American Invest Hub
  • Politics
  • Investing
  • Business
  • Latest News

American Invest Hub

  • Politics
  • Investing
  • Business
  • Latest News
Business

Interview: Anticipate certain govt depts to start exploring decentralised messaging, says Session co-founder Kee Jefferys

by admin July 12, 2025
July 12, 2025
Interview: Anticipate certain govt depts to start exploring decentralised messaging, says Session co-founder Kee Jefferys

The Certified Information Systems Auditor (CISA)’s recent warning about two critical vulnerabilities in TeleMessage TM SGNL—actively being exploited by threat actors—has prompted stakeholders to sit up and take notice.

The US federal cybersecurity agency strongly urged organizations to immediately implement any vendor-provided mitigations, underscoring the severity of the flaws.

“In the case of TM SGNL, the vulnerabilities arose from multiple severe design and implementation errors, undermining the intended security and resulting in what can best be described as “security theater”,” said Kee Jefferys, co-founder of Session, an open-source encrypted messaging app, in a conversation with Invezz.

The growth of decentralized messaging apps is being driven by a convergence of factors: rising privacy concerns, growing distrust of Big Tech, advances in blockchain and peer-to-peer architecture, and shifting regulatory environments.

While Session has earned praise for its commitment to anonymity and metadata resistance, some tech reviewers argue that Signal—another encrypted messaging platform—strikes a more mainstream balance by combining strong privacy protocols with user-friendly, community-building features.

“In Session’s case, it’s built for users who need anonymity and metadata resistance, even if that means making a few trade-offs on features or UX,” Jefferys said.

He also touched on the rising institutional interest in decentralized messaging platforms and why he believes that departments such as national security and foreign service are likely to explore these technologies more seriously in the coming years, especially for internal communications involving sensitive or high-risk scenarios.

Excerpts:

On the CISA flagging vulnerabilities in TM SGNL

Invezz: The CISA directive highlights vulnerabilities in TM SGNL. What, in your view, made these flaws so dangerous despite the use of end-to-end encryption?

End-to-end encryption, when implemented correctly, prevents anyone outside the conversation from accessing users’ messages.

However, in the case of TM SGNL, the vulnerabilities arose from multiple severe design and implementation errors, undermining the intended security and resulting in what can best be described as “security theater.” 

Rather than a single isolated flaw, it was a chain of poor design decisions that ultimately exposed user data.

First, TM SGNL created an unencrypted copy of every message sent in a conversation and then stored this copy on a server.

This practice effectively created a honeypot of sensitive data, making it highly attractive to attackers.

Second, the server publicly exposed a URL from which anyone could download the current state of its memory.

As the server received and processed these unencrypted messages, it stored them in memory alongside sensitive authentication details, including users’ weakly hashed passwords.

Combined, these vulnerabilities allowed an attacker, even one with relatively limited sophistication, to routinely download server memory, extract authentication information, breach user accounts, and access plaintext conversations.

This scenario underscores a critical point: secure protocols are only as strong as the underlying code quality and infrastructure implementation.

How decentralisation reduces risk structurally

Invezz: You’ve argued that single-vendor control is the real threat. Can you walk us through how decentralization structurally reduces this risk?

Absolutely. When one company controls everything, including the code, the servers, the updates, even a single mistake can put everyone at risk.

Decentralization spreads out that control, reducing ability to target any one server to achieve a full network compromise.

In networks like Session, there’s no central server to attack, nor any single entity holding all the messages.

Instead, the network consists of independently operated nodes distributed around the globe, and the source code is openly available for anyone to inspect.

As a result, rather than relying on the trustworthiness of a single vendor, you have a system purpose-built to function without needing trust at all.

Difference between Session and Signal

Invezz: Session is often touted as a fully decentralized, metadata-resistant messenger. How does your infrastructure fundamentally differ from Signal or other encrypted apps?

Most messengers still depend on centralized infrastructure, Session is different.

Session operates on a decentralized onion-routing network inspired by Tor, specifically built for messaging.

Instead of relying on central servers, Session routes messages through a series of community-operated nodes, effectively concealing users’ IP addresses from any node storing their messages.

Additionally, Session doesn’t require a phone number, email, or any other real-world identifier to create an account.

All messages are end-to-end encrypted, and unlike traditional TM SGNL, Session never sends an unencrypted audit log of users’ communications to a central server.

Session’s use case and ongoing efforts to improve usability

Invezz: Some tech reviewers have said that while Session offers a level of privacy which is great for security purposes, Signal blends robust privacy policies with helpful community-building features, making it appealing to a wider audience. What are your thoughts on this?

That’s a fair take. Signal has done an amazing job making private messaging feel seamless, especially for people who aren’t privacy experts.

In Session’s case, it’s built for users who need anonymity and metadata resistance, even if that means making a few trade-offs on features or UX.

But Session is definitely not ignoring usability, Session contributors have been working hard on improving the UX, by simplifying technical jargon and making it easy to jump in and start messaging without having to worry about the technical details. 

On institutional demand for decentralised messaging

Invezz: Do you see institutional or enterprise demand for decentralized messaging growing? If so, what verticals are showing early traction?

Absolutely. Session is seeing growing interest from journalists, NGOs, whistleblowers, and legal professionals, basically anyone who handles sensitive information or needs to keep communication private.

Some DAOs and privacy-focused startups are starting to explore decentralized messaging too.

It’s still early, but the common thread is they all want strong privacy and infrastructure that doesn’t have a single point of failure or control.

As regulations tighten and data breaches pile up, decentralization is starting to look less like a niche and more like a necessity.

Gov branches like national security/ foreign service likely to explore decentralised messaging

Invezz: Do you believe governments will ever seriously adopt decentralized messaging protocols, or will they remain dependent on vendors they can oversee?

That’s a tough one. Governments naturally prefer control and auditability, which often leads them toward proprietary or vendor-managed systems.

However, as the TM SGNL incident clearly illustrates, this centralized approach carries inherent risks.

I anticipate that certain branches of government, particularly those dealing with national security or foreign service, will increasingly explore decentralized solutions for sensitive internal communications or high-risk scenarios.

We probably won’t see immediate, widespread adoption overnight, but the escalating cost and impact of security breaches are compelling enough to make even traditionally risk-averse institutions reconsider their approach.

The post Interview: Anticipate certain govt depts to start exploring decentralised messaging, says Session co-founder Kee Jefferys appeared first on Invezz

0
FacebookTwitterGoogle +Pinterest
previous post
Kraft Heinz plans breakup, weighs $20 billion grocery spin-off: report
next post
New CEO- is that what Apple stock needs now?

Related Posts

UK’s Crown Estate clears offshore wind expansion to...

May 10, 2025

Women’s college basketball championship expected to set new...

April 10, 2024

European stocks soar higher on hopes of trade...

July 10, 2025

Are foreign investors returning to Indian equities? Here’s...

March 25, 2025

VanEck cuts Ethereum price forecast to $7,334: What...

October 19, 2024

Europe markets open: stocks down; focus on US...

July 14, 2025

ServiceNow stock is expensive; does it have a...

October 30, 2024

UK climate targets at risk as high electricity...

June 25, 2025

Analysts are bullish on Lloyds share price: should...

March 10, 2025

Warby Parker stock price analysis as its website...

January 19, 2025

    Stay updated with the latest news, exclusive offers, and special promotions. Sign up now and be the first to know! As a member, you'll receive curated content, insider tips, and invitations to exclusive events. Don't miss out on being part of something special.


    By opting in you agree to receive emails from us and our affiliates. Your information is secure and your privacy is protected.

    Latest News

    • Saudi Arabia poised to raise September crude prices to five-month highs

      July 28, 2025
    • From $824 to over $1,300: how soaring rents are consuming American paychecks

      July 27, 2025
    • India-UK sign historic free trade deal: here’s all you need to know

      July 24, 2025
    • Talen Energy surges 25% to ATH after strategic natural gas power plant acquisition

      July 20, 2025
    • US visa bans on Brazilian judges spark diplomatic rift, cloud economic ties

      July 20, 2025

    Categories

    • Business (3,550)
    • Investing (2,686)
    • Latest News (2,024)
    • Politics (1,530)
    • About us
    • Contact us
    • Privacy Policy
    • Terms & Conditions

    Disclaimer: americaninvesthub.com, its managers, its employees, and assigns (collectively “The Company”) do not make any guarantee or warranty about what is advertised above. Information provided by this website is for research purposes only and should not be considered as personalized financial advice. The Company is not affiliated with, nor does it receive compensation from, any specific security. The Company is not registered or licensed by any governing body in any jurisdiction to give investing advice or provide investment recommendation. Any investments recommended here should be taken into consideration only after consulting with your investment advisor and after reviewing the prospectus or financial statements of the company.

    Copyright © 2025 americaninvesthub.com | All Rights Reserved