Overview
Session is an end-to-end encrypted messaging platform that is among the best tools for anonymous, private, and secure communication. As an added bonus, it has an entire social network ecosystem, with group chatrooms that you can make open to the general public or private for just your invited friends.
Session is a fork of Signal that allows for real time phone calls and for sending files. It works on almost everything from Android, iPhone, Linux, and even Microsoft Windows. We even allow readers to get new content on this site for free by Session messenger.
Random Usernames
Session is so private because it uses randomly generated usernames like a cryptocurrency wallet. So your Session ID is not connected to your phone number or email. In our previous articles on Signal and Facebook, we discussed how phone numbers get synced in people’s contact lists on regular smartphones that aren’t using special privacy operating systems. So big tech and governments use phone numbers to track the web of your connections.
Not only does Session hide your identity with its random cryptocurrency wallet style username, but it also encrypts messages through a mixnet.
Tor alternative
Session is powered by the Loki net, which is a cryptocurrency powered mixnet. This is a similar to Tor with some differences. In general, mixnets anonymize internet traffic by mixing data among participants so neither participants nor outsiders can see from where the data originated.
Let’s compare Tor with Loki net…
Tor is an anonymous onion-routed mixnet that we covered in a previous article that you can find here. Tor works by sending TCP packets, which are used primarily for websites.
With TCP packets, the sender sends data. Then the receiver sends back confirmation that the packets were actually received before the sender sends more packets.
This is extremely useful for something like loading a website. The sender would want to confirm that the receiver actually received the first website image before moving on to the second image. Otherwise, parts of the website could potentially be lost.
The advantage of TCP packets is that it ensures data will not be lost. But having to confirm that the data packets were received before it continues slows down the speed of the data transfer.
On the other hand, with UDP packets, the sender does not wait for confirmation that the packets were received. This allows for a faster connection, but some packets may potentially be lost.
UDP packets are used for live video and video games. Have you ever played a video game and it lags? Then suddenly your character avatar jumps to a different spot? This is because the UDP packets kept on coming even if you missed them.
Tor vs Loki net
Tor uses only onion-routed TCP packets. (slow & reliable)
While Loki net allows onion-routed UDP packets to be used for phone calls. (This makes them fast, but unreliable)
This allows Lokinet and thus video/phone calls Session to be faster than Tor. That’s how Session is able to do onion-routed phone calls in real time, while Tor is too slow to be able to do so.
Loki net’s Cryptocurrency
Another reason that Tor is so slow is that it’s run by volunteers for free. This system allows for an unlimited number of users on potentially a small number of exit nodes. As a reminder from our Tor article, the exit nodes are the servers hosting the traffic. When you use Tor, your IP address is one of the exit nodes that you are coming out of.
In sharp contrast, with Lokinet/Session, the nodes are being paid in cryptocurrency. This provides an incentive to have more node hosts to handle the traffic from the Session users.
Lokinet’s cryptocurrency is called Oxen (after it was renamed from Loki previously). Oxen is a fork of Monero and some of the coders of Oxen had previously worked on Monero. Just like Monero, Oxen is private with how much you have and who you send it to.
You do NOT need Oxen cryptocurrency to use Session’s basic messaging features. In the future, the Session developers will be rolling out advanced premium features, such as sending larger files that you will need Oxen for. Also you can currently buy unique usernames for Oxen, as opposed to random crypto-like addresses.
At present, Oxen has not performed well price-wise against the US dollar. But in our opinion, this is due to the overall sell-off in all cryptocurrency assets and a decline in the broader stock market.
Session’s Popularity
Session is growing in popularity. The number of Session downloads on the Google Play Store has surpassed 200,000. And that’s just for people inexperienced enough to use the Google Play Store. Most privacy focused users would be downloading the APK directly or using it on a computer. Because of the private nature of the onion mixed social network, the Lokinet team is unable to track how many Session users there actually are.
Session’s negatives
Session does have some major negatives. The first is that it relies upon Google push notification services on Android to receive new messages in a timely manner. The reason this problem exists is because Lokinet is decentralized and the technology to push notifications through blockchain and not to a single server with a specific IP address is not yet that developed at the time of this article. On a completely separate note, this is what the Solana team is trying to solve right now with their Solana phone and a project called Dialect.
While Session’s android client does offer another mode for checking messages in the background periodically without using Google at all, in our personal experience we’ve found this mode to be less reliable than Session’s Linux desktop client and even more so when trying to sync the android phone and Linux computer. Lokinet stores messages in a blockchain database called the Swarm, which you access via your encryption keys. In our personal experience, we’ve had repeated issues with syncing these messages on both the phone and Linux computer at the same time, and amidst the confusion sometimes neither client receives or sends it.
The limitations of blockchain and onion-routing alone can not be blamed for these missed degoogled android messages since Google push notifications and the Linux desktop version would then have these same issues. You should consider centralized servers such as Signal or self-hosted XMPP for guaranteed and timely phone/computer syncs. Since Signal is a centralized server using Amazon’s AWS, only self-hosted XMPP offers guaranteed delivery, speed, and metadata privacy but with this form of XMPP you would have to pay for your own server.
Another reason your messages might not go through is if you use both Tor and Session at the same time (like having Tor’s Orbot app on in VPN mode while you use Session) because then it’s going through 2 mixnets. It’s for this reason that we do not recommend the use of both Tor and Session at the same time due to missed or delayed messages.
Conclusion
In this article we gave a broad overview of why Session is so private and able to uniquely handle onion routed audio calls. This technology is built upon the preceding advancements in the privacy tech stack. Session messenger is a fork of Signal messenger, using the Oxen cryptocurrency which is a fork of Monero, using Lokinet which is a fork of Tor. In our next article, we’ll go over how to use Session. You will get a lot out of subscribing for free to our new content by email, by Session messenger, or RSS feed.