Closed jnorthrup closed 1 month ago
Sorry, i don't understand the issue which is being reported here? can you please provide a more detailed written explanation of the issue in English.
Im reporting a sniffer that picked up on my session conversation and presented my exact mention back on youtube front page, using windows 11 brave browser.
The mention of Eddie Van Halen is absolutely one of a kind for me in years. similarly i have no bookmarks or history containing van halen or Eddie Van Halen
I have some theories, none of them involve google being informed knowingly about an Eddie Van Halen mention.
I will keep an eye out for the situation recurring in other contexts, but i do hope it helps to report this.
Okay, there isn't anything in the Session app which communicates any of the messages you type or send to any third party, so hard to see how this would occur.
No wonder. The Idea of using secure / private messenger on Spyware OS full of keyloggers and AI (both Win / Mac) - nullifies the concept of any secure and private messenger - there's nothing you can do about it except stop using the OS.
In order to prevent it - all Session can do is stop wasting resources and energy on Windows / Mac builds and restrict them...which is not optimal, but at least it's one way to make sure no single side of a conversation will be compromised.
As things are now, i myself have to explicitly ask and trust people that i talk with to never use Session on Win / Mac / iOS....and on Android that at least they have FOSS keyboard installed, and it doesn't connect to the internet.
there's this isn't a fort knox installation luckily i have some wiggle room before i get overwhelmed with zombies and have to reinstall.
first things I feel should be checked is to find adhesions like opt-ins. im suspect that the opting in of windows preview features does indeed give a preview to them. there are other dll's that can be dated to the incident and checked for recent installs. this isn't normally a thing i spend time on and aside from well meaning recceomndations of hygeine, this isn't a call for that, but I'm agreeable to simple suggestions that others may know of to come up with a/b discriminators to nail down the ingress and egress points of some tokens.
It's impossible to "fix" Windows by flipping options, changing registry or even pirate-build iso with supposedly cut off stuff. It will be re-surfaced on next update, you don't control Windows.
Just use Linux, and be aware that if someone you're talking with on Session uses Win / Mac / iOS / Android (with default keyboard) - your conversations with such person can and will be compromised by their OS.
yeah that's really good advice for personal hygiene. on that note a discussion of tools to trap library calls and ida pro scripts are interesting too. like wireshark for dll's.
On Wed, May 15, 2024 at 6:05 AM keybreak @.***> wrote:
It's impossible to "fix" Windows by flipping options, changing registry or even pirate-build iso with supposedly cut off stuff. It will be re-surfaced on next update, you don't control Windows.
Just use Linux, and be aware that if someone you're talking with on Session uses Win / Mac / iOS / Android (with default keyboard) - your conversations with such person can and will be compromised by their OS.
— Reply to this email directly, view it on GitHub https://github.com/oxen-io/session-desktop/issues/3103#issuecomment-2112093734, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAR6KQN6WR2BZI2PEOYZJTZCMXNZAVCNFSM6AAAAABHTM7IVCVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCMJSGA4TGNZTGQ . You are receiving this because you authored the thread.Message ID: @.***>
Closing this for now, as its not really something that is in scope for Session to tackle
which authors put thier name on some kind of security in the client or the dev tools? "saying windowz is insecure dont use it" is a cop-out. @KeeJef
the distinct lack of any discussion about actual security here is pretty concerning on the viability of even using this client on the majority desktop platform. we don't simply pass plain text and blame the sniffers for showing it
Code of conduct
Self-training on how to write a bug report
Is there an existing issue for this?
Current Behavior
we write ze konverzsachon und ve zee ze zocialization of our konverzunfroogen!
Expected Behavior
no monetized session conversations.
Steps To Reproduce
No response
Desktop Version
No response
Anything else?
No response