qtlin
commented
6 months ago Having a list of all authenticated devices is an absolute must for any contemporary messenger. I am not sure if session messenger protocol can implement it, though. Many don't even consider session messenger for this reason.
Is there an existing request for feature?
What feature would you like?
I would like to propose the addition of an Unauthorized Access Notification feature in Session. This feature would alert users whenever their account is accessed from a new or unrecognized client, providing an added layer of security and awareness. Given the privacy-centric nature of Session, users might not be immediately aware if their passphrase or recovery phrase gets compromised and is used by an impersonator to access their account. This feature could potentially mitigate such security risks by providing timely notifications to users about any unauthorized access.
Anything else?
The absence of a centralized server in Session Messenger's architecture, while enhancing privacy, might pose challenges in implementing traditional security notifications. However, devising a mechanism that balances both privacy and security by alerting users of unauthorized access, without compromising the anonymity and decentralized nature of the platform, would significantly bolster the trust and safety of using Session. This feature could be an optional setting that users can enable or disable based on their preference, ensuring that it aligns with the privacy values that Session upholds.
Disclaimer: I'm not very familiar with the project's setup, so I don't know if this suggestion is doable or not.