Session Review: The Messaging App That Doesn't Want Your Data (original) (raw)

Session is a decentralized, highly secure, open-source messaging app you can use on every device. We like the anonymity it offers, as it requires absolutely no personal information to sign up. We are also impressed with its thorough privacy policy. That said, inconsistent call quality and few community features mean Session won't be quite as appealing to everyone as Signal, our Editors' Choice winner, which combines fun, user-friendly calling features with end-to-end encrypted messaging.

Security should be at the forefront of every app marketed as a "privacy solution," but that isn't always the case. Session does a lot to show it isn't playing fast and loose with user data. For one, all conversations on the app are end-to-end encrypted (E2EE) using Session Protocol, which is based on an open-source crypto library. Additionally, the app doesn't request any personal data from users to create an account; you only need to create a username, add a contact or two, and that's it. No email address, name, credit card, or phone number is required to start chatting. Even Signal requires a phone number to sign up.

Messages are pretty secure on Session because each one goes through an onion-routing network that the company says is similar to Tor. Using a process called onion requests, no single server ever holds a message's destination or origin.

Who finances and maintains an app matters in establishing user trust, especially when it comes to privacy products. Session is backed by the not-for-profit digital privacy organization Oxen Privacy Tech Foundation, making it more appealing to privacy-conscious users than WhatsApp, which became a Meta property in 2014.

Privacy Policy

I read a lot of legal documents while reviewing apps, and Session's privacy policy is one of the most thorough yet readable documents I've parsed. In addition to stating that your anonymity is of utmost importance while using the app, Session details, in plain language, how to use a VPN to hide your IP address when using the app.

Session also uses the privacy policy to warn that Apple and Google may store information about you and your device when you download the app. In response, the group offers links to a GitHub page and a F-Droid repository where you can download the app without disclosing more of your private data.

Lifehacker Quick Fix: How to Ditch Whatsapp for Good

PCMag Logo

Lifehacker Quick Fix: How to Ditch Whatsapp for Good

You can use Session on Android and iOS devices, as well as Linux, macOS, and Windows computers. I tested the app using an iPhone.

Session's starting screens.

(Credit: Session/PCMag)

As mentioned, Session does not require any personal data at signup, which is unique among other cross-platform private messaging apps I've reviewed. After you create a username, Session generates a 64-character-long user ID or a QR code that you can share with the people you want to chat with on the app. Just scan your friends' QR codes or enter their user IDs to start chatting. Session does not request access to your device's contact list, which is great.

Session provides a recovery phrase for your account and recommends keeping it in a safe place. That way, you can recover your messages if you need to log out or uninstall the app.

After signing up, you can choose how you want to receive message notifications from Session. Fast Mode gives you instant notifications, but they're routed through Google's servers. Slow Mode lets Session check for new messages in the background on your device or computer.

Session settings menu for iOS.

(Credit: Session/PCMag)

The user interface and Settings menus are uniform in appearance and options on Android and iOS devices. Tap the round icon with your initials in the top-left corner of the screen to open the Settings menu in the mobile apps. The Privacy section lets you enable video and voice calls for your account. There's also an option to add another layer of login protection on your device by locking the app using your fingerprint, a password, a pattern, or a PIN.

Further down in the Settings section is the Appearance menu. Session is more customizable than other ultra-locked-down messaging apps like Briar. I was able to change my theme to Ocean Dark with purple message bubbles, which is a nice touch.

Session's appearance changing options.

(Credit: Session/PCMag)

The last Settings menu feature of interest is the bottom option, in bold red: Clear Data. Select this option when you need to quickly clear your conversations and other data from your device, or your entire network of devices.

I like Session's anonymous nature for privacy and security, but it makes the app less practical for discovering new people to chat with. And maybe that's the point. The current iteration of the Session app is best for chatting without leaving a digital trail behind. Session is not for cultivating an audience like Telegram or finding new friends like WhatsApp.

Texting

Texting with the Session app

(Credit: Session/PCMag)

You must know your friends' user IDs, or they must be physically nearby so you can scan their QR code to add them to your contact list. That means you'll probably use Session only to talk with people you know and trust, which, for those with privacy concerns, is for the best. The app hosts communities (explained more in a moment), but to join most of them, you need to know the Community's URL or have its QR code.

You can chat one-on-one using Conversations, which are standard E2EE private messages. Like Signal and WhatsApp, Session places conversations in speech bubbles, and you can add reaction GIFs or your own media files to the chat window. I like that the first time a new chat partner sends you a file attachment, GIF, or photo, you have to consent to accept it by tapping on the file in the chat window.

You can enable disappearing messages with a wide range of durations, which is helpful. Android users get in-app alerts if a chat partner takes a screenshot of the conversation window. People using iOS devices do not receive these notifications.

Messages can sometimes take a long time to reach the other party, and media files often load slowly, too, but that's a small price to pay for ultra-private, secure, end-to-end, decentralized encryption. Chats on centralized E2EE messaging apps like Signal and WhatsApp appear instantly, but single-server or clustered servers are more vulnerable to attacks and outages.

Group Chats and Communities

You can add people to a Session group chat by tapping Create a Group in the app menu, then tapping the Contacts you wish to add. Group chats are E2EE and support up to 100 participants. The group chat window is identical in functionality and appearance to the Conversation window.

Go to the Communities tab if you want to interact with a larger group and possibly strangers. Communities are self-hosted, so the messages are stored on someone's server. Here, messages are only encrypted in transit to the server, making that chat method less private.

Session Communities feature

(Credit: Session/PCMag)

While testing, I could only view activity in a few Session-led Community channels, which were announcement hubs for new app features. As noted earlier, to find a more active Community channel on Session, you need the Community's URL or QR code. Again, the focus is on privacy and protection.

The app doesn't have a lot of fun stuff like the animated stickers and avatars found in Signal, WhatsApp, and Telegram's chat functions. However, since Session is primarily for talking to people you already know, maybe you'll make your own fun. Session also doesn't have passive, large-scale broadcasting features like WhatsApp's statuses or Signal's stories.

Voice and Video Calls

Session video and voice calling

(Credit: Session/PCMag)

You can opt into voice and video calling via the Privacy menu. When you enable calling within the app, a pop-up alert informs you that your IP address will be visible to the person you're calling and a Session server, so it's not an anonymous mode of communication.

To start a call, open a conversation with a contact and press the phone icon. The audio and video quality for both the iOS and Android apps was clear. Currently, group calling is not available to Session users.

Final Thoughts

(Credit: Session)

Session

Session uses end-to-end encryption by default, doesn't require your personal info to sign up, and makes it super easy to chat privately without leaving a lot of data for snoops or criminals to use against you. That level of privacy also makes discovering new people on the platform almost impossible, which is a plus for the privacy-conscious users Session targets. That said, Signal remains our Editors' Choice winner because it blends robust privacy policies with helpful community-building features, helping it appealing to a wider audience.

STILL ON THE FENCE?

About Our Expert

Kim Key

Kim Key

Senior Writer, Security

Experience

I review privacy tools like hardware security keys, password managers, private messaging apps, and ad-blocking software. I also report on online scams and offer advice to families and individuals about staying safe on the internet. Before joining PCMag, I wrote about tech and video games for CNN, Fanbyte, Mashable, The New York Times, and TechRadar. I also worked at CNN International, where I did field producing and reporting on sports that are popular with worldwide audiences.

In addition to the categories below, I exclusively cover ad blockers, authenticator apps, hardware security keys, and private messaging apps.

Read Full Bio