> This is why I don’t recommend Tox.

Thanks for the write up. Did you mean Tor? Or is Tox something else entirely? 

Also, what are your thoughts on SimpleX?

Jon_Hodl

Whoa! This is damning! Using the users public key to symmetrically encrypt the payloads for onion routing? What?

Highly suspicious. Ive never used session, but I would very much avoid it after reading this. It never seemed right to me.
There are several examples of Nation states running fake 'secure' messaging apps in order to learn the plaintext of their users. I am not saying this is the case here, but stranger things have happened. A 'community' hatefork would be a great cover for cryptographic subversion.

I very much respect Soatok in the field of cryptography engineering and you would be wise to heed their warning.

ZezzebbulTheMysterious

What convinced you of this security and privacy? 

Soatok has convinced me with this blog post that several decisions made by session in the code have reduced the security of the protocol.

How the session developers respond to these criticisms will be more telling.

I use Session on a daily basis and am convinced of its security and privacy. I will investigate more about it... 