I have been using Session Messenger for a long time. One of My Friends wants to install Session Messenger on Windows. When He tried to do that, He got a warning from Windows Defender as Cryptominer.
Is it really a Cryptominer? Or Is it false positive?
I heard it was an issue raised on Github long time ago. But it wasn’t fixed. Why didn’t Session Team didn’t fix it? Can I trust it now?
Because, for Microsoft to trust the software, the developer/publisher of the software needs to pay several hundred bucks just for a “trustworthy” certificate. It’s basically a scam.
That’s why it perhaps won’t be fixed and frankly I think people shouldn’t buy into this crap, so I recommend it to not be fixed in a way that forces the developer/publisher to pay anything for a “trustworthy” certificate.
You can trust all open source software, that has been checked by developers for maliciousness. Session is one of them.
I don’t know any block chain apps, but goes to show that Microsoft still have a bee in their bonnet about Open Source Software. As much as they changed their minds about liking Linux, still leaves a cold sweaty taste in my mouth. I’d say introduce your friend to the world of Linux, won’t be disappointed.
I didn’t investigate the reasons, so I don’t know that. However, if you put the time into researching their reasons and explanations for this, there is a chance you will find at least one good reason for them doing that.
It’s always easy for users of software to complain about stuff, that they don’t like or just are surprised about and don’t understand. Opposite to that, developers usually try to do a good job and sometimes have to make tough decisions. So, just because the community does not understand the reasons for a certain development decision, it does not mean it’s bad or, as in this case, it does not mean it’s there to track or fingerprint the user. Perhaps they needed this feature for a specific and very well founded reason.
Probably Windows Defender shows this warning because Session uses cryptographic functions to create an ID and to encrypt and decrypt messages. This makes it feel (****)hurt, probably. Session has been audited before. I have seen such false positives given by Windows Defender before.