Session is a decentralized alternative to signal. It doesn’t require a phone number and all traffic is routed through a tor like onion network. Relays are run by the community and relay operators are rewarded with some crypto token for their troubles. To prevent bad actors from attacking the network, in order to run a relay you have to stake some of those tokens first and if your node misbehaves thay will get slashed.
Tor relays only relay the traffic, they don’t store anything (other than HSDirs, but that’s miniscule). Session relays have to store all the messages, pictures, files until the user comes online and retrieves them. Obviously all that data would be too much to store on every single node, so instead it is spread across only 5-7 nodes at a time. If all of those nodes ware to go offline at the same time, messages would be lost, so there has to be some mechanism that discourages taking nodes offline without giving a notice period to the network. Without the staking mechanism, an attacker could spin up a bunch of nodes and then take them all down for relatively cheap, and leave users’ messages undelivered. It also incentivizes honest operators to ensure their node’s reliability and rewards them for it, which, even if you run your node purely for altruistic reasons, is always a nice bonus, so I don’t really see any downside to it, especially since the end user doesn’t need to interact with it at all.
No, DHT is just a way of determining paths and priority of value lookup by key in the network, so that the load were distributed predictably, while allowing you to find, well, what you are looking for. BTW, while everybody uses Kademlia with modifications, I’d argue that Chord is better for anything related to security and anonymity.
Storage and serving of anything big is another thing. I take it you mean that I2P nodes cache messages relayed via them when the target node is unavailable. That doesn’t have anything to do with DHT.
I2P has its own internal DHT network. Bote piggybacks on it to relay messages between Bote nodes. You can even configure it so you can address random online nodes and ask them to hold a message for another node to relay (online or offline) to obscure message timing
DHT can be used for almost anything as a generic key value store, even if the typical use is just peer finding
Sounds like the staking is a way to incentivize individual node uptime. Also you need to pay into the stake to get going so there is some financial pain involved in neglecting, or worse, manipulating a node. Though it sounds like around €1000 per node, so it’s not really going to slow down governments or billion dollar commercial competitors.
It’s also a way that people can contribute to the network without needing third party payment services. I don’t need to find some node operator’s socials and look up a patron to use a credit card.
If I already have an account with a crypto exchange then it’s easy to pay the operators.
I would not recommend it. Session is a signal fork that deliberately removes forward secrecy from the protocol and uses weaker keys. The removal of forward security means that if your private key is ever exposed all your past messages could be decrypted.
The main issue with Session is they removed PFS when they redesigned everything. Also, it’s admittedly been years since I tried it, but I remember the app being noticeably buggy.
It’s gotten more usable over the past couple of years. Sadly, I just got done getting all my family/friend contacts to get on Signal (they’d much prefer to use WhatsApp) so Session remains a lonely place for me. I seem to use it solely as a place to stash notes for myself, even though I do this with Signal as well.
I don’t know that we’ll ever see a messenger that both appeals to everyone and has all the features we want (from privacy to visual appeal).
I feel like this about SimpleX. It was a hellish struggle to get people to use Signal (and still a bunch only use Instagram or insist on doing plain phone calls/SMS). Some of my family continuously complain that Signal is too complicated despite the interface being pretty much exactly the same as whatever app they want to use. I really don’t want to try to get them to use another app ever again.
I found it workable when I tried it recently, but wound up going with simpleX. I like the multi identity system and you can proxy it through tor. Found the app customization more flushed out too.
Session is a decentralized alternative to signal. It doesn’t require a phone number and all traffic is routed through a tor like onion network. Relays are run by the community and relay operators are rewarded with some crypto token for their troubles. To prevent bad actors from attacking the network, in order to run a relay you have to stake some of those tokens first and if your node misbehaves thay will get slashed.
shame their entire node system relies on cryptobros tech.
tor doesnt need currency to back it up. i2p doesnt need currency to back it up. why the hell lokinet does?
Tor relays only relay the traffic, they don’t store anything (other than HSDirs, but that’s miniscule). Session relays have to store all the messages, pictures, files until the user comes online and retrieves them. Obviously all that data would be too much to store on every single node, so instead it is spread across only 5-7 nodes at a time. If all of those nodes ware to go offline at the same time, messages would be lost, so there has to be some mechanism that discourages taking nodes offline without giving a notice period to the network. Without the staking mechanism, an attacker could spin up a bunch of nodes and then take them all down for relatively cheap, and leave users’ messages undelivered. It also incentivizes honest operators to ensure their node’s reliability and rewards them for it, which, even if you run your node purely for altruistic reasons, is always a nice bonus, so I don’t really see any downside to it, especially since the end user doesn’t need to interact with it at all.
I2P already did that with their DHT network (remember DHT?). I2P Bote uses that for messaging
Eh, no. A DHT doesn’t solve offline storage of data, when the source node is already offline, and the target node is not yet online.
It does temporarily, on the order of hours to days. It’s not designed to use the network for long term storage, just message passing
No, DHT is just a way of determining paths and priority of value lookup by key in the network, so that the load were distributed predictably, while allowing you to find, well, what you are looking for. BTW, while everybody uses Kademlia with modifications, I’d argue that Chord is better for anything related to security and anonymity.
Storage and serving of anything big is another thing. I take it you mean that I2P nodes cache messages relayed via them when the target node is unavailable. That doesn’t have anything to do with DHT.
I2P has its own internal DHT network. Bote piggybacks on it to relay messages between Bote nodes. You can even configure it so you can address random online nodes and ask them to hold a message for another node to relay (online or offline) to obscure message timing
DHT can be used for almost anything as a generic key value store, even if the typical use is just peer finding
https://bote.readthedocs.io/en/latest/v5/kademlia/
Ye-es, but wouldn’t that be kinda slow?
yet they couldve done this with volunteer nodes or even their own, because not even the server knows the content, right?
Can you think of another way for people across the world to easily pay each other directly?
lokinet is for data transfer, like a message from your phone to mine, not a currency. Thats why its odd it uses staking instead of any nodes.
Sounds like the staking is a way to incentivize individual node uptime. Also you need to pay into the stake to get going so there is some financial pain involved in neglecting, or worse, manipulating a node. Though it sounds like around €1000 per node, so it’s not really going to slow down governments or billion dollar commercial competitors.
Exactly.
It’s also a way that people can contribute to the network without needing third party payment services. I don’t need to find some node operator’s socials and look up a patron to use a credit card.
If I already have an account with a crypto exchange then it’s easy to pay the operators.
I would not recommend it. Session is a signal fork that deliberately removes forward secrecy from the protocol and uses weaker keys. The removal of forward security means that if your private key is ever exposed all your past messages could be decrypted.
The main issue with Session is they removed PFS when they redesigned everything. Also, it’s admittedly been years since I tried it, but I remember the app being noticeably buggy.
It’s gotten more usable over the past couple of years. Sadly, I just got done getting all my family/friend contacts to get on Signal (they’d much prefer to use WhatsApp) so Session remains a lonely place for me. I seem to use it solely as a place to stash notes for myself, even though I do this with Signal as well.
I don’t know that we’ll ever see a messenger that both appeals to everyone and has all the features we want (from privacy to visual appeal).
I feel like this about SimpleX. It was a hellish struggle to get people to use Signal (and still a bunch only use Instagram or insist on doing plain phone calls/SMS). Some of my family continuously complain that Signal is too complicated despite the interface being pretty much exactly the same as whatever app they want to use. I really don’t want to try to get them to use another app ever again.
This is a bad tool but even if it weren’t the no phone number thing is an anti-feature for most of the population.
I found it workable when I tried it recently, but wound up going with simpleX. I like the multi identity system and you can proxy it through tor. Found the app customization more flushed out too.
Just use Briar or SimpleX instead of this clowns’ service with no perfect forward secrecy