Session Private Messenger - Really Understands Privacy!
Vložit
- čas přidán 10. 01. 2023
- The Session Private Messenger App is one of a select few platforms for hard core secure messaging that truly demonstrates real knowledge of privacy. This app knows that it's about data as well as meta-data, and understands the distinction between just security vs security and privacy.
Let me explain how this app and its entire infrastructure is different and why you should use it as your secure messaging platform instead of the many flawed but super popular apps like Signal, Whatsapp, and Telegram.
(This is not a sponsored video. This is my real opinion)
-----------------------------------
BraX2 Privacy Phone is now available on brax.me. Sign in to the platform to see the store.
-----------------------------------
Merch Store
my-store-c37a50.creator-sprin...
-----------------------------------
I'm the Internet Privacy Guy. I'm a public interest technologist. I'm here to educate. You are losing your Internet privacy and Internet security every day if you don't fight for it. Your data is collected with endless permanent data mining. Learn about a TOR router, a VPN , antivirus, spyware, firewalls, IP address, wifi triangulation, data privacy regulation, backups and tech tools, and evading mass surveillance from NSA, CIA, FBI. Learn how to be anonymous on the Internet so you are not profiled. Learn to speak freely with pseudo anonymity. Learn more about the dangers of the inernet and the dangers of social media, dangers of email.
I like alternative communication technology like Amateur Radio and data communications using Analog. I'm a licensed HAM operator.
Support this channel on Patreon! www.patreon.com/user?u=17858353
Contact Rob on the Brax.Me App (@robbraxman) for encrypted conversations (open source platform)
brax.me/home/rob Store for BytzVPN, BraxRouter, De-googled Privacy AOSP Phones, Linux phones, and merchandise
bytzvpn.com Premium VPN with Pi-Hole, Cloud-Based TOR Routing
whatthezuck.net Cybersecurity Reference
brax.me Privacy Focused Social Media - Open Source
Please follow me on
Odysee
odysee.com/$/invite/@RobBraxm...
Rumble
rumble.com/c/robbraxman - Věda a technologie
0:47 Session is more secure than Signal and Telegram
2:11 metadata
5:20 Session ID
7:43 no Central Server
8:44 Session traffic
9:25 Lybsodium Library
12:02 voice calling
13:05 voice recordings as attachments
13:35 storage
14:10 Session > Signal
15:00 Braxman social media app
16:00 Install Session
17:36 Generate the Session ID
18:28 if you lose Session ID
18:43 Oxen and Monero
Thanks fam 🙏🏽
@@cortspadet 😘
@@repeatish thanks man🙏🏻
Do you use it?
@@repeatish do you have Telegram? Can we talk on telegram?
You're obviously Morpheus of the CZcams.
What do you mean by Morpheus?
@@julianocc you need to watch "The Matrix"
he's the Kazaa of CZcams
do a meme with this and promote this channel. People need Rob's knowledge.
Yes, Morpheus of CZcams. You now is Master of the words. Thank you.
Both thankful and grateful for your privacy tips Rob...keep up the good work :-)
Excellent content. Session is by far the best privacy focused messenger!
Downloaded the app and really love it so far. I hope they will keep developing it
A really excellent informative video. I can't believe how much I've learned just from watching your videos. Keep them coming!
This is a great recomendation. Thank you Rob. It is a little nit more of a pain to get rolling but seems pretty bulletproof. Thank you
thank you Rob.. You have a natural leaning to freedom, and that is so appreciated
God bless you for tirelessly teaching people!
I appreciate you covering a product that competes with your own product.
Thanks to you, I never bring a phone with a SIM it on my person anymore! I just use my large, easier-to-read tablet if I HAVE TO consult the internet.
What is the OS of your tablet?
This is awesome. Thanks for sharing this
Great content Rob, thank you...
your channel is great.
Thanks a lot for your contributions!!!!!!
Thank for the information Brax.
A great video, sounds very similar to Jami messenger that has some pros and cons against Session when it comes to security. It would be interesting to your breakdown of Jami.
Privacy is the hallmark of a civilised society.
Thank you very much, was looking for an alternative to tell people.
Thanks for the update and exceptional insights Rob. the thought occurs to me that perhaps session might be useful use as a paging service to share XMPP, chat links, and if it would be feasible to implement something like a connector object or app that would initiate XMPP chats into the Brax ecosystem?
Rob, you gotta do a video on the new Ring car camera. I know police & insurance companies will LOVE IT.
edward snowden even says use signal... I have sessions as well but it's more complex as you said
Session is the best out there!
You are very powerful. Thank you
Awesome thank you for sharing!
Session is nice! Good breakdown / video.🕶
Nice info Rob, Can you talk about Threema in future videos?
It is no accident that you, Rob, have stopped showing up on my recommendations.
Can't wait for your Lokinet video :) Please, also show us how to set Session to start at startup on Win and Linux. There is no such option in the app.
It would be great if you could SHOW us how to do things, instead of just TELLing us. For example, show screenshots or a short video tutorial about the installation of an app, especially when you highlight that something might be tricky.
You are correct, but that is not his job. He covers a ton of privacy tech related topics and making a tutorial for a competitive product to his own privacy ecosystem is understandably not a privority.
I'll bet if he published his script, someone on here would be happy to volunteer to generate visuals for him.
What effect to the antiprivacy policies of the Australian government have on the privacy of Session?
Hello Rober
Who run Oxen nodes ? That's the point. How can be sure Oxen is not a honeypot ?
I tried session recently and thought it was good, apart from the poor notifications on Android and iOS if you choose not the use the Google or Apple services. (The use of which I cannot see is any different from metadata, Google or Apple will know every time you receive a session message, and this could be correlated will enough resources).
A small point, Telegram can be used without sharing your telephone number, the bad thing is that this is not the default.
How do u do that for tg?
To use any of these apps without using your phone number just use a soft phone number duh.
Telegram can be anonymous now. You do not need to register with a phone number. However you need to bid an account using their cryto currency. Bidding is now in the range of US$15 for one a/ac
This year we are hoping to look more into a robust solution for degoogled phones regarding notifications. Unfortunately most Android device manufactures servery limit the running of background tasks which means our background tasks which check for notifications get shutdown and the device is not notified quickly.
Hi Rob, I seen some news the other day about government etc can read the information in the notifications when they are in transit to your phone. Have you talked about this?
Thanks good info !
I installed through Flatpack repository on my computer!
Rob, it is based in Australia, isn't that something of a concern.
Would love a lokinet video 🙂
Rob, is it possible to hide your computers hardware id serial in Linux? If yes, how?
I like your video.
great video!
Thank you
Hello Sir. What are your thoughts on a phone brand named "Vertu," and do you think the phones are as safe and secure as they have been marketed to be? If you have a moment, I would appreciate it if you could remark briefly. With best regards. Nero.
Thanks Rob
If you share your Session ID on social media, couldn't someone search for the ID and find it linked to you?
Sounds great for private conversations though to communicate with most people, they use whatsapp. :-( I do wonder if the three letter agencies can see who downloads session. ~ X
i've heard criticism that erased messages have resurfaced when logged into a new device. Anyone able to verify?
On Windows when you install the app with Chocolatey in the user account, it is installed in the admin account, and you have no access to the app unless you switch to admin account :(
Is this app owned by The Five Eyes (FVEY) is an intelligence alliance? Or is it actually decentralized?
Thanks for your work! U r the best
Have this big question, what will ISP see when you are using session?
How susceptible is Session to spam? Is there a way for those using an explorer or other tools to compile a list of public keys and spam them? Or is the network resistant to this? Anybody know?
If you open/download media films on sessions is it stored on your device?
Does Briar still exist? Reviewed?
I have been watching Oxen since it was Loki.. I wish they never switched fully to PoS now when thy get to big they will have the SEC all over their case. I here rumbles that other privacy currencies like PIVX are making their own messaging app.
I immediately said to all my friends and families to only talk thru session
Rob, What about Pryvate Messenger?
Is it a problem that’s it’s based in Australia? With the “AA Act”? And Ofcourse member of the Five Eyes.
Some signal shills bash Session for not supporting perfect forwards secrecy but conveniently ignore to address that Session asks for nothing to create an account xd
What do you think about the Sekur messenger?
is wechat dangerous for lets say european or american customers?
Is Session still as good in 2024 as it was when you published this video?
Have you reviewed Tox chat?
So which of these privacy messengers
Besides matrix can I get a username and password login
Session not based in Australia? And Australia have a anti encryption policy? 😮😮
The only problem is that notifications on the iPhone don't work, regardless of whether you set them to fast or slow.
Would love to hear another update considering the merge to Ethereum that is coming up..
Good info, Rob. Do I understand correctly, then, that even on an iPhone Session meta-data would not be knowable to Apple?
that's correct. It goes through Lokinet (like TOR)
Would I use to pass my session ID with ease was create a QR code of just the hexadecimal code. And I passed the QR code to whomever I need to be in communications with. And then obfuscate QR code using an old school trick called, Steganography. 🤟🏾
Session generates the QR code for you already BUT of the PRIVATE KEY. LOL so not intended to be shared. It's for syncing up multiple devices
Use Session!
I think Threema needs more attention. It's currently hard to use because few know about it.
Was thinking the same. I do not see any difference between session and threema
First question that pops up in my head about the onion routing structure of lokinet is, "Is the same entry\exit node issues present the same way as tor entry\exit nodes are? As in, is it not just as possible to setup a final layer decryption exit node in order to gather the primary packet info which holds the identifiers?
*I really enjoy all the videos that you do! Can i give you some feedback, though? Would you consider adding more Graphics, pictures, etc to your videos? It just draws are brain toward what you say and also feels less of a classroom setting and lecture, and it just allows the viewer to engage a little more. If not, i completely understand, no harm on asking :)*
he needs help with that. not everyone knows, maybe he doesn't make enough money to pay someone. Would be nice if fans would help. he could try Upwork to find someone there for less money than standard.
what do you think about jami app?
Rob you missed to tell, that Oxen (the company that developed Session) has its HQ in Melbourne. This means Oxen has to comply with Australian law! In 2019 the Australian government has passed a new piece of legislation that, at its core, permits government enforcement agencies to force businesses to hand over user info and data even though it’s protected by cryptography.
If firms don't have the power to intercept encrypted data for authorities, they will be forced to create tools to allow law enforcement or government to have access to their users’ data. Needless to say, this is unprecedented.
Session was a private & secure messaging app in the past, but not anymore with the current situation in Australia!
Since it is open source, the only effect of that would be move the presence of the infrastructure away from AU. It is out of the developer''s hands. The Oxen nodes can be located anywhere. The stupid leaders in AU think they can force decryption. We will watch but it's not executable and this world
Can Sessions text and receive to/from non-secure messenger apps (sans security)? Or is it only useable if the other end has Sessions too? Signal's discouraging communicating with non-Signal apps. Kind'a reduces its use-case to zero?
Signal allowed SMS and took it out so now nothing can do that
Session to session only. Actually it is the same as most instant messenging apps. Not one major app can send and receive from other apps. Whatsapp can't. Signal can't. IOS's Imessage can't. Telegram can't. You name it and they all can't.
With Sekur messenger you can Chat by invite
Session has no Perfect Forward Secrecy (PFU) which is a basic requirement in cryptography for security and anonimity. It is a huge mistake. In Session you cannot change the database password to a stronger one than an unknown random, so AFU data extraction is more likely vs some others.
Your analysis may be fine for you but doesn't work for me and for the people I guide. The most sophisticated encryption has NO VALUE if I can identify who you are.
17:28 Is everything a virtual machine now?
Please Braxman make a vid of Lokinet! :)
Tell me why that interests you. I don't know if will get views so that's my concern. . I did install Lokinet.
@@robbraxmantech I would be very interested in a video on Lokinet. I want to know if it could replace and be superior to using a VPN. I'm looking forward to the android release. I have yet to try the Linux version.
i also would be interested. i cant tell the difference between this and a vpn
is it better than Molly?
What are your thoughts on ricochet refresh?
Ricochet seems similar although claims to use tor rather than decentralized servers
Better than Briar? :)
Rob, what do u think about bitwarden password manger ?
I'm sure it's fine. I don't use it myself though
merci
Does Session run on a Brax Phone? How well does Session work outside the US?
Session was invented in Australia.. session works great here in the mountains of Wyoming USA
Rob, can dash cams also spy on us? if yes, please you do a video on it? Also, what about bluetooth stereos in vehicles?
Only if they have an internet connection. I dont think most do.
Latest version of Session allows you to set up a username really easily
I'd be interested what makes xmpp better than matrix and how matrix fits in privacy wise
Matrix meta data centralized in Element. Matrix was not designed to hide meta data.
@@robbraxmantech Thank you for the insight.
Hello@@robbraxmantech
Element is the just the client no ? If the matrix server is not compromised, what is the risk ?
More the concern about session if who really run the oxen nodes that are really expensive as i read ? Could it be possible triple letters agencies ?
We need a video comparing matrix and session please
The biggest issue with the Brax Phone is the substandard hardware Why is it that all "Secure devices" are always bottom of the barrel hardware when they ought to be top tier latest and greatest when they are launched
Rob, you say that Session is 100% open source, but why does F-droid mention as anti-feature that "The upstream source code is not entirely Free"?
As far as I know, all server code is on Github. Not true of Signal, Telegram, Whatsapp
@@robbraxmantech Maybe a mistake in F-droid. If so, it's a pity, as it can put people off on a wrong assumption.
Actually in F-droid docs "This does not mean that proprietary software is included in the app. Most likely, the F-Droid build has been patched in some way to remove the Non-Free code/libraries, and/or some functionality may be missing." But the interface doesn't make this very obvious.
If there are any variances to what I've posted, I'm hoping the session people will interject here directly. I've asked them to since I only know what I've researched.
This is due to the inclusion of Google play services for "Fast mode" notifications, users get the choice of which notification strategy to use when they download the app and setup and account for the first time. If slow mode notifications are chosen by the user then the Google play service code path is never visited. However F-droid flags this inclusion, even though its a completely optional code path that may never be visited.
What about Wire?
What do you think about Briar or SimpleX chat are those better than Session and what are the differences between them?
Briar at the moment is the best available app for privacy. Simplex is coming very close, but still uses servers in UK for messages in trasnit unlike Briar.
Do you have the same opinion as of today?
This is a new video
Well, 8 months old but got it 😊 What about Briar Rob?
Session has no Perfect Forward Secrecy (if 1 key gets bruteforced or decrypted you're fucked).
Session doesn't delete messages from its node swarm for at least 14 days, so even if you delete your own messages they can still be retrieved!
If Session would fix the 2 points above they would be the best IM app.
exist app without this "problem" ?
@@albertom75 Host your own XMPP server :) and be in control.
I researched that and that does not sound correct. You can clear data and it asks you if you want to clear data from the nodes. Perfect forward secrecy is stated in a comparison document. And that is not one of the issues raised in the audit document
Its a heart ach only fools play...................
It's worth pointing out that a 128-bit *private key* would be weaker because there are some tricks you can do to make it easier when you know that half the bits of the key are 0s. But that *isn't* what Session uses: rather it uses a 128-bit seed which then gets hashed to produce a 256-bit Ed25519 private key pair (then, for historical reasons that I wish weren't the case, this Ed25519 pubkey gets converted to an X25519 pubkey to force your Session ID, which is a bit of unfortunately Signal legacy).
So anyway: you have a 256-bit random quantity that only has 128 bits of entropy in it -- and because the hash function is cryptographically secure, you know nothing about the correlation of bits in that 256-bit value. Effectively what this means is that the keys are weaker for brute forcing, but that isn't really a concern with a 2^128 value. The weaknesses that would come from 128-bit keys, however, aren't happening in Session's key derivation scheme, because keys *aren't* 128-bit, they are still 256-bit.
(As an aside: Monero/Oxen seed words, on the other hand, *are* the private key directly, so for those, using a 12-word seed would indeed be a noticeable lessening of the key security).
I just want to ask a question about galaxyA13. Can this phone be degoogle
It depends on whether you can unlock the bootloader or not. As far as I know Galaxies are unlockabl in their international versions, but not in their US versions, or at least the option is obfuscated (I have read things like it appearing only a week after the dev options are opened or smthng like that; Idk I'm not in the US). After that you need to find a ROM compatible with your device model. Some Galaxies have them others don't. I'm still looking for one for my A31, although very close models like A32 have them.
You may try. I remember that I read some forum thread that people manage to unlock the bootloader with some tricks. Can't remember because I do not use that phone.
There notifications is broken
Do I have to pay for the app or is it free.
free
@@robbraxmantech thank you so much
SimpleX
Session is amazing but it’s just getting people to switch to it that’s the issue
😃 👌👍
I do not pay for signal
Did you say others you message must have the app as well 🤔?
Yes but it is really easy to install
Cheers Rob 👍
Keep up your Great work Man massive Respect 🙏⚔️🕊️
If and when I do , I'll have to convince anyone else to do the same , very time consuming my friend 😔
I really like the features , absolutely brilliant 👍
It took me nearly a year to get specific people to use signal 🤣
There must be a better way than that 🤔
My tech knowledge is very limited ,
What I do have now is just a c-phone , and am looking at getting a "D-G" phone in the future 🤔
Hope it works in my country new Zealand ?
I've shipped many BraX2 phones to NZ
@@robbraxmantech cool ,
Thank you man , oh how much $ ?
Yummy.
Better than signal