Session Private Messenger

Christian Cleberg

·

Software

About Session

Session is a private, cross-platform messaging app from the Loki Foundation. As someone who has spent years looking for quality alternatives to major messaging apps, I was excited when I first heard about Session. Reading through Session's whitepaper, you can learn the technologies behind the Session app. Part of the security of Session comes from the Signal protocol, which was forked as the origin of Session.

Session is an end-to-end encrypted messenger that removes sensitive metadata collection, and is designed for people who want privacy and freedom from any forms of surveillance.

In general, this app promises security through end-to-end encryption, decentralised onion routing, and private identities. The biggest change that the Loki Foundation has made to the Signal protocol is removing the need for a phone number. Instead, a random identification string is generated for any session you create. This means you can create a new session for each device, if you want to, or link new devices with your ID.

Since Session's website and whitepaper describe the details of Session's security, I'm going to focus on using the app in this post.

Features

Since most people are looking for an alternative to a popular chat app, I am going to list out the features that Session has so that you are able to determine if the app would suit your needs:

  • Multiple device linking (via QR code or ID)
  • App locking via device screen lock, password, or fingerprint
  • Screenshot blocking
  • Incognito keyboard
  • Read receipts and typing indicators
  • Mobile notification customization
  • Old message deletion and conversation limit
  • Backups
  • Recovery phrase
  • Account deletion, including ID, messages, sessions, and contacts

Downloads

I tested the Session app on Linux (Ubuntu 19.10) and Android 10. Below is a brief overview of the Session app on Linux. To get this app, you'll need to go to the Downloads pages and click to link to the operating system you're on. For Linux, it will download an AppImage that you'll need to enable with the following command:

sudo chmod u+x session-messenger-desktop-linux-x86_64-1.0.5.AppImage
Fig.1 - Session Downloads

Creating an Account

Once you've installed the app, simply run the app and create your unique Session ID. It will look something like this:

05af1835afdd63c947b47705867501d6373f486aa1ae05b1f2f3fcd24570eba608

You'll need to set a display name and, optionally, a password. If you set a password, you will need to enter it every time you open the app.

Fig.2 - Session Login
Fig.3 - Password Authentication

Start Messaging

Once you've created your account and setup your profile details, the next step is to start messaging other people. To do so, you'll need to share your Session ID with other people.

Fig.4 - Friend Requests
Fig.5 - Conversations

Potential Issues

I've discovered one annoying issue that I believe is connected to the Signal Protocol. On a mobile device, there have been issues with receiving messages on time. Even with battery optimization disabled and no network restrictions, Session notifications sometimes do not display until I open the app or the conversation itself and wait a few moments. This is actually one of the reasons I stopped using Signal.

What are your thoughts of Session so far? Send me a message and let me know!