Quarkslab

Fact-Checks

6 results

Dec 4, 2025

Could someone potentially set up a session messenger account in order to catch others in nefarious acts?

Yes — technically someone can create a Session account and use it to observe or entrap others, because Session allows fully anonymous Account IDs with no phone or email required and routes messages ov...

Nov 20, 2025

What are the potential consequences of a Session Messenger security vulnerability?

A vulnerability in Session Messenger could range from limited metadata exposure or TLS-related man-in-the-middle attacks to full message disclosure if a user’s device or keys are compromised; Session’...

Dec 10, 2025

Has Session Messenger undergone independent security audits or third-party reviews?

Session has undergone at least one formal third‑party code audit: Quarkslab audited Session’s Android, iOS, and Desktop clients (audit announced April 29, 2021 and discussed repeatedly by Session and ...

Nov 25, 2025

What threats or attack vectors is Session designed to mitigate versus mainstream messengers?

Session is designed to mitigate metadata collection, identity linkage, and central-server surveillance common in mainstream messengers by offering account IDs without phone/email, onion routing throug...

Nov 30, 2025

What are the trade-offs between Session's privacy features and usability/performance?

Session prioritizes anonymity, decentralization and onion routing to avoid account metadata and central servers, trading some usability and real-time performance — reviewers note inconsistent call qua...

Nov 6, 2025

What encryption protocol does Session Messenger use?

Session Messenger uses its own custom encryption scheme called the , a purpose-built end-to-end encryption protocol for a decentralized, onion-routed network. The protocol is implemented atop well-kno...

Your fact-checks