Techopedia speaks to Kee Jefferys, Co-Founder of Session, the global messaging app that made headlines last month after leaving Australia for Switzerland after strange visits from the police.
The messaging app, with focuses on decentralization and privacy — aiming to remove any chance of metadata collection — has more than a million users, and is part of a market that has seen a turbulent year, brought into focus by the ongoing legal troubles at Telegram.
On October 22, the news broke that Session was leaving Australia after one worker received strange visits from the Australian Federal Police (AFP) police at his home.
According to reports, the police had no warrant nor previously arranged meetings — but simply knocked on the employee’s door and questioned him at his home about the Session app, the company, and an ongoing investigation into a specific Session user.
We ask Jefferys about the case, the move to Switzerland, how Session fits into the messaging ecosystem, and what comes next for the private messaging service.
Key Takeaways
- Session relocated from Australia to Switzerland due to privacy laws and a visit from the police.
- Session is a decentralized messaging app prioritizing metadata-free chats, and Australian regulations challenged the app’s encryption and user privacy focus.
- Switzerland offers stronger privacy protections for messaging services.
- Decentralized messaging apps offer a different approach to Telegram, Signal, Whatsapp and co.
- Kee Jefferys highlights Session’s approach to encryption and security.
About Kee Jefferys
Kee Jefferys is a co-founder of Session, the encrypted messaging application that minimizes the collection of user metadata. Kee has been involved in numerous technological projects, specializing in decentralized networking and blockchain.
As an active and engaged member of the privacy-preserving technology community, Kee regularly attends conferences and meetups centered around privacy protection, the fight for encryption, and ethical data.
Why Did Session Leave Australia?
Q: In October, Session announced it would now operate from Switzerland through the Session Technology Foundation. Why did Session leave Australia?
A: The decision to relocate was about finding a regulatory environment that better supports our commitment to privacy. Australian laws, like the Assistance and Access Act, Online Safety Act, and the eSafety Commissioner’s new industry codes for Relevant Electronic Services, have created challenges for companies committed to deploying applications with strong encryption that do not collect personal data from users.
These laws and industry codes can require service providers to compromise encryption or collect identifying information from users.
This goes against what Session stands for, including protecting privacy through the deployment of end-to-end encryption and not collecting sensitive information like a user’s phone number or email address in the first place.
Given this, Session recently announced that the project’s stewardship will be moving to Switzerland. Switzerland has strong constitutional privacy protections and a history of supporting privacy-enhancing software like ProtonMail and Threema. For these reasons, it’s a much better fit for Session’s continued operation.
The Telegram Elephant in the Room — App Mass Migration
As the fallout of Telegram’s Founder and CEO arrest, Pavel Durov, continues to play out, countless users are looking for — or have already migrated to — alternative apps. From a privacy aspect, we previously explored the differences between Telegram vs Signal.
Simultaneously, X (former Twitter) users are also leaving the platform mostly to BlueSky, turned off by X’s politics, environment, and policies. This leads to our next question to Jefferys.
Q: What is your perspective on the changes happening in the industry?
A: Social media is balkanizing because of extreme political division, as seen with X and Bluesky. These platforms are heavily affected by ongoing debates around content moderation, which continue to drive users to seek alternatives.
Neutral messaging apps aren’t facing the same issues because they largely exempt themselves from the highly politicized content moderation discussion.
Users aren’t leaving Telegram because of its content moderation policies. It’s about security. Telegram’s lack of default end-to-end encryption means billions of unencrypted messages are stored and accessible by Telegram and its operators, leaving users vulnerable.
Of course, this has always been the case for Telegram, but when the founder finds himself under house arrest in France, people start asking questions about the security of those servers and who can access those unencrypted messages.
Blockchain-Inspired Decentralized Messaging Apps
Most messaging apps have the same vulnerabilities big tech companies have: centralization. However, Session’s approach to security is inspired by the decentralized nature of the blockchain and Web3 projects. Session says its most unique and important element is decentralization.
Q: Do you think the future of social media and messaging apps is decentralized?
A: The future of messaging is decentralized because of significant issues created by centralizing highly sensitive user data and metadata in centralized servers, which creates honeypots waiting to be breached by hackers and despotic governments.
I’m not sure that the future of social media is decentralized — most data shared on social media is intentionally public, so private and decentralized architectures make less sense.
Social media platforms benefit from centralized access to that content to train their recommendation models, something that messaging apps don’t benefit from in the same way.
Q: What are the biggest technical challenges that Session has today?
A: Building applications that use decentralized networks is inherently harder than building apps that work with centralized servers.
Unlike centralized systems, where developers can rely on a single server to maintain the state of a conversation or the members of a group, decentralized networks don’t have a single source of truth.
This means developers have to implement more advanced syncing logic and conflict resolution protocols, which can slow down the pace of development. This is the most inherent challenge faced by any decentralized app.
Q: Large-scale messaging apps and social media are extremely attractive and popular among cybercriminals for numerous obvious reasons. How do you balance user privacy versus security?
Session is highly focused on privacy above all else, but with enhanced privacy, users also naturally achieve a high level of security. Session, for example, isn’t subject to the same kind of SIM swapping attacks that messaging apps that use phone numbers are because of its usage of public-private key pairs as the basis of a user’s identity
A: Most major social media and messaging apps cooperate with law enforcement, and those who do not are often pressured to do so. Can you explain to our readers where Session stands on this issue?
A: Session is built in a fundamentally different way from other messaging apps. The developers and teams who work on Session don’t have privileged access to user data. All messages sent and received on Session are end-to-end encrypted, and message routing and storage use a network of 2100+ nodes community-operated nodes.
Because Session’s developers and contributors don’t operate the network infrastructure they don’t have the ability to give up user data, even if they wanted to.
In saying that, the teams who work on Session are aware that privacy-enhancing tools can be misused. When new features are being designed or tweaked, contributors consider each new addition and its potential for misuse and intentionally design features to minimize misuse.
The Oxen Privacy Tech Foundation (OPTF) [name of the Session foundation before moving to Switzerland] has previously worked with groups like Tech Against Terrorism to consult about features and ways to minimize abuse, and I expect the Session Technology Foundation will continue this consultative approach.
A Normal Day Inside Session’s Office
Q: Can you walk readers through an average working day, what your teams are working on, what usage and metrics you are looking at and monitoring daily to ensure integrity and security, or what a meeting would be about?
A: The average day working on Session varies depending on the role. For developers, it might involve developing a part of a new feature, collaborating with other developers to review code, or fixing specific bugs pointed out by QA engineers.
Developers are also constantly testing and improving the code to ensure smooth communication and security for all users.
On the marketing and management side, the day could be spent building partnerships, strategizing for upcoming campaigns, engaging with the community on social media, replying to media inquiries, or defining the direction of the business.
These roles are crucial for ensuring that Session continues to grow and stays true to its privacy-first mission.
Meetings inside the teams working on Session can range from technical discussions about enhancing the app’s infrastructure to brainstorming sessions on how to improve user experience, protect privacy, and stay ahead of emerging security challenges.
It’s really a collaborative environment where everyone contributes to maintaining the security and growth of the platform.
Q: Why open source? And how much more difficult, or easy, is it for DevSecOps teams to work in open source projects compared to proprietary tech?
A: It’s absolutely essential that end-to-end encrypted messaging apps be open source, as it allows users to verify the app’s security and privacy claims. Without transparency, users would be forced to trust the developer’s word alone.
Open source not only supports trust but also enables independent audits, ensuring that the app’s security is scrutinized by the community.
Being open source hasn’t presented any major challenges thus far. If anything, it has had major benefits. Community members have caught and fixed bugs that developers may not have caught by themselves.
Q: Four, almost five years on, how far off, or close, is Session from its original idea? Is it what you guys set out to build? Have you had to compromise? What have you learned?
The original vision of Session, as described in 2018, has changed a bit, but the core of what was described has been delivered.
The teams have learned a lot, and I’d say the biggest lesson was how important focus is: It’s better to do one thing really well than to do three things imperfectly.
The original vision of the project was to build a privacy-focused blockchain, then deploy a network of nodes on that blockchain, and finally build applications on that network.
Over the years, I’ve realized, along with other Session core contributors, that focusing purely on Session, the application, is the best use of time.
This isn’t to say that the network or blockchain or other tools being built, like [onion router] Lokient, are unimportant: they are supremely important. But everything should serve the vision of making Session better in one way or another.
The question that should be asked for any new feature, tool, or component the teams working on Session build should be: “How will this make Session better for its users?”.
References
- Kee Jefferys (@JefferysKee) (X)
- Session | Send Messages, Not Metadata. | Private Messenger (Get Session)
- Encrypted Chat App ‘Session’ Leaves Australia After Visit From Police (404 Media)
- Introducing the Session Technology Foundation – Session Private Messenger (Get Session)
- Everything you need to know about Session’s decentralised network – Session Private Messenger (Get Session)
- Tech Against Terrorism | Disrupting Terrorist Activity Online (Tech Against Terrorism)