Most messaging apps, including Signal, require a phone number to register. That number connects your account to your real identity in most cases. Session is designed to remove that link entirely. You create an account with a randomly generated Account ID, share that ID with people you want to message, and nothing about your registration reveals who you are.

Session also doesn't rely on centralised servers controlled by a single company. It operates over a decentralised network of community-run nodes, which means there's no single point of failure or central operator that could hand over data under legal pressure.

• Messaging without providing a phone number or email address to sign up
• End-to-end encrypted text messages, voice messages, and file transfers
• Onion routing for message delivery, messages are routed through multiple network nodes so no single node knows both who sent the message and who received it
• Disappearing messages that delete from both devices after a set time
• Decentralised infrastructure, no central company controlling the message relay network
• Open-source code that anyone can inspect and audit

It does not guarantee complete anonymity without additional precautions. When you first connect, you contact a seed node to retrieve the network node list. That seed node briefly sees your IP address. Using Session over a VPN or Tor reduces this exposure.

It does not protect against mobile OS telemetry. If you install Session through the Google Play Store or Apple App Store, the platform itself may collect usage data, app install time, crash logs, usage duration. Session recommends downloading via F-Droid or GitHub for Android users who want to avoid this.

It does not have the same audit history as Signal. Signal has a longer track record of independent security audits and academic analysis. Session is newer and its security properties are less extensively reviewed.

It requires your contact to be on Session too. Like any end-to-end encrypted messenger, the protection only works when both parties use the app.

Decentralised infrastructure improves resilience and removes a single legal target, but it also means performance can be less consistent than centralised services. Message delivery may be slightly slower, particularly for larger files.

Session's network of community nodes is smaller than the Tor network. The onion routing properties offer meaningful protection, but Tor has a much larger and more battle-tested network.

The Account ID model means if you lose access to your account and haven't backed up your keys, you can't recover the account or its conversation history.

Session is maintained by the Session Technology Foundation, a non-profit. The development pace is slower than Signal's, and some features available in Signal aren't yet available in Session.

Download Session from the official site, getsession.org, or via F-Droid for Android.

When you set up your account, write down your recovery phrase. This is the only way to recover your Account ID on a new device.

Share your Account ID with contacts through a channel they already trust. Unlike Signal, there's no phone number lookup, so you'll need to exchange Account IDs directly.

Enable disappearing messages for sensitive conversations.

If your IP address privacy matters for your use case, combine Session with a VPN to avoid your IP being seen by the seed node at startup.

Onion routing in Session. Session routes messages through a path of three network nodes. Each node only knows the previous and next node in the path, not the full route. This means no single node can determine both who sent a message and who received it. The model is similar to Tor, but uses Session's own node network rather than Tor's relay network.

The decentralised node network. Session's message routing infrastructure is maintained by community operators running nodes on the Oxen blockchain network. Nodes are economically incentivised through the Oxen cryptocurrency. This model means no single company can be compelled to shut down the network or hand over routing data.

No metadata by design. Because accounts have no phone number or email, and because Session stores no contact lists on its servers, there's no metadata profile linking your account to an external identity. The company can't produce what it doesn't hold.

• Signal, more widely adopted, phone number required, stronger audit history
• Encryption, the technology underlying end-to-end encrypted messaging
• Metadata, what Session's no-phone-number model helps protect
• Tor, an alternative routing network for stronger anonymity
• Threat modeling, helps clarify whether Session or Signal is the right fit for your situation