1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
+++
date = 2020-03-25
title = "Session Private Messenger"
description = ""
draft = false
+++
# Privacy Warning
The company behind Session (Loki Foundation) is from Australia. If you didn't
know, Australia has introduced
[legislation](https://parlinfo.aph.gov.au/parlInfo/download/legislation/bills/r6195_aspassed/toc_pdf/18204b01.pdf)
mandating companies comply with government requests to build backdoor access
into applications. For more information, read my article on [AES
Encryption](./2020-01-25-aes-encryption.html).
# About Session
[Session](https://getsession.org) is a private, cross-platform messaging app
from the [Loki Foundation](https://loki.foundation). As someone who has spent
years looking for quality alternatives to major messaging apps, I was excited
when I first heard about Session. Reading through [Session's white
paper](https://arxiv.org/pdf/2002.04609.pdf), you can learn the technologies
behind the Session app. Part of the security of Session comes from the Signal
protocol, which was forked as the origin of Session.
> Session is an end-to-end encrypted messenger that removes sensitive metadata
> collection, and is designed for people who want privacy and freedom from any
> forms of surveillance.
In general, this app promises security through end-to-end encryption,
decentralized onion routing, and private identities. The biggest change that the
Loki Foundation has made to the Signal protocol is removing the need for a phone
number. Instead, a random identification string is generated for any session you
create. This means you can create a new session for each device if you want to,
or link new devices with your ID.
Since Session's website and white paper describe the details of Session's
security, I'm going to focus on using the app in this post.
# Features
Since most people are looking for an alternative to a popular chat app, I am
going to list out the features that Session has so that you are able to
determine if the app would suit your needs:
- Multiple device linking (via QR code or ID)
- App locking via device screen lock, password, or fingerprint
- Screenshot blocking
- Incognito keyboard
- Read receipts and typing indicators
- Mobile notification customization
- Old message deletion and conversation limit
- Backups
- Recovery phrase
- Account deletion, including ID, messages, sessions, and contacts
# Downloads
I have tested this app on Ubuntu 19.10, Android 10, macOS Monterey, and iOS 15.
All apps have worked well without many issues.
Below is a brief overview of the Session app on Linux. To get this app, you'll
need to go to the [Downloads](https://getsession.org/download/) page and click
to link to the operating system you're using.
For Linux, it will download an AppImage that you'll need to enable with the
following command:
```sh
sudo chmod u+x session-messenger-desktop-linux-x86_64-1.0.5.AppImage
```
# Creating an Account
Once you've installed the app, simply run the app and create your unique Session
ID. It will look something like this:
`05af1835afdd63c947b47705867501d6373f486aa1ae05b1f2f3fcd24570eba608`.
You'll need to set a display name and, optionally, a password. If you set a
password, you will need to enter it every time you open the app.
# Start Messaging
Once you've created your account and set up your profile details, the next step
is to start messaging other people. To do so, you'll need to share your Session
ID with other people. From this point, it's fairly straightforward and acts like
any other messaging app, so I won't dive into much detail here.
## macOS
One key feature to note is that the desktop application now provides a helpful
pop-up box explaining the process that Session uses to hide your IP address:
## iOS
The mobile app is quite simple and effective, giving you all the standard mobile
messaging options you'd expect.
# Potential Issues
I've discovered one annoying issue that would prevent from using this app
regularly. On a mobile device, there have been issues with receiving messages on
time. Even with battery optimization disabled and no network restrictions,
Session notifications sometimes do not display until I open the app or the
conversation itself and wait a few moments. This is actually one of the reasons
I stopped using Signal (this seems fixed as of my updates in 2021/2022, so I
wouldn't worry about this issue anymore).
Looking for another messenger instead of Session? I recommend Signal, Matrix,
and IRC.
|
