A blogger recently raised concerns about Session's security architecture.
In response, Session Co-Founder Kee Jefferys and Chief Software Architect Jason Rhinelander have addressed these claims in detail, clarifying the authors misconceptions.
https://getsession.org/blog/a-response-to-recent-claims-about-sessions-security-architecture
@session I appreciate the time you took to check the claims of the security researcher. I appreciate the thoroughness of these checks.
I appreciate the ability of @soatok to admit he was wrong on some accounts.
However, I firmly condemn the pejorative tone Session uses to speak of the author of that research, calling him "a blogger" and denying to cite his writings, no matter how derogatory his own tone was about your product.
To be fair, even if it happens that none of the claims result in immediate security flaws (as far as I understood them), several concerns do sound like the protocol design is "baroque" and would deserve some formal proof.
For one, I am still not convinced the removal of PFS is justified, and I am not convinced that the reduction of the seed size for UX reasons is a valid justification. I blamed Signal for the same thing a few years ago when they truncated the hash of the session key from 256 bits to 100 bits **in the qrcode verification procedure**. And it was about a hash truncation; not the seed!
Agreed, 100%.
I'm very much looking forward to V2 of Session, as it sounds amazing. I'm also looking forward to reading what @soatok says about it when it's released.
I'm betting and hoping everyone learned from the experience and have since raised the bar for all concerned 🤞🏼 🤝🏼
@session session forums died off (some had 4,500 members).
Then, there was a major spamming making forums unusable.
Then, I was told off for comments - so after using session a few years I've quit.
I've moved to SimpleX Chat, Briar messenger, Minds & mastodon.
Saturniidae
Session
Blacklight447
ᗦꫀᔕ𝔦ᧁꫛժ 
X_Cli ⏚
Rhetoricalodon
The Anvil System 
Honor
🇯🇴