by Theresa Mattox, MBA, Strategic Thought Leader
April 11, 2022
If you’re someone who genuinely values privacy, and refuse to compromise when it comes to digital security, it’s time to consider the Session messaging app. This article will explain how Session works, and more importantly, how it differentiates from other messaging apps. Session is a game changer, with its decentralized global network, and onion-routing IP address masking technology, delivering personal privacy and digital security with a zero tolerance approach and not compromising your personal identity.
Session is the most secure and best private messaging app currently available. Session is not like WhatsApp, Facebook Messenger, Apple’s iMessage, Signal, Telegram and others. It’s operating system is radically different, using decentralized servers, onion-routing technology; routing your messages through multiple layers of encryption, and IP address masking technology, that closes security holes and gaps to prevent intrusion of privacy. These features are the key differentiators that make Session stand above the rest. So if data security and privacy is a major concern for you, this is your app. It is the only free messaging app that checks all the boxes when it comes to data security and privacy and doesn’t collect metadata and personal information about your identity. (See Comparison Image Below)
What Data Does Each App Collect from Your Phone?
If you value privacy, the figure above may send chills of alarm up your sleeve. These statistics are staggering, the amount of metadata and personal information that is collected from mobile devices, that compromise data security and data privacy. These apps are not designed with the intention to respect your personal data, security and privacy; and users are constantly exploited, especially users who unknowingly, use these apps without any idea of the dangerous and deceitful practices behind the scenes, from selling your personal information to third party advertisers, to the Cambridge Analytica scandal under Mark Zuckerberg’s watch, in which over 50 to 87 million Facebook user accounts were exposed to Cambridge Analytica, the British consulting firm that used and manipulated these users’ personal data in political advertising, to influence the 2016 U.S. presidential election, without the Facebook users’ knowledge or consent.
“This highlights a larger debate over how much users can trust Facebook with their data. Facebook allowed a third-party developer to engineer an application for the sole purpose of gathering data. And the developer was able to exploit a loophole to gather information on not only people who used the app but all their friends — without them knowing.”
Does Facebook along with its Messenger app, sound like a company and messaging app, you can trust with your personal data? Time and time again has proven that Facebook has little to no respect in protecting users’ personal identity. At the end of the day, it’s all about personal choice in how one chooses to share personal information with messaging apps and other social media platforms. It comes down to personal risk and what a user is willing to expose at the expense of exploitation and manipulation.
This is why, it is not recommended to share your personal contacts, photos, or camera settings by default, when using these apps, but only on the grounds of your knowledge and consent. Data security comes down to the user’s personal choice and personal risk. Ultimately, the user is responsible for protecting their online data security and privacy by limiting how much personal information they’re willing to release on social media platforms.
Security & Data Privacy Threats with WhatsApp & Signal
This brings up the most recent threats, vulnerabilities and security and data privacy risks around WhatsApp and Signal.
While Signal has been long advertised as one of the most secure messengers around, a recent announcement from founder Moxie Marlinspike that the app is integrating support for the MobileCoin cryptocurrency has raised some eyebrows amongst some users. So Session has emerged as one of the alternatives for people who might try out another messenger.”
How Does Session Differ from other Messaging apps, and How Does it Deliver Privacy by Design?
How does the Session messaging app differ from other messaging apps, such as Signal, Telegram, WhatsApp, Wickr, Facebook’s Messenger, and others? What are Session’s key differentiators that make it stands apart from other messaging apps, while delivering freedom of privacy? These questions and more will be addressed, to help you understand Session’s messaging app’s features and benefits, and give you the peace of mind in a messaging app, you can trust and rely on, and above all, respects your privacy.
Session is an end-to-end encrypted messenger that minimizes sensitive metadata, designed and built for people who want absolute privacy and freedom from any form of surveillance. Session focused on developing technology that could be resistant to surveillance by governments (and everyone else too), and decentralization and metadata minimization are the core of that ideal.
Session is anonymous, onion-routed, end-to-end encrypted, decentralized, censorship resistant, sybil resistant and open source software. Its code has been audited by a third party cybersecurity research firm, to verify its cryptography is sound and secure.
• Session is Anonymous – Unlike other messaging apps, Session does not ask or require your phone number, email address, IP address, or other identifying personal information. Additionally, Session doesn’t broadcast to the world that you have initiated and started using Session like other social media apps. Session simply assigns you an account, and a unique Session ID, which is a random character identifier, that you can link across multiple devices to keep your messages in sync. The random character identifier or Session ID, depicted by the figure to the left, with the arrow pointing to it, is your phone number. After the Session ID has been established, you can start messaging. Because Session doesn’t have a central server storing information about your identity, restoring your account using the traditional username and password method is not possible. Sessions assigns a recovery phrase which is a a mnemonic seed which can be used to restore your existing Session ID to a new device. While Telegram allows you to hide your phone number, and Signal working in similar fashion, Session’s mechanism for signing up is strictly anonymous.
Source: Fully Anonymous: No Phone Numbers
• Session is Onion-Routed
What is an Onion Routing Network?
“Onion routing is a technique for anonymous communication over a computer network. In an onion network, messages are encapsulated in layers of encryption, analogous to layers of an onion. The encrypted data is transmitted through a series of network nodes called onion routers, each of which “peels” away a single layer, uncovering the data’s next destination. When the final layer is decrypted, the message arrives at its destination. The sender remains anonymous because each intermediary knows only the location of the immediately preceding and following nodes. Onion routing provides a high level of security and anonymity.”
Each router, Router A Key, Router B Key and Router C Key is a node, or onion router which are three layers of encryption, and each layer is decrypted uncovering the data’s next destination, analogous to peeling the layers of an onion. The sender of the data message is anonymous because each node or onion router only knows the location of the immediately preceding and following nodes.
To protect against cyber criminals, hackers and bad actors attempting to survey the network or collect information about users, all Session messages are onion-routed through the network. Session routes your messages through three servers via multiple layers encryption before the message reaches the other person you are communicating with on the other end. This guarantees your IP address will not be visible to the other party you are communicating with, or to anyone monitoring the communication, thus the name onion-routing. The name onion-routing comes from the multi-layer encryption that reminded someone of an onion’s multiple layers.
• Session is End-to-End Encrypted
Session encrypts your messages using the Session Protocol, a cutting-edge end-to-end encryption protocol. Session encrypts all messages, attachments, voice and video calls so that you and the person you are communicating with only knows what it being said. This means that you don’t have to give up your personal identity in any form. All your messages are secure behind end-to-end encryption so no one can see them. To keep your metadata hidden, the chat app uses a Tor-browser-like system where messages hop between different server nodes to mask your original IP address.
• Session is Operated on a Global Decentralized Network
Session is run by a network of computers called “Oxen Service Nodes” which are located all around the world. An attack on a single entity or a network outage would not result in shutting down the service. Because decentralized networks don’t rely on a central server, the network is unaffected if unforeseen circumstances cause nodes to go offline. The network will simply route messages through other, unaffected nodes. There’s no single point of failure, and a group chat doesn’t stop because one of the servers is down. This makes decentralized networks far more resistant to natural disasters and power outages. This ‘disruptive technology’ makes Session, a key differentiator from all other messaging apps currently in the market.
• Session is Censorship-Resistant
Additionally, Session’s decentralized networks are censorship-resistant, as opposed to centralized networks. A messaging app based on a centralized network is vulnerable to censorship and central authorities and authoritarian governments who can ban users at will.
On a decentralized network like Session, users can’t be banned or otherwise be targeted because there’s no controlling authority which could target them – and if the decentralized network like Session uses onion routing, users are completely anonymous, adding another layer of censorship resistance to the network.
• Session is Sybil Attack-Resistant – In a Sybil attack the attacking entity spins up a lot of computers that can gain a significant minority or an outright majority of a computing network resources, and thus be able to control some part of all of the impacted network. Session protects your anonymity using blockchain and crypto technology. Session leverages cryptocurrency blockchain to provide a useful and vital service through highly secure and anonymous encrypted communications.
What is Blockchain and what Does it Have to Do with Decentralization?
“At the core, a blockchain is a ledger of transactions, and each block in the chain is made up of a set of transactions, a cryptographic hash of the previous block in the chain, and a hash of itself. New block of transactions are validated by ‘full nodes’ or ‘master-nodes’ – user operated computers on the blockchain network. These nodes work together to decide which transactions are valid, and the order they’re entered in to the blockchain ledger. And a properly decentralized blockchain, participation is permission-less, which means there’s no central authority that decides who can or can’t run a node.”
• Oxen Service Nodes: Servers at your Service
The Oxen blockchain doesn’t have just full nodes or master-nodes. It has Service Nodes. What is the difference? In a nutshell, Oxen Service Nodes do all the typical full node tasks, such as validating the blocks, and storing blockchain. But Service Nodes also provider services to the network above and beyond these basics, including securely routing Session messages from person to person. Session’s onion routing technology limits the information any one Service Node has about messages being sent. They only know the IP address of the previous and following nodes in the message routing chain. This means it’s not possible for any one Service Node to figure out who’s talking to whom. The Service Node network is the backbone of Session’s secure messaging system.
However, there is a potential risk with a Service Node network. If anyone can run a Service Node, a cyber attacker could start a bunch of malicious Service Nodes and swarm the network with them, and suddenly, every node in a message routing chain would be controlled by the same attacker, and compromise Session’s anonymity. This is what is called a Sybil attack, and a danger for most decentralized networks with no barrier to entry. A malicious actor could simply start up an overwhelming amount of nodes and gain control of or simply spy on the network. But Session has a technology to thwart this type of attack with Session’s market-based Sybil resistance technology. ‘Sybil resistance’ is why the cryptocurrency element is important. There’s a financial barrier in the form or a $OXEN cryptocurrency staking requirement to starting up an Oxen Service Node, making it prohibitively expensive for an attacker to start up enough nodes to execute a Sybil attack on Session’s network. A Sybil attack on Session is extremely difficult because each of the Service Nodes requires a significant investment, 15,000 Oxen coins currently to be able to participate.
• Session is Open-Source Software & Audited
Session is open-sourced and open to regular audits to ensure confidence and trust that Session truly delivers data security and privacy as promised with no compromises. Session goes through a complete code audit, and an audit of Session’s Android, iOS, and Desktop versions has been completed by the cybersecurity research company Quarkslab. Session is cryptographically sound.
• Peer-to-Peer Voice & Video Calling Available
Peer-to-Peer voice and video calling gives you the ability to make voice and video calls, but with the data security and privacy you can trust and expect.
To learn more about the Session messaging app or to download the app, go to https://getsession.org.
Welcome to Session!
The Messaging App without the Threat of Surveillance.