In this interview with TechBullion, Kee Jefferys, the co-founder of Session, discusses the technical and privacy-focused innovations behind Session, a decentralized messaging app. Unlike traditional messaging platforms like Telegram, Signal, and WhatsApp, which rely on centralized servers, Session operates through a network of 2,100 decentralized nodes. This decentralized architecture enhances user privacy by stripping metadata and using onion routing to obscure users’ IP addresses, significantly reducing the risk of surveillance and data compromise.
Kee highlights how Session’s decentralized approach, combined with end-to-end encryption as a default setting, positions it as a robust privacy solution. As an open-source platform, Session ensures transparency and trust by making all of its code publicly accessible, allowing users to verify its operations. He also touches on how DePINs (Decentralized Physical Infrastructure Networks) support the infrastructure of Session, providing incentives for nodes to operate securely without the need for centralized servers.
Kee contrasts Session with its competitors, emphasizing its distinct advantages such as not requiring a phone number for signup, the absence of centralized servers, and enhanced anonymity through IP address protection. Balancing advanced security features with usability is a key focus for Session, ensuring it remains user-friendly despite its sophisticated privacy technologies. Kee believes that advancements in privacy-enhancing technologies, such as zero-knowledge proofs, will drive innovation and expand the landscape for privacy-focused applications in the future.
Lastly, Kee discusses the challenges Session faces in scaling beyond its niche privacy market and invites investors and partners to explore opportunities for collaboration through the Session Technology Foundation.
Please tell us more about yourself and what you do at Session?
My name is Kee. I’m one of the co-founders of Session. I’m particularly focused on the technical side of Session, this means designing protocols, writing whitepapers and managing one of the tech teams which contributes to the Session clients and network.
Can you explain how Session’s decentralized architecture differs from traditional messaging apps?
Session is fundamentally different from traditional messaging apps like Telegram, Signal and WhatsApp, all of which rely on centralized servers that hold users’ messages and metadata, creating a honeypot which is attractive to hackers and governments to compromise. Instead Session stores and routes users messages through a network of 2,100 community run, decentralized nodes. User messages are shared across these nodes so no single node has a full view of all of the data stored on the network. Metadata is stripped from messages before being routed through the network through the usage of advanced privacy enhancing technologies like onion routing and ID blinding, ensuring that nodes gain very little understanding of the messages they relay and store. The result is a robust network which has no owner, removes single points of failure and most importantly does not create a honeypot of user data waiting to be compromised.
How does this decentralized approach enhance user privacy and anonymity?
The decentralized nature of Session allows for the implementation of a new set of protocols to protect users privacy and anonymity. As an example, on top of the decentralized network of 2,100 nodes, Session implements an Onion routing protocol which allows users to hide their real IP address when storing or retrieving messages and data from the network. This is something which simply isn’t achievable with centralized messaging applications as their network topologies can’t support running Onion Routing networks while delivering any meaningful privacy to users
Can you discuss the use of onion routing in Session and how it contributes to user security?
Onion Routing in Session is essential to preserve the privacy and security of a user’s IP address. Typically when users interact with centralized messaging applications like Telegram, Signal and WhatsApp they reveal their IP address to the centralized servers of that application, this metadata can be used to create linkages between the IP addresses of users who send and receive messages to each other and groups of users, these linkages can then be used alongside users phone numbers and email addresses to deanonymize users placing them in precarious positions. When users interact with Session their connection is bounced through 3 hops before storing or requesting data from the network, breaking the link between a user’s messages and contacts and their IP address.
As an open-source platform, what steps do you take to ensure transparency and trust for users?
The most important thing Session does to increase trust in the network and clients is publish all of its code completely open source. This means anyone can read the code that’s running on their device and the code which is running on the decentralized network of nodes and verify its functionality. Apart from that the decentralized network has both strong incentive models and self-policing mechanisms for nodes to keep each other in check and remove poorly behaving nodes from the network.
What led to the decision to have end-to-end encryption as the default setting for all conversations on Session?
In 2024 there’s no reason not to deploy strong end to end encryption across 1-1 and group conversations in messaging apps, it not only increases security and privacy by limiting the access intermediary nodes have to view content but it also scales well and minimally impacts performance and usability of the apps it’s deployed in.
How do DePINs (Decentralized Physical Infrastructure Networks) play a role in Session’s goal of enhancing user privacy?
Session is a DePIN, the network of nodes which stores and routes Session users encrypted messages is a staked network and operators who stake nodes receive a reward for routing and storing users encrypted messages. DePIN is the network structure which allows an app like Session to exist without requiring a centralized server.
In your opinion, how does Session stand out in a market with established competitors like Signal and WhatsApp?
Compared to both Signal and Whatsapp, Session has three main advantages. Firstly, Session doesn’t require a phone number to sign up for, decreasing the barrier to entry to signing up and increasing user privacy. Secondly Session uses a decentralised network to store and route users end to end encrypted messages, removing centralized points of failure and resolving the issue most centralised messaging apps have, where the centralised server becomes a honeypot of user data and metadata. Thirdly, Session uses an onion routing network to hide users IP addresses when they store and retrieve messages and data from the network, increasing user privacy and removing metadata from conversations.
Can you speak about the balance between advanced security features and a user-friendly interface on Session?
Achieving a balance between privacy and user experience is always a tough challenge. Session takes a practical approach to increasing user privacy while providing an app which looks and feels familiar to web2 users. There is a tendency in the crypto and privacy communities to deploy highly academic solutions to privacy problems. I think we need to move away from this approach and build solutions which are actually usable, this is a north star which guides Session development.
Kee Jefferys, the co-founder of Session
How do you see the landscape of privacy-focused applications evolving in the future?
Privacy enhancing technologies are a field of massive innovation, many of the solutions developers have wanted to implement have been out of reach due to technical barriers, however the current pace of technological innovation in the privacy space is starting to remove some of these technical barriers, my expectations is that this is going to lead to a rebirth of privacy-application development which i think has struggled in the last few years.
As an example early Zero knowledge proofs which are used in many privacy protocols were prohibitively slow to produce on lower powered devices like phones and tablets, but recent advancements in proving protocols has lead to generational improvements in the efficiency of generating proofs, this means its now feasible to produce even fairly complex Zero Knowledge proofs on mobile devices, opening a range of different use cases to application developers.
What challenges or opportunities do you anticipate for Session as it continues to grow. Do you have any available opportunities for investors and partnerships at Session?
I believe Session will face the same challenges as any emerging messaging application—overcoming the network effect of established competitors is difficult. Session has focused on building adoption within a specific niche (the privacy market), but expanding beyond this niche to a broader audience will be challenging. That said, if it weren’t challenging, something like Session would already exist! These are the challenges that the teams working on Session are motivated to solve.
Session is always open to collaborating with firms and partners to expand its reach and usage. The best point of contact for this type of interest is the Session Technology Foundation, which serves as the steward of Session. They can be reached at https://session.foundation.
