Finally, we can have usernames in Signal instead of giving our phone number to everybody.

  • Onii-Chan@kbin.social
    link
    fedilink
    arrow-up
    8
    ·
    10 months ago

    Is Session actually secure though? I know they’re based in Australia, and as an Aussie myself, holy fuck would I not trust this country for even a fraction of a picosecond with anything private or sensitive. We have some of the world’s most draconian and far-reaching digital privacy and surveillance laws, and I’m not ready to accept that Session hasn’t been secretly compromised by the AFP, given the law against revealing government backdoors.

    Happy to be proven wrong, but I always err on the side of extreme caution when it comes to Australia. Digitally, we’re closer to the CCP than any of our fellow western nations.

    • Rikj000@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      2
      ·
      10 months ago

      Wasn’t aware of that, would love to hear about it if someome could shine some more light onto the matter :)

      If that’s the case, I have to stop using/recommending Session

      • HyperMegaNet@lemm.ee
        link
        fedilink
        arrow-up
        3
        ·
        10 months ago

        I’m not the person you responded to, but the Assistance and Access Act 2018 is probably a good place to start. Here is a page from the Aus Government about it, but the very short version is that the government can ask tech providers to assist them with building capabilities into their systems to allow the government to access data to help with the investigation of certain crimes. In some cases these will be voluntary requests, in other cases they will be requests that must be fulfilled, including asking providers to add capabilities that the government has developed.

        There’s a lot more detail about it, and the government insists that they won’t ask providers to create systematic weaknesses or to decrypt communications entirely, but it’s not clear to me exactly how those ideas are actually implemented. Unfortunately, much of the process (likely the entire process) is not made public, so as far as I’m aware there aren’t any good examples of requests that the government has made and what sorts of things have or haven’t been implemented.