Alternatives

Best Session alternatives

Q: I left Session because I don't want to give a phone number. Which alternatives keep that?

SimpleX, Threema, and RVNT all let you create an account with no phone number and no email — SimpleX goes furthest with no user identifier of any kind. Signal and WhatsApp still require a phone number, so they're not direct swaps on that dimension even though their cryptography is more mature. If the no-phone-number requirement is non-negotiable, SimpleX is the closest match to Session's ethos, with RVNT as a more experimental option that adds post-quantum forward secrecy.

A no-phone-number, onion-routed messenger that hides your IP and metadata by default — strong on anonymity, but its currently-shipping protocol still lacks forward secrecy. Here are the more private options, ranked honestly — with the tradeoffs named.

Why people leave Session

No forward secrecy in the protocol that ships today. When Session forked away from the Signal Protocol it dropped perfect forward secrecy and deniable authentication — so if your long-term key is ever compromised, an attacker can decrypt your stored messages within the retention window. Session acknowledges this and says PFS will return in the still-in-development Session Protocol V2 (announced Dec 2025, not yet shipping). (Session FAQ (getsession.org))
Cryptographers have publicly flagged the protocol. Security researcher Soatok's widely-shared January 2025 analysis ("Don't Use Session") argues the home-grown Session Protocol has real weaknesses — removed forward secrecy enabling key-compromise-impersonation risk, reduced Ed25519 entropy, and signatures that don't meaningfully authenticate. Whether or not you accept every claim, it has driven a lot of people to re-evaluate. (Soatok, "Don't Use Session" (Jan 2025))
The 10 MB file-size cap. Session limits attachments to 10 MB in both 1:1 and group chats — the smallest cap among major private messengers — which is frustrating if you share photos, video, or documents. (Session FAQ — attachment limits)
The independent 2021 audit itself recommended adding forward secrecy. Quarkslab's 2021 review found no catastrophic flaw but specifically called out the lack of forward secrecy and key-management improvements — so the gap is not just an outside critic's opinion, it's in Session's own commissioned audit. (Quarkslab — Audit of Session)

The alternatives, ranked

1 SimpleX Chat no-identifier anonymity with modern, forward-secret crypto

The closest spiritual successor to Session's no-phone-number ethos — it goes further with **no user identifiers at all** (disposable message queues instead of accounts) while keeping a forward-secret, post-quantum-augmented Double Ratchet that Session currently lacks.
Compare with RVNT →
2 Signal the maximally-audited, post-quantum gold standard

If your priority is battle-tested cryptography over IP/metadata anonymity, Signal gives you forward secrecy, post-quantum protection (PQXDH plus the new SPQR ratchet), and an independently-studied protocol — at the cost of requiring a phone number and trusting central servers.
Compare with RVNT →
3 RVNT no-phone-number P2P with post-quantum forward secrecy and Tor-by-default

Combines what Session users want — no phone number, no email, IP/metadata hiding over Tor and a mixnet — with the forward secrecy and hybrid post-quantum handshake (X25519 + ML-KEM-768) Session is missing, though it's young, **unaudited**, and far smaller than any option here.
Get RVNT →
4 Threema a no-phone-number messenger from an audited, mature vendor

A paid, Swiss, independently-audited app that needs no phone number and has forward secrecy (Ibex) Session lacks — the trade-off is central servers, no post-quantum crypto yet, and a one-time purchase.
Compare with RVNT →
5 Telegram big communities and large file sharing (not private by default)

Worth naming only as a caution: it's feature-rich with 2–4 GB file uploads, but chats are **not** end-to-end encrypted unless you manually start a Secret Chat — a clear downgrade in privacy from Session, listed here for honesty rather than as a recommendation.
Compare with RVNT →

Switching from Session: what to expect

What you keep: the parts of Session that draw privacy-conscious users — no phone number, no email, no KYC — are available elsewhere. SimpleX, Threema, and RVNT all let you sign up with nothing personal, and SimpleX, RVNT, Tor-routed setups, and Session's own onion routing all keep your IP address hidden from the people you talk to. Session's core promise (anonymous, server-light messaging) is not unique to Session.

What you gain: every alternative ranked above shipping-Session adds forward secrecy — the property Session dropped when it left the Signal Protocol — so a future key compromise can't unwind your past conversations. Signal, SimpleX, and RVNT also add real post-quantum protection against "harvest-now-decrypt-later" attacks, which Session's current protocol does not. You'll also escape the 10 MB attachment cap (Threema 100 MB, Signal ~100 MB, SimpleX 1 GB, RVNT no limit on a direct link).

What you lose: Session's onion routing hides your IP from your contacts and from the network by default with zero setup — Signal, WhatsApp, and Threema do not hide your IP from their central servers, so to match Session's network-level anonymity you'd want SimpleX, RVNT, or a Tor-routed configuration. You also lose Session's decentralized service-node network and its years of real-world usage and recognition. And honestly: if you move to RVNT you trade a 2021-audited app for an unaudited, pre-release one — newer crypto, far less scrutiny, a tiny network. Choose based on whether audit maturity or modern protocol guarantees matter more to you."

Frequently asked questions

Is Session actually insecure, or is the forward-secrecy thing overblown?

Session is not "broken" — it's still end-to-end encrypted with no phone number and hides your IP via onion routing, and a 2021 Quarkslab audit found no catastrophic flaw. But the lack of **forward secrecy** is a genuine, Session-acknowledged gap: it means a future compromise of your long-term key could expose stored messages, where Signal, SimpleX, Threema and RVNT would not. Session has announced Protocol V2 to restore forward secrecy, but it isn't shipping yet. If that matters to you, switching now is reasonable; if you mainly want anonymity and accept the trade-off, Session is still a real privacy tool.

I left Session because I don't want to give a phone number. Which alternatives keep that?

**SimpleX, Threema, and RVNT** all let you create an account with no phone number and no email — SimpleX goes furthest with no user identifier of any kind. **Signal and WhatsApp still require a phone number**, so they're not direct swaps on that dimension even though their cryptography is more mature. If the no-phone-number requirement is non-negotiable, SimpleX is the closest match to Session's ethos, with RVNT as a more experimental option that adds post-quantum forward secrecy.