Whoa! This is damning! Using the users public key to symmetrically encrypt the payloads for onion routing? What?

Highly suspicious. Ive never used session, but I would very much avoid it after reading this. It never seemed right to me. There are several examples of Nation states running fake 'secure' messaging apps in order to learn the plaintext of their users. I am not saying this is the case here, but stranger things have happened. A 'community' hatefork would be a great cover for cryptographic subversion.

I very much respect Soatok in the field of cryptography engineering and you would be wise to heed their warning.