App Review

Session Review (2026): Anonymous, Onion-Routed, No Identifiers

No phone, no email, onion-routed

8.5
/ 10
★ 4.3 / 5

Session is the strongest anonymity-first messenger in our lineup. It foregoes any form of personal identifier — no phone, no email, no name — and routes every message through three community-run nodes so no single observer can link sender and receiver. We award 8.5 / 10: a notch below Signal because voice/video calling and group discovery are weaker, but higher than any messenger that still requires a phone number.

Reviewed by the xchat.directory editorial team · Last reviewed

Session at a glance

Price Free
Encryption Default (E2EE)
Owner Foundation · Australia
Phone required No (Session ID instead)
Open source Yes (clients + server)
Platforms iOS / Android / Desktop
Group size 100 members
Founded 2020

What Is Session?

Session is a free, open-source messenger built on a fork of the Signal Protocol — but with three radical departures from its parent: no phone number, no email, no name. When you install the app, it generates a random Session ID (a long alphanumeric string) that becomes your identity. There is no way to recover that identity if you lose the recovery phrase — that's the price of true anonymity.

The second departure is the transport. Session doesn't use central servers like Signal. Every message is wrapped in multiple layers of encryption and passed through three community-run Service Nodes on the Session Network. Each node can only see the immediate hop, not the sender or final destination — similar to how Tor works. The network is incentivized via a blockchain (Oxen) so node operators earn rewards for honest routing.

Session is run by the Session Technology Foundation, a non-profit based in Australia. The open-source client and server code live on GitHub, and the protocol has been independently audited.

Privacy & Security — Why Anonymity Is Different From Encryption

Encryption hides the content of your messages. Anonymity hides who is sending them and to whom. Most messengers in this list (Signal, Threema, Wire) are great at the first and weak on the second — they need a phone number or email to register. Session is strong on both:

  • No identifiers at registration. No phone, no email, no name, no OAuth — just a random ID.
  • Onion routing hides metadata (who → who, from what IP) from network observers.
  • No phone number recovery — sessions can be migrated via a recovery phrase that the user controls.
  • Closed groups can hide their existence from the network entirely via "closed groups" — only members can see the group exists.

The trade-off vs direct-routing messengers is that Session messages traverse multiple nodes, which adds latency. Calls use a separate peer-to-peer WebRTC path: their content is end-to-end encrypted, but they do not receive the same onion-routing protection and can reveal IP information to the call partner. If your threat model is "the messenger operator must not learn who I talk to, including via server logs," Session is the strongest free option. If your threat model is "I just want one secure messenger for daily chat," Signal is faster and more polished.

Independent audits

Session's protocol and clients have been audited by independent firms, including Quarkslab and others. The 2023 audit found no critical issues, and minor recommendations were addressed in subsequent releases.

Features — What You Get (and Don't Get)

Session is a lean messenger by design. It does not try to be Slack, Discord, or Telegram. Here's what you can actually do:

  • 1:1 and group chats with up to ~100 members, end-to-end encrypted by default
  • Voice and video calls (beta, E2EE, but peer to peer rather than onion routed)
  • Disappearing messages with custom timers
  • Voice messages, file sharing, and reactions
  • Closed groups — group existence is hidden from the network; only members know it exists
  • Session ID ↔ QR code contact sharing
  • Multi-device sync via the recovery phrase
  • Cross-platform clients: iOS, Android, macOS, Windows, Linux (no web client)

What Session doesn't ship: large public channels, sticker GIF ecosystem, bot platform, stories, public group directory. The open-source client is feature-light but very intentional — every feature costs additional complexity that has to be audited.

Cost — Free, with an Incentive Layer

Session itself is free for end users. There are no ads, no premium tier, no chat-count limits. The routing network (Session Network / Oxen blockchain) is incentivized via a token — node operators stake Oxen and earn fees. This is how Session achieves decentralization without relying on donations for infrastructure.

The trade-off: Session's user base is small (~1.5 million MAUs) and you should not expect your non-technical friends to switch from WhatsApp just because you ask.

Who Should Use Session?

Session is the right choice if:

  • You can't or won't give a phone number to a messenger — and you also can't give an email
  • Your threat model includes "the server operator must not know who I talk to"
  • You're in a country where messenger metadata is dangerous (journalists, activists, dissidents)
  • You prefer open-source software over centralized operators
  • You're willing to keep peer-to-peer calls disabled when hiding your IP is essential

If anonymity isn't your top priority and you just want a secure messenger for daily use, Signal is faster, smoother, and reaches more of your contacts. If you want a paid no-phone option with better polish, Threema is the pick. If you live in an internet-restricted country and need a messenger that works without the public internet at all, Briar is the right tool (works offline over Bluetooth mesh).

Session vs Signal vs Threema vs Briar — Quick Comparison

Vs Signal: Both end-to-end encrypt message content, but they use different protocols and routing models. Signal knows your phone number but minimizes retained metadata. Session requires no phone number and onion-routes messages, but at the cost of latency. Pick Signal for daily chat; pick Session for high-risk privacy.

Vs Threema: Threema is paid-once, requires no phone, but uses a single Swiss server (so the operator could in principle know who is talking to whom — but cannot read messages). Session is free and goes further: the onion network means the operator can't see the metadata either. Threema is friendlier; Session is stronger.

Vs Briar: Briar is for when the internet itself is hostile — it can route over Wi-Fi and Bluetooth in physical proximity. Session still needs the open internet (and onion routing through its volunteer network). Briar is more resilient but limited to Android; Session is more general-purpose.

The Honest Verdict

Session is not the messenger for everyone. The user base is small, voice/video is occasionally shaky, and the onboarding (Session IDs are ugly 60-character strings) is the worst part of the experience. If you want to chat with family, use Signal or WhatsApp.

What Session is is the easiest way to get Signal-grade encryption plus Tor-grade anonymity, without giving up iOS or desktop apps. For activists and journalists whose threat model includes state-level metadata surveillance, Session is the closest thing to a free, polished messenger that gets the metadata right. In 2026, that's still rare enough to be worth a recommendation.

What we like

  • Zero identifiers — no phone, email, or name
  • Onion routing hides IP + metadata from network observers
  • Open-source clients, audited independently

What we don't

  • Group size limit of ~100 (smaller than Signal/Threema)
  • Voice and video calls less reliable than central-routing apps
  • Smaller user base — discovery is harder

Common questions

Is Session messenger safe?

Session provides strong message privacy through end-to-end encryption, identifier-free accounts, open-source code, and onion-routed message delivery. Its trade-offs matter: the current protocol does not yet provide perfect forward secrecy, calls are beta and peer to peer, and a compromised device or malicious contact can still expose content. It is a serious privacy tool, not a guarantee of complete anonymity.

Is Session really anonymous?

Session is designed for pseudonymous use: it requires no phone number, email, or real name, and onion routing hides message paths from any single service node. Complete anonymity still depends on how you use it. Your device, notification provider, call behavior, contacts, writing style, shared files, and anything you reveal in a conversation may identify you.

Is Session end-to-end encrypted?

Yes. Session messages use the Session Protocol for end-to-end encryption, with cryptographic operations built on libsodium. The network relays encrypted data without holding the conversation keys. End-to-end encryption protects content, while Session's onion requests separately reduce routing metadata; these are related but distinct protections.

Can Session be traced?

Session makes message tracing harder by avoiding real-world account identifiers and routing messages through multiple decentralized nodes. It cannot make every user untraceable. Device compromise, traffic analysis by a powerful observer, notification services, peer-to-peer calls, contact behavior, attachment metadata, and personal details disclosed in chats can all create identifying evidence.

Does Session hide your IP address?

For messages and attachments sent through onion requests, Session is designed to keep the sender's IP address from being linked to the destination by any single routing node. There are exceptions: fast mobile notifications expose a device IP to Apple or Google notification infrastructure, and current peer-to-peer voice or video calls share IP information with the call partner and an STF-operated STUN or TURN server.

Are Session voice and video calls private?

Call content is end-to-end encrypted, but calls are a beta feature that is off by default and currently use peer-to-peer WebRTC rather than Session's onion-routed message network. Your IP address is shared with the call partner and an STF-operated STUN or TURN server. High-risk users who must hide network location should leave calls disabled and use onion-routed messages instead.

Is Session shutting down in 2026?

Session entered 2026 with a public funding campaign for the Session Technology Foundation, creating a real continuity risk if sustainable funding is not secured. At the time of this review, the official donation page showed progress toward a $1 million goal rather than a confirmed long-term resolution. Users who depend on Session should check the official status and export or safeguard recovery information instead of assuming uninterrupted maintenance.

Is Session safer than Signal?

Safer for metadata: yes. Session uses onion routing so even its own servers can't see who is messaging whom. Signal has minimal metadata collection but its central servers do see who-is-talking-to-whom in some cases. For a journalist whose threat model is "the server operator cannot learn that I talked to source X," Session is the safer pick. For everyone else, Signal's polish and user base make it more practical.

Does Session require a phone number?

No. Session requires no phone number, no email, and no name. When you install the app, it generates a random Session ID (a long string of characters). That ID is your only identity. You can use Session on multiple devices via the recovery phrase.

How does Session routing work?

When you send a message, it is wrapped in layers of encryption and passed through multiple Session Network nodes. Each node sees only the previous and next hop, so no single routing node should see both the sender and destination. This applies to messages and attachments, not current voice or video calls, which use peer-to-peer WebRTC and have a different IP-privacy trade-off.

Is Session open source and audited?

Yes. Session's client apps and protocol are open source on GitHub. The protocol has been independently audited by Quarkslab and other firms. No critical issues were found in the most recent audits.

Why pick Session over Threema?

Both avoid phone numbers. Threema uses a central Swiss server — so the operator could in principle see who is talking to whom, but cannot read the content. Session's onion routing prevents even that observation. Threema has a more polished UI; Session has stronger metadata protection. Pick Session if you care about routing privacy; pick Threema if you want the friendliest no-phone option.