Signal vs Session 2026: Which Messenger Is More Private?
Signal and Session agree on the core problem: messaging apps should not be able to read your messages, surveil your connections, or be compelled by governments to hand over meaningful data about their users. They solve this problem differently, and those differences matter depending on what specifically you are protecting.
The Fundamental Difference
Signal's approach: Strong, mature encryption. Require a phone number for account creation (to prevent spam at scale). Centralized servers operated by a nonprofit with a track record of producing nothing under legal pressure. Partially trust the nonprofit.
Session's approach: Encryption. Require no identifier for account creation. Route messages through a decentralized network operated by volunteers so that no single entity can be subpoenaed for user data. Trust the architecture over any organization.
Neither approach is wrong. They protect against different threat models.
Encryption Comparison
Signal Protocol
The Signal Protocol is the most peer-reviewed messaging encryption protocol in existence. It implements:
- Double Ratchet algorithm — provides both forward secrecy (compromise of current keys does not expose past messages) and break-in recovery (compromise of current keys does not expose future messages)
- X3DH (Extended Triple Diffie-Hellman) — the key agreement protocol for establishing initial sessions
- Sealed Sender — prevents Signal's servers from knowing who sent a message to whom (only the recipient's ID is visible to Signal)
The Signal Protocol has been adopted by WhatsApp, Facebook Messenger, and Google Messages as their encryption layer — a strong endorsement from companies with substantial cryptography resources of their own.
Session Protocol
Session's current protocol (post-2022 migration from Signal Protocol) is a modified Onion Request protocol designed for decentralized routing:
- No Double Ratchet — Session removed the ratchet mechanism when migrating away from the Signal Protocol. Messages still use authenticated encryption, but the per-message key rotation of the ratchet is absent.
- Forward secrecy limitation — the absence of the double ratchet means Session does not provide the same forward secrecy guarantees as Signal. If a long-term key is compromised, past messages may be decryptable.
- Independently audited — Quarkslab conducted a security audit in 2021 (when Session was still Signal Protocol based). A new audit of the current protocol has been planned but specific publication dates vary.
Verdict: Signal's encryption has stronger academic standing, more scrutiny, and better forward secrecy. For most use cases this difference is theoretical — both are secure against casual adversaries. For high-stakes communications, Signal's encryption maturity matters.
Anonymity Comparison
Signal
What Signal knows about you:
- Your phone number (required for registration)
- The date your account was created
- The date you last connected to Signal's servers
This was verified in 2016 when a federal grand jury subpoenaed Signal. Signal produced only these two pieces of information because that was literally all they retained.
As of 2024, Signal allows you to set a username — contacts see your username rather than your phone number. However, Signal itself still knows your phone number.
What Signal does NOT know:
- Who you message
- What you say
- When you send messages (Sealed Sender hides message metadata)
Session
What Session knows about you: Nothing.
No phone number. No email. No name. When you open Session for the first time, it generates a random Ed25519 key pair locally. Your Session ID (the public key) is displayed. There is no registration, no server communication, no identity verification of any kind.
Messages route through Session Nodes — volunteer-operated servers in a decentralized network. No single Session Node sees both who sent a message and who received it (Onion Routing splits this information). Even if Session's developers were subpoenaed, they have no user data to produce.
Verdict: Session is strictly more anonymous than Signal. If revealing your phone number to any party is unacceptable for your use case, Session is the only major option in this comparison.
Network Architecture
Signal — Centralized
Signal operates centralized servers managed by the Signal Foundation. This means:
- Fast, reliable message delivery
- Simple contact discovery (look up by phone number)
- Single point of attack (if Signal's servers are taken offline, the service stops)
- Single party that could be subpoenaed (Signal has demonstrated they produce nothing useful)
Session — Decentralized
Session routes messages through a network of approximately 2,000+ community-run Service Nodes. Each node is run by a volunteer who stakes OXEN cryptocurrency as a commitment to honest operation. Messages take an Onion Route through multiple nodes before delivery.
- No central server to attack or subpoena
- Messages are stored on the network for 14 days if the recipient is offline
- Delivery is slower and less reliable than Signal (decentralized routing adds latency and failure modes)
- Contact discovery requires sharing your Session ID directly (no phone number lookup)
Voice and Video Calls
Signal: Mature, reliable, high-quality voice and video calls. Used regularly by privacy advocates as a Zoom/FaceTime replacement for sensitive calls.
Session: Voice calls are implemented but less polished. Video calls are available but the quality and reliability are lower than Signal. The decentralized architecture adds complexity to real-time communication.
User Base and Network Effects
Signal: Hundreds of millions of users. Most privacy-conscious people you know likely already have Signal. Contact discovery by phone number makes adding existing contacts easy.
Session: Much smaller user base. Adding a contact requires exchanging Session IDs — no phone number lookup. Persuading contacts to install Session requires more effort than Signal.
This is the most practical argument for Signal in most situations: it does not matter how private the architecture is if your contacts will not use it.
When to Use Signal
- Your threat model involves message content interception, not identity revelation
- Your contacts already have Signal or can easily be convinced to install it
- You want voice and video calls in addition to messaging
- You are comfortable with Signal knowing your phone number
When to Use Session
- Revealing your phone number to any service is unacceptable (activists, journalists, high-risk users)
- You need an account with zero identity linkage
- You are communicating with others who prioritize anonymity over convenience
- You need to communicate with people who cannot share phone numbers
Recommendation
For 95% of users: Signal. The encryption is more mature, the voice/video calls are better, and the user base means your contacts are already there. Signal's track record of producing nothing under legal pressure is the real-world validation that matters most.
For anonymity-critical use cases: Session. If your use case requires that no phone number or identifier be linked to your account under any circumstances, Session's architecture provides this. Accept the trade-offs in call quality and user base.
Layer VPN over your encrypted messaging
Signal and Session hide message content. They do not hide that you are using them from your ISP. Mullvad VPN routes your messaging traffic through an anonymous tunnel, hiding even the fact that you are communicating.