this post was submitted on 01 Sep 2025
65 points (94.5% liked)
Open Source
40337 readers
620 users here now
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Useful Links
- Open Source Initiative
- Free Software Foundation
- Electronic Frontier Foundation
- Software Freedom Conservancy
- It's FOSS
- Android FOSS Apps Megathread
Rules
- Posts must be relevant to the open source ideology
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
- !libre_culture@lemmy.ml
- !libre_software@lemmy.ml
- !libre_hardware@lemmy.ml
- !linux@lemmy.ml
- !technology@lemmy.ml
Community icon from opensource.org, but we are not affiliated with them.
founded 6 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
check out https://soatok.blog/2025/01/14/dont-use-session-signal-fork/ and https://soatok.blog/2025/01/20/session-round-2/ . session doesn't even have PFS(perfect forward secrecy), whichbcan be very useful, sonfi a key is cracked, then only a few messages can be decrypted.
I would also use Signal instead, but Session's situation is not that bad unless one needs to accommodate the CIA or Mossad as part of their threat model, in which case I think SimpleX would be a better option. This is also in the article you posted:

Edit: I didn't notice that the original commenter had said they "switched from Signal" at first, which is definitely worse.
Why would simplex be better in that case?
The lack of PFS and 256bit encryption in Session is a little concerning, and one other advantage of SimpleX is that it has no unique identifiers at all while Session uses random IDs and Signal requires a phone number.
I thought signal doesn't require a phone number anymore ?
It still does, but they did add a username system so you don't need someone's phone number to contact them.