LogoLogo
Back to our website
  • Session Messenger
    • Installing Session
      • Installing on Linux (Debian based distros)
      • Installing Session using F-Droid
      • Installing Session using APKs
      • Installing beta versions of Session
    • Advanced Features
      • Communities
        • How to setup a Session Open Group Server (SOGS)
        • Creating a read-only channel using SOGS
      • Session Names and the Session Name Service (SNS)
        • Registering an Oxen Name using the Oxen Name Service
      • Session Pro
    • Contribute to Session Messenger
      • Development
      • Localization
  • Session Token (SESH)
    • Tokenomics
      • Genesis tokenomics
    • Rewards Programs
      • Service Node Bonus Program
      • Oxen Coin Claims
      • Testnet Incentive Program
    • Get Session Token (SESH)
      • How to create a crypto wallet
      • How to view SESH in your Wallet
      • How to use Session Token (SESH)
  • Session Network
    • Session Nodes
      • Staking and collateralization
      • Incentivization
      • Consensus
      • Swarms
      • Session Appchain
      • Deregistration
    • Session Protocol
      • Onion requests and message routing
      • Account IDs and self managed keys
      • Account restoration
    • Staking
      • Staking Reward Pool
  • Contribute to the Session Network
    • Frequently Asked Questions (FAQ)
    • Testnet
      • Staking to a Session Stagenet Multicontributor Node
      • Session Stagenet Node Setup
        • How to set up an oxend L2 proxy
  • Twitter / X
  • Discord
  • Session Token Website
  • Session Website
  • Session Whitepaper
Powered by GitBook
On this page
  1. Session Network
  2. Session Protocol

Account IDs and self managed keys

Last updated 15 days ago

Most popular messaging applications require the user to register with an email or mobile phone number in order to use the service. This requirement represents a major privacy and security compromise for users due to the centralized management of phone numbers (i.e. telecommunications service providers), which have the capacity to assume direct control of specific users’ phone numbers. Additionally, methods such as SIM swapping attacks, service provider hacking, and phone number recycling may be exploited by lower-level actors to compromise user security.

Using phone numbers as the basis for account registration also greatly weakens privacy, with many countries requiring users to provide personally identifying information such as a passport, driver’s license or identity card to obtain a phone number—permanently mapping users’ identities to their phone numbers.

To counter this, Session messenger does not use phone numbers or email addresses as the basis for its account system. User identity is established through the generation of an Ed25519 public-private key pair. This keypair is not required to be linked with any other identifier, and new key pairs can be generated on-device in seconds. This means that each key pair (and thus, each account) is pseudonymous, unless intentionally linked with an individual identity by the user through out-of-band activity.

Example of an Account ID on Session messenger: 056c3d9682f167135d4c86b0af24e7aca98949380fa825e01455e788fe3df1d05c

Additionally, because messages are encrypted using the recipient address, Session is able to remove the problem.

trust on first use