How to stay safe on Session

Session is a messaging app designed to protect your privacy, security, and safety. Its core design elements, such as end-to-end encryption and no phone number sign-up, give you the power to stay safe when you are messaging online.

This article will explain some of the key protections included in Session, and the safety choices you can make when using the app.

Make sure the version you download is safe

To make sure you are receiving the full protection of Session’s privacy and security, it is important to verify that you are using an official version of the app. Unofficial versions may contain modifications or vulnerabilities that could impact your safety.

To ensure your version is official, it is recommended to download Session directly from the Session website. When downloading from Google Play or the App Store, make sure you are using the correct store listing—these can always be found through the Session website.

Additionally, consider enabling automatic updates. This will ensure that fixes for bugs or issues will be delivered to your device in a timely manner.

Checking your Session settings

Session contains multiple privacy and security settings which you can adjust to suit your needs. Here are some suggestions for customizing your settings for your safety.

Notification settings

Adjusting your notification settings can change the information which may be displayed on your device. 

Session allows you to choose between displaying Name and Content, Name Only, or No Name or Content when receiving message notifications. Adjusting these settings can prevent others from seeing new messages while your device is locked.

You can also turn off notifications using your device settings.

Privacy settings

Turn off Read Receipts, Typing Indicators, Community Message Requests, and Voice and Video Calls using Session’s privacy settings. Turn on Lock App (using biometric of passcode). 

These settings ensure that the person (or people) you are talking to will not receive any indication that you have viewed their message or started typing a response, and prevents unknown contacts in Communities from messaging you (see: Avoid unknown Communities). Regardless of these settings, you will not send a read receipt when viewing a new message request.

This will also prevent everyone–including your contacts—from calling you on Session.

Who you are talking to on Session

Session contains features to help you connect with your friends and family while avoiding problematic users. 

Best practices when chatting

When adding a new contact on Session, it is important to make sure the Account ID really belongs to the person you are trying to talk to.

In-person, you can add a contact using your unique QR code and visually confirm your chat partner's Account ID (by cross-checking the last four characters of their ID). Online, you can share your Account IDs on a trusted platform other than Session—such as an end-to-end encrypted messenger or email.

When receiving a message request, you should double-check the Account ID with your chat partner—even if you were already expecting them to message you. If you receive a message request from an unfamiliar Account ID, you might consider Declining the request or even Blocking the user. 

Even when chatting with trusted contacts, it is important to remain mindful of the information you are sharing. When you send a message, photo, or file, your contact has a copy—and they may choose to share this with others.

However, you can turn on Disappearing Messages in your conversation settings to automatically delete messages from your device and your contact’s device after a specified amount of time. 

Note that Disappearing Messages settings are set per-conversation and messages can be set to disappear at a set time after they’ve been sent, or after they’ve been read. This means you can individually choose the disappearing message settings for each of your contacts on Session.

Avoid unknown Communities

Communities are self-hosted spaces for users to meet and interact on Session. They are useful for hosting large-scale conversations, finding contacts with common interests, or finding help and support. 

However, they are not part of the standard Session Network—they are specially hosted by community operators. Depending on the operator, moderation standards can vary between Communities. 

Additionally, Communities will likely introduce you to unknown contacts. While your Account ID is hidden when you interact in a Community, users can still send your message requests (note: this can be turned off by adjusting Community Message Requests in Session’s Privacy settings).

It is important not to share your real Account ID in a Community. If you post or share your Account ID in a Community, you risk receiving unsolicited or spam message requests.

Block problematic contacts

You can control who you interact with on Session by blocking problematic users. You can use this guide to find more information about blocking users.  

You can also block users who have sent you a message request. 

If the user has breached Session’s Terms of Service, you can report the Account ID using this help desk. 

Stay safe online

Session is just one place where you can meet and interact with people online. While Session takes every measure to preserve your privacy, safety, and security, remain mindful of the information which you share both within and outside of Session.

With these tools, Session empowers you to take control of your digital safety, however online safety is often complex—reach out to someone you trust if you need help or advice.

Access Now’s resources are recommended for further reading about staying safe online in general.