get a response most likely.

        Cloudflare due to its very nature has unique observation of internet activity. So putting your privacy focus system in front of cloudflare is giving them even more observability into your privacy system. So it seems antithetical.

        • CuriousGoo@beehaw.org
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          I didn’t notice the 3 years part till I read in your comment.

          Are there any privacy respecting CDN services though?

          I won’t comment on what Session is/was doing with Cloudflare services, but say if I am using DoT on my device for encrypted DNS requests, and the traffic is also E2E encrypted, how much can such a provider really see ?

          Tools that we have at my job won’t be effective if they receive an encrypted payload.

          • jet@hackertalks.com
            link
            fedilink
            English
            arrow-up
            2
            ·
            1 year ago

            It’s honestly probably fine. Using cloud Flair for a website is pretty standard. I’m not sure if they use cloudflare for their oxen network but I doubt it.

            I’m not familiar with any privacy respecting CDNs