Looks like I will be trying out Session messenger (getsession.org). It's a fork of with many of the same advantages, in particular unproblematic setup. It appears to have made more sensible decisions in some areas however - accounts not bound to phone numbers, random recovery codes etc.

One has to share a lengthy Session ID before communicating with someone however.

Oh, and did I mention that one can create an account from the desktop client without hacking the app?

Show thread

Me trying out Session messenger came to an abrupt end - I'm uninstalling it and recommend that everybody does the same. People pointed out the app's connections to the alt-right scene which I could sadly confirm. So I don't want to contribute to them washing the stains away.

Show thread

This German-language video shows Loki Network's main developer (Jeff/majestrate) pitch his baby on 8chan and being celebrated by the alt-right for it (at 27:46). For reference, Loki Network is the foundation of Session and developed by the same startup. media.ccc.de/v/36c3-10639-let_

Show thread

Later 8chan was deplatformed and came back on Loki Network. The article calls it "inadvertent help" but it appears to be everything but that. The CEO is cited with the words "some Loki staff may have advised 8kun administrators 'to a limited extent'."


Show thread

I looked up Jeff's online presences. On Twitter he says "no fun allowed" but on his Pleroma instance he openly posts and links to racist and sexist content. He seems to be tightly embedded in the alt-right scene. So - yes, it all checks out.

Β· Web Β· 4 Β· 0 Β· 2

And now Jeff's crowd discovered my Mastodon account. So they predictably defend him as merely "shitposting" and having a "dark humor." And either way, Jeff never pitched Loki Network to 8chan. And even if he did, what does that have to do with Session? Yeah, sure...

Show thread

Yet somehow his "dark humor" universally unloads on non-white people and women (never mind "Communists", seems to be a popular obsession in the US). And some anonymous pitched his newly developed Loki Network on 8chan, collecting some applause for creative protocol naming.

Show thread

And - yes, Loki Network is not the same as Session. But they are both developed by the same startup and the former is the foundation of the latter. And if that startup "tolerates" people with racist and sexist views, we know the toxic swamps that result from that.

Show thread

@WPalant Bummer. Had Session high on my to-try list.

@fschaap Yes, I actually liked the app. On Twitter Kee Jefferys (CTO of Session) is saying that he wasn't aware of this and will look into it. Which can mean three outcomes:

1. Jeff leaves.
2. Kee Jefferys leaves.
3. Nothing happens and the whole thing is swept under the carpet.


@WPalant Thanks. Guess we'll have to keep an eye on that then. Hard question though... what if someone of questionable morals invented faster than light travel, would we choose to not use the invention? Technology is not neutral, that we know, but what if you can still put it to good use? Or should the project be forked to be used in good conscience? And would you then want to maintain interoperability?

@fschaap What if that someone invented FTL travel with the explicit intention of invading already inhabited worlds?

@WPalant Considering the state of the world, plenty of those ships would be leaving. Should we then not use FTL catch up with those ships and prevent them from invading already inhabited worlds?

@fschaap @WPalant I Think the analogy should be more like what FTL was developed so that it was dependent harvesting the hearts from unwilling slaves... In that case if the technology could be evolved to use *artificial hearts* instead then we could use it to chase them to prevent it.

@whonose123 @fschaap Either way, what we have here are multiple FTL drives developed - some working better than others and one developed by a creep with sinister intentions. It's really a no-brainer, we can stay clear of the creep and look at the other ones. One of them is bound to work out.

Neat @jeff, you can read a mirror of his observations here too, with responses and answers.
@whonose123 @fschaap sup'all.
Hopefully you have the mental aptitude to separate shitposting on a personal account and actually treating infosec seriously.
t. another real ph.d cryptographer with dark dark humor😜
@WPalant @fschaap let's make a poll to decide the fate of this:
@hector @WPalant @fschaap my only sin is not being polite about not wanting to join their cult. i am exmormon so i know a cult when i see it.

@fschaap even if what @WPalant said about jeff was somehow true, he still has no involvement in session, just lokinet

@WPalant This is a real shame, I was going to give it a run myself, but I won't now.

@WPalant every time i hear @jeff and "alt-right" in the same sentence, i bust out laughing at how absurd it is, because ive been around him for years and he's the furthest one can be away from that shit. but go ahead, pretend youre an expert on his character, i'll get popcorn
> @jeff's Crowd
LMAO, nvm, your opinion is cliquish.
> if that startup "tolerates" people with racist and sexist views, we know the toxic swamps that result from that.
When you have a technical opinion, I'll read it. For now, you don't seem to actually give a fuck about people's lives depending on privacy and encryption.
@whonose123 @leip4Ier Are you two more clowns in security theatre or something?
@WPalant can you leave twitter already instead of xposting all your drivel in two places, one is bad enough
Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.