Comparisons
Signal vs Session
Both Signal and Session offer end-to-end encrypted messaging. The core difference is what they require from you to get started, and what that means for who can see what.
The short version
Signal is the more mature, more widely used, and more thoroughly audited option. It requires a phone number. It's the right choice for most people who want private messaging.
Session requires no phone number or email address. It's the right choice when you want to communicate without linking your account to an identifiable piece of information.
Side by side
| Signal | Session | |
|---|---|---|
| Phone number required | Yes | No |
| Account identifier | Phone number | Random Account ID |
| End-to-end encryption | Yes | Yes |
| Network routing | Centralised (Signal servers) | Decentralised (community nodes) |
| Message routing anonymity | Sealed sender (hides sender from Signal) | Onion routing through node network |
| Metadata minimisation | Limited, Signal can see timing | Stronger by design |
| Independent audit history | Extensive | Limited |
| Open source | Yes | Yes |
| Group chats | Yes | Yes |
| Voice/video calls | Yes | Limited |
| Disappearing messages | Yes | Yes |
| Mobile platform telemetry risk | App store metadata | F-Droid option available for Android |
| Organisation | Non-profit | Session Technology Foundation |
Where Signal is stronger
Audit history. Signal's protocol and apps have been extensively reviewed by independent cryptographers and security researchers. The Double Ratchet algorithm, X3DH, and sealed sender have all been formally analysed. This matters because it means known weaknesses have been looked for and addressed.
Adoption. Signal is widely used. Many of the people you want to message privately are already on it. Network effects matter for private messaging, the best app is the one your contacts will actually use.
Voice and video. Signal's encrypted calls are reliable and high quality. Session's voice features are less developed.
Transparency record. Signal has responded to legal subpoenas and demonstrated publicly that it has almost nothing to hand over, only the date an account was created and the date it last connected. This kind of demonstrated record is more meaningful than policy statements.
Where Session is stronger
No phone number. This is the key difference. Signal requires a phone number, which in most cases is tied to your real identity, through your carrier, through number registration, or through the way you received it. Session requires nothing. You generate an Account ID and that's it.
Metadata at the routing level. Session's decentralised node network means no single server knows both who sent a message and who received it. Signal uses sealed sender to hide the sender from its own servers, which is meaningful, but Signal still operates centralised infrastructure that could be observed.
No central server to compel. Because Session routes through a decentralised network of community nodes, there's no single company that can be served a legal order for routing data. The data isn't centralised to begin with.
The question to ask
Who are you protecting against, and what is the threat?
If your concern is protecting message content from interception, surveillance of what you say, or a data breach at a service company, Signal is the stronger and better-tested choice.
If your concern is being connected to a communication at all, having your phone number appear in a database, being identified as someone who communicated with a particular person, Session's no-identifier model is the more relevant tool.
For most people in most situations, Signal is the right answer. Session is the right answer for people who need to communicate without any link to their real identity, activists in restrictive environments, sources communicating with journalists, people in situations where even having an account is sensitive.
What neither does
Neither Signal nor Session makes you anonymous on its own. Signal knows a phone number is associated with your account. Session's seed node briefly sees your IP at startup. Both apps are visible on your phone and in your app list. Neither removes the metadata your mobile carrier generates about your device's location and network activity.
Foldy tip
Both are reasonable choices. The difference comes down to your specific needs and who you talk to.
