dirtfindr@lemmy.mltoPrivacy@lemmy.ml•Session: A Private Messenger That Doesn't Need Phone Number
2·
5 years agoThe fact that there is no mandatory phone reg. puts Session above Signal. But Session is still very dicey:
- www.getsession.org is a CloudFlare site, which indicates that the staff on that project lack some basic knowledge about privacy - or they just don’t care. (note that Signal also uses CloudFlare)
- the developers have some kind of alt-right tendencies: https://chaos.social/@laufi/103825791713996438 The problem is not just ethical but conservatives inherently do not value privacy. They value money very much. This is a bad combination for a platform that wants to be privacy-centric.
- they put a lot of energy into having a professional appearance. This is consistent with corporations with profit-driven intentions and atypical of charitible free software projects. Their org chart has everyone’s photo (not characteristic of privacy advocates) and every single means of contact of every staff member is through Microsoft or Twitter.
- website has links to privacy abusers (Facebook, MS Github, Twitter) and not a single link to any social networking service that self-respecting privacy proponents can use.
- their email address traverses Google’s servers and has no PGP key.
- their project is managed on Microsoft Github.
BTW @AgreeableLandscape, itsfoss.com is not a good site to publicize; it’s also jailed in CloudFlare walled garden (thus calling into question the extent to which that site genuinely respects freedom).
The only useful effect of Session is that it serves as a PR jab at Signal for requiring phones. And if it helps divide or shrink the Signal community that’s a good thing.
Supplying an email address on Lemmy used to be optional. Has that changed?
I think that’s determined by the searx instance. Some instances let you choose your UI language, as well as the results language. You can also do “site:de” if you want to search *.de sites for example.
Why would POST prevent leakage? As long as the site is HTTPS, the query is encrypted regardless of whether it’s HTTPPOST or HTTPGET.