The session messaging app is quickly gaining in popularity due to its advanced privacy and anonymity offerings. Privacy with messaging apps is a major issue today. There is no denying the infinite popularity of messaging apps and the fact that they are replacing telephones as a primary means of personal and private communications.
Today, we’re going to look at the Session messaging app. It’s promising some fantastic features that will benefit those of us who are interested in protecting our privacy, safety, and security while online.
The basic principle behind how messaging works is simple. A message is originated on the sender’s device. It leaves the device through a WiFi or data connection and moves on to a centralized public server, and is then relayed to the recipient’s device.
WiFi and data connections are not encrypted. This means that text, files, voice and video communications can be seen and intercepted by anyone along or near the communication chain. Public WiFi such as that at a coffee shop or library puts user privacy at dire risk. This can include personal and private details and information. Communications are stored on the centralized server which is publicly accessible, making them vulnerable to hackers and attacks.
Anyone or any organization with administrative access to the centralized server has immediate and unfettered access to the messages and communications. And while messaging services make key promises about the security or even deletion of data, sometimes these promises are not kept – as recently exposed with the Vibe messaging app.
The user’s phone or device also represents a massive privacy issue. Copies of messages and contact information are kept and retained on the user’s device. Anyone who gains access to the device gains access to the messages. A simple and likely example is a road-stop police check where an officer asks to see and inspect a user’s mobile phone.
In many nations, this type of snooping is not considered illegal or inadmissible in court. In addition, messaging apps store data on the device and this data can be accessible by other apps on the device, and those apps may not respect the user’s privacy.
What Is The Session Messaging App?
Messaging apps are chat applications or programs that make it easy for people to instantly connect with each other through their computers, tablets, or cell phones. Connections can include text messaging, file sharing, voice calling, and even video calling.
Messaging programs offer similar features as most modern cell phones with the difference being they work off of a regular Internet connection, WiFi, or a phone’s data service without the need for a phone number. Whereas a cellular phone only works through a telephone service provider with a phone number and data plan.
Session is an open-source private messaging application based on Signal’s programming and framework. As a messaging app, Session is similar to WhatsApp, Facebook Messenger, Skype and WeChat. Session offers private, encrypted communication between its users. Text messages, files, voice calls, and video calls are encrypted by the originator’s phone, transferred through the Internet or data channels to the recipient, and then decrypted by the recipient’s phone.
This type of encryption/decryption is referred to as End-to-End Encryption (E2E).
End-to-End encryption is what makes Session communications private between the originator and recipient, making it difficult if not impossible for a man-in-the-middle to spy on and decrypt the communications.
Session is cross-platform and works on Android, iOS, Windows, Mac, and Linux. You can download session from https://getsession.org At the time of this writing, Session is 100% free to use.
Australia And Anti-Privacy Trends In Government
The Five-Eyes Nations include Australia, Canada, New Zealand, the United States, and the United Kingdom. It’s an arrangement in which each nation shares its surveillance and spying information with one another, whether that’s information about other nations or individuals. And what one Five Eyes member does, the rest do eventually.
Next to China, Australia has some of the most aggressive citizen surveillance laws on Earth. Australia is outwardly hostile to privacy and anonymity.
Session is developed in Australia which puts it in direct line of fire and conflict with Australian regulations and courts. While the company might be compelled to provide regulators with data, its method of decentralization, encryption, Session IDs, and blockchain systems makes it impossible to collect such data in the first place, let alone provide it under court order.
At worst, the Australian government could legally ban Session from operating and distributing its software. However, Session has 1,500 community operated servers and a wealth of developers around the world. While Session could be banned from Australia, an Australian ban would not stop Session from being developed and distributed elsewhere.
Session’s codebase is open source, meaning that programmers and developers around the world are free to look at how the code has been written and structured. This prevents the Australian government from demanding Session insert a backdoor that allows the government to defeat the encryption.
Given this, the risks to Session users is almost non-existent.
Seven (NINE!) Life Saving Session Features
1 - End to End Encryption
Session has been built using the end-to-end encryption and security protocols offered through Libsodium, one of the industry’s most trusted cryptography libraries. Messages, texts, files, voice calls and video calls are encrypted by the user’s device and before they are sent from the device. The encryption takes place on the device itself and not on a remote server.
Each message is transmitted encrypted and upon arriving at the recipient’s device, they are decrypted by the recipient’s device.
Messages, files, texts, voice messages on either the sender’s or recipients device are stored on the device in encrypted form and can only be accessed by the user with a secret PIN number. In addition, decryption keys are private and stored locally on the device, not on centralized servers.
2 - No Phone Numbers
Session is one of the only messaging applications we are aware of that does not require the registration of the user’s phone number to create an account.
Without a phone number, a regular account based on a user name and password cannot be created or exist. Instead, Session assigns an anonymous ID to each user.
Session IDs are alphanumeric names and are completely unique to the user. The user is free to choose their own display name as their method of identification to other users.
Session IDs are not and cannot be linked to the user’s IP address. Messages, texts, files and conversations are therefore completely anonymous. The identity of the caller and receiver are only known to each other, and only if they choose to share such information with each other.
3 - No Data Breaches (Dencentralization)
Data breaches at the hands of hackers, attackers, governments, police or other bad actors is a major risk with any internet service or application. The primary vector for these types of attacks is a centralized server that houses all of the data and information an attacker would want.
Session’s messages are sent through decentralized Onion Routing. Onion routing is the same technology used by TOR. Onion routers use layers of anonymous servers and no one server is ever aware of the origin or destination. Decentralization means there is no storing of your identity or data on any one point of contact, let alone in a complete form.
Privacy cannot be breached because the data and details are not in any one place at any given time, and the bits and pieces of data are fully encrypted.
4 - No Digital Footprints Or Fingerprinting
Session does not collect geo-location data, metadata, or any other data about you, your device, or the networks you are on. The very nature of Onion routing means that there is no other data that can be used to establish a digital footprint or to fingerprint you.
Onion routers are not centralized, and therefore the IP addresses of either the sender or the recipient cannot be tracked. There is no tracking of your contacts, who the recipient or sender is, and no tracking of date or time stamps or any other data.
Through the Oxen network, metadata is stripped and unavailable to surveillance when files are sent through Session.
Even EXIF metadata is stripped through the transmission process, with the exception of video data in which the user must remove the metadata themselves manually.
Session can also be used with a VPN for added layers of security and obscurity.
5 - Open Source Software
Session is built and maintained through open-source code which is available for anyone to see or audit. The result of open-source is that it’s impossible to hide backdoors without those backdoors being discovered by the community.
The messaging app is regularly audited and reviewed. And because it is not owned or managed by any one company, there are no agendas or ulterior motives that users need to fear.
6 - Censorship Resistant
Governments like China, Canada and Australia are hell-bent on restricting privacy and anonymity. Censorship gives them greater authoritarian control over citizens. Obviously, the very nature and purpose of Session is going to be a problem for authoritarian regimes. However, these regimes cannot shut Session down.
Session utilizes over 1,500 server nodes around the world. There is no central server that can be attacked or shut down. Session’s developers are located around the world and should the Australian government be successful in banning Session in Australia, it will still exist around the world where such bans do not exist.
The decentralization and stripping of metadata makes it almost impossible to track or surveil users. Even with an order from a court, the identities, activities and communications of users cannot be opened or revealed because such data simply does not exist. Nor are Session IDs linked or able to be linked to a user’s IP address.
7 - Encrypted Group Chats
Session offers two different types of group chat experiences. The first is closed group chats. A closed group is a private group chat of up to 100 people and is fully end-to-end encrypted. Conversations are transmitted and protected through the decentralized network.
The second group experience is open group chats.
Open groups are large public chats. They are run and managed on self-managed hosting servers, or centralized servers. Messages and communications are only encrypted during transit and do not benefit from end-to-end encryption. Because they are manged on centralized servers and lack end-to-end encryption, open group chats are not secure or private. You can join Session’s open group chat here.
Bonus!
8 - Encrypted File Attachments
Files and file attachments sent through Session are end-to-end encrypted and transmitted encrypted, just like any other Session communication. This means Session is a secure, reliable and safe way of sending confidential or sensitive documents.
With the exception of video files, EXIF data is stripped from attachments and IP address are not and cannot be linked to the file.
Files have the same level of encryption as messages.
9 - Onion Routing
Onion routing is a technology originally developed by the military to assure secure, private and anonymous communications between computers.
An Onion “router” is a network of nodes. Each node is independent of the other, and much like layers in an Onion, each node is a layer in the transmission process. Session communications are encrypted by the user’s device and sent encrypted to a node. The node encrypts the message again and sends it to the next node. The receiving node decrypts the previous node’s encryption, leaving the original message encryption intact.
The receiving node then re-encrypts the message and sends it to the next node and the process repeats.
Through this process, any traceable data is stripped and permanently removed. No node can ever see where a message or communication has come from or where it is going. IP addresses cannot be tracked or traced and are removed with each layer.
Session is beta testing Lokinet, an Onion router designed to handle the bandwidth of voice calls in real time without the need for centralized servers.
Freedom of Privacy
Freedom of privacy is a fundamental and basic human right. But it is a right that can be easily lost if it is not vigorously and ferociously defended. Privacy is not a thing-of-the-fringe. The government’s desire to take away your right to privacy and place you under 24/7/365 surveillance is chilling and frightening.
The session messaging app is one tool of a few that will help protect you and protect your right to privacy.
Tell us what you think. In the comments below let us know your thoughts, experiences, or concerns about Session.
Check out: Short: 7 Life Saving Features Of The Session Messaging App!