I sat down with Session’s CTO Kee Jefferys to discuss their decentralized messenger that uses private routing by default, requires no phone number, and runs on a network of thousands community-operated nodes. We dive deep into the technical decisions behind Session, including why they chose decentralization over perfect forward secrecy and how they’re building a trustless messaging platform. Techlore empowers individuals with practical digital privacy knowledge, security tools, and advocacy resources. Discover how to protect your online data and regain control of your digital identity.
📺 RELATED CHANNELS:
• Surveillance Report:
• Techlore Clips:
• Surveillance Report Clips:
• Henry’s Personal Channel:
🔐 TECHLORE RESOURCES:
• Techlore Homepage:
• Go Incognito Course:
• Techlore Forum:
• Exclusive Signal Group:
• Recommended Privacy Tools:
🧡 KEEP TECHLORE INDEPENDENT:
• Become a Techlorian:
• Patreon:
• YouTube Memberships:
• Affiliate Links:
• All Support Methods:
This content couldn’t be freely available without our Techlorians, huge thanks to:
BRIGHTSIDE, Clark, Ente, Larry, Richard, Afonso, JohnnyO, kevin, love your content, x, 3c3c1d, Alexandre, Nadio, NotSure, Philip, Seth, Stephen, Steven
🌐 FIND TECHLORE ELSEWHERE:
• PeerTube:
• Mastodon:
• Bluesky:
• Twitter:
• LinkedIn:
• Telegram Channel:
⏱️ TIMESTAMPS:
00:00:00 INTRO
00:02:21 WHY SESSION WAS STARTED
00:04:12 THE TEAM BEHIND SESSION
00:05:30 SESSION USER THREAT MODELS
00:09:20 REGISTRATION & USER ID
00:13:07 IS KEY VERIFICATION UNNECESSARY?
00:14:58 ONION ROUTING
00:16:53 USING THE OFFICIAL TOR NETWORK?
00:17:57 WHY NOT TOR?
00:19:15 HOW DECENTRALIZED IS SESSION?
00:21:07 ARE NODES TRUSTLESS?
00:24:53 HOW SESSION HANDLES METADATA
00:27:28 WHAT CAN SESSION HAND OVER?
00:29:20 SESSION + BLOCKCHAIN
00:31:24 IS ENCRYPTED DATA STORED?
00:33:58 REASON FOR THE SWARM
00:34:55 WHY 7?
00:36:26 SESSION LOGIN & ACCOUNT RECOVERY
00:39:17 BACKUP & RESTORE
00:40:57 PFS (PERFECT FORWARD SECRECY)
00:46:56 IS SESSION A SIGNAL FORK?
00:48:10 USABILITY PROGRESS
00:52:58 DEVICE LINKING
00:54:25 CUSTOM NOTIFICATIONS/UNIFIED PUSH
00:59:25 ANDROID NOTIFICATIONS + BATTERY
01:02:34 SESSION’S BUSINESS MODEL
01:05:48 ENCOUNTER WITH LAW ENFORCEMENT
01:12:55 ARE THERE APP STORE PROTECTIONS?
01:16:58 WHAT’S NEXT FOR SESSION?
01:19:41 FAVORITE PRIVACY PROJECT?
01:22:41 OUTRO
#session #opensource #techlore
source
34 Comments
Definitely a massive thanks to Kee for coming on, and don't forget to support the channel if you enjoy these interviews. Thanks everyone!
✅ Watch this video on PeerTube: https://techlore.tv/w/5TpNvVB52d6zSWgTVXfuvz
✅ Join the community with other people passionate about digital rights: https://discuss.techlore.tech
About Telegram, why would they need encryption keys to access the cloud messages? They just need the ability to intercept an activation SMS for most users.
I love session, (I even bought an ONS entry) but I'm unable to make it my primary messenger because of connectivity issues. It simply doesn't work on a lot of public WiFi networks where I work. Teams, Telegram, Viber iMessage etc, all work. (Public WiFi blocking all the non WWW ports is the issue). Other issues are the lack of clients for other systems (Arm Linux being the most annoying) and lack of spam protection for ONS.
Isn't AU about to pass a law to block certain sites? Wouldn't they make end to end encryption simply illegal? You guys might need to subscribe for hosting of website and services offshore!
Not gonna fib Mr. Jefferys is handsome.
excellent presentation on session. Techlore continues to evolve.. maintaining a knowledge based learning platform that remains integrity based, a trusted Apex site…. continued success… bravo and kudos… respect Achilles
Yeah man! Great job! ….but add an incognito feature to make it immune to screenshots, recordings, and even key logs if possible! The rootkits watch users "over their shoulders," so it doesn't matter all these privacy features if they spy on the screen and typing! Incognito (like private browser windows, or bank apps—it's the method to solve this, I guess)
Listen up algorithm! this needs more attention ! 😉
I am super excited about CTO's that focus NOT on extra bloat, NOT on features that are only there to justify higher monthly fee, NOT on increasing complexity, but instead optimizing the basic functionality, speed and security of an application, this I would pay for. Super cool interview.
police could just subpoena access to all exits nodes or force you to add police cntrolled exit nodes. Elliot once said "he who controls the exit nodes, controls the traffic. And I'm in control" :3
This is perfect. This is really good. I will move to this.
Really great interview and insightful on the whole, love that Jefferys went into the technical aspects of the app and he did a pretty great job explaining stuff.
Good work. With the attempt to debank ppl who disagree with the monstrous policy of the globalist establishment, things like this are becoming more important every day! If they continue it will become necessary to replace payments routing infrastructure and things like this could ultimately be used to replace payment processing or digital currency systems designed to eliminate the possibility of political speech or protests critical of corruption between regulators and large criminal multinational corporations…
Ty for the content.
A kind recommendation: Even though we understand you are asking questions for the benefit of the listeners / viewers … ya gotta listen to the guest's answers yourself.
Jefferys wholly explains how and why Session doesn't use a "security number" like Signal, then 4 seconds later 13:04 you ask him: does Session have a similar feature or is it unnecessary…
Fantastic service! It would be amazing to have a self-hosted node option that could be used for standalone or internal traffic like video chats, phone calls, and more. That internal node could also act as a broker for connecting out through the wider network.
They recently announced banning "sideloading" from unidentified sources on Android. Their aim is to increase censorship of those who don't comply with the system, and increase Ad revenue by banning adblockers (ReVanced etc… ). Basically making you slave with no easy to escape route. GOOGLE is pure evil.
Is it possible to recover deleted messages through forensics tools?
"There is really no way to intercept and man in the middle attack that."
The goverment has joined the chat
You need to sync your lips to your video.
Kasia on kaspa is one to keep an eye on
I knew it. Scam coin
How can Session protect against the OS performing a Client Side Scanning of the messages being sent prior to being encrypted by the application?
Aa governments push for more and more intrusive control over the population, the need to be able to see and read all communication becomes an imperative to defeat encryption for private individuals.
Being able to have an AI take screenshots and transmit information to government via government mandated backdoors in operating systems becomes a huge risk and completely breaks encrypted communication platforms like Signal and Session.
Based in Australia …. says it all really.
Didnt they get found out as being a honeypot of sort?
Session is the best.
Good initiative, until you start to realize end to end encryption is dead. Since 2024 all modern (cpu) hardware is being equipped with NPU’s, enabling client side scanning. All major OS’es, except Linux, have been upgraded to spy on your client device. Windows recal for example takes screenshots every few second for AI scanning,and thats just the tip of the iceberg. The whole “data in transit” security is rendered completely useless in these situations.The whole technical infrastructure is already in place, waiting for legislation be governments, who of course comply under the disguise of some fabricated events that strike human fear, anger, empathy or other powerful primal emotion to get this draconian measures “accepted”.
When client side scanning comes, will the app matter that much?
Why no mention of WHICH CRYPTOCURRENCY you're using to stake nodes?
Thanks!,
The Google Play Store comments about Session are an eye opener.
Please could you do a DLDR video?
Please make a video comparing Session and SimpleX. I prefer SimpleX.
👍👍👍👍👍👍👍👍👍👍👍👍👍👍👍👍👍👍👍👍👍👍!!!
i don't trust the face expression
The core issue with Seisson’s approach is that a successful device hack would leave you entirely vulnerable. Recovering from such an event would require creating a new account, restoring all your contacts, and convincing them that your previous account was compromised.
In XMPP, users can simply log in from another device and change their password, or request assistance from their server’s administrator. Signal allows users to reclaim their SIM at their carrier’s office and recover their account. Even with Jami, key backups from other devices can be used to disconnect old ones.
Ultimately, every system is susceptible to hacking at some point. While updates and mitigation strategies can be implemented, zero-day vulnerabilities and human error remain constant threats.
This is why cold wallets and paper backups are utilized for cryptocurrency – the key difference being that cryptocurrency can be stored entirely offline