Session
Decentralized encrypted messenger that requires no phone number, no email, and routes messages through onion paths. The most metadata-resistant messenger available — if it survives its funding crisis.
What should journalists know about Session?
Session solves the one problem Signal cannot: metadata. Signal encrypts message content but still requires a phone number and routes messages through centralized Signal Foundation servers — meaning Signal knows who is talking to whom, even if it cannot read what they say. Session eliminates both requirements. No phone number. No email. No centralized server. Messages route through an onion network of community-operated nodes (originally built on Oxen's Lokinet infrastructure), meaning no single node knows both the sender and recipient. Your Session ID is a randomly generated public key. The encryption uses the Signal protocol's Double Ratchet adapted for Session's decentralized architecture, with X25519 key agreement and XChaCha20-Poly1305. The architecture is genuinely novel: instead of trusting one company's servers (Signal Foundation, Meta, Threema GmbH), you trust a distributed network of nodes incentivized by cryptocurrency staking. This is both Session's strength and its vulnerability. The Session Foundation — a Swiss nonprofit stewarding the project — announced in early 2026 that it has entered its final 90 days of funding. Without reaching donation goals, all paid staff would have their final working day on April 9, 2026. This is an existential threat to a security tool that journalists might depend on. A messenger is only as trustworthy as its long-term maintenance: unfixed vulnerabilities in abandoned software become attack vectors. The honest assessment: Session's privacy architecture is superior to Signal's on metadata resistance. But Signal has a $50M+ foundation, a proven track record under legal pressure (subpoenas that yielded nothing because Signal had nothing), and millions of users. Session has a funding crisis, a smaller development team, and far fewer users. For journalists, the calculus is: do you need metadata resistance badly enough to depend on a tool whose survival is uncertain? If you cover intelligence agencies, surveillance states, or organized crime at the highest level — and your threat model specifically includes traffic analysis — Session offers protections no other messenger matches. For everyone else, Signal remains the safer bet because it will still exist next year.
Communication where metadata exposure (who talked to whom, when) is as dangerous as content exposure. Sources in authoritarian countries where server seizure or legal compulsion is a realistic threat. Whistleblowers who cannot link any personal identifier to a messaging account. Journalists covering surveillance technology, intelligence agencies, or state-sponsored hacking. Backup communication channel when Signal is blocked or monitored at the network level.
Day-to-day newsroom communication — the funding uncertainty makes it unsuitable as a primary tool. Journalists whose sources will not install an unfamiliar app. Large group conversations (Session groups are limited in size and features). Voice/video calling (Session offers audio messages but not real-time calls with the reliability of Signal). Anyone who needs confidence their tool will receive security updates in 12 months.
Security & Privacy
Data is scrambled while being sent to their servers
Data is scrambled when stored on their servers
Where servers are located — affects which governments can request your data
Privacy policy summary
Session collects no personal data. No phone number, no email, no IP address logging. Messages route through onion paths so no single node sees both sender and recipient. The Session Foundation states it has no trackers, never collects private data, and never sells data to third parties. Your Session ID is a cryptographic key pair generated locally — it is not linked to any real-world identity. The only data that exists is encrypted messages temporarily stored on swarm nodes awaiting delivery.
How to protect yourself:
Understand the funding risk: as of early 2026, Session's continued development is uncertain. Do not make Session your only secure communication channel — maintain Signal as a fallback. Back up your Session ID recovery phrase securely (offline, encrypted). Use Session over Tor or a VPN for additional network-layer protection if your ISP might flag Lokinet traffic. Verify that you downloaded Session from official sources (getsession.org, official app store listings). For maximum anonymity, install Session on a device not linked to your identity. Be aware that Session's smaller user base means your use of it may itself be a signal — in some environments, having Session installed could attract attention.
Session's privacy architecture is technically superior to Signal for metadata resistance: no phone number, no central server, onion-routed message delivery. The encryption is sound (adapted Signal protocol with modern primitives). The 'adequate' rather than 'strong' rating reflects operational reality: the Session Foundation faces an existential funding crisis as of early 2026, the audit trail is less extensive than Signal's, the development team is smaller, and long-term maintenance is uncertain. A security tool is only as good as its next vulnerability patch. If Session's funding stabilizes and independent audits confirm its implementation, this rating should be revisited upward. For now, journalists should treat Session as a specialized high-metadata-threat tool, not a primary messenger.
Who Owns This
Known issues
Funding crisis (2026): The Session Foundation announced it has entered its final 90 days of operation without meeting donation targets. All paid staff face termination if funding is not secured. This creates existential risk for ongoing security maintenance. Smaller development team than Signal means slower vulnerability response. The onion routing architecture, while privacy-superior, introduces latency — messages can take seconds longer to deliver than Signal. No independent security audit results are publicly prominent (unlike Signal's extensive audit history). The cryptocurrency origins (Oxen/Loki) created reputational complexity — some security researchers view crypto-adjacent projects with skepticism. Group messaging is limited compared to Signal. No voice or video calling feature parity with Signal. User base is small enough that Session usage itself could be a distinguishing signal in traffic analysis. Desktop and mobile sync has historically been unreliable.
Pricing
Free
This is an editorial assessment based on publicly available information as of 2026-04-11, using our published methodology. Independent security review is pending. Security posture can change at any time. This is not a guarantee of safety.
Something wrong or outdated? Report it.