pull down to refresh

Don’t Use Session (Signal Fork)soatok.blog/2025/01/14/dont-use-session-signal-fork/
543 sats \ 4 comments \ @nym 15 Jan security
Last year, I outlined the specific requirements that an app needs to have in order for me to consider it a Signal competitor.
Afterwards, I had several people ask me what I think of a Signal fork called Session. My answer then is the same thing I’ll say today:
Don’t use Session.
The main reason I said to avoid Session, all those months ago, was simply due to their decision to remove forward secrecy (which is an important security property of cryptographic protocols they inherited for free when they forked libsignal).
Lack of forward secrecy puts you in the scope of Key Compromise Impersonation (KCI) attacks, which serious end-to-end encryption apps should prevent if they want to sit at the adults table. This is why I don’t recommend Tox.
And that observation alone should have been enough for anyone to run, screaming, in the other direction from Session. After all, removing important security properties from a cryptographic security protocol is exactly the sort of thing a malicious government would do (especially if the cover story for such a change involves the introduction of swarms and “onion routing”–which computer criminals might think sounds attractive due to their familiarity with the Tor network).
Unfortunately, some people love to dig their heels in about messaging apps. So let’s take a closer look at Session.
write
preview
related posts
9 sats \ 0 replies \ @Jon_Hodl 15 Jan
This is why I don’t recommend Tox.
Thanks for the write up. Did you mean Tor? Or is Tox something else entirely?
Also, what are your thoughts on SimpleX?
reply
8 sats \ 0 replies \ @ZezzebbulTheMysterious 16 Jan
Whoa! This is damning! Using the users public key to symmetrically encrypt the payloads for onion routing? What?
Highly suspicious. Ive never used session, but I would very much avoid it after reading this. It never seemed right to me. There are several examples of Nation states running fake 'secure' messaging apps in order to learn the plaintext of their users. I am not saying this is the case here, but stranger things have happened. A 'community' hatefork would be a great cover for cryptographic subversion.
I very much respect Soatok in the field of cryptography engineering and you would be wise to heed their warning.
reply
0 sats \ 1 reply \ @Intrappolati_ 15 Jan freebie
I use Session on a daily basis and am convinced of its security and privacy. I will investigate more about it...