Session - Private Messenger
Overview
Session represents a significant shift in secure messaging design. Originally launched in 2018 as Loki Messenger under the cryptocurrency-focused Loki network, the platform was rebranded in 2019. It is now managed by the Swiss-based Session Foundation, a non-profit dedicated to digital rights and communication privacy.
When a user creates an account, Session does not request any personal identifiers. Instead, the client generates an asymmetric cryptographic key pair locally on the device. The public key is expressed as a 66-character alphanumeric string known as the Session ID. This ID serves as the user's secure contact address. This design eliminates the risk of SIM-swap attacks, registration censorship, and identity mapping through centralized directories.
Session routes all traffic through a decentralized network called the Oxen Service Node Network. Instead of relying on central corporate servers, the network uses a multi-hop onion routing protocol. When a message is sent, the client encrypts it in layers and routes it through three volunteer-operated nodes. Each node decrypts only the layer necessary to identify the next hop. As a result, no single node in the transit path knows both the sender's IP address and the recipient's identity, preventing the collection of messaging metadata or communication patterns.
Message payloads are secured using an adapted version of the Signal protocol, optimized for decentralized systems. Messages are not stored on a central server; instead, they are held in temporary, encrypted database storage swarms managed by the Oxen service nodes.
The recipient's client polls these swarms directly to retrieve pending messages. This design is supported by device-to-device syncing, which updates read states across multiple devices without exposing private keys.
Pros & Cons
Completely Anonymous Account Setup: No phone numbers, email addresses, or personal identifiers are required to register.
Onion-Routed Traffic: Routes data through three independent service nodes, masking the client's IP address.
No Metadata Retention: The decentralized network does not track or log messaging timestamps, IP addresses, or communication patterns.
Decentralized Infrastructure: Eliminates single points of failure, protecting the network from central data breaches.
Encrypted Group Communications: Supports end-to-end encrypted closed group chats for up to 100 members.
Verified Open-Source Codebase: The full source code is hosted publicly on GitHub for community audit and security reviews.
- ✕
No Native Message Editing: The chat engine does not support editing sent messages, requiring users to send follow-up corrections.
- ✕
Increased Routing Latency: Onion routing across three nodes can cause noticeable delays in message delivery.
- ✕
No Group Voice or Video Calling: While peer-to-peer secure calling is supported, multi-user group calls are not currently available.
- ✕
Battery Drain on Non-Google Builds: F-Droid distributions that exclude Firebase push notifications must rely on background polling, which increases battery usage.
Download
FAQs
Can Session administrators decrypt my messages or access my files?
No. Because the application uses end-to-end encryption with keys generated locally on your device, neither the Oxen nodes nor the Session Foundation can access your messages or files.
How are offline messages handled in Session?
When a device is offline, encrypted messages are stored temporarily in decentralized swarms managed by the Oxen network, where they remain queued until the recipient's client retrieves them.
Can I run Session on a device without Google Play Services?
Yes. An official F-Droid distribution is available that operates without Google dependencies, using local background polling for notifications.
Does Session support disappearing messages?
Yes. Users can configure a Time-To-Live (TTL) setting for each conversation, which automatically deletes messages from both devices after the selected duration.
Is there any subscription fee or cost to use Session?
No. Session is free, displays no ads, uses no trackers, and is supported by a Swiss non-profit foundation.
Hot Reviews
Users report using the application to isolate personal communications, noting that its registration model lets them chat without disclosing phone numbers or social media profiles.
A common point of user feedback is the lack of basic text editing controls, which requires users to send manual corrections for typos.
Recent updates have improved background synchronization, with users noting that read and unread states now transition smoothly across paired devices.