Cyber PingUMar 7, 2025
This is to remember that Whatspp and Telegram are not the only instant messenger nor the more secure.
Keep in mind Session IM.
Long story short:
- OpenSource
- Peer to Peer
- Obfuscated
- No metadata
- E2EE encrypted
- No telephone number, mail or other identifying things
- Audited by 3rd parties

Give it a glance: https://getsession.org #session #oxen #im #whatsapp #telegram #signal #session #oxen #im #whatsapp #telegram #signal #infosec #socialmedia
Session | Send Messages, Not Metadata. | Private Messenger

Session is a private messenger that aims to remove any chance of metadata collection by routing all messages through an onion routing network.

Session
Show threadAndromxda 🇺🇦🇵🇸🇹🇼Mar 7, 2025

@cyberpingu Don't use Session. https://soatok.blog/2025/01/14/dont-use-session-signal-fork/

Use @signalapp or @simplex instead. #signal #signalapp #simplex

Don’t Use Session (Signal Fork) - Dhole Moments

Last year, I outlined the specific requirements that an app needs to have in order for me to consider it a Signal competitor. Afterwards, I had several people ask me what I think of a Signal fork c…

Dhole Moments
Show threadCyber PingUMar 7, 2025
@Andromxda @signalapp @simplex
Developers have already answered the misleading sentences of those sites you're linking: https://getsession.org/blog/a-response-to-recent-claims-about-sessions-security-architecture #session #oxen #im #whatsapp #telegram #signal #infosec #socialmedia
Session Pro Beta: Development Update - Session Private Messenger

The latest progress towards Session Pro Beta's five core features: higher character, unlimited pins, larger groups, animated display pictures, and Pro badges.

Session
Show threadsysosmasterMar 7, 2025

@cyberpingu @Andromxda @signalapp @simplex having read all 3 blog articles I am forced to conclude that Soatek is correct and Session is using obfuscation to justify their bad security choices.

Especially for state level actors the approach they use is much worse than the one Signal uses.

I found it illuminating that Soatek not only shows integrity by admitting the mistakes they made, but also to credit the feedback they got from others.

You can read the second blog article (which is never even sourced by Session in their article. Which makes it harder to know what the actual findings were).

Here is the second article Soatek made https://soatok.blog/2025/01/20/session-round-2/

Session Round 2 - Dhole Moments

Last week, I wrote a blog post succinctly titled, Don’t Use Session. Two interesting things have happened since I published that blog: A few people expressed uncertainty about what I wrote ab…

Dhole Moments
Show threadCyber PingUMar 7, 2025
@sysosmaster @Andromxda @signalapp @simplex
Hi sysomaster, actually session's devs DO source the second answer. In the very same page I linked before, all can read

"Update (23/01/2025)
The author has published a second blog, responding to the rebuttal provided here. In the second blog, they provide additional context for the issues originally raised. We have added various updates to this blog in the relevant sections to respond to their updated claims and comments. These updates are tagged with the “Update” heading. "

So I cannot be sure how carefully you did read both blogs (Soatek and Jeff's one) . Again the page: https://getsession.org/blog/a-response-to-recent-claims-about-sessions-security-architecture read it again, at least the very first lines and you will see they did answer again in their blog to every Soatek's new tries to demonsotrate something that still, is worth nothing #session #oxen #im #whatsapp #telegram #signal #infosec #socialmedia
Session Pro Beta: Development Update - Session Private Messenger

The latest progress towards Session Pro Beta's five core features: higher character, unlimited pins, larger groups, animated display pictures, and Pro badges.

Session
Show threadCyber PingU
@sysosmaster @Andromxda @signalapp @simplex
It was not an accusation: I said "I cannot be sure", I didn't say "you didn't read carefully": I'm responsable about what I say and not about what you understand, that's another story.
Getting back to the issue, I find that the fact they answered is just kind enough since a random guy just started blaming them on his own blog, without addressing a formal question to them. They anwered in "camera caritatis", and I don't find fair that people pretend them to follow step by step every random that posts something in his own blog. #session #oxen #im #whatsapp #telegram #signal #infosec #socialmedia #session #oxen #im #whatsapp #telegram #signal #infosec #socialmedia
Mar 8, 2025 at 12:54amWeb