Posted on

12 Misconceptions and Myths about Session Messenger

This is also available as a YouTube video. Watch it on YouTube

  1. Session is a copy of Signal
    Partially true. Session uses code from Signal, and Session used to use the Signal Protocol, but in 2020 Session switched to their own Session protocol that is more suitable for Session’s decentralized network.
  2. Session is completely decentralized
    No, it isn’t. Session depends on centralized bootstrap servers, or “seed nodes”. Those servers are run by Oxen Privacy Tech Foundation (OPTF) and are in some way gatekeepers to Session, as if you can’t reach them, you can’t use Session. In the fall of 2022 the Iranian government blocked access to Session’s seed nodes and effectively blocked Session in Iran unless you used a VPN.
    For file attachments Session requires a file server. OPTF runs those and limits users to 6MB per attachment. Those are centralized servers.
    Same with Voice and Video calls – they require a signalling server operated by OPTF.
  3. Session will never reveal my IP address to any third party
    That is true as long as you don’t use Session Peer-to-Peer voice and video calls. If you use Session for voice or video calls your IP address is revealed to the party you call, and to the WebRTC signalling server run by OPTF.
  4. Official Session App is available on F-Droid
    No, it isn’t. The official Session Android app has Google’s Firebase code in it for notifications. The Unofficial F-Droid version of Session removes Google Firebase but is not compiled by the Official Session Team. However, the Official Session Team provides a repository that can be added to F-Droid.
  5. The name I choose when I setup Session is the name I can be contacted with
    No, it isn’t. That’s just a display name. There are only two ways you can be contacted with on Session: 1) Your Session ID and 2) Your Session ONS name or names that link to your Session ID. To get a Session ONS name you have to pay for it. You can purchase a name using the Oxen wallet if you own Oxen crypto currency. If you don’t have Oxen you can go to PrivacyProShop.com and purchase one with other cryptos or credit card.
  6. Group calling is coming to Session sometime in the future
    Maybe, maybe not. Group calls require a central server that has lots of bandwidth in order for the calls to work, and all of the call partcicipant IP addresses would be exposed to that server. So, it wouldn’t be a privacy-friendly addon to Session. However, it would be convenient for most people.
  7. Session groups are ideal for large groups for private messaging
    Not yet. Session groups are limited to 100 members at this point. There are plans to increase that, but so far users are limited to 100.
  8. Session Communities offer a private, secure discussion forum
    Nope. Session communities, formerly called Session Open Groups can be joined by anyone without any authentication. They are just that, communities of people where you can discuss things anonymously, but without any security or privacy. Many Session communities even publish all messages on a public web page.
  9. Session runs over Lokinet
    Nope, it doesn’t. Session uses its own version of onion routing called “Onion Requests” to accomplish the anonymity benefits. There are plans in place to move Session to use Lokinet, but that is still way off. Moving Session to Lokinet would make it possible to have anonymous onion routed voice and video calls. It would likely also improve Session’s speed.
  10. Session is Built in Australia, so it isn’t secure
    Australia has some anti-encryption and pro-surveillance laws, and it is a Five Eyes surveillance country. However, Session is secure, because it is an open source app, and the Oxen network is a decentralized network of about 1,800 servers worldwide. The Session team has no access to these servers as they are run by those who participate in the Oxen network by staking Oxen cryptocurrency. No need to worry, Session is secure.
  11. Session saves you messages forever in the Oxen blockchain
    Nope. Your messages are kept in a collection of Oxen Service Nodes called a swarm for two weeks. Once the message age reaches two weeks it will be deleted. Messages are stored end-to-end encrypted, so only you can read your messages. Without the message storage your Session would have to be online all the time in order to receive messages. Oxen blockchain is used for keeping Session ONS names.
  12. Session is a scam because it is built on a cryptocurrency network
    Nope. Session uses the Oxen Network for routing and storing messages. Oxen crypto is used to pay the operators of the network so they have an incentive to provide services on the network. Without the cryto backing Session wouldn’t exist. Oxen crypto is also used to purchase Session usernames. Without the crypto staking integration a large operator could simply buy enough servers to control a majority of the servers and Session could more easily be compromised. With the crypto integration the price of this type of attack would be very high and would drive up the price of Oxen crypto, and it would be easily detected.
Posted on

How to Buy Session ONS Name without Oxen Cryptocurrency

Session Messenger IDs are impossible to remember. The Oxen blockchain that Session runs on top of allows you to buy a name of your own liking that links to your Session ID. You can do that with the Oxen wallet if you happen to have enough Oxen coins in there. If you don’t have Oxen coins, here is how you do it using other cryptos or credit or debit card. Please remember that most credit cards don’t provid anonymity. In the U.S. you can buy Visa and Mastercard gift cards with cash that are pretty much anonymous. Most grocery stores sell them.

  1. Download and Install Oxen Wallet app from Oxen.io. Choose either Windows, Linux or Mac. Android wallet is available on the Google Play Store or you can download it as an .APK file from GitHub. iOS wallet is available from the App Store. Sometimes security software interferes with the wallet installation, especially on Windows. When you start the wallet first time Windows Defender pops up with this dialog, checkmark both boxes and click “Allow access”
  2. Open the Oxen wallet app: Choose your LanguageKeep the defaults like Remote Daemon Only, Remote Node Host, Data Storage Path & Wallet Storage Path. Click “Next”
  3. Create a wallet. Click “Create new wallet”Give the wallet a name, such as mywallet, put in a password if you want it and click “Create Wallet”Copy and save the seed words and store them in a safe place outside of your computer. They are the only way to recreate your wallet should something happen to your computer. Once you are done saving the Seed words click on “Open Wallet” button.
  4. Once the wallet opens, click on the Copy Address button to the right of the Wallet Address to copy the wallet address to the clipboard.
  5. Go to https://PrivacyProShop.com and click “Add to cart” under “Session Messenger Name Purchase”, then click “View cart”,then “Proceed to checkout”.In “Billing Details” enter at least your Country, State & ZIP code (those are required for determining tax rates). Everything else is optional if you are paying with cryptocurrencies. Choose your payment method and click “Place order”Pay with the method you have chosen. This example is a Monero payment.After the payment completes, scroll to the bottom of the page and click on the link to “Session Name Registration Form”
  6. Please write down the Order Number and Confirmation Code, especially if you didn’t provide an email address as this information is also emailed to you and click “Continue to Registration”Enter your desired name and press tab or enter to initiate a lookup for the name. Once you have a name that is available, paste your Oxen Wallet address & Session ID to the respective fields. Then make sure to press tab to enter to activate the “Register My Session Name!” button, and click it.Success! Your Session name should be active within a few minutes.
  7. To see the name in the Oxen wallet, open your wallet and click “Oxen Name Service” button, “My ONS” and you should see an encrypted record.Type the name you purchased and click the “Decrypt” button to see your name.
  8. To test the name in Session you can click new message and send it to the new name. It should resolve the name to “Note to Self”