How it works
Session generates a 66-character Account ID locally on first launch — that string is the only identity tied to your messages. Outbound messages are wrapped in three layers of encryption and pushed through onion-routed paths across the Session service node network, the decentralised infrastructure inherited from the Oxen project. Until a recipient comes online, ciphertext sits encrypted on a swarm of service nodes, none of which can see content, sender, and recipient together. The desktop, iOS and Android clients are first-party builds; F-Droid and a self-built APK route are also available. End-to-end encryption uses the Session Protocol, a derivative of the Signal Protocol stripped of the long-term phone-number identifier and reworked to function over the Foundation's decentralised store-and-forward network.
KYC & privacy
Account creation asks for nothing. There is no signup form, no email check, no SMS code — the device generates a key pair, the public half becomes your Account ID, and the private half stays on the device. There is no central server to subpoena because there is no central server: messages are queued across rotating service nodes, and the client uses onion requests so that no single node ever sees both ends of a conversation. The clients are released under GPLv3 with portions under BSD/MIT, and the source tree is publicly auditable on GitHub. Quarkslab audited Session in 2020–2021 across desktop, iOS and Android, raising 16 issues; only one was rated severe (a TLS-verification gap in the Android service-node lookup) and all findings were patched inside the audit window.
Strengths and limits
The strongest point is structural: there is no phone number to leak, no email to correlate, no operator who can be compelled to dump a user table because the user table does not exist. Stewardship matters too. When the Australian Federal Police began making house calls and the local e-Safety Commissioner pushed for industry-wide data-retention rules, OPTF stepped down in October 2024 and the Session Technology Foundation took over from Switzerland. The limits are real. The 66-character Account ID is a usability tax — it is not memorable, and you have to share it through QR or an out-of-band channel — and Session's metadata-minimisation comes at a feature cost: iOS push notifications can be flaky, voice and video calls are still maturing, and the Quarkslab audit is now four years old with no published follow-up. The on-network coin used to incentivise service nodes is OXEN, whose price drift is a separate variable from the messenger's privacy guarantees but worth knowing about.
Verdict
Session is what you reach for when you do not want a phone number sitting in someone's database. It is not the smoothest chat app — Signal still wins on call quality and reliability — but on the metric the project picks, metadata leakage, it ships the most thoroughly engineered answer of any mainstream client. Grade: A- (8.9/10). Trust: LEGIT.
Session is what you reach for when you do not want a phone number sitting in someone's database. It is not the smoothest chat app, but on metadata leakage it ships the most thoroughly engineered answer of any mainstream client. Grade: A- (8.9/10). Trust: LEGIT.
