this post was submitted on 11 Apr 2026
14 points (93.8% liked)

Opensource

5929 readers
143 users here now

A community for discussion about open source software! Ask questions, share knowledge, share news, or post interesting stuff related to it!

CreditsIcon base by Lorc under CC BY 3.0 with modifications to add a gradient


founded 2 years ago
MODERATORS
pylapp@programming.dev
14
The messaging app Session is in big financial trouble. (getsession.org)
submitted 2 days ago* (last edited 2 days ago) by freeman@feddit.org to c/opensource@programming.dev
8 comments fedilink hide all child comments
 

also an article on itsfoss:

https://itsfoss.com/news/session-call-for-donations/

you are viewing a single comment's thread
view the rest of the comments
[–] blah3166@piefed.social 2 points 1 day ago* (last edited 1 day ago) (1 children)

I’m a IT-Specialist for application development

Appeal to authority.

Session is indeed a good competitor

Unfounded claim.

thought they had some flaws

Flaws they introduced by removing PFS (Perfect Forward Secrecy) and Cryptographic Deniability, just to name two big ones, which they got free from Signal. For anyone not aware, they removed these security features because it made development more difficult for them, not because it was in the interest of their users.

upcoming V2 protocol would’ve fixed

Has yet to be seen, although if they bring back PFS, they will have at least reached Signal's level of privacy/security from over a decade ago

Edit:
Additional, more technical details on why you shouldn't use Sessions: https://soatok.blog/2025/01/14/dont-use-session-signal-fork/

[–] voxel@feddit.uk 1 points 1 day ago* (last edited 1 day ago)

Appeal to authority.

?

Unfounded claim.

I've done my research.

Has yet to be seen

I'm relatively confident that they well do the things they've promised.

https://getsession.org/blog/session-protocol-v2

Additional, more technical details on why you shouldn't use Sessions:

Session has responded to that blog post, mostly debunking it. There is also a response from Soatok to their response, and they edited their original response afterward to address Soatok's response to Session's original blog post. Session was also audited by third parties, which had already pointed out some of the things Soatok mentioned in his blog post, and that does not mean Session is insecure or unable to compete with SimpleX, Threema, DeltaChat, Briar, and many other “private messengers.” Signal requires a phone number, which in Germany where I live, is by law attached to your identity and is also a unique identifier and an attack surface. I use and prefer Signal over Session, but Signal also has many small flaws.

https://soatok.blog/2025/01/20/session-round-2/

https://getsession.org/blog/a-response-to-recent-claims-about-sessions-security-architecture

I will also not continue this conversation further if nothing that I have not already clarified is brought up.