libsignal-protocol-c
session-android
libsignal-protocol-c | session-android | |
---|---|---|
4 | 174 | |
1,348 | 1,679 | |
- | 3.0% | |
0.0 | 9.5 | |
almost 4 years ago | 6 days ago | |
C | Java | |
GNU General Public License v3.0 only | GNU General Public License v3.0 only |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
libsignal-protocol-c
-
I wonder why Signal’s download size is so much larger than the competition? Intuition says it would be smaller
Signal wrote their own open source protocol, libsignal, to provide end to end encryption; or as they put it "a ratcheting forward secrecy protocol that works in synchronous and asynchronous messaging environments." Source I'd wager good money a chunk of that space is for said library and dependencies PLUS the regular rigamarole for an Android app.
-
Session Encrypted Messenger
The whitepaper at [1] is more impressive than I expected it to be, not for what is built today (which on a quick read appears to be rather unexciting), but for the class of attacks recognised as unsolved, and identified as requiring future work.
Improvements identified include:
1) Encrypted messages should have a constant size (padded). Note that the Signal protocol used by Session currently uses variable length messages[2].
2) Encrypted messages should be sent as noise by clients through the onion network and back to themselves at random intervals frequent enough that messages to/from other parties are statistically indistinguishable to Eve from the noise generated.
3) Intermediate nodes in the onion network should hold and delay encrypted messages so they are adequately mixed before being sent forward. This makes it statistically difficult for Eve to match up a message entering a node and a message leaving a node. Ideally messages would be mixed across enough nodes of the onion network that
4) Proof of work should be replaced with a better technique for preventing degradation of service or spam attacks. The paper quite rightly identifies that proof of work would favour Eve who has setup a data center filled with custom ASICs solving proof of work problems, rather than favouring Alice or Bob with an energy efficient mobile phone SoC. CAPTCHAs are identified as a possible future solution to this class of attacks.
I doubt those improvements would have much application outside of labs and experiments though. Unless a significant part of the global economy surprisingly becomes dependent on a traffic analysis resistant anonymising protocol, it is too easy to just block such protocols similar to what China does with its Great Firewall.
[1] https://arxiv.org/pdf/2002.04609.pdf
[2] https://github.com/signalapp/libsignal-protocol-c/blob/maste...
-
Are There Any Tutorials On How To Use The Signal
Signal protocol library for C/C++.
- Millions Flock to Telegram and Signal as Fears Grow Over Big Tech
session-android
- Signal: Keep your phone number private with Signal usernames
-
What are you shocked people are still doing nowadays?
Other alternatives include Session (free) and Threema (paid - 5€).
-
Tyranny Censorship? No problem, Self-custody your content distribution
Test it by downloading session at getsession.org and DM the bot by starting a new message and sending it to “Simple” (without quotes)
- Launching Default End-to-End Encryption on Messenger
- Which communication App is most secure / anonymous?
-
Official/Unofficial Monero Session Community Hangout?
Figured there should be moves to set one up if not - https://getsession.org/
- Session: Send Messages, Not Metadata
-
Signal: The Pqxdh Key Agreement Protocol
* marketing "Perfect Forward Secrecy" AKA "Forward Secrecy"[0].
I favor Session Private Messenger[1] because it is decentralized and allows third party clients, but Signal enthusiasts warn me that the Session client may, hypothetically, at some future date, integrate a cryptocurrency, as the Signal client already does[2].
[0] https://en.wikipedia.org/wiki/Forward_secrecy
[1] https://getsession.org
[2] https://www.stephendiehl.com/blog/signal.html
-
U.K. Abandons, for Now, Legislation That Would Have Banned End-to-End Encryption
If you have a mobile phone number, the domestic intelligence agency knows exactly where you are at all times and any LEO (without a warrant) can also find you. In addition, there have been numerous CCC presentations showing how insecure the global (excluding US) and (separately) US carriers are guilty of promiscuous metadata trafficking ($$) and insecure SS7 setups. As a consequence, for low $, you can go to any one of several shady websites and find the last location of almost any phone number (person unique ID) globally. There are additional varying exploitable vulnerabilities depending on the exact combination of {handset x carrier x country} to impersonate them, tap their line, reveal their exact location, and redirect their phone number through a third-party handset or even a PBX. These are more expensive and some capabilities are forbidden for all but a few selective intelligence uses.
Session (Signal fork) doesn't use phone numbers. It's pretty well-designed overall and uses an onion routing approach. It's already a superset of Signal except it doesn't use phone numbers. https://getsession.org
Also look interesting:
* (unproven) https://www.olvid.io/technology
* (unproven) https://simplex.chat
PS: Using regular TOR on home broadband or cloud servers is relatively risky and inefficient. Sybil attacks on it are common. And to network operators and security agencies it gives an easy "flow tag" of your uplink and exit node data traffic as automatically suspicious.
- E2EE messenger for who want absolute privacy and freedom from any surveillance
What are some alternatives?
libsignal-protocol-javascript - This library is no longer maintained. libsignal-protocol-javascript was an implementation of the Signal Protocol, written in JavaScript. It has been replaced by libsignal-client’s typesafe TypeScript API.
simplex-chat - SimpleX - the first messaging network operating without user identifiers of any kind - 100% private by design! iOS, Android and desktop apps 📱!
wire-server - 🇪🇺 Wire back-end services
berty - Berty is a secure peer-to-peer messaging app that works with or without internet access, cellular data or trust in the network
libsignal-protocol-java - Signal Protocol library for Java/Android
session-open-group-server
loki-network - Lokinet is an anonymous, decentralized and IP based overlay network for the internet.
lokinet-gui - GUI Control panel for Lokinet built using electron
µWebSockets - Simple, secure & standards compliant web server for the most demanding of applications
oxen-core - Oxen core repository, containing oxend and oxen cli wallets
session-desktop - Session Desktop - Onion routing based messenger
Seal - 🦭 Video/Audio Downloader for Android, based on yt-dlp, designed with Material You