Signal is a popular messaging app that is widely regarded as being private, and compared to Messenger it is, but the big issue, the main reason it can never really be a privacy app, is that it requires a phone number to set up an account.
An alternative to Signal is Session, which is in many ways very similar to Signal, in fact it nearly looks identical because it's an open source hard fork based on the Signal code. But the big difference is that it doesn't require a phone number, so a Session account can actually be anonymous.
Session is not as popular as Signal yet because it's fairly new and not many people have heard of it. But it's easier to set up an account on Session than it is on Signal. It doesn't require a phone number, and it doesn't ask anything about you.
A new account can be rapidly set up not just on a phone, but also using a Laptop, a PC, or a tablet, running Windows, Android, Mac, or Linux operating systems.
To install it you can get it from any of the app stores, but better yet go directly to the Session website. This is preferable because by not logging into an app store you remain anonymous - https://getsession.org/
Initially Session had several drawbacks, but these have now been addressed.
It previously had a
size limit of 10 on encrypted groups, but that has now been increased to 100 which
is hopefully enough for most groups.
It was originally set up in Australia which is
considered a major security risk (as is NZ) but they have now moved to
Switzerland - https://getsession.org/blog/introducing-the-session-technology-foundation
And Session also had a reputation for being buggy in 2023 when it was new, but it seems to have really
improved in the past six months. I have had no problems with it so far, and in fact have found it works better for me than Signal, because I can be logged in with multiple Android devices with no account conflicts.
The only issue I've had is that it won't install on Windows 7, which is only an issue for around 3% of desktop users these days, and I was expecting that to be the case anyway because it's based on Signal and Signal won't install on Win 7 either. But I've found it works really well on both Linux and Android.
YOUR ACCOUNT ID
There is really only one new thing to keep in mind when using Session - because unlike Signal it is not using your phone number or the phone numbers of your contacts, to set up the initial link you have to exchange your account ID for the first contact. This is the minor inconvenience that allows the whole platform to be totally private.
The account ID is a 72 character code that will look similar to this one (this is not an actual code but just an example):
06b2451d1bc973a57021bf76f353306c7sfc7ec891eb29ef4997bd82473300e00b
06b2451d1bc973a57021bf76f353306c7sfc7ec891eb29ef4997bd82473300e00b
Your account ID is not high security and it's OK to give that out to everyone you want to contact. You also get a recovery code which is a random generated series of 13 words, and that on the other hand needs to be kept private. Keep that code secure and don't share it with anyone.
Who is behind Session?
So
if a state were to obtain a court order to inspect the session servers,
investigators would find nothing but meaningless session IDs and TOR-IP
addresses. None of this information would allow us to draw clear
conclusions about the identity of the messenger app's users.
Session
is part of the Loki Foundation, a non-profit organization without a
permanent seat. The CEO is Simon Harman. Even though the project is not
profit-oriented, he wants to monetize Session. Parts of the
infrastructure are based on a block-chain network that mines its own
currency, $LOKI.
The network
provides important infrastructure for anonymizing its users, including
an onion router to hide your IP address. Neither your counterpart nor
the Loki Foundation can determine your location.
Privacy features of Session
It’s censorship resistant thanks to its decentralized network, therefore also harder to shut down
Users can generate a Session ID with a private key to start an account
Session doesn’t require phone numbers.
The chat platform doesn’t collect any data, and therefore a data breach is impossible.
Messages go through an onion routing network, removing traceability.
Session is an open-source program, so you can verify everything.
REVIEWS
Here is a good review of Session on the Restore Privacy website. It answers a lot of questions, but keep in mind that it was written in April 2024, and the concerns about Australian privacy are no longer an issue - https://restoreprivacy.com/secure-encrypted-messaging-apps/session/
I have found Rob Braxman's Youtube channel really helpful for learning about privacy. Here is his video about Session, which he recommends highly.
