The company behind Session (Loki Foundation) is from Australia. If you didn't know, Australia has introduced legislation mandating companies comply with government requests to build backdoor access into applications. For more information, see my article on AES Encryption
Session is a private, cross-platform messaging app from the Loki Foundation. As someone who has spent years looking for quality alternatives to major messaging apps, I was excited when I first heard about Session. Reading through Session's whitepaper, you can learn the technologies behind the Session app. Part of the security of Session comes from the Signal protocol, which was forked as the origin of Session.
Session is an end-to-end encrypted messenger that removes sensitive metadata collection, and is designed for people who want privacy and freedom from any forms of surveillance.
In general, this app promises security through end-to-end encryption, decentralized onion routing, and private identities. The biggest change that the Loki Foundation has made to the Signal protocol is removing the need for a phone number. Instead, a random identification string is generated for any session you create. This means you can create a new session for each device, if you want to, or link new devices with your ID.
Since Session's website and whitepaper describe the details of Session's security, I'm going to focus on using the app in this post.
Since most people are looking for an alternative to a popular chat app, I am going to list out the features that Session has so that you are able to determine if the app would suit your needs:
- Multiple device linking (via QR code or ID)
- App locking via device screen lock, password, or fingerprint
- Screenshot blocking
- Incognito keyboard
- Read receipts and typing indicators
- Mobile notification customization
- Old message deletion and conversation limit
- Recovery phrase
- Account deletion, including ID, messages, sessions, and contacts
I tested the Session app on Linux (Ubuntu 19.10) and Android 10. Below is a brief overview of the Session app on Linux. To get this app, you'll need to go to the Downloads pages and click to link to the operating system you're on. For Linux, it will download an AppImage that you'll need to enable with the following command:
sudo chmod u+x session-messenger-desktop-linux-x86_64-1.0.5.AppImage
Fig.1 - Session Downloads
Creating an Account
Once you've installed the app, simply run the app and create your unique Session ID. It will look something like
You'll need to set a display name and, optionally, a password. If you set a password, you will need to enter it every time you open the app.
Fig.2 - Session Login
Fig.3 - Password Authentication
Once you've created your account and set up your profile details, the next step is to start messaging other people. To do so, you'll need to share your Session ID with other people. Fig.4 - Friend Requests
Fig.5 - Conversations
I've discovered one annoying issue that I believe is connected to the Signal Protocol. On a mobile device, there have been issues with receiving messages on time. Even with battery optimization disabled and no network restrictions, Session notifications sometimes do not display until I open the app or the conversation itself and wait a few moments. This is actually one of the reasons I stopped using Signal.
Looking for another messenger instead of Session? I recommend Signal, Matrix, and IRC.