session-android
oxen-storage-server
session-android | oxen-storage-server | |
---|---|---|
174 | 5 | |
1,693 | 26 | |
3.8% | - | |
9.5 | 8.6 | |
1 day ago | about 2 months ago | |
Java | C++ | |
GNU General Public License v3.0 only | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
session-android
- Signal: Keep your phone number private with Signal usernames
-
What are you shocked people are still doing nowadays?
Other alternatives include Session (free) and Threema (paid - 5€).
-
Tyranny Censorship? No problem, Self-custody your content distribution
Test it by downloading session at getsession.org and DM the bot by starting a new message and sending it to “Simple” (without quotes)
- Launching Default End-to-End Encryption on Messenger
- Which communication App is most secure / anonymous?
-
Official/Unofficial Monero Session Community Hangout?
Figured there should be moves to set one up if not - https://getsession.org/
- Session: Send Messages, Not Metadata
-
Signal: The Pqxdh Key Agreement Protocol
* marketing "Perfect Forward Secrecy" AKA "Forward Secrecy"[0].
I favor Session Private Messenger[1] because it is decentralized and allows third party clients, but Signal enthusiasts warn me that the Session client may, hypothetically, at some future date, integrate a cryptocurrency, as the Signal client already does[2].
[0] https://en.wikipedia.org/wiki/Forward_secrecy
[1] https://getsession.org
[2] https://www.stephendiehl.com/blog/signal.html
-
U.K. Abandons, for Now, Legislation That Would Have Banned End-to-End Encryption
If you have a mobile phone number, the domestic intelligence agency knows exactly where you are at all times and any LEO (without a warrant) can also find you. In addition, there have been numerous CCC presentations showing how insecure the global (excluding US) and (separately) US carriers are guilty of promiscuous metadata trafficking ($$) and insecure SS7 setups. As a consequence, for low $, you can go to any one of several shady websites and find the last location of almost any phone number (person unique ID) globally. There are additional varying exploitable vulnerabilities depending on the exact combination of {handset x carrier x country} to impersonate them, tap their line, reveal their exact location, and redirect their phone number through a third-party handset or even a PBX. These are more expensive and some capabilities are forbidden for all but a few selective intelligence uses.
Session (Signal fork) doesn't use phone numbers. It's pretty well-designed overall and uses an onion routing approach. It's already a superset of Signal except it doesn't use phone numbers. https://getsession.org
Also look interesting:
* (unproven) https://www.olvid.io/technology
* (unproven) https://simplex.chat
PS: Using regular TOR on home broadband or cloud servers is relatively risky and inefficient. Sybil attacks on it are common. And to network operators and security agencies it gives an easy "flow tag" of your uplink and exit node data traffic as automatically suspicious.
- E2EE messenger for who want absolute privacy and freedom from any surveillance
oxen-storage-server
- About new Session encryption protocol...
-
Weekly Dev Update 06/07/2021
[Storage Server] Testing, bug fixes, and miscellaneous updates for the big 2.2.0 update https://github.com/oxen-io/oxen-storage-server/pull/433
-
Weekly Dev Update 08/06/2021
https://github.com/oxen-io/oxen-storage-server/pull/433 Make random message retrieval more efficient (the current approach scales poorly as the database grows) Refactor how timestamps and TTLs are handled; we now store a timestamp and an expiry, but no longer the TTL value, instead the TTL value is simply a temporary value that can be given when storing a message to implicitly define the expiry. Remove dead code/disused OMQ endpoints. Fix SS not shutting down properly if it gets signalled while still trying to get the initial keys from oxend. Change database storage to store bytes rather than base64-encoded data. Base64 is a transport encoding that is needed for javascript, but was being wastefully stored in the database too. Change generated hash to be based on fundamental values rather than user-provided encodings. Don't require timestamp and ttl to be passed as strings anymore. Allow storing using timestamp+expiry (as an alternative to timestamp+ttl). Expose storage rpc endpoints through a new public oxenmq rpc category storage.WHATEVER (e.g. storage.store). This allows clients that want to use zmq speak more efficiently to SS. Add bt-encoded input/output support to the OMQ storage endpoints; this is noticeably more network efficient because it requires neither base64 encoding, nor establishing and handshaking new connections for every request. The OMQ storage endpoints take params either json or a bt-encoded dict, and reply in kind. Clean up internals by moving transport encoding of internal values closer to the transport layer. (Aside from a cleaner design, this was also needed to get bt-encoded responses out cleanly). Add delete/expiry API interfaces to delete all, delete selected, delete by timestamp, shorten all expiries, and shorten specific message expiries.
-
Weekly Dev Update 01/06/2021
Replace boost beast with uWebsockets https://github.com/oxen-io/oxen-storage-server/pull/432 Remove pre-HF18 legacy code/endpoints that isn't being called anymore Remove process_lns_request endpoint (it is broken, and Session clients have already switched to using oxend_rpc with ons_resolve instead). Replace boost beast http(s) client code with cpr (https://github.com/whoshuu/cpr); this is a whole lot nicer to use for HTTP requests. Replace boost beast http server code with uWebSockets (https://github.com/uNetworking/uWebSockets). This gives a much nicer interface, and makes it easy for us to add websocket support for clients in the future. Remove boost::asio; it's not needed anymore with the removal of the above. Replace bootstrap RPC code with authenticated, encrypted OMQ RPC. Remove boost circular buffer use; a regular map with a two-line trim is simpler for the block hash cache and a limit on stored snodes doesn't seem necessary for the rate limiter. Make rate_limiter clean itself periodically rather than keeping buckets around indefinitely Make rate_limiter thread-safe so that you don't need to hold the entire service_node_ lock to use it. Remove ip_utils; we don't allow redirects and are sufficiently restrictive on the URL target that it seems unnecessary (plus not having it lets us offload DNS lookup to curl as part of the request). Replace /swarms/ping_test/v1 with /ping_test/v1; this new request now returns the remote pubkey in a header, and no longer includes an SSL cert signature (so that we can drop the SSL cert signatures after HF19). The old one will still be used until HF19. Add OMQ endpoint for storage tests; starting at HF19 it will get used rather than the HTTPS one. Refactor storage test retries into request_handler (rather than being in the HTTPS specific code) Move HTTPS server-specific code for validating snode signatures from headers out of generic request_handler code and into HTTPS-specific code. Make onion proxy-to-url timeout a bit less than the onion request timeout so that the client has a better chance of getting a relayed timeout error (rather than getting a timeout from the edge node). Miscellaneous cleanups. Logger: use file and line number instead of func because the latter is nearly useless when called from a lambda. Shorten timeout values for ping tests, storage tests, and bootstrap connections to 5s, 15s, and 10s, respectively, from. Refactor recent stats reporting to use rolling averages that always have 60-70min of stats and drop off 10min at a time, rather than the 1-period hard reset. Also fixes various stats that weren't calculated/reported properly. Add onion and proxy requests to systemd status line as well as used database size. Enable WAL for sqlite3 database Removed buffered message relaying for swarm propagation; it's counterproductive with omq's persistent connections. Enable jemalloc by default.
-
Weekly Dev Update 01/04/2021
Allow http in onion requests to an external server https://github.com/oxen-io/oxen-storage-server/pull/415
What are some alternatives?
simplex-chat - SimpleX - the first messaging network operating without user identifiers of any kind - 100% private by design! iOS, Android and desktop apps 📱!
loki-network - Lokinet is an anonymous, decentralized and IP based overlay network for the internet.
berty - Berty is a secure peer-to-peer messaging app that works with or without internet access, cellular data or trust in the network
session-open-group-server
session-open-group-server
oxen-mq - Communications layer used for both the Oxen storage server and oxend
lokinet-gui - GUI Control panel for Lokinet built using electron
cpr - C++ Requests: Curl for People, a spiritual port of Python Requests.
µWebSockets - Simple, secure & standards compliant web server for the most demanding of applications
session-desktop - Session Desktop - Onion routing based messenger