The Session team is based in Australia, but Session has infrastructure all around the world. Rather than set up shop in Switzerland and hope that the regulatory environment never changes, we focused on developing technology that could be resistant to surveillance by governments (and everyone else too)ĭecentralisation and metadata minimisation are the core of that ideal. But there’s a pretty simple reason as to why we chose to build here anyway: running from legislators isn’t a solution. Being built in Australia, one of the Five-Eyes intelligence alliance countries, meant accepting that hostile regulation was likely to come. From the very beginning of Session, and Oxen, we have been ready for regulatory hostility. When using fast mode neither Apple nor the OPTF can see the contents of your messages, who you’re talking to, or exactly when messages are sent or received. Registration of your Session ID and unique push notification token to the OPTF push notification server is necessary for detection and signaling of new messages and is low impact as registration occurs using onion requests meaning your Session ID and push notification token are never tied to any real world identifier (such as your IP address). These exposures are fairly minimal, because Apple will likely already know your device’s IP address through telemetry data or other applications on your device using push notifications. Additionally, you will expose your Session ID and unique push notification token to an OPTF operated push notification server, for the purpose of providing notifications to the APNs server. This requires your device IP address and unique push notification token are exposed to an Apple operated push notification server. If you choose fast mode, Session will use APNs push notification service to deliver push notifications to your device. If a new message is found, it is presented to you as a notification on your device. If you choose slow mode, the Session application runs in the background and periodically polls its swarm (see What is a swarm) for new messages. Session’s iOS client has two options for notifications: background polling (slow mode), and Apple Push Notification Service (APNs) (fast mode). When using fast mode neither Google nor the OPTF can see the contents of your messages, who you’re talking to, or exactly when messages are sent or received. These exposures are fairly minimal, Google will likely already know your device’s IP address through telemetry data or other applications on your device using push notifications. Additionally, you will expose your Session ID and unique push notification token to an OPTF operated push notification server, for the purpose of providing the actual notifications to the Google FCM server. This requires that your device IP address and unique push notification token are exposed to a Google operated push notification server. If you choose fast mode, Session will use Google’s FCM push notification service to deliver push notifications to your device. If a new message is found, it is presented to you as a local notification on your device. Session’s Android client has two options for notifications: background polling (slow mode), and Firebase Cloud Messaging (fast mode). Session has also undergone a security audit by Quarkslab, the results of which can be found here. Session is a project of the Oxen Privacy Tech Foundation, a not-for-profit organisation whose mission is to provide the world with better access to digital privacy technologies. Session’s code is open-source and can be independently audited at any time. For more technical details, read our blog on onion requests. For more on this, check out What is an onion routing network? below. Onion requests protect user privacy by ensuring that no single server ever knows a message’s origin and destination. When using Session, your messages are sent to their destinations through a decentralised onion routing network similar to Tor (with a few key differences), using a system we call onion requests. Session keeps your communication private, secure, and anonymous. However, when you use Session, the identities of the people communicating are also protected. Conversations in Session are end-to-end encrypted, just as in most private messengers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |