Session is a decentralized alternative to signal. It doesn’t require a phone number and all traffic is routed through a tor like onion network. Relays are run by the community and relay operators are rewarded with some crypto token for their troubles. To prevent bad actors from attacking the network, in order to run a relay you have to stake some of those tokens first and if your node misbehaves thay will get slashed.
I would not recommend it. Session is a signal fork that deliberately removes forward secrecy from the protocol and uses weaker keys. The removal of forward security means that if your private key is ever exposed all your past messages could be decrypted.
Tor relays only relay the traffic, they don’t store anything (other than HSDirs, but that’s miniscule). Session relays have to store all the messages, pictures, files until the user comes online and retrieves them. Obviously all that data would be too much to store on every single node, so instead it is spread across only 5-7 nodes at a time. If all of those nodes ware to go offline at the same time, messages would be lost, so there has to be some mechanism that discourages taking nodes offline without giving a notice period to the network. Without the staking mechanism, an attacker could spin up a bunch of nodes and then take them all down for relatively cheap, and leave users’ messages undelivered. It also incentivizes honest operators to ensure their node’s reliability and rewards them for it, which, even if you run your node purely for altruistic reasons, is always a nice bonus, so I don’t really see any downside to it, especially since the end user doesn’t need to interact with it at all.
Inflation, those are new tokens generated by the network, the same way new bitcoin is generated by the miners roughly every 10 minutes, just without the proof of work mining part. It’s called proof of stake, ethereum uses it as well.
It uses it’s own crypto. It’s not really a crypto -currency- in the sense that it’s meant to be used for payment or to store value. It’s more of a crypto -token- that’s meant to provide some limited utility in it’s ecosystem. Like an arcade token in an arcade, you can use it to play the games but that’s about it. Likewise the session token can be used to get some extra functionality within the network, like registering custom names on it’s dns like service that can be used to add new contacts instead of the long default user hash or as a stake if you want to run a node. The functionality is fairly limited right now but the devs plan to expand it soon. People also sometimes use these kind of tokens as a stock of sorts, so if the service/network becomes popular the value of it’s “stock” can grow so it can be used as an investment (personally I wouldn’t recommend that but whatever floats your boat [not a financial advice btw]). The node operators profit from selling these tokens to whomever wants to buy them.
You can bring down the stake amount to 6250 tokens (~300€) by running a multi-contributor node link, but your cut of the rewards will be proportionally smaller as well.
No, DHT is just a way of determining paths and priority of value lookup by key in the network, so that the load were distributed predictably, while allowing you to find, well, what you are looking for. BTW, while everybody uses Kademlia with modifications, I’d argue that Chord is better for anything related to security and anonymity.
Storage and serving of anything big is another thing. I take it you mean that I2P nodes cache messages relayed via them when the target node is unavailable. That doesn’t have anything to do with DHT.
Sounds like the staking is a way to incentivize individual node uptime. Also you need to pay into the stake to get going so there is some financial pain involved in neglecting, or worse, manipulating a node. Though it sounds like around €1000 per node, so it’s not really going to slow down governments or billion dollar commercial competitors.
It’s also a way that people can contribute to the network without needing third party payment services. I don’t need to find some node operator’s socials and look up a patron to use a credit card.
If I already have an account with a crypto exchange then it’s easy to pay the operators.
The main issue with Session is they removed PFS when they redesigned everything. Also, it’s admittedly been years since I tried it, but I remember the app being noticeably buggy.
It’s gotten more usable over the past couple of years. Sadly, I just got done getting all my family/friend contacts to get on Signal (they’d much prefer to use WhatsApp) so Session remains a lonely place for me. I seem to use it solely as a place to stash notes for myself, even though I do this with Signal as well.
I don’t know that we’ll ever see a messenger that both appeals to everyone and has all the features we want (from privacy to visual appeal).
I feel like this about SimpleX. It was a hellish struggle to get people to use Signal (and still a bunch only use Instagram or insist on doing plain phone calls/SMS). Some of my family continuously complain that Signal is too complicated despite the interface being pretty much exactly the same as whatever app they want to use. I really don’t want to try to get them to use another app ever again.
I found it workable when I tried it recently, but wound up going with simpleX. I like the multi identity system and you can proxy it through tor. Found the app customization more flushed out too.
Session is a decentralized alternative to signal. It doesn’t require a phone number and all traffic is routed through a tor like onion network. Relays are run by the community and relay operators are rewarded with some crypto token for their troubles. To prevent bad actors from attacking the network, in order to run a relay you have to stake some of those tokens first and if your node misbehaves thay will get slashed.
I would not recommend it. Session is a signal fork that deliberately removes forward secrecy from the protocol and uses weaker keys. The removal of forward security means that if your private key is ever exposed all your past messages could be decrypted.
shame their entire node system relies on cryptobros tech.
tor doesnt need currency to back it up. i2p doesnt need currency to back it up. why the hell lokinet does?
Tor relays only relay the traffic, they don’t store anything (other than HSDirs, but that’s miniscule). Session relays have to store all the messages, pictures, files until the user comes online and retrieves them. Obviously all that data would be too much to store on every single node, so instead it is spread across only 5-7 nodes at a time. If all of those nodes ware to go offline at the same time, messages would be lost, so there has to be some mechanism that discourages taking nodes offline without giving a notice period to the network. Without the staking mechanism, an attacker could spin up a bunch of nodes and then take them all down for relatively cheap, and leave users’ messages undelivered. It also incentivizes honest operators to ensure their node’s reliability and rewards them for it, which, even if you run your node purely for altruistic reasons, is always a nice bonus, so I don’t really see any downside to it, especially since the end user doesn’t need to interact with it at all.
Where does the reward come from?
Who pays the node maintainers for keeping stable nodes online?
Inflation, those are new tokens generated by the network, the same way new bitcoin is generated by the miners roughly every 10 minutes, just without the proof of work mining part. It’s called proof of stake, ethereum uses it as well.
Okay, does this use a common crypto currency, or how do the node owners “profit” from upholding the service?
If it has its own cryptocurrency, where can they spend it?
It uses it’s own crypto. It’s not really a crypto -currency- in the sense that it’s meant to be used for payment or to store value. It’s more of a crypto -token- that’s meant to provide some limited utility in it’s ecosystem. Like an arcade token in an arcade, you can use it to play the games but that’s about it. Likewise the session token can be used to get some extra functionality within the network, like registering custom names on it’s dns like service that can be used to add new contacts instead of the long default user hash or as a stake if you want to run a node. The functionality is fairly limited right now but the devs plan to expand it soon. People also sometimes use these kind of tokens as a stock of sorts, so if the service/network becomes popular the value of it’s “stock” can grow so it can be used as an investment (personally I wouldn’t recommend that but whatever floats your boat [not a financial advice btw]). The node operators profit from selling these tokens to whomever wants to buy them.
Hey, thank you for providing actually informative answers to the other guy’s questions. It was interesting for me to read as well.
I looked into running a node, but apparently the required amount of tokens to stake is over 1000 euros. I’ll have to pass for now.
No problem, glad I could be of use.
You can bring down the stake amount to 6250 tokens (~300€) by running a multi-contributor node link, but your cut of the rewards will be proportionally smaller as well.
I2P already did that with their DHT network (remember DHT?). I2P Bote uses that for messaging
Eh, no. A DHT doesn’t solve offline storage of data, when the source node is already offline, and the target node is not yet online.
It does temporarily, on the order of hours to days. It’s not designed to use the network for long term storage, just message passing
No, DHT is just a way of determining paths and priority of value lookup by key in the network, so that the load were distributed predictably, while allowing you to find, well, what you are looking for. BTW, while everybody uses Kademlia with modifications, I’d argue that Chord is better for anything related to security and anonymity.
Storage and serving of anything big is another thing. I take it you mean that I2P nodes cache messages relayed via them when the target node is unavailable. That doesn’t have anything to do with DHT.
yet they couldve done this with volunteer nodes or even their own, because not even the server knows the content, right?
Can you think of another way for people across the world to easily pay each other directly?
lokinet is for data transfer, like a message from your phone to mine, not a currency. Thats why its odd it uses staking instead of any nodes.
Sounds like the staking is a way to incentivize individual node uptime. Also you need to pay into the stake to get going so there is some financial pain involved in neglecting, or worse, manipulating a node. Though it sounds like around €1000 per node, so it’s not really going to slow down governments or billion dollar commercial competitors.
Exactly.
It’s also a way that people can contribute to the network without needing third party payment services. I don’t need to find some node operator’s socials and look up a patron to use a credit card.
If I already have an account with a crypto exchange then it’s easy to pay the operators.
The main issue with Session is they removed PFS when they redesigned everything. Also, it’s admittedly been years since I tried it, but I remember the app being noticeably buggy.
It’s gotten more usable over the past couple of years. Sadly, I just got done getting all my family/friend contacts to get on Signal (they’d much prefer to use WhatsApp) so Session remains a lonely place for me. I seem to use it solely as a place to stash notes for myself, even though I do this with Signal as well.
I don’t know that we’ll ever see a messenger that both appeals to everyone and has all the features we want (from privacy to visual appeal).
I feel like this about SimpleX. It was a hellish struggle to get people to use Signal (and still a bunch only use Instagram or insist on doing plain phone calls/SMS). Some of my family continuously complain that Signal is too complicated despite the interface being pretty much exactly the same as whatever app they want to use. I really don’t want to try to get them to use another app ever again.
This is a bad tool but even if it weren’t the no phone number thing is an anti-feature for most of the population.
Just use Briar or SimpleX instead of this clowns’ service with no perfect forward secrecy
I found it workable when I tried it recently, but wound up going with simpleX. I like the multi identity system and you can proxy it through tor. Found the app customization more flushed out too.