Posted on

Howto use two Session IDs in one Android device

Video version of this guide is available at YouTube.

  1. Download and install F-Droid version of Session from F-Droid App Store. If you don’t have the F-Droid App Store, go to f-droid.org and download and install the F-Droid APK file.
  2. Download and install the Official Version of Session from Aurora Store (de-Googled phone) or Google Play store (normal spy phone), or get the APK file from getsession.org
  3. Open each one of them and create or restore Session IDs.
  4. To make it easier to recognize which version is which, change the Appearance of one of them to a different color scheme.
  5. Start sending messages!
Posted on

How to use multiple Session Messenger identities in Windows

This guide is also available as a YouTube video

While Session doesn’t have direct support for multiple identities within the app, you can start several copies of the app and have each of them with a different identity. Here is how to do it:

  1. Install Session from GetSession.org
  2. Make a copy of the Session Icon on the desktop
  3. Edit the properties of the icons:
    Add –user-data-dir=c:\users\yourname\session1 to the end of the Target field on the Session icon and,
    –user-data-dir=c:\users\yourname\session2 to the Session-Copy icon
  4. Start Session (the original Icon) and create or restore an account
  5. Start the Copy of Session and create or restore an account
    Change Appearance to another theme to make it easier to differentiate the two accounts
  6. Start messaging!
Posted on

12 Misconceptions and Myths about Session Messenger

This is also available as a YouTube video. Watch it on YouTube

  1. Session is a copy of Signal
    Partially true. Session uses code from Signal, and Session used to use the Signal Protocol, but in 2020 Session switched to their own Session protocol that is more suitable for Session’s decentralized network.
  2. Session is completely decentralized
    No, it isn’t. Session depends on centralized bootstrap servers, or “seed nodes”. Those servers are run by Oxen Privacy Tech Foundation (OPTF) and are in some way gatekeepers to Session, as if you can’t reach them, you can’t use Session. In the fall of 2022 the Iranian government blocked access to Session’s seed nodes and effectively blocked Session in Iran unless you used a VPN.
    For file attachments Session requires a file server. OPTF runs those and limits users to 6MB per attachment. Those are centralized servers.
    Same with Voice and Video calls – they require a signalling server operated by OPTF.
  3. Session will never reveal my IP address to any third party
    That is true as long as you don’t use Session Peer-to-Peer voice and video calls. If you use Session for voice or video calls your IP address is revealed to the party you call, and to the WebRTC signalling server run by OPTF.
  4. Official Session App is available on F-Droid
    No, it isn’t. The official Session Android app has Google’s Firebase code in it for notifications. The Unofficial F-Droid version of Session removes Google Firebase but is not compiled by the Official Session Team. However, the Official Session Team provides a repository that can be added to F-Droid.
  5. The name I choose when I setup Session is the name I can be contacted with
    No, it isn’t. That’s just a display name. There are only two ways you can be contacted with on Session: 1) Your Session ID and 2) Your Session ONS name or names that link to your Session ID. To get a Session ONS name you have to pay for it. You can purchase a name using the Oxen wallet if you own Oxen crypto currency. If you don’t have Oxen you can go to PrivacyProShop.com and purchase one with other cryptos or credit card.
  6. Group calling is coming to Session sometime in the future
    Maybe, maybe not. Group calls require a central server that has lots of bandwidth in order for the calls to work, and all of the call partcicipant IP addresses would be exposed to that server. So, it wouldn’t be a privacy-friendly addon to Session. However, it would be convenient for most people.
  7. Session groups are ideal for large groups for private messaging
    Not yet. Session groups are limited to 100 members at this point. There are plans to increase that, but so far users are limited to 100.
  8. Session Communities offer a private, secure discussion forum
    Nope. Session communities, formerly called Session Open Groups can be joined by anyone without any authentication. They are just that, communities of people where you can discuss things anonymously, but without any security or privacy. Many Session communities even publish all messages on a public web page.
  9. Session runs over Lokinet
    Nope, it doesn’t. Session uses its own version of onion routing called “Onion Requests” to accomplish the anonymity benefits. There are plans in place to move Session to use Lokinet, but that is still way off. Moving Session to Lokinet would make it possible to have anonymous onion routed voice and video calls. It would likely also improve Session’s speed.
  10. Session is Built in Australia, so it isn’t secure
    Australia has some anti-encryption and pro-surveillance laws, and it is a Five Eyes surveillance country. However, Session is secure, because it is an open source app, and the Oxen network is a decentralized network of about 1,800 servers worldwide. The Session team has no access to these servers as they are run by those who participate in the Oxen network by staking Oxen cryptocurrency. No need to worry, Session is secure.
  11. Session saves you messages forever in the Oxen blockchain
    Nope. Your messages are kept in a collection of Oxen Service Nodes called a swarm for two weeks. Once the message age reaches two weeks it will be deleted. Messages are stored end-to-end encrypted, so only you can read your messages. Without the message storage your Session would have to be online all the time in order to receive messages. Oxen blockchain is used for keeping Session ONS names.
  12. Session is a scam because it is built on a cryptocurrency network
    Nope. Session uses the Oxen Network for routing and storing messages. Oxen crypto is used to pay the operators of the network so they have an incentive to provide services on the network. Without the cryto backing Session wouldn’t exist. Oxen crypto is also used to purchase Session usernames. Without the crypto staking integration a large operator could simply buy enough servers to control a majority of the servers and Session could more easily be compromised. With the crypto integration the price of this type of attack would be very high and would drive up the price of Oxen crypto, and it would be easily detected.