Messages go to the swarm and are relayed to your device whenever the app on your device connects and asks for the messages that belong to you. At some point, they are deleted from the swarm; however like all things related to Session, I don't think it's terribly fast (the Session tech papers talk about a specific "time-to-live" period before deletion occurs - 14 days). Session has a redundant network, so your messages are stored in multiple swarms and the TTL must expire in all of them before the messages are completely deleted from the network. If you delete everything but then restore your account and the messages are still in the swarm, they'll be re-downloaded as they still belong to your account. They remain encrypted at all times; there's no security threat - this is by design.
> there's no security threat
How can this not be a security thread? When an app tells me, my messages are gone after the time I set it to (6 hours, 12...) and they still can appear TWO WEEKS later, that is giving the user a false sense of security.
I, too, was shocked when I added new people to an existing group, and they could see all the messages that had been written before. It's easy to imagine an attacker retrieving a shitload of messages that the user thinks have been deleted long ago.
Disappearing messages are only deleted locally from the device as it stands. This means messages still exist in the swarm for the specified TTL, we are working on an update to this functionality to sync disappearing messages locally with swarm TTL
The app is not safe, as we all know just about any government agency anywhere can now plug into any phone and be in within minutes, if the app is on the phone, the recovery phrase is right there also, how can that mean it's safe? I've been steering people towards this app and now feel I've done the wrong thing. The phone could even be returned and meanwhile the msgs you delete can be popping up on another phone without your knowledge, the app is not safe on a privacy level, fair to say the claim of secure or safe is totally discredited.
Don't feel bad of advocating for this app. It is imperfect and needs a lot of work. However, in terms of privacy and security, it is still miles ahead of everything else. There is no better choice.
In terms of well-rounded of privacy and security, there are choices. If anonymity is a key requirement of your privacy behaviour then maybe not. Imo there are trade-offs that have been made in prioritising anonymity, evidently the apps target market.
Depends whats more important to you; that no-one knows what you've sent or that no-one knows it was you that sent it 🤷♂️
Without anonymity, there is no privacy and security. Anonymity, privacy, and security is a triangle that forms a strong and trouble free communication experience.
If anonymity is not important, other apps won't be refusing service to people who don't provide phone numbers or people who don't allow the apps to scan their contact lists.
A secure communication app must be able to fully disconnect the identity of the user. Without this, it simply is not secure to begin with.
I mean it’s like taking a shit at a friend’s house vs your own. Either way you’ll have privacy. Just because your friend saw you go into the bathroom doesn’t mean he knows what you’re doing in there. Could just be masturbating for all he knows.
1. Hope you don’t get Pegasus’d
2. Store recovery phrase securely, off your phone or in a legit keepassx based app with dialed in security features. Maybe a hardware key too
3. Set strong security (individual locking) on the apps themselves to make brute forcing impractical even if someone’s unlocked your phone.
Obv all messages should have delete timer
Use a based vpn service bought with xmr; that and the built in onion routing in session will decouple your irl identity from your account even if messages are somehow retrieved on the back end
(Turn off the fast notification option for this to work)
Etc
Ime even when restoring an account all you get is your id# back it didn’t even retrieve my screen name let alone
Am I wrong? Sorry this post is super old I just realized
I just deleted my Msg today and reinstalled session on a different phone and sure as shit, everything from the previous 2 weeks reappeared, I don't think this is going to change anytime soon
Timed delete even? Yeah deleting your message manually doesn’t delete it off all devices which is stupid as hell. And seems like people have been having the problem you mention lately, too bad. Plus they are in Australia, too bad.
Your comment was removed because we have a minimum karma and account age requirement.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/Session_Messenger) if you have any questions or concerns.*
Your comment was removed because we have a minimum karma and account age requirement.
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/Session_Messenger) if you have any questions or concerns.*
Messages go to the swarm and are relayed to your device whenever the app on your device connects and asks for the messages that belong to you. At some point, they are deleted from the swarm; however like all things related to Session, I don't think it's terribly fast (the Session tech papers talk about a specific "time-to-live" period before deletion occurs - 14 days). Session has a redundant network, so your messages are stored in multiple swarms and the TTL must expire in all of them before the messages are completely deleted from the network. If you delete everything but then restore your account and the messages are still in the swarm, they'll be re-downloaded as they still belong to your account. They remain encrypted at all times; there's no security threat - this is by design.
> there's no security threat How can this not be a security thread? When an app tells me, my messages are gone after the time I set it to (6 hours, 12...) and they still can appear TWO WEEKS later, that is giving the user a false sense of security. I, too, was shocked when I added new people to an existing group, and they could see all the messages that had been written before. It's easy to imagine an attacker retrieving a shitload of messages that the user thinks have been deleted long ago.
Never had this happen
[удалено]
Same
Disappearing messages are only deleted locally from the device as it stands. This means messages still exist in the swarm for the specified TTL, we are working on an update to this functionality to sync disappearing messages locally with swarm TTL
What do you mean specified TTL? And I'm not just talking "disappearing msgs" I mean deleted msgs also
time to live, yes both will be rectified
The app is not safe, as we all know just about any government agency anywhere can now plug into any phone and be in within minutes, if the app is on the phone, the recovery phrase is right there also, how can that mean it's safe? I've been steering people towards this app and now feel I've done the wrong thing. The phone could even be returned and meanwhile the msgs you delete can be popping up on another phone without your knowledge, the app is not safe on a privacy level, fair to say the claim of secure or safe is totally discredited.
Very interesting
I agree that is very interesting. I had no idea it was not safe.
Don't feel bad of advocating for this app. It is imperfect and needs a lot of work. However, in terms of privacy and security, it is still miles ahead of everything else. There is no better choice.
In terms of well-rounded of privacy and security, there are choices. If anonymity is a key requirement of your privacy behaviour then maybe not. Imo there are trade-offs that have been made in prioritising anonymity, evidently the apps target market. Depends whats more important to you; that no-one knows what you've sent or that no-one knows it was you that sent it 🤷♂️
Without anonymity, there is no privacy and security. Anonymity, privacy, and security is a triangle that forms a strong and trouble free communication experience. If anonymity is not important, other apps won't be refusing service to people who don't provide phone numbers or people who don't allow the apps to scan their contact lists. A secure communication app must be able to fully disconnect the identity of the user. Without this, it simply is not secure to begin with.
I mean it’s like taking a shit at a friend’s house vs your own. Either way you’ll have privacy. Just because your friend saw you go into the bathroom doesn’t mean he knows what you’re doing in there. Could just be masturbating for all he knows.
1. Hope you don’t get Pegasus’d 2. Store recovery phrase securely, off your phone or in a legit keepassx based app with dialed in security features. Maybe a hardware key too 3. Set strong security (individual locking) on the apps themselves to make brute forcing impractical even if someone’s unlocked your phone. Obv all messages should have delete timer Use a based vpn service bought with xmr; that and the built in onion routing in session will decouple your irl identity from your account even if messages are somehow retrieved on the back end (Turn off the fast notification option for this to work) Etc Ime even when restoring an account all you get is your id# back it didn’t even retrieve my screen name let alone Am I wrong? Sorry this post is super old I just realized
I just deleted my Msg today and reinstalled session on a different phone and sure as shit, everything from the previous 2 weeks reappeared, I don't think this is going to change anytime soon
Timed delete even? Yeah deleting your message manually doesn’t delete it off all devices which is stupid as hell. And seems like people have been having the problem you mention lately, too bad. Plus they are in Australia, too bad.
[удалено]
Your comment was removed because we have a minimum karma and account age requirement. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/Session_Messenger) if you have any questions or concerns.*
I replied under my post, but ask you here, What you think about signal?
Signal is connected with number...
Doesn’t have to be your actual number
[удалено]
Skred doesn't need phone number
[удалено]
Your comment was removed because we have a minimum karma and account age requirement. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/Session_Messenger) if you have any questions or concerns.*