Audit of Session Secure Messaging Application

Oxen mandated Quarkslab to perform an audit of their instant messaging solution Session . This application, forked from Signal, aims to improve users privacy by using an onion routing mechanism . This mechanism differs from Tor's one by requiring a deposit in their own cryptocurrency to operate a Service Node (Snode ), the Oxen equivalent of a Tor Entry, Relay or Exit Node. While reviewing the architecture of this solution, we found some issues and provided recommendations to improve parts of the implementations.

more ...