There is No Future for Online Safety Without Privacy and Security

Session is an open source encrypted messaging app that requires no phone number or email address to sign up. Instead of routing messages through centralized servers, Session uses a decentralized network of over 2,000 nodes running the onion routing protocol, similar to Tor, ensuring that no single server knows both the message origin and destination.

The Session Technology Foundation took over stewardship of Session back in October 2024, succeeding the Australia-based Oxen Privacy Tech Foundation (OPTF).

The transition wasn't purely administrative; it was triggered by Australian authorities' probes into Session's operations and the threat of anti-encryption laws that could compel backdoors.

Alexander Linton, who worked as a journalist before joining the Session project, now serves as President of the Session Technology Foundation.

In an email interview, we discussed his transition from journalism to privacy advocacy, Session's approach to trust and safety without centralized moderation, and the threats that surround encrypted communication.

How Did You Get from Being a Journalist into Leading the Session Technology Foundation?

When I was working in a newsroom, it became very clear to me, both from my own experience and from observing my peers, that there was a real gap when it came to secure communication. Journalists handle sensitive information every day, and yet the tools available to us were never built with our safety or our sources’ safety in mind. You could feel that vulnerability.

So when I heard there was a team in my hometown building a secure messaging tool, I knew I had to be involved. I joined the project seven years ago with the simple belief that people deserve the ability to communicate without surveillance or unnecessary exposure.

Over the years, I applied myself in every way I could, learning from the team, contributing wherever I added value, and helping shape Session into what it has become.

Leading the Session Technology Foundation today feels like a natural continuation of that same mission: making truly private, secure communication accessible to the people who need it most. It started as a personal frustration and turned into a global responsibility, and I’m grateful for that journey every day.

What's Been the Biggest Surprise in Session's Growth Since You Became President?

Day to day, when you’re building secure tools, it can sometimes feel like you’re working on an island. There’s a lot of noise, skepticism, and concern about people who push for real privacy. You hear so much about the pressure against secure communications and against the teams who build them, and it can feel isolating at times.

Stepping into a more public role changed that perspective for me completely. The amount of support, encouragement, and alignment coming from every corner of life has been overwhelming in the best way. It’s been a reminder that people do care about privacy, safety, and ownership of their communication, and they’re grateful for tools that protect those things.

The most incredible part has been hearing the individual stories of how Session has helped people in times they needed a messenger they could trust to have a conversation in safety. Those stories make everything worth it. They remind us who we’re building for and why this work is important.

How Has Switzerland Been as a Home for the Foundation and Have There Been Any Regulatory Issues?

Switzerland has been a great home for the Session Technology Foundation. It’s a place that understands the value of digital rights and open source innovation, and it provides a stable environment for stewarding a global project like Session. Being here has allowed us to focus on long-term development rather than short-term noise.

However, even Switzerland has its concerns, specifically with respect to the proposed changes to VUPF. Like many jurisdictions, they are reviewing proposals connected to digital privacy and encryption.

This is not unique to one country; it’s happening everywhere as governments try to understand how to regulate emerging technologies. We are watching it closely.

Switzerland plans surveillance worse than US | Tuta

Revision of Swiss surveillance law VÜPF would directly target VPN & encrypted chat and email providers based in Switzerland.

TutaHanna

What's the Relationship Between Session Technology Foundation and OPTF Now That You are Independent?

The two organizations are now entirely independent. The Session Technology Foundation is the steward of Session; it manages the open source repositories, handles app publishing, and provides development support to contributors across the ecosystem.

OPTF’s role today is mostly historical. It played a meaningful part in Session’s early years, and it continues to be a supporter of digital privacy more broadly.

How Does the Foundation Aim to Close the User Base Gap to the Likes of Signal and Telegram?

Signal and Telegram grew to their current popularity because they were able to fill a need that people have. Similarly, Session is filling a need that people have now and will continue to have in the future, the ability to communicate securely and privately without attaching their identity to a phone number.

Communication and privacy are universal needs, and as we continue improving the application and the overall platform experience, more people naturally choose Session because they want to communicate safely, privately, and without being turned into a data point.

For us, the focus isn’t on chasing user numbers for the sake of it. It’s on building something genuinely valuable and reliable. If we stay focused on that mission, the audience will follow. We’re already seeing that growth as awareness of privacy and metadata risks becomes more mainstream.

How Would You Convince People That Session Token Isn't Just a Cash Grab?

Session Token is the mechanism for creating a sustainable future for Session. It is not short-term thinking — but long-term. If we want private messaging infrastructure to be owned and operated by the community rather than a company, there needs to be a secure and decentralized way to incentivize and support that infrastructure. That’s the role of Session Token.

The purpose of Session Token is not to fill the pockets of some people. It’s about creating an ecosystem where the public good of private messaging can be owned by the public. Instead of relying on a private enterprise to run essential communication infrastructure, we are building a model where people who support the network and contribute value are the ones who benefit from it.

Session Token - Session Token

The future of privacy is powered by you.

Session Token

Session's Architecture Makes Content Moderation Nearly Impossible. How Do You Think About Trust and Safety?

Encryption is foundational to our model for trust and safety. Often, security and privacy are demonized in the conversation around online safety, but in reality they are safeguards.

There is no future for online safety without privacy and security; these are first principles.
Session is built so that people have control over their own experience.

There are user controls around message requests, participation in open communities, and contact discovery, which give people agency over who is talking to them and what can be shared with them. Session is a tool, and as there is no ‘one person’ running the platform, the STF cannot claim to be the arbiter or moderator of your specific conversation.

Instead, Session enables community-level moderation; people set norms for the spaces they participate in, and those norms are enforced locally rather than through platform-wide scanning or surveillance.

At a technical level, there is no way to conduct full, platform-wide moderation on an encrypted platform without backdooring the encryption. We believe that weakening encryption would ultimately make everyone less safe, not more. Our approach to trust and safety is about empowering people, strengthening privacy, and giving communities tools to protect themselves without compromising security.

In These Polarizing Times, Is the Bigger Threat to Privacy Government Overreach or People Just Not Caring Anymore?

Part of the attack against encryption is trying to convince people not to care. If the public becomes apathetic, it becomes much easier to undermine privacy without resistance. Apathy is not a solution; ignoring the issue of online privacy only makes the problem worse and leaves everyone more exposed.

Government overreach is a real concern. Some proposals around the world target both the technology and the people building secure tools, often through mechanisms that could weaken encryption or introduce scanning systems. It is important to remain vigilant, specifically with respect to backdooring encryption (such as through scanning mechanisms, i.e., chat control).

Technology itself can also be an enemy of privacy when it is designed without security in mind. The prevalence of AI, particularly when it is embedded at the operating system level, presents an existential threat to secure communication and online security in general.

💬 Are you a Session user? Thinking of trying it out? Do let me know in the comments below!