Synnr

Session was at first a fork of Signal without usernames.

Now by design it uses their own custom tor-like service (instead of just... using tor) and does not support forward secrecy or deniable authentication, so anyone who collects the messages in transit can either find a vulnerability in the encryption scheme, or spend enough GPU resources to crack it, and they have confirmation of who sent and received the message and what the contents of the message are. And is headquartered in Australia, which is 5EYES and much more against encryption than the US. Oh, and the server is closed-source.

Regarding Australia's 2018 bill...

The Australian Parliament passed a contentious encryption bill on Thursday to require technology companies to provide law enforcement and security agencies with access to encrypted communications. Privacy advocates, technology companies and other businesses had strongly opposed the bill, but Prime Minister Scott Morrison’s government said it was needed to thwart criminals and terrorists who use encrypted messaging programs to communicate.

Regarding the 'vulnerability or cracking them later' bit...

Messages that are sent to you are actually sent to your swarm. The messages are temporarily stored on multiple Service Nodes within the swarm to provide redundancy. Once your device picks up the messages from the swarm, they are automatically deleted from the Service Nodes that were temporarily storing them.

From Session's own FAQ:

Session clients do not act as nodes on the network, and do not relay or store messages for the network. Session’s network architecture is closer to a client-server model, where the Session application acts as the client and the Service Node swarm acts as the server. Session’s client-server architecture allows for easier asynchronous messaging (messaging when one party is offline) and onion routing-based IP address obfuscation, relative to peer-to-peer network architectures.

I wouldn't touch it with a 12ft ladder.

I automatically read it as private key, good catch

I didn't agree with their decision at all at the time, but now that I realize they made it a little while after it gained widespread adoption and people stopped using it because "Signal isn't actually secure!" ... seems like people were expecting a secure messenger to be, well, secure. So they would chat about anything and everything thinking "I am using a secure messenger, these messages can't be read..." and tech ignorance is a dangerous thing if you're trying to be secure. I would've preferred a colored window and un-closable message for SMS chats, but oh well. I like that they've introduced usernames so you don't have to give out your real number.

Me here waiting for the autys to miss the sarcasm and spread some weaponized autism about the most secure ways to chat.. Just no EncroChat or Session, please.

Year of the Linux Desktop! 1999-2035!

Yup, I wouldn't be knocking either. Thank you for your service. Amazon?

They're just smartphone apps as a way to interact with Lemmy, versus visiting it in a browser. If you mostly use Lemmy on desktop, search 'lemmy frontend' for other options.

Is docker virtualized or otherwise emulating something? It's just a way to package things, like an installer? Then it's bare metal.

I had to look this up too, I thought docker containers were virtualized.

That would make sense if the cause is some looping from hanging DNS lookups. Someone should (and likely has) notified the devs about this.

Another possible solution, from https://help.nextcloud.com/t/server-hangs-and-then-is-fine-for-a-bit-then-hangs-again/153917/16

Exactly this. There's a massive difference between providing a product and laying it all out plainly in the terms of service, and providing a product to remotely hack phones through said service with no prior agreement by the user to be hacked.

First sentence of the article:

NSO Group, the maker of one the world’s most sophisticated cyber weapons, has been ordered by a US court to hand its code for Pegasus and other spyware products to WhatsApp as part of the company’s ongoing litigation.

NSO Group has been ordered to hand over the Pegasus malware code that allows them to silently infect phones via WhatsApp, so Meta can fix it. This isn't NSO Group being forced to hand over WhatsApp source code.

There will be at most 5 software developers who have access to the code, on a non-networked machine, surrounded by a group of lawyers the entire time. No one will have the ability to leak the Pegasus code. After that, it will probably be handed to the random mormon-looking plainclothes guy nobody in the room can figure out, who will take it back to the NSA so they can scour it for any non-WhatsApp 0days they don't already have.

It's worth noting that NSO Group is an Israeli company, as are many 'legal' entities of hacking software and hardware used by many nations.

Perhaps change 'by' for 'next to' and put an empty weather-resistant container by them? Put it before the bins, so it's the first thing they physically walk to.