Instant messaging applications become a huge part of a digital lifestyle and can affect someone's personal life if somebody can get hold of it. Not just external threat actors but these days companies themselves are using software to track your behavior to make big bucks. Many leading organizations pushed Privacy and Security as a selling point without showing the reality. Like - Telegram and WhatsApp End-To-End Encryption (E2EE).
Whatever application you're using, It always boils down to few problems like Centralization, Requiring Uniquely Identifiable Info (Cell Phone Number) and Convenience. Or, we can say it boils down to Security, Privacy, Trust and Convenience.
Why don't we switch everything to more private networks like TOR or I2P? Because it's just not gonna work for the majority of people. Convenience is always an issue whenever we talk about Privacy and Security. So, let's see what Signal and Session did to resolve these problems.
What is Wrong With WhatsApp?
Everything! ya WhatsApp is a world-famous very convenient instant messaging application run by an Adware tech giant Meta. Which is notorious to collect users' personal info to share with 3rd parties and governments whenever they ask without trying hard. Meta has lots of trust issues because data breaches, targeted ads, selling user data, and political scandals are few of them. They're always involved in something which somehow affects consumers' privacy.
Warning: If WhatsApp is E2EE, then what is this?
"Note: WhatsApp receives the last five messages sent to you by the reported user or group, and they won’t be notified." Verify here: How to block and report contacts?
Require Phone Number
E2EE May Have Backdoor
Extremely Privacy Invading
Tracks Everything They Can
Still better than your cellphone's default messaging app
Backed by a very large organization. So, security updates will be frequent
What's Right & Wrong With Signal?
Honestly! not a lot of things. So, let's talk about what makes Signal a perfect alternative to WhatsApp. If you want the exact features of WhatsApp in a more private application, Then there is no other messenger that can beat Signal. Let's Welcome Signal, The world-famous convenient private messaging application run by a Privacy & Security centric organization Signal Foundation. Their mission is to develop open-source privacy technology that protects free expression and enables secure global communication. Signal is co-founded by the same person who was also the co-founder and creator of WhatsApp Brian Acton.
How Open Signal Actually Is?
Signal has almost all the features that WhatsApp has. It is also E2EE and can be verified because it is Open-Source. But, In past Signal community had few complaints about Signal's open-source development workflow. They usually don't accept open-source contributions. I noticed most commits are done by those who work for Signal. According to search engine top results, in short rumors, Also states that Signal is not fully open-source their server codebase is still Closed-Source. I'm not sure about these facts because Signal didn't come forward and clear the confusion. But, You can see Signal's Server repository on their official GitHub account. So maybe this is not true anymore.
Signal guys, You should have cleared this clutter. Be more open to the community.
You can't contribute the Signal's libsignal project. Libsignal contains underlying implementations of Signal Protocol. And, It makes sense because Libsignal is a sensitive project so any change in the cryptography library can directly affect Signal's Application Security. Know more about Libsignal contributions here.
It's worth mentioning Signal Protocol is being used by many famous communication applications including WhatsApp. Yep! Google, WhatsApp, Skype and more use Signal Protocol to secure their communications. More to it, Signal Protocol is universally regarded as the gold standard for encrypted messaging.
When Govt. Asks For Information
When jurisdictions force Signal to hand over users' info, Then they get NOTHING! YEP! NOTHING. Signal maintains a web page that they call BigBrother. A place where Signal lists all the Government Requests for disclosing personal info, with the answer stated as We Have Nothing Useful To Share Because Our Message Are End-To-End Encrypted By Design We Also Minimize As Much As Metadata as We Can, Thank You For Asking Again. Link To Big Brother's Requests.
Required Phone Number
Issues With Open-Source Stuff
Centralized, Censorship Could Be A Problem
Transparent With Consumers
Audited By External Security Firms
Packed With All Features That WhatsApp Has
Support For Major Platforms Including Linux
Committed To Mission, Help People In Iran
Introducing Session: Send Messages, Not Metadata
Session is an E2EE messaging application that works on a decentralized Oxen network. Session mission is to increase Anonymity with Privacy and Security by minimizing sensitive metadata. Session was originally a fork of Signal but their underlying implementation is completely different. All the Session messages are routed through Onion Network. And of course, It is completely Open-Source. The primary selling point of Session is they even don't require a Cell Phone Number or any Identifiable Information.
How Does Session Work Then?
You may be thinking if Session doesn't require a Phone Number, E-Mail and any Personally Identifiable Info. Then how does it work? So, Session actually generates a completely random string called Session Id, which works like a phone number. This Session Id needs to be shared with whom you want to send messages and once that person enters your Session Id in his Session app, you can start your conversations. This is similar to WhatsApp and Signal, you share your phone number with your friend. You can also use the same account on different devices by using the recovery phrase.
I Highly RECOMMEND TO WATCH Session Beginner's Guide
What is Right & Wrong With Session?
Session Security Compare To Signal
First, let's talk about encryption. Session encrypts your messages using Session Protocol which is built on Libsodium. A fairly known cryptography library. Sodium or Libsodium is okay but not the Session Protocol because Signal Protocol is the gold standard right? Right, but if we think Session is an entirely different project from Signal and many other messengers. As I said earlier, Session was a fork of Signal and they were using Signal Protocol. But with a completely odd underlying implementation Signal's Protocol wasn't complying. Session works on a decentralized network, and messages are onion routed. So, they need a protocol that blends with their infrastructure. I highly recommend reading their blog post, Session Protocol Technical Information. It has some serious issues that Signal Protocol can mitigate but Session can't.
How Session Handles Govt.
Speaking of infrastructure, Session is an Australian based organization that could be an eye blinker for few people and believe me, Session also thought about that. So, they developed technology that could be resistant to surveillance by governments.
Decentralization and metadata minimization are the core of that ideal. The Session team is based in Australia, but Session has infrastructure all around the world. But It's worth keep in mind the majority of those servers are owned by Session itself. Session also recently surpassed 750,000 users.
In the end, it's not that matter of a problem because they also don't store any form of information about users not even a Phone Number that Signal does. Till now, I didn't find any Jurisdiction Data Request from Session. You can keep an eye on Transparency Report if any data is being requested from Session, Oxen, Lokinet or any combination of their technologies that would be listed here just like Signal.
If Session is doing almost everything great then where is that problem? And, you may have guessed correctly it's in the features section. I can't say Session is a drop-in replacement of WhatsApp like Signal. Session is limited to its feature. Session implementation is so different that adding any new feature is not easy. But, Session has all the necessary features that usually people require. But sorry, you won't get Status Garbage. I'm not aware of all the features provided by WhatsApp and Signal because I really don't use them. That is why I listed what you can do in Session so you can let me know what feature Session is missing for now.
Send One-To-One Messages
Send Group Messages Upto 100 Members
Send Images, Videos, Documents etc Upto 10Mb
Create Communities With No Limit
Set Application Password
Set Messages Disappearing Time Limit
Have One-To-One Voice And Video Calls
I only mentioned important ones there could be more. Setting a password on Session is highly recommended. It encrypts your local database so if a threat actor gets hold of your device he/she won't be able to see your conversations. Session Communities are less secure than one-to-one and group chats. Voice and Video calls are in beta which is not onion routed. This connection is established peer-to-peer so both parties can see their IP address. In future, they will fix this. I believe this is also the case with Signal.
Slow Development Cycle
Use Of Own Security Protocol
Session Community Feature Isn't Safe
No Phone Number Required
Decentralized, Hard To Censor
Messages Are Onion Routed
Audited By Quarkslab In 2021
Support For Major Platforms Including Linux
Why Do I Use Session?
For me, It is straightforward, I don't like bloat. Session has a simple, clean and beautiful UI with fewer unnecessary features. I rarely use my phone number and Session doesn't require one. And, It routes all the text messages through an onion network. And, forget to mention the real reason, They got a nice promotion video. You have to watch this.
How Do They Make Profit?
I think it is always worth noting how a free software is making profits. So, let's see first for
WhatsApp is owned by a company whose main revenue comes from Advertisements Meta. But, WhatsApp doesn't have ads then how are they earning? Official, WhatsApp's revenue comes from fee cuts and charges when you use their services like WhatsApp Pay or WhatsApp Business. Unofficial, WhatsApp collects huge data and tracks users' personal preferences that they can use to show ads on Facebook and Instagram. Of course, WhatsApp shares your information with 3rd parties.
Session & Signal
Session and Signal are developed by the Non-Profit organizations Oxen Privacy Tech Foundation and Signal Technology Foundation respectively. They aim to spread privacy and security around the world not to make only profits. So, Session and Signal revenue comes from Donations. There is nothing more to say.
You may wanna look at Oxen's plan for the Session in future here. They might launch a premium plan for Session but not any soon.
Signal and Session are great projects. These applications and the team behind them really take users' Privacy & Security seriously. Both applications work differently and have some cons, but only very few people do care about them in the market (except for cellphone number). Signal is more focused solution for drop-in replacement of WhatsApp and on the other side, Session is more focused solution towards Anonymity with Privacy & Security. Session is an Open-Source Decentralized messenger with less bloat which fulfills my needs. But, Signal could be the best fit for you. You can check the comparison between Session and Signal with other leading messengers out there at SecureMessagingApps.com.
Thanks for tuning in ~ 👋