Session: encrypted messaging without a phone number or account
Session requires no phone number, no email address, and no central server. Messages travel through a decentralized network with onion routing — similar to how Tor works, but for chat.
Session: encrypted messaging without a phone number or account
Signal is better than WhatsApp. But Signal requires an account, and that account is tied to a phone number. You can now hide your number from other users, but the number itself remains the key Signal uses to know who you are.
Session approaches this differently. You register with nothing — no phone number, no email address, no name. You receive a random Session ID: a long alphanumeric string tied to nothing.
How Session works
On first launch, the app generates a cryptographic key pair and a corresponding Session ID. That ID is your identity in the network — and nothing more. No name, no number, no account on a server.
To make contact, you share your Session ID or let someone scan a QR code. There is no phonebook integration — you cannot “find” anyone in the system.
Messages do not pass through central servers. Session uses a decentralized network of nodes managed by volunteers and operators worldwide. Messages are sent via onion routing: the message passes through multiple nodes, each with one layer of encryption. No single node simultaneously sees the sender, the recipient, and the content.
This is similar to how Tor works — but for messaging.
What Session protects
| Signal | Session | |
|---|---|---|
| Message content | Encrypted | Encrypted |
| Phone number required | Yes | No |
| Central server | Yes (Signal Foundation) | No (decentralized network) |
| Onion routing | No | Yes |
| Legally compellable data | Registration number + last connection | No account, no central log |
| Post-quantum encryption | No | Yes (v2, Dec 2025) |
| Account recoverable | Via number/device | Via recovery phrase (seed phrase) |
Session cannot respond to a legal order with your phone number or account details — because they simply don’t exist. The network has no central operator that can be subpoenaed.
Honest caveats
Perfect Forward Secrecy (PFS) — this is a cryptographic property that ensures encryption keys are regularly rotated. If a key is ever compromised, previously sent messages remain safe.
In earlier versions of Session, PFS was entirely absent. That was a serious criticism, and rightfully so — it meant messages could theoretically be decrypted later if keys leaked. In version 2 (December 2025) this was resolved alongside the addition of post-quantum encryption.
If you’re on an older version of Session, update to v2 or later.
Recovery phrase — your Session ID and keys are stored locally. The only way to restore your account on a new device is via a recovery phrase (seed phrase) you receive during installation. If you lose it, you permanently lose access to your account and conversation history. Store the recovery phrase safely — in KeePassXC or on paper in a secure location.
Performance — onion routing adds latency. Messages are slightly slower than Signal or WhatsApp. For normal conversations this is barely noticeable, but with real-time conversations or a poor connection it can become apparent.
Smaller user base — Session has fewer users than Signal. The smaller the network, the more it stands out when someone uses it at all. In high-risk situations, that’s a consideration.
Installing and getting started
Session is available for Android, iOS, and desktop (Linux, macOS, Windows).
Android: via Google Play, the Session website, or F-Droid (recommended on GrapheneOS).
iOS: via the App Store.
Desktop: download from getsession.org.
On first launch:
- Choose “Create account” — no email or number required
- Choose a display name (stored locally only)
- Save your recovery phrase immediately — you only see it prominently once
Your Session ID appears in your profile. Share it with people you want to message, or let them scan your QR code.
What you can do with it
- Personal conversations (1 on 1)
- Group conversations (closed groups and open communities)
- Voice messages
- File sharing
- Disappearing messages (configurable per conversation)
Voice and video calls are supported. Quality is functional, but less polished than Signal or WhatsApp.
Who Session is for
Direct value:
- Journalists and sources who want contact without linking a phone number
- Activists in countries with surveillance infrastructure
- People who want to message someone without revealing their phone number to each other
- Anyone skeptical of central parties — the Signal Foundation, however trustworthy, is still a single point of failure
- IT professionals reaching clients without sharing a personal number
Less suitable for:
- Daily use where speed matters (onion routing adds latency)
- People who want to find contacts easily (no phonebook)
- Situations where nobody around you uses Session — the switching threshold is real
Session vs. SimpleX
Both apps work without a phone number. The difference lies in how identity works.
Session gives you a persistent Session ID — one identity you can restore across multiple devices via a recovery phrase. Convenient, but it also means that ID is in principle traceable if someone follows metadata patterns long enough.
SimpleX has no identifier. Every connection is a new queue. There’s nothing to trace, but also nothing to recover. You choose based on your threat profile: do you want recoverability or maximum anonymity?
Background: decentralization and governance
Session was developed by the OPTF (Open Privacy Tech Foundation) in Australia. In November 2024 the project was transferred to a new organization and moved to Switzerland — the same jurisdiction as Threema and Proton. That’s a deliberate choice: Swiss privacy law offers better protection against international legal assistance requests than Australian law.
An independent security audit by Quarkslab was completed in 2024-2025. Found issues have been resolved.
See also:
- SimpleX Chat guide — no identifier, maximum anonymity
- Threema guide — paid, Swiss, no phone number
- Briar guide — P2P via Tor, works without internet
- Delta Chat guide — encrypted messaging over email
- Signal and Molly review — Signal with extra privacy options