# Session vs Signal: Something Better Then WhatsApp

Instant messaging applications become a huge part of a digital lifestyle and can affect someone's personal life if somebody can get hold of it. Not just external threat actors but these days companies themselves are using software to track your behavior to make big bucks. Many leading organizations pushed Privacy and Security as a selling point without showing the reality. Like - Telegram and WhatsApp End-To-End Encryption (E2EE).

Whatever application you're using, It always boils down to few problems like **Centralization**, **Requiring Uniquely Identifiable Info (Cell Phone Number)** and **Convenience**. Or, we can say it boils down to **Security**, **Privacy**, **Trust** and **Convenience**.

Why don't we switch everything to more private networks like TOR or I2P? Because it's just not gonna work for the majority of people. **Convenience** is always an issue whenever we talk about Privacy and Security. So, let's see what ***Signal*** and ***Session*** did to resolve these problems.

# What is Wrong With WhatsApp?

**Everything**! ya *WhatsApp* is a world-famous very convenient instant messaging application run by an Adware tech giant **Meta**. Which is notorious to collect users' personal info to share with 3rd parties and governments whenever they ask without trying hard. **Meta** has lots of trust issues because data breaches, targeted ads, selling user data, and political scandals are few of them. They're always involved in something which somehow affects consumers' privacy.

WhatsApp has [E2EE](https://en.wikipedia.org/wiki/End-to-end_encryption). But who knows? Because WhatsApp is not Open-Source. You can take a look through WhatsApp's [Privacy Policy](https://www.whatsapp.com/legal/privacy-policy) to see what they collect and what they don't. Simply says EVERYTHING!

**Warning:** If WhatsApp is E2EE, then what is this?

*"Note: WhatsApp receives the last five messages sent to you by the reported user or group, and they won’t be notified."* Verify here: [How to block and report contacts?](https://faq.whatsapp.com/1142481766359885/?cms_platform=android)

## Cons

* Trust Issues
    
* Closed-Source
    
* Require Phone Number
    
* E2EE May Have Backdoor
    
* Extremely Privacy Invading
    
* Tracks Everything They Can
    

## Pros

* Still better than your cellphone's default messaging app
    
* Backed by a very large organization. So, security updates will be frequent
    

# What's Right & Wrong With Signal?

Honestly! not a lot of things. So, let's talk about what makes *Signal* a perfect alternative to WhatsApp. If you want the exact features of WhatsApp in a more private application, Then there is no other messenger that can beat Signal. Let's Welcome Signal, The world-famous convenient private messaging application run by a Privacy & Security centric organization **Signal Foundation**. Their mission is *to develop open-source privacy technology that protects free expression and enables secure global communication*. Signal is co-founded by the same person who was also the co-founder and creator of WhatsApp **Brian Acton**.

## How Open Signal Actually Is?

Signal has almost all the features that WhatsApp has. It is also E2EE and can be verified because it is **Open-Source**. But, In past Signal community had few complaints about Signal's open-source development workflow. They usually don't accept open-source contributions. I noticed most commits are done by those who work for Signal. According to search engine top results, in short rumors, Also states that Signal is not fully open-source their server codebase is still **Closed-Source**. I'm not sure about these facts because Signal didn't come forward and clear the confusion. But, You can see [Signal's Server](https://github.com/signalapp/Signal-Server) repository on their [official GitHub account](https://github.com/signalapp/). So maybe this is not true anymore.

> *Signal guys, You should have cleared this clutter. Be more open to the community.*

You can't contribute the Signal's [libsignal](https://github.com/signalapp/libsignal) project. **Libsignal** contains underlying implementations of Signal Protocol. And, It makes sense because **Libsignal** is a sensitive project so any change in the cryptography library can directly affect Signal's Application Security. Know more about Libsignal [contributions here](https://github.com/signalapp/libsignal#contributions).

It's worth mentioning [**Signal Protocol**](https://en.wikipedia.org/wiki/Signal_Protocol) is being used by many famous communication applications including **WhatsApp**. Yep! Google, WhatsApp, Skype and more use *Signal Protocol* to secure their communications. More to it, **Signal Protocol** is universally regarded as the gold standard for encrypted messaging.

## When Govt. Asks For Information

When jurisdictions force Signal to hand over users' info, Then they get NOTHING! YEP! NOTHING. Signal maintains a web page that they call *BigBrother*. A place where Signal lists all the Government Requests for disclosing personal info, with the answer stated as *We Have Nothing Useful To Share Because Our Message Are End-To-End Encrypted By Design We Also Minimize As Much As Metadata as We Can, Thank You For Asking Again*. Link To [Big Brother's Requests](https://signal.org/bigbrother/).

%[https://www.youtube.com/watch?v=3oPeIbpA5x8] 

## Cons

* Required Phone Number
    
* Issues With Open-Source Stuff
    
* Centralized, Censorship Could Be A Problem
    

## Pros

* Open-Source
    
* Privacy Respecting
    
* End-To-End Encryption
    
* Transparent With Consumers
    
* Audited By External Security Firms
    
* Packed With All Features That WhatsApp Has
    
* Support For Major Platforms Including Linux
    
* Committed To Mission, [Help People In Iran](https://signal.org/blog/run-a-proxy/) 🫡
    

# Introducing Session: Send Messages, Not Metadata

*Session* is an E2EE messaging application that works on a decentralized Oxen network. Session mission is to increase Anonymity with Privacy and Security by minimizing sensitive metadata. Session was originally a fork of *Signal* but their underlying implementation is completely different. All the Session messages are routed through **Onion Network**. And of course, It is completely **Open-Source**. The primary selling point of Session is they even *don't require a Cell* ***Phone Number*** *or any Identifiable Information*.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1675780091149/e4fb93c3-4275-42f7-a76b-695a411c865d.png align="center")

## How Does Session Work Then?

You may be thinking if Session doesn't require a Phone Number, E-Mail and any Personally Identifiable Info. Then how does it work? So, Session actually generates a completely random string called **Session Id,** which works like a phone number. This Session Id needs to be shared with whom you want to send messages and once that person enters your Session Id in his Session app, you can start your conversations. This is similar to WhatsApp and Signal, you share your phone number with your friend. You can also use the same account on different devices by using the recovery phrase.

I Highly RECOMMEND TO WATCH Session Beginner's Guide

%[https://www.youtube.com/watch?v=sLswL34hM-s] 

## What is Right & Wrong With Session?

### **Session Security Compare To Signal**

First, let's talk about encryption. Session encrypts your messages using [Session Protocol](https://getsession.org/blog/session-protocol-technical-information) which is built on [Libsodium](https://doc.libsodium.org/). A fairly known cryptography library. Sodium or Libsodium is okay but not the Session Protocol because Signal Protocol is the gold standard right? Right, but if we think Session is an entirely different project from Signal and many other messengers. As I said earlier, Session was a fork of Signal and they were using Signal Protocol. But with a completely odd underlying implementation Signal's Protocol wasn't complying. Session works on a decentralized network, and messages are onion routed. So, they need a protocol that blends with their infrastructure. I highly recommend reading their blog post, [Session Protocol Technical Information](https://getsession.org/blog/session-protocol-technical-information). It has some serious issues that Signal Protocol can mitigate but Session can't.

### **How Session Handles Govt.**

Speaking of infrastructure, Session is an **Australian** based organization that could be an eye blinker for few people and believe me, Session also thought about that. So, they developed technology that could be resistant to surveillance by governments.

Decentralization and metadata minimization are the core of that ideal. The Session team is based in Australia, but Session has infrastructure all around the world. But It's worth keep in mind the majority of those servers are owned by Session itself. Session also recently surpassed 750,000 users.

%[https://twitter.com/session_app/status/1674656115341287424] 

In the end, it's not that matter of a problem because they also don't store any form of information about users not even a *Phone Number* that Signal does. Till now, I didn't find any Jurisdiction Data Request from Session. You can keep an eye on [Transparency Report](https://optf.ngo/transparency/) if any data is being requested from Session, Oxen, Lokinet or any combination of their technologies that would be listed here just like Signal.

### **Session Features**

If Session is doing almost everything great then where is that problem? And, you may have guessed correctly it's in the features section. I can't say Session is a drop-in replacement of WhatsApp like Signal. Session is limited to its feature. Session implementation is so different that adding any new feature is not easy. But, Session has all the necessary features that usually people require. But sorry, you won't get **Status Garbage**. I'm not aware of all the features provided by WhatsApp and Signal because I really don't use them. That is why I listed what you can do in Session so you can let me know what feature Session is missing for now.

You can:

* Send One-To-One Messages
    
* Send Group Messages Upto 100 Members
    
* Send Images, Videos, Documents etc Upto 10Mb
    
* Create Communities With No Limit
    
* Set Application Password
    
* Set Messages Disappearing Time Limit
    
* Have One-To-One Voice And Video Calls
    

I only mentioned important ones there could be more. Setting a password on Session is highly recommended. It encrypts your local database so if a threat actor gets hold of your device he/she won't be able to see your conversations. Session Communities are less secure than one-to-one and group chats. Voice and Video calls are in beta which is not onion routed. This connection is established peer-to-peer so both parties can see their IP address. In future, they will fix this. I believe this is also the case with Signal.

## Cons

* Limited Features
    
* Slow Development Cycle
    
* Use Of Own [Security Protocol](https://www.getsession.org/blog/session-protocol-technical-information)
    
* [Session Community](https://sessionapp.zendesk.com/hc/en-us/articles/4439201907225-What-are-groups-How-do-they-differ-from-communities) Feature Isn't Safe
    

## Pros

* No Phone Number Required
    
* Open-Source
    
* Privacy Respecting
    
* Decentralized, Hard To Censor
    
* Messages Are Onion Routed
    
* End-To-End Encryption
    
* Audited By [Quarkslab](https://blog.quarkslab.com/audit-of-session-secure-messaging-application.html) In 2021
    
* Support For Major Platforms Including Linux
    

# Why Do I Use Session?

For me, It is straightforward, I don't like bloat. Session has a simple, clean and beautiful UI with fewer unnecessary features. I rarely use my phone number and Session doesn't require one. And, It routes all the text messages through an onion network. And, forget to mention the real reason, They got a nice promotion video. You have to watch this.

%[https://www.youtube.com/watch?v=6664mpKmccA] 

# How Do They Make Profit?

I think it is always worth noting how a free software is making profits. So, let's see first for

### ***WhatsApp***

WhatsApp is owned by a company whose main revenue comes from *Advertisements* Meta. But, WhatsApp doesn't have ads then how are they earning? Official, WhatsApp's revenue comes from fee cuts and charges when you use their services like **WhatsApp Pay** or **WhatsApp Business**. Unofficial, WhatsApp collects huge data and tracks users' personal preferences that they can use to show ads on Facebook and Instagram. Of course, WhatsApp shares your information with 3rd parties.

### ***Session & Signal***

Session and Signal are developed by the **Non-Profit** organizations *Oxen Privacy Tech Foundation* and *Signal Technology Foundation* respectively. They aim to spread privacy and security around the world not to make only profits. So, Session and Signal revenue comes from **Donations**. There is nothing more to say.

You may wanna look at Oxen's plan for the Session in future [here](https://oxen.io/roadmap). They might launch a premium plan for Session but not any soon.

# **TL;DR**

Signal and Session are great projects. These applications and the team behind them really take users' Privacy & Security seriously. Both applications work differently and have some cons, but only very few people do care about them in the market (except for cellphone number). Signal is more focused solution for drop-in replacement of WhatsApp and on the other side, Session is more focused solution towards Anonymity with Privacy & Security. Session is an Open-Source Decentralized messenger with less bloat which fulfills my needs. But, Signal could be the best fit for you. You can check the comparison between Session and Signal with other leading messengers out there at [SecureMessagingApps.com](http://SecureMessagingApps.com).

Thanks for tuning in ~ 👋

## Useful Links

* [Secure Messaging Apps Comparison](https://www.securemessagingapps.com/)
    
* [Your Session starts here — A beginner's guide](https://odysee.com/@Oxen:0/your-session-starts-here-%E2%80%94-a:5?&sunset=lbrytv)
