Encrypted communications have become more and more wide-spread, with messenging apps appearing left and right. Many boast end-to-end encryption, servers outside of EU and US legislations, and connecting to your peers without sharing your phone number or email address. Some offer their source code, and even others use the Tox network for communication. No matter which one you use, they all promise to keep you safe. There is one that combines the best of all worlds, and that messenger I will introduce to you today. Learn how to message privately with Session on mobile. While Session can be used on desktop clients as well, this article will concentrate on the iOS version of the messenger app (also available for Android).
The Session Messenger has been around since mid-2018 to 2019, started as Loki Messenger, and is distributed and maintained by Oxen Foundation (formerly Loki Foundation). It originated as a fork of the Signal messenger, leveraging Signal’s end-to-end encryption while incorporating its own unique features aimed at enhancing user anonymity and data security. The messenger uses Session’s network of over 1,800 decentralized servers and routes your traffic through multiple server stages to obscure your identity.
What is Session
One of the key aspects of Session is that it does not require a phone number or email address for registration. Instead, users create a Session ID, a randomly generated 66-digit alphanumeric string, which serves as their unique identifier. This approach eliminates the need for personal identifiers, further protecting user privacy.
The messaging system employs a distributed onion routing network, similar to Tor, to anonymize the communication paths between users. Messages are temporarily stored on multiple Service Nodes within a swarm until the recipient retrieves them, at which point they are deleted from the nodes. This structure ensures that metadata and IP addresses are obscured, adding another layer of privacy.
Session supports multiple platforms, including Android, iOS, macOS, Windows, and Linux. The app is open-source, with its code available on GitHub, allowing for transparency and community contributions. Despite being relatively new, it has undergone several security audits to ensure its robustness against various vulnerabilities.
Getting the Session Messenger
You can download Session from the Apple App Store or from the Google Play Store. On iOS, the app is less than 100MB in size, which should fit neatly on any half-decent device. The app is quick, and after installing, it greets you with three options to get started:
- Create Session ID: You’ve never used Session or want to start fresh. This will create a new Session ID for you.
- Continue Your Session: You want to restore your account using your recovery phrase (you get that when you created a Session ID).
- Link a Device: You want to link an existing Session ID to this device using your recovery phras.
In this article, we’re going to create a new Session ID for a fresh start. Next up, we will dive into the main features and settings of the mobile app and what they mean.
Getting Started with the Private Session Messenger
This section will guide you through setting up your fresh Session ID, and looking at the features and settings the mobile iOS app has to offer. The Android app is similar in scope, as are the desktop apps.
Setting Up Your Account
If you selected “Create Session ID” above, you will be greeted with a fresh 66-character ID on the next screen. This is a unique ID that only your account is identified with, and represents your “address” in the Session network. This ID is public and you’re not giving away any secrets when sharing it. Share it only with contacts you want to interact with though to make sure you stay as private as you can.
You don’t need to copy this ID anywhere just yet, you can view it from inside the app at any time.
After confirming with “Continue“, you will be asked for two more settings:
- Your display name: This is the human-readable name that others see when they talk to you on Session. This way they can more easily identify whom your Session ID belongs to, and you can choose whatever you want here.
- Notification mode: Here, select “Fast Mode” if you want Session to make use of Apple’s notification services, or “Slow Mode” if Session should poll the network for updates itsrlf. Fast mode is indeed faster, but identifies your IP against Apple’s servers. This is more convenient in terms of speed, but less anonymous. Choose the setting that suits your preferences best.
Tap “Continue” and you will move to the main Session screen, from where we will inspect the app’s settings and main features.
Diving Into The Settings
Now that your Session ID is fully set up, you can start using the messenger app for its main purpose: Messaging. The first thing Session asks you to do is to store your recovery phrase in a safe place. You can find this option at the top of the main screen. Tapping “Continue” there leads you to a screen showing your (secret) recovery phrase. With this phrase you can restore full access to your account. Keep this safe and never lose it, or your Session ID will forever be lost when you lose access to your current login. You can find this recovery phrase in the settings menu later on too, but it’s good practice to store it now before you start using the app for actual communication.
After you’re done with the recovery phrase, tap your initials on the upper left corner. This will open the Settings screen, which shows your display name, your Session ID, a shortcut to your QR code (for others to scan), and a number of settings menus.
Going through them one by one, we have:
- Path: What servers are you connecting through (more on that later).
- Privacy: As the name suggests, privacy related settings. The relevant screen is shown below and allows you to tailor the app’s behavior to your privacy-focused preferences.
- Notifications: This screen is also shown below. Here you can revise your choice on whether you want to use Fast Mode or Slow Mode for message delivery, and can set up what previews for messages are shown and how you are notified of new messages.
- Conversations: Shows you the past conversations you are part of.
- Message Requests: Who tried to message you, but you haven’t accepted their request yet.
- Appearance: Change how the app looks.
- Invite a Friend: Share Session ID with friends and family.
- Help: Shortcut to Session’s support pages.
- Clear Data: Delete your profile, either from the local device, or entirely from the Session network.
Besides the settings screen, you can see the personal QR code screen above. The QR code screen opens when you tap the little QR symbol on the top right corner of the Settings screen. When others scan it, they add you as a contact to Session. This simplifies exchanging Session ID information so you don’t have to copy (or even type) the ID of the person you want to add.
Making First Contact
Getting in touch with others is easy on Session. On the main screen, you see the big green “+” sign. If you tap that, it opens the “New Conversations” dialog shown below. Here you can scan or enter a new contact’s Session ID and start messaging. If you already have contacts, they will appear in this dialog, too. If you have contacts, you can start a group chat as well.
Session also supports Communities, which are basically groups of specific interests. You can just open one yourself and invite your contacts, or join an existing one here if you know their URL. There is no browsing feature for Communities, so if you create a new one, users that can join are limited to the ones you (or someone who knows it) shared the URL with.
Knowing Your Route and Deleting Your Data
As mentioned above, Session routes your traffic through a series of servers in a Tor-like fashion. These servers obfuscate your origin IP, and each node only knows which node the traffic came from and wich next node it goes to. Everything else is encrypted and only known to your Session messenger on your phone.
The Settings screen shown further above mentioned a “Clear Data” option. This feature opens a new dialog, asking you if you want to delete your data from your device or from the entire network. If you delete it from the device, you basically sign out from your local client app. If you choose to delete your data from the network (and your device), then you effectively delete your account entirely. Be cautious with the second option. It will warn you one more time that you cannot restore your messages or contacts anymore if you proceed, and will subsequently delete your Session ID, quitting the app afterwards.
Conclusion
You now have a good understanding of the Session messenger. If you’re looking for a new way to stay connected to your friends and associates, give this privacy-focused, decentralized messenging solution a go. You can message privately with Session on mobile, but you can also use it on desktop. The download options are conveniently listed on Session’s download page. Overall, Session’s combination of Signal’s strong encryption, onion routing for anonymity, and the absence of personal identifiers makes it a compelling choice for users seeking a highly secure and private messaging solution.
If you’re looking for a more widely used messenger, try Signal or Telegram, which are both also end-to-end encrypted. Keep your connection safe even more by using a VPN service (and gateway), or set one up yourself!
If you liked this article or want to share your own thoughts and experiences, comment below to get the conversation started!