Jump to content

Session (software)

From Wikipedia, the free encyclopedia
This is an old revision of this page, as edited by Tech wikiboy (talk | contribs) at 19:19, 10 October 2025. The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.
Session
DeveloperThe Session Technology Foundation
Initial releaseFebruary 2020
Stable release
Android 1.28.1 / October 9, 2025 / October 9, 2025
Repository
Operating systemAndroid, iOS, Windows, macOS, Linux
TypeInstant messaging
LicenseBSD-3-Clause, MIT, GPL-3.0
Websitehttps://getsession.org/

Session is a cross-platform, end-to-end encrypted instant messaging application developed by the non-profit Session Technology Foundation. It emphasizes user confidentiality and anonymity by utilizing a decentralized network for message transmission. Unlike many messaging platforms, Session does not require a phone number or email address for account creation. Instead, it uses a randomly generated 66-character alphanumeric identifier called a Session ID. Communication between users, including messages, voice clips, photos, and files, is end-to-end encrypted using the Session Protocol. Session employs the Session Network, a decentralized, open-source blockchain network designed to transmit encrypted data, specifically for the Session messenger.

History

Development of Session began in 2018 under the Australia-based Oxen Privacy Tech Foundation. The project started as a fork of another messenger, Signal, aiming to build upon its foundation. However, concerns about the centralized structure of the Signal Protocol and potential metadata collection led the team to create their own protocol, called "Session Protocol". This approach prioritized increased anonymity and decentralization. In 2024, facing increasingly restrictive privacy and surveillance legislation in Australia, the Session Technology Foundation was established in Switzerland to take over the development and publication of the application.

Features

  • Anonymity: Session does not require a telephone number or email address for account creation. Instead, it utilizes a randomly generated 66-digit alphanumeric number for user identification.
  • End-to-End Encryption: Communication between users, including messages, voice clips, photos, and files, is end-to-end encrypted using the Session protocol.
  • Decentralized Network: Session uses the Session Network, a decentralized, open-source blockchain network designed to transmit encrypted data, specifically for the Session messenger.
  • Cross-Platform Availability: Applications are available for various platforms, including macOS, Windows, Linux, iOS, and Android.
  • Metadata Minimization: Session aims to minimize metadata collection by routing messages through an onion routing network, ensuring that no single server knows the message's origin or destination.

Usage

As of August 2024, over 1 million people are using Session, connecting with friends, family, colleagues, and peers with the privacy they need to keep themselves and their conversations safe. Users have found many amazing and wonderful ways to use Session, whether it's organizing activism, chatting with a loved one, or just saving a private note for themselves.

Limitations

  • Two-Factor Authentication: Session lacks support for two-factor authentication.
  • Protocol Limitations: The underlying protocols are still in a developmental phase. Following the migration from the Signal Protocol to its internally developed protocol, forward secrecy and deniable authentication were not implemented.

Recent Developments

  • 2024: The Session Technology Foundation was established in Switzerland to take over the development and publication of the application.
  • 2025: Session announced that it had migrated to its own network, the Session Network — a decentralized, open-source blockchain network designed to transmit encrypted data, specifically for the Session messenger.

Reception

Technology analysts have described Session as a secure, government-backed alternative to private messaging platforms, emphasizing data localization and sovereign control of information. While praised for integration with government systems and its security framework, early reviewers noted limited usability, slower verification, and smaller group capacities compared to commercial alternatives.

See also

References

Features

Session does not require a telephone number or email address for account creation. Instead, it utilizes a randomly generated 66-digit alphanumeric number for user identification. Communication between users, including messages, voice clips, photos, and files, is end-to-end encrypted using the Session protocol. Session uses the Loki blockchain network for transmissions. In 2021, an independent review by the third-party Quarkslab verified these claims. In 2025, Session announced that it had migrated to its own network, the Session Network — a decentralized, open-source blockchain network designed to transmit encrypted data, specifically for the Session messenger.[1][2][3][4]

Development

Development of Session began in 2018 under the Australia-based Oxen Privacy Tech Foundation.[5] The project started as a fork of another messenger, Signal, aiming to build upon its foundation. However, concerns about the centralized structure of Signal Protocol and potential metadata collection led the team to deviate and create their own protocol, called "Session Protocol". This approach prioritized increased anonymity and decentralization. During development, the team encountered various challenges, leading to the necessity of abandoning or modifying many features.[3][6]

In 2024, facing increasingly restrictive privacy and surveillance legislation in Australia, the Session Technology Foundation was established in Switzerland to take over the development and publication of the application.[7]

Limitations

Session lacks support for two-factor authentication, and its underlying protocols are still in a developmental phase. Following the migration from the Signal Protocol to its internally developed protocol, forward secrecy and deniable authentication were not implemented.[8]

References

  1. ^ Ankush, Das (February 10, 2022). "8 Reasons to Try Session as a Private Messaging App". MakeUseOf. Archived from the original on October 31, 2022. Retrieved December 8, 2022.
  2. ^ "New WhatsApp Alternative "Session" Works Without Your Phone Number". Fossbytes. March 9, 2020. Archived from the original on May 31, 2023. Retrieved July 31, 2023.
  3. ^ a b "Session Messenger Review – Best Secure Messaging App?". RestorePrivacy. Archived from the original on October 10, 2021. Retrieved October 11, 2021.
  4. ^ Oxen Session Audit Technical Report (PDF). Quarkslab SAS. 2021. Archived (PDF) from the original on October 23, 2021. Retrieved October 11, 2021.
  5. ^ Cite error: The named reference :0 was invoked but never defined (see the help page).
  6. ^ Florence, Eric (January 6, 2022). "Session Messenger Review". SecurityTech. Archived from the original on August 1, 2023. Retrieved August 3, 2023.
  7. ^ Cox, Joseph (October 22, 2024). "Encrypted Chat App 'Session' Leaves Australia After Visit From Police". 404 Media. Retrieved July 28, 2025.
  8. ^ "The Session Protocol: What's changing — and why - Session Private Messenger". Session. December 16, 2020. Archived from the original on June 4, 2023. Retrieved August 10, 2023.
Retrieved from "https://en.wikipedia.org/w/index.php?title=Session_(software)&oldid=1316148800"