From 6296e18128fda2d368fe945ee6d0140f9aab5bad Mon Sep 17 00:00:00 2001 From: TwoSixtyThreeFiftyFour <108928957+TwoSixtyThreeFiftyFour@users.noreply.github.com> Date: Sun, 28 Aug 2022 16:06:39 +0000 Subject: [PATCH 1/4] Added caution/warning about Session Messenger Added caution/warning about Session Messenger --- guide.md | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/guide.md b/guide.md index 6a4a762..7f4ac67 100644 --- a/guide.md +++ b/guide.md @@ -386,6 +386,7 @@ Finally note that this guide does mention and even recommends various commercial - [Appendix B4: Important notes about evil-maid and tampering] - [Appendix B5: Types of CPU attacks:] - [Appendix B6: Warning for using Orbot on Android] +- [Appendix B7: Caution about Session messenger] - [References:] # Pre-requisites and limitations: @@ -7786,7 +7787,7 @@ Any safe options for mobile devices? **Yes, but these are not endorsed/recommend - iOS: - - Due to the lack of any better option and while it is **normally not recommended**: Session Messenger: [[Archive.org]](https://web.archive.org/web/https://getsession.org/). Why is it not recommended these days within the privacy community? Well, it is because they recently[^418] dropped two key security features from their protocol: Perfect Forward Secrecy and Deniability which are considered rather essential in most other apps. Yet Session has been audited[^419] with satisfactory results but that audit does not mention these changes. We also currently lack sufficient information on LokiNet (the Onion Routing Network used by Session) to endorse it. Session is still recommended by some like Techlore[^420]. + - Due to the lack of any better option and while it is **normally not recommended**: Session Messenger: [[Archive.org]](https://web.archive.org/web/https://getsession.org/). Why is it not recommended these days within the privacy community? **See: [Appendix B7: Caution about Session messenger][Appendix B7: Caution about Session messenger] to find out why we are cautious about Session Messenger**. **Note that all the non-native Tor options must be used over Tor for safety (from Tails or a guest OS running behind the Whonix Gateway such as the Whonix Workstation or an Android-x86 VM).** @@ -12434,6 +12435,19 @@ This is explained rather well by Alexander Færøy, who is a core developer at t And from [a post](https://tor.stackexchange.com/questions/427/is-running-tor-over-tor-dangerous) on the Tor Stack Exchange: "The danger (beyond the performance hit) which keeps me from running Tor over Tor has to do with timing and congestion measurements. Adversaries watching your traffic at the exit(s) of your circuits have a better chance of linking your Whonix activity with your [Tor Browser Bundle] activity when those shared circuits slow down or drop packets at the same time. This can happen without Tor over Tor when your instances use a common upstream link. The linkage will be made tighter and more explicit if you run the Whonix Tor traffic through your TBB SOCKS5 Tor circuits. This tighter linkage raises the danger of successful correlation." + +# Appendix B7: Caution about Session Messenger + +Here are our reasons for being cautious about Session messenger in general: + +- The company is based in Australia which has very defavorable privacy laws [^536]' [^537] +- They also run the Oxen token (cryptocurrency) which to me is a conflict of interest +- They also run the Lokinet Network which requires Oxen Tokens to run nodes to route Session traffic ... And you need to pay 12K$ to run a node[^538] +- They dropped critical security features of their protocol (Perfect Forward Secrecy and Deniability)[^418] (which are considered rather essential in most other apps) for "convenience" [^539] +- Session has been audited[^419] with satisfactory results but that audit does not mention these changes. We also currently lack sufficient information on LokiNet (the Onion Routing Network used by Session) to endorse it. Session is still recommended by some like Techlore[^420]. +- Their funding seems completely opaque + +In short, our opinion is that you may use Session Messenger on iOS due to the absence of a better alternative (such as Briar). But if Briar or another app (maybe Cwtch in the future) becomes available. We recommend going away from session messenger as soon as possible. --- @@ -13502,7 +13516,15 @@ And from [a post](https://tor.stackexchange.com/questions/427/is-running-tor-ove [^534]: Wikipedia, Passphrase [[Wikiless]](https://wikiless.org/wiki/Passphrase#Passphrase_selection) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Passphrase#Passphrase_selection) [^535]: Monero Research Lab, Evaluating cryptocurrency security and privacy in a post-quantum world [[Archive.org]](https://web.archive.org/web/https://github.com/insight-decentralized-consensus-lab/post-quantum-monero/blob/master/writeups/technical_note.pdf) + +[^536]: Wikipedia, Privacy in Australian Law [[Wikiless]](https://wikiless.org/wiki/Privacy_in_Australian_law) [[Archive.org]](https://web.archive.org/web/https://en.wikipedia.org/wiki/Privacy_in_Australian_law) +[^537]: Parliament of Autralia, Surveillance Legislation Amendment (Identify and Disrupt) Bill 2021, [[Archive.org]](https://web.archive.org/web[/https://en.wikipedia.org/wiki/Privacy_in_Australian_law](https://www.aph.gov.au/Parliamentary_Business/Bills_Legislation/Bills_Search_Results/Result?bId=r6623)) + +[^538]: Lokinet Documentation, Service Nodes, [[Archive.org]](https://web.archive.org/https://loki.network/service-nodes/) + +[^539]: Session Documentation, Session protocol explained, [[Archive.org]](https://web.archive.org/[https://loki.network/service-nodes/](https://getsession.org/session-protocol-explained)) + [Contents:]: #contents [Pre-requisites and limitations:]: #pre-requisites-and-limitations [Pre-requisites:]: #pre-requisites @@ -13802,6 +13824,7 @@ And from [a post](https://tor.stackexchange.com/questions/427/is-running-tor-ove [Appendix B4: Important notes about evil-maid and tampering]: #appendix-b4-important-notes-about-evil-maid-and-tampering [Appendix B5: Types of CPU attacks:]: #appendix-b5-types-of-cpu-attacks [Appendix B6: Warning for using Orbot on Android]: #appendix-b6-warning-for-using-orbot-on-android + [Appendix B7: Caution about Session Messenger]: #appendix-b7-caution-about-session-messenger [References:]: #references [Tor over VPN]: #tor-over-vpn [The Detached Headers Way]: #the-detached-headers-way From 12b99c9ea9a1d5c2013affbc12a45a32329715b0 Mon Sep 17 00:00:00 2001 From: pterocles Date: Sun, 28 Aug 2022 13:03:49 -0400 Subject: [PATCH 2/4] Update Appendix B7: Caution about Session Messenger 1. Avoid usage of multiple tenses or tense-switching at all costs. 2. Avoid using too many words when you can substitute less. 3. At first mention, use lowercase "perfect forward secrecy" followed by abbr. "PFS". 4. Use common English words, not "defavorable". Try saying "bad" in most cases. Prefix "de-" usually means "off, from". --- guide.md | 22 +++++++++++----------- 1 file changed, 11 insertions(+), 11 deletions(-) diff --git a/guide.md b/guide.md index 7f4ac67..3064200 100644 --- a/guide.md +++ b/guide.md @@ -12435,19 +12435,19 @@ This is explained rather well by Alexander Færøy, who is a core developer at t And from [a post](https://tor.stackexchange.com/questions/427/is-running-tor-over-tor-dangerous) on the Tor Stack Exchange: "The danger (beyond the performance hit) which keeps me from running Tor over Tor has to do with timing and congestion measurements. Adversaries watching your traffic at the exit(s) of your circuits have a better chance of linking your Whonix activity with your [Tor Browser Bundle] activity when those shared circuits slow down or drop packets at the same time. This can happen without Tor over Tor when your instances use a common upstream link. The linkage will be made tighter and more explicit if you run the Whonix Tor traffic through your TBB SOCKS5 Tor circuits. This tighter linkage raises the danger of successful correlation." - + # Appendix B7: Caution about Session Messenger - + Here are our reasons for being cautious about Session messenger in general: - -- The company is based in Australia which has very defavorable privacy laws [^536]' [^537] -- They also run the Oxen token (cryptocurrency) which to me is a conflict of interest -- They also run the Lokinet Network which requires Oxen Tokens to run nodes to route Session traffic ... And you need to pay 12K$ to run a node[^538] -- They dropped critical security features of their protocol (Perfect Forward Secrecy and Deniability)[^418] (which are considered rather essential in most other apps) for "convenience" [^539] -- Session has been audited[^419] with satisfactory results but that audit does not mention these changes. We also currently lack sufficient information on LokiNet (the Onion Routing Network used by Session) to endorse it. Session is still recommended by some like Techlore[^420]. -- Their funding seems completely opaque - -In short, our opinion is that you may use Session Messenger on iOS due to the absence of a better alternative (such as Briar). But if Briar or another app (maybe Cwtch in the future) becomes available. We recommend going away from session messenger as soon as possible. + +- The company is based in Australia which has very unfavorable privacy laws.[^536]' [^537] +- They push their own cryptocurrency, Oxen, a conflict of interest. +- They use LokiNet, which requires Oxen to run nodes to route Session traffic, and it costs $12 thousand to run a node.[^538] +- They dropped critical security features of their protocol (perfect forward secrecy (PFS) and deniability)[^418] in favor of decentralization.[^539] It would be okay, if the nodes were free to run. This essentially puts their network behind a paywall if you want to run a node, even just to contribute bandwidth to the network like you might with Tor. +- Session has been audited[^419] with satisfactory results, but that audit does not mention these changes. We also currently lack sufficient information on LokiNet (the onion routing network used by Session) to endorse it. Session is still recommended by some like Techlore.[^420] +- Their funding is completely opaque. + +In short, our opinion is that you may use Session Messenger on iOS due to the absence of a better alternative (such as Briar). But if Briar or another app (maybe Cwtch in the future) becomes available, we will recommend going away from Session messenger as soon as possible. It is a last resort. --- From e59fbbde5af4225687c4c9e3297b920e35069f4e Mon Sep 17 00:00:00 2001 From: Alex Anderson <84602909+NobodySpecial256@users.noreply.github.com> Date: Sun, 28 Aug 2022 17:39:15 +0000 Subject: [PATCH 3/4] Update guide.md --- guide.md | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/guide.md b/guide.md index 1c5da1b..4c52aa2 100644 --- a/guide.md +++ b/guide.md @@ -12453,10 +12453,13 @@ And from [a post](https://tor.stackexchange.com/questions/427/is-running-tor-ove Here are our reasons for being cautious about Session messenger in general: - The company is based in Australia which has very unfavorable privacy laws.[^536]' [^537] -- They push their own cryptocurrency, Oxen, a conflict of interest. +- They push their own cryptocurrency, Oxen, which creates a conflict of interest. - They use LokiNet, which requires Oxen to run nodes to route Session traffic, and it costs $12 thousand to run a node.[^538] -- They dropped critical security features of their protocol (perfect forward secrecy (PFS) and deniability)[^418] in favor of decentralization.[^539] It would be okay, if the nodes were free to run. This essentially puts their network behind a paywall if you want to run a node, even just to contribute bandwidth to the network like you might with Tor. -- Session has been audited[^419] with satisfactory results, but that audit does not mention these changes. We also currently lack sufficient information on LokiNet (the onion routing network used by Session) to endorse it. Session is still recommended by some like Techlore.[^420] + - The price of running nodes essentially puts their network behind a paywall if you want to run a node, even just to contribute bandwidth to the network like you might with Tor. + - Session's developers claim this to be an attempt to prevent [sybil attacks](https://en.wikipedia.org/wiki/Sybil_attack), but many have argued that this only encourages such attacks, by guaranteeing only governments and other well-funded organizations (the people these networks normally try to protect against) will ever have the financial resources to run nodes. +- They dropped critical security features of their protocol (perfect forward secrecy (PFS) and deniability)[^418] in favor of long-term message keys and self-deleting cryptographic signatures, which provide much weaker security guarantees. [^539] + - This *might* not be as bad, if the nodes are free to run, but they're not. +- Session has been audited[^419] with satisfactory results, but that audit does not mention these changes. We also currently lack sufficient information on LokiNet (the onion routing network used by Session) to endorse it. Session is still recommended by some, for example Techlore.[^420] - Their funding is completely opaque. In short, our opinion is that you may use Session Messenger on iOS due to the absence of a better alternative (such as Briar). But if Briar or another app (maybe Cwtch in the future) becomes available, we will recommend going away from Session messenger as soon as possible. It is a last resort. From ed83bf4b44fce17f47ac56717025dbdb240bbff7 Mon Sep 17 00:00:00 2001 From: pterocles Date: Mon, 29 Aug 2022 01:39:27 -0400 Subject: [PATCH 4/4] Fix missing tag for Molly in chart Signed-off-by: pterocles --- guide.md | 1 + 1 file changed, 1 insertion(+) diff --git a/guide.md b/guide.md index 4c52aa2..53f1ccc 100644 --- a/guide.md +++ b/guide.md @@ -7682,6 +7682,7 @@ Finally, Open-Source apps should always be preferred because they allow third pa Good No Requires phone number. Security hardened fork of Signal client. Security may be delayed for up to a week +