Closed michaelssingh closed 10 months ago
Keys are stored locally on the device, they can be seen if at Settings -> recovery phrase. New keys can be generated by going to settings -> clear data. Once data is cleared when you start Session the next time you will generate a new keypair.
Messages are stored on the decentralised Service Node network for a period of 14 days (30 days in the case of configuration messages)
The only person who can decrypt and read your messages is the person who holds the private key for your Session ID, which is stored only on the local device where Session is installed. So no, the company/board members/investors/engineers/nodes cannot decrypt your messages
Why are messages being stored in the first place?
To increase user experience. If messages aren't stored offline then both devices need to be online for a conversation to happen. Storing messages offline allows you to turn your device off after you send a message, and for the recipient to be completely offline for a period of time before they receive that message
Why aren't messages stored until the client receives them if the use case is to provide a good experience?
Is it currently possible for messages to be backed up and stored elsewhere?
I have no insight into design decisions, but I'll attempt to answer some of your questions (note: most are already answered by @KeeJef).
Could you give me my keys?
Considering my understanding of how Session works, I don't know exactly what the question is trying to ask, but I would say no.
Where are my key pairs stored?
Where are my messages stored?
These are stored in ~/.config/Session
in Linux operating system.
Can the company/board members/investors/engineers/nodes behind Session decrypt my messages at rest?
Not that I believe. My understanding is the user's private key is stored locally, messages are decrypted as they are received, and then the messages may be stored as plaintext on the user's device (depending on the account's password protection maybe?).
Why are messages being stored in the first place?
Messages are stored in the network (by Service Nodes) to allow asynchronous communication. Otherwise, users would need to be online simultaneously in order to exchange messages.
Why aren't messages stored until the client receives them if the use case is to provide a good experience?
I guess this is to reduce the storage capacity requirements on Service Nodes and prevent messages that will never be received from staying zombie inside Service Nodes, and there may be other reasons.
Is it currently possible for messages to be backed up and stored elsewhere?
You can copy ~/.config/Session
elsewhere in order to back up your messages. However, if you copy it to another device and then use the same account on multiple devices, I don't know what would happen.
The white paper stated that I could generate key pairs at any time. I am using Session Desktop, and I don't see that option.
Could you give me my keys?
Where are my key pairs stored?
Where are my messages stored?
Can the company/board members/investors/engineers/nodes behind Session decrypt my messages at rest?