Posted on

12 Misconceptions and Myths about Session Messenger

This is also available as a YouTube video. Watch it on YouTube

  1. Session is a copy of Signal
    Partially true. Session uses code from Signal, and Session used to use the Signal Protocol, but in 2020 Session switched to their own Session protocol that is more suitable for Session’s decentralized network.
  2. Session is completely decentralized
    No, it isn’t. Session depends on centralized bootstrap servers, or “seed nodes”. Those servers are run by Oxen Privacy Tech Foundation (OPTF) and are in some way gatekeepers to Session, as if you can’t reach them, you can’t use Session. In the fall of 2022 the Iranian government blocked access to Session’s seed nodes and effectively blocked Session in Iran unless you used a VPN.
    For file attachments Session requires a file server. OPTF runs those and limits users to 6MB per attachment. Those are centralized servers.
    Same with Voice and Video calls – they require a signalling server operated by OPTF.
  3. Session will never reveal my IP address to any third party
    That is true as long as you don’t use Session Peer-to-Peer voice and video calls. If you use Session for voice or video calls your IP address is revealed to the party you call, and to the WebRTC signalling server run by OPTF.
  4. Official Session App is available on F-Droid
    No, it isn’t. The official Session Android app has Google’s Firebase code in it for notifications. The Unofficial F-Droid version of Session removes Google Firebase but is not compiled by the Official Session Team. However, the Official Session Team provides a repository that can be added to F-Droid.
  5. The name I choose when I setup Session is the name I can be contacted with
    No, it isn’t. That’s just a display name. There are only two ways you can be contacted with on Session: 1) Your Session ID and 2) Your Session ONS name or names that link to your Session ID. To get a Session ONS name you have to pay for it. You can purchase a name using the Oxen wallet if you own Oxen crypto currency. If you don’t have Oxen you can go to and purchase one with other cryptos or credit card.
  6. Group calling is coming to Session sometime in the future
    Maybe, maybe not. Group calls require a central server that has lots of bandwidth in order for the calls to work, and all of the call partcicipant IP addresses would be exposed to that server. So, it wouldn’t be a privacy-friendly addon to Session. However, it would be convenient for most people.
  7. Session groups are ideal for large groups for private messaging
    Not yet. Session groups are limited to 100 members at this point. There are plans to increase that, but so far users are limited to 100.
  8. Session Communities offer a private, secure discussion forum
    Nope. Session communities, formerly called Session Open Groups can be joined by anyone without any authentication. They are just that, communities of people where you can discuss things anonymously, but without any security or privacy. Many Session communities even publish all messages on a public web page.
  9. Session runs over Lokinet
    Nope, it doesn’t. Session uses its own version of onion routing called “Onion Requests” to accomplish the anonymity benefits. There are plans in place to move Session to use Lokinet, but that is still way off. Moving Session to Lokinet would make it possible to have anonymous onion routed voice and video calls. It would likely also improve Session’s speed.
  10. Session is Built in Australia, so it isn’t secure
    Australia has some anti-encryption and pro-surveillance laws, and it is a Five Eyes surveillance country. However, Session is secure, because it is an open source app, and the Oxen network is a decentralized network of about 1,800 servers worldwide. The Session team has no access to these servers as they are run by those who participate in the Oxen network by staking Oxen cryptocurrency. No need to worry, Session is secure.
  11. Session saves you messages forever in the Oxen blockchain
    Nope. Your messages are kept in a collection of Oxen Service Nodes called a swarm for two weeks. Once the message age reaches two weeks it will be deleted. Messages are stored end-to-end encrypted, so only you can read your messages. Without the message storage your Session would have to be online all the time in order to receive messages. Oxen blockchain is used for keeping Session ONS names.
  12. Session is a scam because it is built on a cryptocurrency network
    Nope. Session uses the Oxen Network for routing and storing messages. Oxen crypto is used to pay the operators of the network so they have an incentive to provide services on the network. Without the cryto backing Session wouldn’t exist. Oxen crypto is also used to purchase Session usernames. Without the crypto staking integration a large operator could simply buy enough servers to control a majority of the servers and Session could more easily be compromised. With the crypto integration the price of this type of attack would be very high and would drive up the price of Oxen crypto, and it would be easily detected.