Bra podcast
Sveriges mest populära poddar
FLOSS-819
Jonathan: Hey folks, this week we have a conversation with Key Jeffries, one of the minds behind Session, an open source encrypted messaging app that has to do with the blockchain and Tor and all kinds of other interesting stuff. You don't want to miss it, so stay tuned. This is Floss Weekly, Episode 819.
It's time for Floss Weekly, that's the show about free, libre, and open source software. I'm your host, of course, Jonathan Bennett, and I am sort of flying solo today. And those of you watching live or getting this on the immediate rerun will realize that FlossWeekly. com. Today is Thursday. It's not Tuesday.
What's up with that? Well, we're doing something a little bit different. Our guest today, Key Jeffries, by the way, is from the land down under, and it is actually Friday morning for him, and it would have been in the middle of the night at our normal recording time. So we we made an allowance. And we're doing an off, off the regular rotation show.
That's why it's just me. And I've got a conference coming up mid February. So this is gonna work out very well. We're gonna get an extra recording in here. And then things will be off a little bit. Then when, when I'm out of town, it'll all work. And so the, the, the universe will be right again. But Key works on a, a really interesting little project.
I don't think it's a little project anymore. But the project Session, which is, this sounds like buzzword bingo, but I think there's some actual cool stuff in here. It is encrypted messaging on the blockchain, which I know some of you out there want blockchain. Ah this, this might be interesting.
I'm hoping this is going to be really interesting. I'm not going to waste any more time telling you what I think it's about. I've got the man here and I'm going to ask him, but, but first off key. Welcome. Welcome to the show. And it is it is lovely to have you here.
Kee: Yeah, lovely to be here and thanks for accommodating for the australian time zone So it's always tricky when we're trying to set up meetings with the u.
s. So It's appreciated.
Jonathan: Yeah, we've had one other guest from australia and when I told him what time it was he's like, oh Well, it's not the first time that i've done it
Kee: Yeah, yeah, there's definitely been some early mornings and late nights here, especially when the time zones Both drift out and you're even further apart.
That's probably the worst time for like, I think there's three or four months there where it's really hard to make meetings with the US people.
Jonathan: Yep, I understand. So, let's talk Session. Like, right, that's your big claim to fame. What is we say the 30, 000 foot view. What's the problem that Session is trying to solve?
What do I do with it? Why would I install the Session app on my phone?
Kee: Yeah, so Session is really focused on Being different from other private and encrypted messengers, mainly from a metadata perspective. So if you use Signal or WhatsApp, you're typically signing up with your phone number, for example, to use those services.
And that creates a lot of metadata linkage between your accounts and all of the messages that you send. So session doesn't require a phone number to sign up. So that's one really big thing that we do there. It also uses onion routing to hide people's IP addresses when they're connecting to the decentralized set of nodes that session uses.
And it doesn't have a single central server. Like a lot of the models out there. So if you're using signal or WhatsApp, they have a centralized server, which stores your messages for a period of time in session, it's actually a decentralized network of nodes, which stores those messages. And I will just like clarify on the, like what, like when you came out in the show notes, you said like session is messaging on the blockchain.
It's like, it does use a blockchain for. The rewards layer, like kind of the incentivization layer, but the messages themselves don't actually get stored on the blockchain itself. Cause that would kind of create some like inefficiencies storing every message forever. And it would cost transaction fees to send messages.
So yeah, we did think about that approach there and it is an approach that some other applications use, but we think it has like some kind of downsides to, to, to, to doing it that way.
Jonathan: I have been contemplating a very lightweight messaging protocol myself for a project that I'm in for the longest time.
And it makes sense to me to store things on the blockchain. But when I say that, I mean the blockchain in the same way that Git is a blockchain, not a cryptocurrency blockchain. And so I, you know, there's, there's a lot of different, different directions that a project could go with that. So I find it real fascinating.
That, that you guys, you guys went that way. Now let's talk about some history. It's pretty, yeah, go ahead.
Kee: So just to, just to jump off that, like it's, it's pretty interesting to use something like Git for version control of messages, especially like if you want to maintain sequencing, like you want to be always sure that, you know, once one message is sent, then the next message is sent, it's like chained in hashes so that you can always verify and go back.
I think, like, with Session, one of the things that, like, has been difficult for us because we're building a decentralized network is maintaining, like, synchronicity between the nodes that are storing your messages can be really tricky. So if you were to have really, yeah, if you had to have really strong guarantees about like, what message comes first and the sequences there, there's potential that, like, You know, what would happen if one message came in first and then the next message came in like they were sent in sequence, but then they arrived out of sequence, like, you know, how, how long do you wait to kind of sort that problem out?
So we don't, we don't do like strong sequencing guarantees yet on session because of that decentralized structure, but it is something that we think about often. And I like the idea of kind of using git to kind of version control your. Your message is in the messaging system. Well,
Jonathan: I've, I've said for the longest time, this is not original with me.
I think the person that originally said it was trolling and I'm a little less trolly about it, but you know, there is already the killer app for blockchain and that is Git. Git is the killer app for blockchain. And with all of these other things that we do with it, we're trying to find other things that are interesting to use it for, but Git was the first blockchain.
It just wasn't monetized.
Kee: Yeah, that's true. Like, I think you know, there's a lot of hype, obviously, about blockchain and every time the Bitcoin price goes up, like, people come back and I think a lot of people have a very initial, like, negative reaction to anything that's like blockchain think, oh, it's a scam or everything that's not Bitcoin is a scam.
And I understand that sentiment because like, you know, probably 80 percent of the projects, 90 percent of the projects out there that have cryptocurrency or blockchain or AI in their title, you know, are just kind of using the title for, for hype. But then I think there are like a few kinds of projects which are legitimately using some of the very interesting things about blockchain.
Things that I think is the most interesting about blockchain is its ability to incentivize large, like, public infrastructure networks. So, Bitcoin is the biggest like, decentralized computer in the world. Like, it doesn't do very interesting compute. It's just running SHA 256 over and over and over again, right?
Right. But it is the biggest. Like physical compute network in the entire world. And the only way that that's been able to be created is through that decentralized rewards mechanism that they've built, which is based on blockchain. And I think like, kind of what we're doing at Session is taking some of that decentralized reward and consensus model and applying it to a problem, like building out a decentralized network of nodes, which can store messages for users.
So very similar to. to how Tor works. You have this network of community run nodes which participate in routing and storing data on the network. I mean, Tor doesn't really do storage. They more just do routing, but they don't have an incentive model behind that. So, you know, there's no rewards provided for Tor nodes.
You just provide them. Because you're an altruistic individual. There's also no barrier to running Tor nodes as well. Like you can go and spin up a thousand Tor nodes and join the network and you'll start seeing a portion of users traffic. So by having crypto currency. There's
Jonathan: some three letter agencies that are very fond of doing that, I think.
Kee: Yeah, exactly. Exactly. So by like introducing a kind of barrier to entry. There, like you cut down on some of the Sybil attack problems and you can also provide a reward for people who are acting honestly on the network. So like, that's where we come at cryptocurrency like from, it's more from an incentives and you know, building out physical infrastructure network side of things rather than, you know, meme coins and, you know, let's hype it up type thing.
Jonathan: Sure. I want to, I want to dive into the history of the project. Now, look, looking at it, I think some of the source code originally came from, was it from Signal that some of the, some of the source code came from? And I'm curious about that. Like how, how did, how did Session get started?
Kee: Yeah. So the project itself started in 2018.
I think I was going to university in 2016 for computer science and I had kind of gotten a year and a half through my degree and I think in one of our lectures they mentioned like asymmetric encryption or we were kind of doing our cryptography units and they were talking about asymmetric encryption and public private key, key pairs and stuff and my lecturer interestingly like just mentioned offhandedly.
like, Oh, Bitcoin is an interesting, like practical application of asymmetric encryption. I was like, Oh, okay. Let's like, go and look into this. It's like right into the white paper. And I started, like, I really dived down that rabbit hole. I think it has most people too. And they first find about out about, like, especially if you're kind of libertarian minded and like very interested in like uncensorable technology.
Like when you first hear about Bitcoin, it's like, Whoa, like there's this thing that I don't need to ask. Permission for so like I kind of dove down that rabbit hole.
Jonathan: I have distinct memories of thinking to myself, man, I wish I had a couple of hundred dollars so I could buy a couple of these Bitcoins.
Kee: Yeah. I think I remember the only way to, for me, cause I think when I found out about Bitcoin for the first time, I was under 18. So I didn't have a credit card or anything. I think the way that you, you were able to buy it or the way that I tried to buy it was I don't know if you remember Mount Gox.
Yeah, so like Mt. Cross is one of the earlier like Bitcoin exchanges that went bust and you know Took a took down a bunch of people's bitcoins with it. Yes They're still in proceedings to get those back. By the way, I think they may be paying them back some of them back now So the way that you could do it was that you could use the second life currency So you would buy the second life currency, which I think was Sylvan was it?
I don't
Jonathan: remember. I know what you're talking about. Yeah. Yeah,
Kee: you would buy You could buy the second life currency with paypal. So I did that I bought the second life currency then you could transfer the second life currency to Mt. Gox And then you could trade the second life currency for bitcoin on Mt.
Gox and then you would withdraw it From Mt. Gox and I tried to do this whole process And they like banned my account as I was trying to withdraw all the bitcoins So I ended up with a bunch of this second life currency, which It wasn't that useful to me because I didn't play second life
Jonathan: And unfortunately unlike bitcoin that did not that your second life currency didn't make you a millionaire
Kee: No, no, it didn't appreciate quite in quite the same way as bitcoin did anyway, like coming back to the story.
So I was like you know, kind of dove down the Bitcoin rabbit hole and started going to meetups in Melbourne. And that's where I met all of the other co founders of the project. And these were all mostly like people, like guys that were very interested in crypto. We were all super interested in the privacy space as well.
We had all kind of been privacy maximalists and we saw this kind of interesting way that we could combine elements of say the Tor network and elements of. Like private cryptocurrencies like Monero and like join them together so you could have kind of these incentivized kind of backbones to networks and applications that you could build on top of those networks.
So if you could incentivize a set of nodes to operate and you could have an underlying private currency underneath those, then you could have very interesting properties or you could build very interesting applications on top of that network. And in the original white paper that we wrote in 2018 we, we called it Loki messenger at the time, but that's what session is now was one of those applications that we had proposed to build on top of this private network.
So we kind of spent 2018 to 2020 building out the network and the backbone. of session. And then we were kind of like, okay, you know, let's build a test application here in the, in the white paper. We said we were going to build a session, which, you know, it's, it's a messaging application. So as soon as you can kind of send messages, messages back and forth, that's generalizable to a bunch of different other like protocols that you might want to build on the network.
So we set out with the idea of. Building this is like a proof of concept and that's when we forked Signal because we thought, okay, Signal's got a really good code base, like they've done a lot of the work for us, we're basically like just replacing the back end and that's all we need to do. So we did that and I think like people immediately were like, this is like, this is amazing, like there's no other network.
out there like this, which is kind of like Signal, but it's on a decentralized back end. He's on his onion routing. So like, that was very interesting to people. And there was a lot of demand to like push more development effort into like that application and focus less on like just building out infrastructure.
Cause I think a lot of like these blockchain projects that you see, like they've built these massive networks, but no one actually uses them. Like. They built a lot of supply, but not a lot of demand for the actual network. So we decided like, okay, let's actually just work on an application and let's like build that up.
And that's what we've kind of done from 2021 to, to about now. And just, I think last year surpassed 1 million monthly active users on session. So yeah, so it's big milestone for like a decentralized application, privacy preserving application.
Jonathan: So, so your, your, your demo program became the killer app.
Yeah,
Kee: essentially, yeah, we didn't, I guess there's a, it's like a happy coincidence, you know, like we didn't plan for it to be this way. Like we kind of thought originally that we were going to focus more on building the backbone of the network and other people would build applications on top of it. But I think it ended up being like, sometimes it's just best to, to work on the apps yourself.
Jonathan: Session is the messaging application. What's, what's the term for that underlying network?
Kee: Yeah. So it's called the service node network right now. It'll be renamed to the session node network soon because kind of had this, like the naming as well, like with a lot of these things comes along with like how the strategies changed over time.
So the service node network was. To describe this like layer of nodes that would provide service to other applications But at this point like it's kind of developed into like session is really the main thing that it it serves right now So changing the name
Jonathan: of that that leads naturally on to the next question Are there any other applications other than session that run on it at this point?
Kee: There is one other application which is called LukiNet And that's an open source decentralized onion router. So kind of competitive with like Tor or ITP. It's more similar to ITP but it's kind of still in development and we have kind of put it in a backseat a little bit to focus more on session.
Although like Lokenet is still going to be used quite heavily. To replace the onion routing layer that we use in session right now. But yeah, that also runs on that decentralized network and uses the nodes in that network. So there's around 2200 nodes in the network right now. So it's similar to TOR in that you, you know, kind of choose three nodes in that network and then you create a route through those nodes to hide your IP address.
Jonathan: Interesting. And how does, how does crypto, there's so many directions I want to go with this, I want to ask you about, how does the cryptocurrency part tie into this? So it's not, it sounds like it's, it's in some ways not a base part of the of the network or the application, but yet it's in there some, somewhere.
What's the tie in?
Kee: Yeah, so, like, I think that was important for us, like like when we were building Session was that, you know, if you downloaded an installed Session that you wouldn't need to like provide some sort of cryptocurrency or like make a payment or pay fees in a cryptocurrency because the experience for most users when they use a messaging application is that they just download it and they start talking to their friends if you like.
create this big barrier of entry of like you need to buy a cryptocurrency now like to get involved in the network then it's like you're never going to be able to be competitive with like the whatsapps or the signals of the world which are free to use so that was never our kind of goal the way that the network works right now is that that backend, those 2200 nodes that you use to store and route like onion route messages on the network.
Those are incentivized by a cryptocurrency and they also have to stake a cryptocurrency to become a node in the network. So it's really for the staking aspect of things and then for the rewards that are provided to nodes as well. So if you run a node in the network and you route users data and you store users encrypted messages, then you receive like some amount of tokens per month.
For doing so, and you also have to provide an amount of tokens per month locked up so that if you perform poorly on the network, we can kind of remove you and, and punish you. All of that system is decentralized. It's like a self policing system that they use to like check on each other. But yeah, it gives us some interesting properties which make us a little bit different from some of the other decentralized networks that exist.
Jonathan: That that is interesting Are there any are there any scenarios now? I'm i'm I have my open source hat off and i've put my you know, Amateur economist hat on are there any scenarios where users get to pay? So like are is there? This is going to sound mean, I don't mean it to be mean. Is there any real money that's being put into the system?
Or is it all the cryptocurrency money?
Kee: Yeah, yeah, yeah. I mean, that's a natural, that's a very natural question. It's like, you're kind of, you're paying out rewards to nodes as they operate. But you can't just keep doing that forever, otherwise it wouldn't be sustainable. It's like There has to be some sort of income, like income for the network, right?
Or like money coming in. So the idea there, and it's not implemented yet is that there'll be a premium version of session. So we're calling that session pro. So most users will use the free version of the application. So it's like 97, 98 percent of the users will use the free version. And then session pro will be a subscription fee.
That's like, you know, 4. 99 a month, and that subscription fee essentially is paid in a fixed, like, US dollar price, for example. That is then converted into session tokens, and those session tokens go back to the network to provide the rewards for the network. So, right now, that isn't implemented right now, but that is the future plan, that there's essentially Income from the users that are using the protocol.
Like, you know, using the messaging application That flows back to reward the the the service nodes in the end
Jonathan: I can I can imagine. Almost like a what discord has done with nitro Sort of so with nitro you get to unlock the ability to send bigger files and bigger messages And you could imagine your pro version would have something like that, which makes sense because you're talking about sending more data, and I think it would be pretty reasonable to ask people to pay to be able to send the bigger data types.
Kee: Yeah, that's exactly the thought as well. Telegram also has Telegram premium and that's, you know, larger files, larger groups more like profile customization and cosmetic like features for the user. That's the kind of stuff that we're thinking about. Like it's, it's not you get more privacy or less privacy by paying.
That's not what we're thinking. It's more like,
you know, if
you are a power user of the application, then you may want to send larger files or have larger groups. And this is a way to be able to. To do that and allow people who who want to support like the continued sustainability of the network to do so
Jonathan: Do do the session tokens just sort of exist on their own or is it its own network?
Or do they exist on like on top of the monero blockchain? I know a lot of a lot of different cryptocurrencies sort of tie themselves to that.
Kee: Yeah, so originally like the coin, the network in its current operation uses a coin called Oxen, which is a fork of Monero. So that's like the private cryptocurrency underlying the network.
But We're in, in the process of transitioning that coin to be on top of Arbitrum. So that's been a big transition for us. And it's going to change from Oxen to Session Token when that transition happens. So there'll be a swap for people who have Oxen already, and then there'll be new Session Token holders on, on Arbitrum.
So that's been a big process for us to move blockchains. Cause it's kind of like swapping the engine from a car while it's still going down the road at a hundred k's an hour.
Jonathan: Yeah, no, that's, that's challenging. And, and so, you know, I can, I can imagine a scenario where someone runs one of these nodes that generates the tokens for them, and then they can just turn right back around and buy themselves pro with it, right?
Like you can, you can you can sort of dog food it that way, which is also interesting.
Kee: Yeah, definitely. I think a lot of the people who do run like service nodes or session nodes and the network are session users as well. So there's a bit of natural feedback. Yeah.
Jonathan: How many, how many session nodes does the session company run?
Kee: So with the foundation has a mandate that's written into its constitution that it can never run more than 10 percent of the network. So, I think it runs around 170 nodes right now, and there's around 2200 nodes. So that's less than 10 percent of the network. I think it's like 7 or 8 percent or something like that.
Jonathan: Is there baked into it an idea of knowing where these nodes are geographically? It seems like On one hand, it would be useful to be able to route to the closest one. But on the other hand, you're giving away a bit, well, that metadata is what you're talking about, to be able to even do that sort of routing.
That must be a challenge.
Kee: Yeah, so we don't use any type of routing algorithm. I mean, the algorithm is basically you choose random nodes from the set of nodes you just, You know, download this set of 200, 2, 200 nodes, and then you just randomly choose nodes from that list to, to form your route through the network.
There is a lot of thinking about how to most efficiently use the network. So Tor does like what is called bandwidth based routing. So if you, if your node is able to serve more bandwidth to users, then it gets used more frequently and uses paths. That has some advantages in terms of that. You're kind of fully exploiting the entire power of the network because you're routing based on bandwidth, but you're also giving attackers that have more bandwidth in the network, more of the chance to be in the user's path.
So. And if they're kind of the start point and the end point of a user's path, then the anonymity is removed. So we never, we didn't really want to go down that approach. Latency based routing is also a thing as well. Like, you know, if you're in Australia, like you might only want to choose nodes that are in Australia.
So you only have to do 20 milliseconds for the first one. And then the next hop is 20 milliseconds, you know, so on and so on. But you do also at the same time want to have. Nodes from diverse geographic locations in your path, so you're kind of doing a bit of, like, jurisdictional arbitrage, right? Like, you're kind of crossing different barriers, like, and hopefully you end up in some, like, non Five Eyes country at some point.
So that, you know, someone can't fully collect all of the information there as well. So it does always end up being a bit of a balance between kind of performance and privacy. I think what we have right now is a pretty good approach because everyone in the system is fairly equal and the distribution of nodes is, is not too bad either.
Like I think it, it does tend to be like centralized around Europe and the U S these countries that have kind of, The best in internet infrastructure. But that's more kind of, cause operators tend to optimize on price to a certain extent. So yeah.
Jonathan: Is there, is there built into the, the network or the session app the ability to send session tokens?
So does it, does it sort of accidentally work as a payment application too?
Kee: Not, not yet but that probably is something that we will look into in the future, so. Yeah, I think like the idea of a, of a, of a super app, like has been quite popular and I think we're trying to like, we're seeing people kind of go in that direction as well.
It's like you see it a lot in China, for example, with WeChat, like people use WeChat for everything. Like, it's not just a messaging application. It's like, The main, it's their everything. Yeah. People use for payments, like they order their food through it. There is a bit of danger there as well, but like from a convenience perspective, like, and if you are providing privacy, it does make sense I think, to, to push more functionality into messaging applications just because those are the things that we use kind of a lot day to day.
Jonathan: Yeah. So mining in, in the. In the Session world, is mining routing data, or is it being on the network with a stake?
Kee: Yeah, so there's, there's no kind of mining in a traditional sense, I suppose you'd say it's more akin to a proof of stake network, so similar to Ethereum you know, because Ethereum has transitioned from being a proof of work currency into a proof of stake currency.
So yeah, you earn rewards on the network by meeting a minimum level of like basically requirements. So you need to have a certain level of bandwidth. You need to store users messages in this warm and you need to participate in the onion routing network as well. And then basically like the nodes and network will check each other periodically.
And then they have a system of, of voting on each other as well. So yeah, every couple of rounds, they'll assess a certain number of nodes. And then they'll vote on whether those nodes were, you know, acting honestly for that period of time. And if they are, then they, they're able to, you know, earn a reward which is paid in session tokens.
Jonathan: Yeah, I have, I have been trying to crack this nut myself for the longest time, because obviously mining, if it's just shaw hashing, is ridiculous. You know, we're, we're, we're just burning coal, right? It's not actually doing anything. Proof of stake is neat and it's better, but I've always thought that the ideal solution would be if the thing you were mining was also, in and of itself, something useful.
And if I can ever crack this nut and figure out the solution to that, I will start my own cryptocurrency and I'll become the next, you know, next Tech Bro billionaire. I've not found it yet. It's not a, there's not an obvious solution to that problem.
Kee: Yeah, I think there was some kind of projects working on protein folding, like, for, you know, if you were able to generate a solution for some sort of protein folding problem, then you would be able to earn some cryptocurrency or awards for doing so.
But, I think there's it's hard to scale kind of real world problems to the crypto space, which I think is why it's been difficult. It is pretty easy to take a hashing algorithm and you know, you just have to produce a certain number of zeros in it and then like there's your block reward. So
Jonathan: I was, I was honestly, I was excited for helium for the longest time.
I thought maybe they had cracked the nut, but obviously that is. Not taken off and gone where they were hoping it would so I don't know maybe yeah, maybe i'll be the one to do it
Kee: I haven't looked into Helium for a while. I know that they were building the the LoRa, LoRaWAN network for a while, and I think they've kind of transitioned into more of the 4G or the 5G world, but I haven't looked into how that's kind of going.
Jonathan: It is it is not as big as it once was, I'll put it that way. It's not as hot as it once was. Turns out not enough people were willing to pay money to be to track things.
Kee: Yeah, that, that, that always seems to be the problem. You build these big especially like these, these class projects are usually called like D Pin projects.
You could, they, they have this kind of problem of The incentives to build the supply side of the network are really good at the start and they build these massive networks of like hundreds of thousands of nodes, but then eventually you need the demand side for the network. You need people actually using it to make the economics of paying out these nodes sustainable, and if you aren't able to develop that, then the project is kind of doomed long term.
Jonathan: You sort of just described what a bubble is. Right. And I've, I was told just on this show, in fact, when we had one of the older co hosts and we were talking about bubbles in regards to AI, of course, and I made my analogy that I've made multiple times that, you know, what. com was a bubble, the bubble finally burst, but we still have the internet and it still changed the world.
And I think that is probably true of, I mean, it's obviously, it's true of AI, the world will never be the same, but at the same time, the bubble will burst. It's obviously true of cryptocurrency as well. Right? Like there are, there are things about cryptocurrency that. In some way we'll change the way the world works.
But we're not in the middle of the same crazy bubble that we're, where he pointed out to me, the personal computers were the bubble once upon a time. And the mainframe guys, IBM was going, Oh no, personal computers will never take off. And it was a bubble. It did eventually pop and there was a crash in the market, but here, you know, here we are with computers on all of our desks, not to mention it on our inner pockets and everywhere else.
So, and I, I kind of sell that because One of the things I've been trying to figure out, particularly with cryptocurrency, is what parts of it are going to survive, now that we're kind of on to the next big thing. What are the actual use cases that are going to continue to survive? What parts of cryptocurrency are going to change the world?
Session is interesting in that, I don't know if it is going to be the big one or not, but You know, it sounds like you guys are getting closer to a sort of a economics model that makes sense
Kee: Yeah, yeah, I think Like if if I think long term about what what projects are gonna kind of survive and thrive In the next like, you know, five years or ten years because like I do think like long term It's not you know, we've been running since 2018, which is a lot longer than A lot of the projects, right?
How to fit right in. So we do think on those longer timescales, but I think the models which are going to be successful are models where there is some sort of level of income for the protocol or some sort of level of, you know, natural demand for. the token outside of just speculation, like, you know, if it's all speculation, then, you know, when, when the bubble pops, it really does pop very hard.
And there is no, there is no kind of long term future for the project. So I think like those are going to be the protocols that succeed, like everything that's kind of in the top 10 coins right now is probably, you know, Ethereum and Bitcoin are probably going to be fine. But, you know, like the, the more, the, the projects lower down on the list, I think the ones that are going to thrive are the ones that actually have real users that are willing to financially, like you know, buy, buy something in the protocol and continue that income for the nodes that run the protocol itself.
Jonathan: Yeah. So talking about session. How does somebody get on it? What are the options for joining the session network?
Kee: Yeah, so we have applications like published on all platforms. So Ios, android, mac, linux, windows In terms of like, probably have five different Linux, like packages, we've got an app image, we've got a deb, we've got a snap package, I think we have a, you know, you basically just go on the GitHub on our releases tab, you can see all the releases that we have there.
It's cross platform as well, so if you have an account on, you have a session account on Android, you can link that to your desktop account and all of the messages will show up and you can Message back and forth that way. So yeah, it's available basically everywhere. Probably won't find something that's not supported.
Jonathan: Interesting. I am just out of curiosity. I'm looking at F Droid, which is one of the open source. It's for those that don't know, it is an open source sort of app store for Android. And it's, it's very useful for people that don't want to run the Google services on their phone. But F Droid has this policy that it only will run fully open source software.
And other, other policies, like that's not the only thing that'll keep you off of F Droid, but that's one of the things that can keep you off of F Droid. And there is a it says it's an unofficial rebrand of Session. Without the firebase push service probably, probably the official stuff will violate their, their, some of their network access rules, something like that.
Kee: Yeah, I, I give you, I give you a little bit of background on that. Sure. So like we have our own F Droid repository, which you can add. to FDROID because you can add, you know, other repositories to FDROID. So that's just fdroid. getsession. org if you want to add that repository and then you'll get the official session.
The reason that we can't be in the FDROID store is because of the like Google push notifications. So that's closed source, not on our side, on Google's side, but we do want to be able to provide push notifications via Google because Different Android phones have very interesting like battery management limitations.
So if you're trying to do push through non Google services, you could, your app can basically like be shut down in the background and then you're not providing You know, reliable notifications, and that's very important for a messaging application to provide reliable notifications. So yeah, it's not the perfect situation to be in right now.
I think we have some longer term plans to get around those things. But yeah, it's it's where we are right now. You can also download the APK as well. That's on the GitHub as well. If you don't want to use FDroid or build it yourself, if you want as well. What,
Jonathan: what is the what does a developer base look like?
How many, how many folks from the you know, your community jump in and I'm sure you have some that just are, I call them drive by they'll just, they'll drive by and they'll give you a single patch, like this is the one thing that drives me nuts, here's the patch, please pull it and then, you know, every once in a while you get somebody that gets real excited about it and jumps in and does a lot of work long term.
What, what does that look like for you guys? How many, how many contributors do you have?
Kee: We probably have a few more kind of drive by contributors right now than like actual people that work on, on session day to day. So like, you know, I'd say we probably get, the other thing is like across like different repositories, like you don't see that much open source activity on our iOS repository, for example, because that tends to attract, it has a bit of a higher barrier to entry and I think iOS people, people who work on iOS don't tend to be Like super open source, like people, there's a bit of a kind of disconnect there, whereas like say Android and desktop, like desktop is written in like JavaScript and TypeScript.
So the barrier is like way lower to enter there. So most people understand how, how to write JavaScript or TypeScript, and then there does tend to be like a bit of a. More crossover between the open source world and people who are using desktop applications. So, we probably get a bit more open source contribution through there.
The other interesting thing is, like, we have this on Session, we have, like, larger communities. So if you're familiar with the idea of like a discord server, it's like very similar to that. So you can run a server in session. This is like separate from the staking component and stuff. You can run a server in session, which a session clients can connect to, and then you can have these really large communities of.
You know, thousands of members that co that that code is also open source, like that's called the session open group server or SOGS. And there's a lot of community contribution to that because a lot of people like to, you know, run their own communities and want to develop their own little tweaks and, you know, how, how long things are stored for.
And like we're kind of on the, we're working on a plugin system for that as well. So people can kind of develop their own bots and stuff around that.
Jonathan: So I want to ask this before I forget it, because this has entered my mind and left it a couple of times now. Session is sort of built on optional anonymity?
Right? So like, you don't have to, you don't have to give your phone number. You can just create it, you create a new you know, cryptographic identity, and you can connect. But I assume that's optional. Like, so are there any ways built into the system to be able to verify your identity? Right? Can I, can I get a blue check?
Going back to the old days of Twitter. Can I get a blue check inside of Session to prove that I am who I say I am?
Kee: There is no blue checks right now. Like, so the system is optional in the, like the identity system is anonymity optional in the sense that when you create a session account, you get this long, you know, alpha numeric.
Identity on the network, which is called your account ID or your session ID. And that is what you give to other people for them to message you. So you can go and post that like on your Twitter or like on a forum or like, you know, you can send it to your friends. And in that sense, like then you're connecting that.
you know, public key or your account ID to your person through another means, or you can just say like, I'm only going to share this session ID, this account ID when I'm in person with someone and they can like scan a QR code or like I can write it down on a piece of paper, although it's very long and that they can then use that.
So it's kind of like a choose your own adventure in that sense, but. Like native to the platform, we don't have any like blue check marks or anything because it's, it's not really a social media network in the same way, like the, the way that, you know, we see people using session is like more that they would use it with their friends and family and they can then like give their identity to the people that they want to use it with rather than, you know, it's a public network where you, if someone is claiming something, you want to be sure that they are who they say they are.
Jonathan: Did, were you Did you, did you pay attention to, were you a part of Keybase at all? I don't remember who got me on that, but Keybase was this, it used to be, before it got acquired, of course it was this service where you could generate a cryptographic identity, and then you would post proofs to, you know, your Reddit, your Twitter, your GitHub.
You know, all these different places and it was a way to cryptographically prove that I am me and that is my account there and that is my account there. It seems like that, something like that could be, could be really interesting inside Session for someone that, you know, wanted to be public, was not looking for anonymity.
Kee: Yeah, and I think that's, like, I am aware of Keybase but yeah, after it got ported, I think, like, not too many people use it anymore. But yeah, like, the same thing is The same thing is possible like for session as well. Like if you're publishing your, I mean, your, your account ID or your session ID is your public key.
There is no mapping or anything that occurs between those two things. It's not like a, a username where I need to look up someone's username and then the server tells me what their public key is. The account ID or the session ID is the public key. So if you're posting that. In different places, like it's the same as posting your public key and saying, you know, this is mine.
You know, your service could be hacked, you know, if, if, if you like, you know, your Twitter could be hacked and you put out a fake session ID, that's possible. Like if you required a signature. On when you're posted your public key that would be maybe a little bit stronger, but then makes the message longer so you kind of have to You know do you kind of have to make it easy for people?
So this is kind of what we've we've come up with so far.
Jonathan: So is there I had it and then I lost it Goodness, I usually have a co host that I can I can bounce to when this happens And I don't have one at the moment oh I remember so We've danced around this a little bit, talking about Five Eyes and, and has Session gotten official notice from law enforcement or other government agencies at this point?
Kee: Yeah. Like I, when you're running a messaging operation, like there's a lot of things that. You have to consider and the good thing about session is that it's built in a very decentralized way from the start. So as I was saying before, there isn't a central server that, you know, the session foundation has access to, which has everyone's messages.
Even if those messages are enter and encrypted. For example, in Signal's case, Signal still has a central server where everyone's encrypted messages are stored and users sign up for the service with their phone number. So, and they connect to that, you know, central server with their IP address, usually if they're not using like a VPN or something.
So even though Signal doesn't get the contents of your messages, they end up seeing your IP address, potentially your phone number when you sign up to the service. And like the frequency of when you're sending messages as well. For Session, it's like completely different because we don't run like a central server in the network.
It's a decentralized network of 2200 nodes. And when you use Session, you essentially like are, you're assigned to a swarm, which is a collection of 7 of those nodes. That's where your messages are stored, and that's where, like, senders will send messages to you. They send it to that swarm of notes. And that's a random selection of notes.
So, if someone comes to us and asks us, you know, give us all of the data for a particular session ID or account ID, we can honestly say to them, we do not have that data. Not, not only do we not have the encrypted data, we don't even have access to the data at all. So that puts us in a very different position from other messaging applications from that perspective.
And I think that has helped us a lot. Obviously, like, you know, there's been requests from law enforcement agencies and stuff like that for information on particular users. But our standard answer is always, you know, here's our limitations and what we can do. The protocol has been built, you know, such that we don't have access.
to the network in that way. So, you know, we're being fully compliant, like with you, we just don't actually have access to the data.
Jonathan: Does Session have a warrant canary posted somewhere?
Kee: Yeah, I think we do on the, I think on the I think on the STF website, I think we do.
Jonathan: For those that, for those that don't know, warrant canary is sort of a legal hack.
And the theory is that a government can force you to do a lot of things, but it can't force you to put out a statement. And there's also some cryptographic keys that get added to that to make it difficult to fake it. And essentially it's a statement that says we have not been served by any national security letters.
We have not, we've not answered any warrants. And a company will put it or an open source project will put it out usually once a year. And so, you know, if they get on that once a year timetable and then A year goes by and no warrant canary gets posted. Well, everybody sort of knows that it's time to move on to a different service because something went wrong there.
Kee: We, we, we also have transparency reports as well. So if you go up, like I think cause we've just been doing this transition right now from the OPTF to the SDF. So it's basically like moving the operation of the company out of Australia to Switzerland. So that's been a. that we've been undergoing.
But if you go to the OPTF website, they publish a report every quarter about the like law enforcement requests that we've gotten and how we've responded to those reports as well. So it's yeah, very transparent on, on that front.
Jonathan: Yeah. And I guess it helps that, well, so all of the code is open source, right?
There's no, there's no closed source bits that live anywhere.
Kee: No, apart from like what I was talking about before, like the Google push, like stuff. You know, to handle like interaction with the essentialized things, but yeah, like Android, iOS Desktop, all of those applications are fully open source and then the full routing server.
Yeah, right So so like the server code is open source, too
Jonathan: so even if you got a in the united states with we have a Incredibly terrible thing called national security letter where essentially the government can say because of terrorism We're going to force you to do something. And One of the things that apparently that they can force you to do is to add malicious code to an application, right?
The fact that you guys are fully open source and nothing runs well, I guess 10%, 10 percent of the network can run through your servers. Like that's not even particularly a danger there because if you were to add something malicious to the code and push it out, somebody would find it. Enough people, I hope, are looking through your code base that somebody would find it right away.
Kee: Yeah, that, that, that's a big like thing to talk about with like session as well and like a big differentiator. It's like a lot of these projects are open source, so like Signal for example is fully open source, like including the server. But there has been times where the signal code has, like, that's been running on the server has deviated from the signal code that's been published on GitHub.
That happened for a period of time, like six to eight months there, and then they push, you know, updated code up. So I'm not, like, claiming that there's, like, some sort of vulnerability or something. Maybe they just, like, you know, didn't want to update their code, like, for that period of time. But with session, like the, the way that like code is deployed to the network, because there are these, you know, 2200 nodes, we can't push an update on those 2200 nodes, they actually have to pull it down.
So, you know, when there's an up update, people check that code that's running or the code that's published on GitHub, and then they pull in the release. So it's not something that we can do to them. They actually have to agree and there's a consensus protocol. And that's, it's kind of like very similar to the way that upgrades in Bitcoin work, right?
Like there can be these huge, like social. Like problems in the network like if things are being pushed on operators that don't want to run them So, you know in bitcoin you had this really big hard fork between like bitcoin cash and bitcoin people over the block size And that was eventually like it's a code.
It's something that has to be put into the code, like the block size limit. So some percentage of the nodes in Bitcoin decided that they're going to run one software. And then some decided they're going to run another software and that caused the fork in the network. So it's a similar thing with session.
If we tried to push some sort of backdoor on people the nodes in the network, like, cause we only control 10%, you need a consensus of the network. The nodes will just tell us to like. Basically and create their own like little network and then we would be segmented off on the like backdoored network if you would call it that.
So it's a, it's a completely different model from how a lot of the centralized companies operate when they're pushing software updates.
Jonathan: Yeah that, that's. Yeah, that is, that is super interesting and definitely the way to go about doing that. So what, what language is all of this written in? I, and I'm sure there's a smattering of different languages, but like, if someone wants to get involved, what, what languages are useful to know?
Kee: So on the desktop side, it's a React application. It's like a Electron application written with React in JavaScript and TypeScript. On Android, it's mainly Kotlin. You know, we've kind of moved away from java quite a bit on that side. I think everybody's Yeah, yeah, I mean like we still got a lot of skeletons in the closet though Because like we are a fork of signal and at that point like signal had a lot of java code So like we're in the process of kind of rewriting everything like with the ui layer being in Jetpack Compose.
So like we're kind of moving a lot of our XML screens right now to Jetpack and doing that process. And then on iOS it's Swift. Nearly all of the Objective C is gone on iOS and we're kind of transitioning a lot of our screens to be in Swift UI now as well. Yeah, that's a kind of breakdown. And then on the like server, like side of things that's pretty much all C so like the storage server the coin side of things is all C And then like some of the elements, like where we really want community interaction, like the community server that's written in Python, so.
There's a bit of a spattering of all of the
Jonathan: languages. When are you planning to rewrite that C code in Rust? I,
Kee: not, not soon, I don't think. Yeah, I mean, I think we have a lot of fairly opinionated C developers in the in the codebase right now. So, yeah.
Jonathan: I could definitely something that we've thought about.
Yeah. Oh, I'm sure I am a fan. I'm a fan of rust. I like it but boy, it's it's both annoying and hilarious the constant you should have written that rust
Kee: Yeah, yeah. Yeah. Yeah,
I think like right right now. We've kind of developed a team That's pretty good at writing c as well. Like obviously it's a dangerous language but if you have like people who are Like veterans like it writing it like it's a bit easier.
You don't tend to run into some of the same issues, so It yeah, it's but it's an interesting discussion as well
Jonathan: It helps to have something like a decent ci suite where you're doing some fuzzing and some Static analysis and I hope hopefully there's a few of those things that get run over at least the c code
Kee: Yeah, yeah, we have a we have a CI, suite which runs like aux and core every time that there's a A new commit to a PR or a new PR that comes in.
So
Jonathan: That that that helps that helps weed out some of those mental oopsies that we all make from time to time so is signal still upstream at all Have there been any, any fixes since the fork that Signal has made that you guys have pulled?
Kee: We have probably deviated so significantly from Signal code at this point that, like, it's almost two different projects.
So I mean, like, I think we forked Signal in 2020 and we haven't really pulled much from upstream for four or five years, so. At this point, we would be so significantly deviated that like, if you tried to merge them back together, it would be complete
Jonathan: hellishness. Right, right. I just, the only thing that really comes to mind with that is, you know, if Signal, because your, so much of your stuff was based on Signal originally if Signal found a big vulnerability, is it possible that that would be in your code as well?
Kee: Well possibly. It would depend where the vulnerability was. Like, if it was A cryptographic vulnerability or it was a vulnerability and like the version of electron or like, you know, like the, the way that messages are stored, like a lot of those things have kind of changed over time. So there's significant difference now.
But we do like these keep track of like, what is going on in signal and like, If there's like major things, but like, I think the last thing that happened to them was like the Twilio SMS verification attack that they had, where essentially like some attacker hacked into their SMS provider and was able to like send messages to signal accounts to kind of.
Take over those accounts via their phone numbers. That's not something that exists in session because we don't have phone numbers So it wasn't a concern
Jonathan: for us, right? And so what What was the what was really the the the thing that sparked? Wanting to be privacy first. Like, I'm curious where, where your mind, where you guys mindset was that privacy first was really the, the thing that you, you were so interested in this. And then I guess I'm also curious, because I'll get questions about this.
Do you, do you regret that? In fact, I, I can guarantee you that at least somebody, at least one, well, there'll be at least one person out there that will ask themselves or maybe ask me, How do they sleep at night? Knowing that they, you know, enable whatever.
Kee: Yeah, I think, like, we were all kind of very interested in the privacy space from, like, using Tor and, like, what that kind of enabled human rights activists and journalists to be able to do all around the world.
Like, we kind of started the project around the same time that WikiLeaks was kind of coming up and putting out this information about how the US government was, you know, spying on citizens and Edward Snowden and those revelations that came out. So I think for us, like It was kind of in that same vein that that session took a lot of those kind of political ideas and, and put those into software and, and put those into a tool that people could actually use.
Mm-hmm . So I mean, like the, the question about like, you know, do I sleep well at night and like, you know, am I worried about people using the, the service in malicious ways? My approach to this is like fairly utilitarian, so like. I, I, I talk to session users every day and like, I have a pretty good, you know, we don't, we don't see in depth what people are messaging about, obviously, otherwise that would compromise the way the system works.
But I talk to enough session users that I know that, you know, the vast majority, 99. 99 percent of session users are using session just because they want more privacy in their life, or they want to talk to their friends and their family without feeling like there's someone like watching over their shoulder.
And that they're limited in what they can say. So, you know, if you're taking a utilitarian approach to this, like you're kind of trying to weigh off the, or weigh out the privacy benefit that all of those users get against like whatever the malicious use is. And I think that equation is so heavily imbalanced in, you know, providing privacy for those users that, you know, if there is some malicious.
malicious use, that's totally outweighed by, you know, the, the, the service that you're providing to most users. So yeah, that's, that's kind of my perspective on it.
Jonathan: Yeah. Yeah. I, I asked that just because, like I said, I know, I know there will be people out there that have that same question. That's why I'm acting as an audience proxy in that.
Can, can people access session from places? I don't know what the big three are anymore, but say, let's just say Russia, China and Saudi Arabia, those sorts of places. What does it look, as I know Tor has had to do a lot of work over the years to try to be accessible in China particularly. What does that, what does that equation look like for Session?
Kee: Yeah, this is a really tricky one. So like we're available. So we're banned in the Chinese App Store so you can't download Session in the Chinese App Store you can get Session, like, if you get the APK, or, like, you've changed your region to, like, outside of China, you can download the application.
And I believe, as of my last reports, like, It session is still working well in China sessions fully banned in Russia like blocked in Russia from a perspective of they have actually blocked the decentralized network. So that's also what happened to Tor as well. So essentially what they do is like, cause there's this network of 2200 nodes, which you need to connect to, to be able to send a message.
They basically just like get the IP addresses of all of those nodes, put them into like, Either their national firewall, they go and tell their ISPs like you need to block these IP addresses and then no one can connect to the decentralized network anymore. There are ways around that and that's kind of like, you know, Tor has this like bridging system and they use these like domain fronting as well to be able to distribute like these lists of bridges to people who are in censored regions.
I'd say like we're not quite there yet because that's like quite a resource like intensive operation to run. Like those censorship evasion activities, but we do have some really good ideas there, and I think it's important for us to be available in censored regions, like, one of the biggest growth events for Session was in Iran during the Masa Amani protests, and The session was growing at like 50, 000 users a day, like when those protests were happening because the Iranian government had blocked signups to Signal and WhatsApp and these other messaging applications actually via the phone number services that those applications require to sign up.
So when you sign up Signal, you need to receive a text message with your verification code. And If they, if you can't receive the verification message, then you can't sign up for Signal. So they were actually blocking them through those methods, and because Session doesn't use a phone number, people are able to sign up to Session really easily.
That went on for like two, two, two weeks or thereabouts, and then the Iranian government blocked like, access to the decentralized Session network. So. Those are the kind of, like, attacks that we're kind of facing from nation states. But it does, like, prove that, like, Session is being used in this really positive way as well.
Jonathan: Yeah. What's, what's your, what does the funding of Session look like now? I know, I know you've got ideas for what to do in the future. But like, have you guys taken VC funding to be able to get to where you're at now?
Kee: Yeah. So like most of the funding has come from 2018. So that's like, we sold tokens in 2018 to be able to fund the operation.
Yeah. In 2018. And we've raised some funding recently as well. Like with the transition to the session token that's going on as well. So it's mainly been like funding from people who would traditionally invest in coins basically.
Jonathan: Yeah, I, I have, I have for the longest time thought that, and it's unfortunate because there have been so many scams that have happened, so many pump and dumps.
But on the other hand, the idea of an ICO where you don't have a venture capital fund, you just have a whole bunch of, of the little people that think you have a good enough idea to invest in it, like, I, I think that is, like, genuinely one of the coolest potentials of of the entire cryptocurrency ecosystem.
System that we've got and at the same time, unfortunately, it's been one of the biggest downfalls because so many of those have been Little more than scams over the years and so much money has been lost in them I think I think that's neat though that you guys made that work and are Continuing to do the thing, you know, we're what seven years later six or seven years later that you started out doing
Kee: Yeah, yeah, I think like there aren't too many projects that started in, in 2018 in that kind of ICO bubble that are still going right.
I think like the, the tricky thing has always been like the balance between like, I don't want to say protecting retail investors, cause I think that's the wrong way to look at it, but you don't want to have like these ICO booms where retail investors are getting very misled, like into what they're actually investing in.
And that I think is what we actually saw in 2018. It's like, there was a lot of projects who you know, basically like maybe not even writing white paper, but just like. You're writing something on Twitter and then well, this is a repeat of is happening of this as well with the meme coin craze that's going on right now.
And then like retail is just like jumping into that understanding. Yeah, yeah
Jonathan: Bitcoin stocks are up. Bye. Bye. Bye.
Kee: Yeah, essentially essentially like people don't really understand what they're Investing in and that's a dangerous like thing. So we kind of, we kind of balanced that off. So like, you know, it's, oxygen is like tradable on all of the public cryptocurrency exchanges and same session token.
So people can come in and buy, but like, at least they know that, you know, what they're buying has a liquid market behind it and that they can resell it, you know, certain prices if they want. And then like, we did take, like, I'll be clear with you as well. Like we did take some VC money as well, like in, in, in the ICO too.
So it's like, You know, a combination of all sources, I think it's probably the best balance.
Jonathan: Yeah, what I've seen with open source projects trying to turn into a business, the thing that's just poison is when you take enough VC money that a venture capital group. Has control, they have access to the steering wheel, right?
Because then, you know, a year goes by and you haven't made a billion dollars yet. And all, well, it's time to change the license. Let's get, you know, this and that. And it never ends well.
Kee: Yeah, it's I'd heard so many horror stories about that. Like, you know, when, when we were starting the company about like, you know, VCs that were overly controlling.
And who would kind of try and steer the ship in like the most profitable direction. But. not necessarily what is best for the users and that like the misalignment of those things would cause both no profits and no users, right? Because you were kind of compromising on both fronts. I think like actually the, the crypto VCs are quite different from traditional VCs in that most of them are very hands.
Like hands off, like in terms of, I, I don't know if that's, it's different because they have their liquidity straight away. Cause usually like you're going to sell tokens and then those tokens will be given to the VC and then they can sell on a liquid market straight away if they don't like the project.
Whereas like with a more traditional startup, you're giving them equity, but there has to be a. Some sort of exit event, either the company gets sold or at IPOs, like there isn't as much liquidity. So if the investor doesn't like the, you know, how things are running at the company, then they don't really have any exit opportunity.
Like they basically need to like try and get the company to IPO as soon as possible, or. Find some other private investor that's willing to buy their that equity. And so it's much different from kind of a crypto market where from day one of the launch, like the investors become liquid or maybe there's a lockup or something, but yeah, it functions quite a bit differently.
And I think that. creates a bit, a bit of a different dynamic between the project and the, and the investor.
Jonathan: Do you, do you foresee governments getting more involved with ICOs and trying to regulate them more?
Kee: Well, I mean, I, if you asked me six months ago, I would have said yes. But since like Trump's election, I think that's obviously changed a lot in the crypto space.
And the U S still is. Although it's like been diminished from a crypto perspective just because of the way that the SEC has operated over the last, like say 10 years, like in a very punitive way against crypto projects. It has diminished. It's like the U S is kind of standing in the space, but I think with, with Trump, like launching his own, literally his own coin
Jonathan: Two of them, two, two Trump meme coins now.
Kee: Yes. Yeah. Yeah. Like, you know, with the, with those coins launching, I think I, I can't see how Trump would be, you know, appoint someone who was going to be super aggressive against crypto. And I think also crypto has shown like the crypto crypto industry has shown how. Powerful they are in terms of lobbying efforts.
I think they spent crypto industry. I think we're the largest donors to Political campaigns in the last cycle. So it's you know that money talks obviously like in in politics, you know, you never really want it to be that way, but I think like It's it's going to be potentially a regulatory shift in the U.
S. And I think we may see that follow on to other countries as well.
Jonathan: I, you talked about having a libertarian bent. I, I too have something of a libertarian bent in a lot of ways. And so I am very sympathetic to the idea of let's not regulate this thing to death. The only thing I would say with that is I would like to see in cases of outright fraud.
I would like to see the the departments of justices from around the world to go after people that are intentionally being fraudulent And that seems like maybe that's one of the pieces that was missing from some of the icos over the years
Kee: it it doesn't really make sense because You know when when governments were kind of talking about passing all of these new regulations to regulate Crypto or kind of putting them under the idea of like being a security it's like just enforce the existing laws that you have like if a project has claimed that it's going to You know pump to a million dollars and it doesn't pump to a million dollars That's literally fraud like can't you just prosecute them for Like being fraudulent because that's literally the definition of like claiming something and then it doesn't Regular like you've said it's guaranteed regular
Jonathan: old fashioned fraud.
You don't need a you don't need a law for cryptocurrency fraud. It's it's just fraud
Kee: Yeah, it's like it's it seems like I think that's always been a problem, like governments, like they're built to pass laws, so like they want to pass as many laws as they can. They don't want to, you know, if they can create some weird variant of a law that sounds good on paper and they can sign a bill, you know, they're incentivized to do that rather than just enforce.
Existing laws.
Jonathan: Yes. Yes. So true. All right So let's say somebody wants to get involved and wants to get a server up and running on the Well, it's not really quite on the blockchain on the network I believe would be the way to say that what does it take to be able to run a server? Do I have to have an unfettered ipv4 address?
Can I run it behind a NAT? How much server hardware does somebody need? What does that part look like?
Kee: Yeah, so we recommend not running behind NAT You do need to have a publicly routable IP address. That's just so people can actually like send messages to you because you're routing like public messages.
In terms of like the hardware requirements, the requirements are fairly low actually. Like a lot of these blockchain networks you need like hundreds of gigabytes of RAM and like very powerful CPUs. Because we're dealing with messaging like users messages, they tend to be pretty small, like packets of data.
And Another thing that Session does as well is that it deletes messages off the nodes every 14 days. So you're not storing every message forever. You're only storing the last 14 days of messages for users. So that really radically constrains the amount of storage that nodes need to have. So we recommend around 30 to 40 gigabytes of storage.
Although we're not actually using that much yet. Three to four gigabytes of storage that I think are being used right now. Actually, I think it's actually smaller than that. The, the, the other component there is not every node stores every message on the network, right? There's these swarms. So you're only ever storing in the current network one, 330th of the network messaging capacity, and you're deleting that over 14 days.
So it really constrains the amount of messages that you have to deal with. You have to be online. So like you, you can't go like online and offline a lot. So most people run nodes like as a VPS, like in a data center. It's the most common thing. And I think we recommend four gigabytes of RAM and two virtual cores.
So it's something that you could realistically run on a Raspberry Pi. As long as you have a publicly routable address and you're not going online and offline. You know, every time your router gets reset or something.
Jonathan: Is it IPv4 only? Is your IPv6 support yet? Just IPv4 right now. Okay. That, that is. And so I've, I've had conversations with both my ISP.
And my data center, both saying, Hey, I would love to be able to get some IPv6 addresses, because there's some cool stuff you could do with IPv6. And I've been told multiple times over the years, No, we don't have IPv6 yet. I finally have an ISP now that's giving me IPv6 addresses. And I am about to move my servers to a different co location host that comes with IPv6 by default.
So I'm, I'm about to get on the IPv6 train everywhere. And I'm kind of excited for that. IPv6 is interesting. IPv6 is interesting for the the, the firewall circumvention stuff too, just because it's, the, the space is so huge and you can so trivially get so many IPv6 addresses. So that's and I understand, I've been a part of a project that, that got, in fact, we got sent an IPv6 patch and it's like, this is so big, we don't have the resources to even.
Look at it at the moment. It was not great. But let me put that as a bug in your ear IPv6 is interesting for what you're doing
Kee: Yeah, yeah, I think we've looked into it in the past, but i'll I haven't gotten updated in a while So I should look into it again. Yeah,
Jonathan: it's it's definitely interesting definitely the future, right?
I've got i've got a buddy that tells me i'm not doing ipv6. I'm gonna wait for ipv7 or Maybe he's, he may be savvy enough, he tells me he's waiting for IPv8, because that's the next one. How many,
Kee: how many addresses does he need? Like, once the human population has expanded to the entire galaxy or something, you know, ran out of addresses, IPv6 addresses then, but it's like some massive space, right?
Like, yeah, more than the atoms in the universe or something crazy. It's a
Jonathan: ridiculously high number. Yes. Yeah. All right. So, Boy, I think we've been going for about an hour. Let me ask you this. Is there anything that you wanted to let folks know about that you wanted to cover that I didn't get to, that I didn't ask about?
Kee: No, I think actually we, we covered things pretty widely on this. Like, obviously, like, the, the audience here is, like Definitely from an open source perspective. So I'd encourage you to like go and have a look at our GitHub repositories and download the app and just test it out. Like everything's open source and viewable.
So
Jonathan: yeah. What, what license is it primarily under?
Kee: I think most of the code is GPL three. I think there's a few packages, which maybe MIT think the core code base, although we're moving that kind of now is B is it BDS three? I forget what that license is. BSD probably. BSC, that's right, BSC 3,
Jonathan: yeah.
Alright and so I've got to ask, this is sort of a troll question are you adding AI elements to the network or to the application at this point?
Kee: No, no, no AI plans. I think the only way that it would really make sense is maybe concession as a messaging application, like maybe we'd put some sort of chat bot in there or something, like maybe running off some sort of open source.
Like a framework, but there's no plans right now, like, it's not really something that I focus on at all.
Jonathan: That's, that's good. That's good. That's the right answer. Yeah. Alright so I've got two questions that I've got to end with, I'm required to, it's part of the tradition of the show, and that is, you personally, what is your favorite Text editor and scripting language.
Kee: I'm definitely a nano, I'm definitely a nano user. Which is very simple and I'm, I'm usually not doing anything too complex which requires like Vim or something like that. Sorry, what was the second question? Scripting language. Oh, scripting language. Yeah. I don't know, it's like I end up, I end up writing a lot of scripts in Python, to be honest.
I'm not super familiar with Bash. But yeah, probably Python for scripting is what I end up using a lot.
Jonathan: That's a
Kee: very popular answer. We get that a
Jonathan: lot. Lots of people like Python.
Kee: Nano
Jonathan: and Python, or? Not as much nano, although we do get that combination. But Python quite a bit. Well, Python's very popular.
A lot of people like it. What about you? I tend to use, if I'm on the command line, I use nano. Not on the command line for actually doing real coding. It tends to be VS Code these days. And for, and for scripting language I've actually gotten, gotten hooked on Amber. Which is, it compiles down to bash code.
It's like, it's a dude that said, there's these three things that just kill me about bash. And everything else is great. So he wrote his own little, you know, add on to bash. That compiles down to bash code that fixes those little annoyances that he had with it. And I kind of like it. So I'd say that might be my favorite scripting language at this time.
Kee: I would say like if I'm doing something beyond editing a text file, I would also use VS Code as well. Like if I'm writing code, I would use VS Code. But like if I'm just seeing what's in a text file or editing one line, then I'm probably just going to use Nano. Yep.
Jonathan: Yeah, makes sense. All right. Very cool.
Hey key. I appreciate you being here. Thanks for coming on a weird time and and making it do with the time zones and putting up with just me and not a co host. I could kick things off to but thank you man for being here very much.
Kee: Yeah. And thanks for having me. I hope to be back at some point.
Jonathan: Yeah, we'll have to do that.
Come back in six months or a year and talk about what's changed to be fun. All right. That was key. Jeffrey is talking about session which You know, you may have thought when we first started out. Oh, no, it's cryptocurrency. We're back It sounds like they've got some interesting things that they're doing and whether it makes sense for you I will of course leave that up to you You can find me if you want to on Hackaday, of course That's where my security column goes live every Friday.
And as soon as they get done with this recording I'm going right back to working on that I've also got the Untitled Linux Show over at Twit, twit. tv. You can find that as well. And I appreciate everybody that's been here, both live and on the download. And we will see you next time on Floss Weekly.
00:00
-00:00