Having surpassed the 1 million downloads milestone earlier this year, the decentralised private messaging App ‘Session’ has now released a new feature enabling private peer-to-peer phone calls.
In late 2021, the closed beta was released for Session calls. After a six-month closed beta period where beta testers were able to provide essential feedback, Session calls have entered an open beta – meaning anyone can now access the ability to make calls on Session.
Calls can only be made to people in your contacts list
Calls are P2P
How to enable calls?
Android:
Open your app settings by tapping on your profile picture in the top left corner
Tap Privacy
Enable the Voice and video calls option at the bottom of the menu
iOS:
Open your app settings by tapping on your profile picture in the top left corner
Tap Privacy
Enable the Voice and video calls option at the bottom of the menu
Desktop:
Open settings by pressing the cog on the left of the screen
Click privacy
Toggle the Voice and video calls switch
Beta Notes
As this release is still a beta release, an active search for any bugs or issues with the release is ongoing.
Looking forward, onion-routed calls are coming and they are dependent on Lokinet integration with Session; however, it must be first ensured that current P2P calls implementation is robust and secure. Session’s onion-routed calls will be a first of its kind in a consumer grade communication application, let alone a decentralised application.
Session is anonymous — with no phone numbers, emails, or any other identifying information being needed to create an account. Within the space of a few minutes, you can download the app, sign up, and start having conversations in full privacy. This means that just like our messaging service, this technology was applied to calls.
Session is now one of the easiest, most secure, most private ways to conduct a phone call — and all without a phone number.
Session 101: Path View.
You probably already know Session is decentralised — but did you know that you can view the path your message takes through that network?
Immutable X is the first Layer 2 scaling solution for non-fungible tokens (NFTs) on Ethereum. It’s a cutting edge protocol for NFTs which enables projects to build on Layer 2 Ethereum with a fantastic developer and user experience, and enables instant trading, massive scalability and zero gas fees for minting and trading, all without compromising user or asset security.
Immutable X is the most technically advanced solution for NFT scaling ever built, developed with StarkWare’s powerful STARK prover and rollup technology. Immutable believes NFT users and developers shouldn’t have to choose between the security and network effects of Ethereum, and creating a world-class experience for their users. IMX is an ERC-20 utility token built for the purposes of rewarding pro-network activities on Immutable X, such as trading, liquidity provision and building applications. The token aligns incentives between traders, creators and marketplaces so that all participants benefit from protocol activity.
As the digital surveillance capabilities of governments and corporations continue to increase, projects like Oxen are doing their part to ensure the average joe has access to strong encryption technologies. Whether it’s trading, communication, or regular web browsing, Oxen has a privacy-first product to fill the need.
The Oxen team have developed two applications that demonstrate the power of their service node network, these are Session and Lokinet.
Session is a decentralised messaging app that uses onion-routing and end-to-end encryption for secure and anonymous communication. With over 300,000 monthly active users, Session is one of the most used dapps in all of web3.
Lokinet is a high speed onion-routing protocol which provides anonymous internet access. Lokinet is compatible with all web browsers, because it can run in the background instead of needing a specialised browser or plugin — so the user experience is more similar to VPNs than Tor. Because of Lokinet’s modern protocol and network architecture, it is significantly faster and more lightweight than other onion-routers — it can even handle things like video streaming.
All Oxen apps rely on the service node network to function. Service nodes are Oxen’s specialised staked nodes which secure the proof-of-stake blockchain. Service node operators stake OXEN to secure the network and are rewarded with OXEN coins for their service.
The OXEN cryptocurrency is an instant transaction privacy coin. With complete fungibility, OXEN coins cannot be traced, nor can specific OXEN coins be blacklisted by centralised entities.
To tie the ecosystem together and to reduce service node emissions, Session and Lokinet have planned monetisation features for services on their network, though its’ planned to keep all Oxen apps free to use.
Power Ledger is an energy trading platform that allows buyers and sellers to trade energy directly with one another and without the need to go through a centralised power company.
Power Ledger offers a trustless trading platform where consumers can sell energy to their peers, allowing consumers to monetise their excess energy production and access cheaper energy by buying it directly from other users on the platform.
A permissioned based blockchain allows Powerledger to build and scale energy projects across the globe, processing 50,000+ transactions per second since shifting from Ethereum to Solana. This scalable technology is fast, transparent and secure. Powerledger’s blockchain technology facilitates secure trading and mitigates settlement risk, whilst also providing an immutable and verifiable audit trail. In 2021, Carlton United Breweries partnered with Power Ledger to power their VB Solar Exchange program, which enables participants to track and trade their excess solar energy for VB beer.
Haven is a project that aims to provide anyone, anywhere with access to true private digital assets in virtually any form they choose.
The Haven ecosystem gives you the ability to store, transact and convert your money into an asset type of your choice, all in complete privacy. It consists of 3 types of assets, which combine to give users genuine utility XHV, xUSD, and xASSETS.
Haven (XHV) acts as the network collateral, and has an elastic supply. It is volatile, so the price is set according to supply and demand on exchanges. Burning XHV is the only way to mint xUSD.
xUSD is a private stable coin which can always be converted to 1 USD worth of XHV. It’s created by burning the equivalent USD value of XHV. xUSD is the only currency that can be converted into xASSETS, so it also acts as a gateway between XHV and xASSETS. xASSETS are price-stable synthetic assets which can be minted using xUSD and stored within a Haven Vault. In the future, there is virtually no limit to the number of xASSETS that could potentially be available. Currently, users can convert and transfer Gold (xAU), Silver (xAG), Bitcoin (xBTC), as well as a range of other fiat currencies. In the near future these assets will be tradeable on Thorchain’s decentralised exchange.
Emanate unites musicians and music lovers on a fast and fair collaboration and sharing platform where they can create and earn more. Emanate is much more than just a music streaming service, it brings transparency around royalty and rights distribution, allowing collaboration to occur effortlessly via smart collaborations on Emanate’s live platform.
The music industry—especially the streaming industry—has been marred by claims from artists that they are underpaid, misled, and exploited. Emanate co–founder Jimi Frew sees streaming platforms as an extension of the legacy music industry — and wants to bring the benefits of web3 to the music industry through Emanate.
Emanate is creating a more transparent music industry which makes life simpler and fairer for everyone to create and listen to music. With a specific focus on streamlining payments and agreements between collaborators. Soon, any label will be able to create a profile and start managing their artists.
Emanate has a growing number of artists, and an ever-increasing catalogue of music to enjoy. The best part is that when you listen to music, the artist will be getting paid in real time — truly linking creators and consumers.
Emanate puts power back into the hands of its users, the artists and the consumers. The EMT token can be used to access the full power of Emanate. It’s like owning a bit of the network for yourself, like creators and consumers owning a piece of Spotify.
Session, an Australian born decentralised messaging platform running on the Oxen privacy network, hit a milestone at the beginning of this year by crossing 1 million downloads on the Google Play Store.
500% Growth Throughout 2021
Session is an end-to-end encrypted messaging application that runs on Oxen, a privacy-focused ecosystem supported by the $OXEN coin. Session runs on Oxen’s 1,700-plus community-driven nodes to store and route messages. Unlike P2P messaging apps, however, Session users can chat with each other when they are offline.
Session now has over 1 million downloads in the Play Store – and we're only just getting started.
In 2021 Session witnessed 500 percent growth, and this year’s early milestone is a clear signal that users are more drawn than ever to privacy-focused, decentralised applications.
A million downloads is a huge milestone for us, we’ve been working towards this for a couple of years, and we’re expecting even bigger growth this year. Session is proof that people want to use decentralised applications — you just have to build good ones.
Kee Jefferys, Oxen CTO
Data Privacy and Anonymity
Session messages are onion-routed, a technique where messages are wrapped under layers of encryption, preventing traffic analysis eavesdropping (theft of information).
Unlike other messaging platforms, which compile meaningful information about the user, every encrypted message is routed through three nodes in the Oxen Service Node Network, making it virtually impossible for the nodes to compile sensitive data from the user.
Comparison of sensitive data from several messaging applications.
When users sign up to Session, their devices generate a Session ID, which is the sole contact information on the app – you don’t need your phone number or any other type of personal information to generate a Session ID.
Because of the design of the Session protocol, users can have extreme confidence that whenever they send a message that only the person they send it to will be able to know the message contents, who they messaged, and when they sent the message.
The Session app also has some really cool features such as the ability to unsend messages which deletes the message completely from both the sender and recipient devices.
As the cybersecurity community comes together to celebrate and advocate for encrypted technologies this Global Encryption Day, the OPTF, an Australian digital rights not-for-profit, warns we need more than just end-to-end encryption to keep the internet safe and secure.
End-to-end encryption is an essential technology that protects our right to privacy. It keeps journalists, activists, and everyday people safe online and improves the overall security of the internet.
Being an Australian organisation, the OPTF is extremely concerned to see the Australian government leading the way in a global trend of anti-encryption legislation and regulation. With this in mind, it’s vital for the security community to develop technologies which incorporate not only end-to-end encryption, but additional elements of security.
I don’t know anyone without some kind of encrypted messenger on their phone, if you want security then end-to-end encryption is non-negotiable. But encryption is well and truly under attack. Fear campaigns are attempting to undermine the legitimacy of encryption. Encryption is not a source of evil. All the research supports this.
Alex Linton, spokesperson for the OPTF
The OPTF is funding development for additional technology including decentralised networks and onion-routing which can be used in conjunction with end-to-end encryption to help protect people’s security and privacy online.
October 21, 2021 will mark the first annual Global Encryption Day around the world. The OPTF is a registered Australian not-for-profit and a signee of this year’s Global Encryption Day Statement and is striving to build technology which supports and enhances existing encryption techniques.
The OPTF is the developer of an end-to-end encrypted messenger called Session. Session uses onion-routing, end-to-end encryption, and decentralised networking to provide extreme anonymity, privacy, and security in a mainstream messaging application.
In the early hours of Tuesday, October 5, social media giant Facebook, along with Instagram and instant messaging service WhatsApp, went down due to what it has called a “faulty configuration change”. The massive outages, announced on Twitter, left billions worldwide unable to communicate, and as a result the question on everybody’s lips is: “Is it time for decentralised networks?”
We’re aware that some people are having trouble accessing our apps and products. We’re working to get things back to normal as quickly as possible, and we apologize for any inconvenience.
Early on October 5, the outage tracking website Down Detector had logged thousands of reports for all three sites. Facebook would not load at all, while Instagram and WhatsApp were accessible but users could not send messages or load new content.
Outages reported in the affected period. Source: Down Detector
Facebook Under Fire
A mere two days after US data engineer and Facebook whistleblower Frances Haugen claimed that the social media conglomerate is fully aware of how its platforms are being used to spread misinformation, hate and violence, and has actively tried to hide this evidence, Facebook and its associated platforms went down for approximately six hours. Facebook has denied the claims.
Still, the outcry against Facebook is only adding to the company’s woes. At a US Senate hearing on September 30, Senator Richard Blumenthal hounded global head of safety for Facebook, Antigone Davis, about Facebook-owned Instagram and its potential negative impact on children, specifically young girls and their body image.
The outage and general bad press surrounding Facebook and its founder, Mark Zuckerberg, saw Facebook’s share price drop 4.8 percent and Zuckerberg’s personal fortune lose A$8.11 billion in a matter of hours.
Apparently, No Data Was Compromised
Facebook is citing the root of the problem as a faulty configuration change that was made to the company’s systems. Santosh Janardhan, vice president of infrastructure for Facebook, explained that FB’s engineering teams learned that “configuration changes on the backbone routers that coordinate network traffic between our data centres caused issues that interrupted this communication”.
Janardhan added:
The underlying cause of this outage also impacted many of the internal tools and systems we use in our day-to-day operations, complicating our attempts to quickly diagnose and resolve the problem.
Santosh Janardhan
According to Facebook, there is no evidence that user data was compromised as a result of the downtime.
Concerns Over Control
When seeing the fury and anger that an outage of such a centralised ecosystem can cause, many start to question its value. A lot of criticism is directed at Facebook’s oversight and control.
Earlier this year, the social media giant banned Australian news sites from publishing on Facebook, and the Crypto News Australia page was not immune. The level of control centralised companies such as Facebook can have over society has heightened calls to open up the playing field for decentralised social platforms in the future.
Facebook recently announced it would be investing US$50 million in building a “responsible metaverse”. Advocates of the metaverse, which is a system of shared online spaces for games and social interaction, believe it will help change the nature of work and offer new digital economic opportunities to users across the globe.
All are not convinced of Facebook’s intentions. Many believe such announcements are simply a diversion to deflect heavy criticism about its track record on user privacy and spreading misinformation.
Decentralised Alternatives to WhatsApp
If you, like many others, rely on WhatsApp to facilitate your communication, are concerned about privacy and possibly another outage, there are decentralised alternatives to consider.
Oxen is a comprehensive ecosystem of privacy-focused applications supported by the $OXEN cryptocurrency and backed by Australian not-for-profit Oxen Privacy Tech Foundation.
The company currently offers:
Session, a private messaging system; and
Lokinet, an anonymous internet access service.
Session is a free end-to-end encrypted anonymous messaging app that allows users to send messages securely and anonymously. The blockchain-based app is currently used by over 200,000 people in more than 200 countries and is available for both mobile (Android and iOS) and for desktop (Mac, Windows, and Linux).
Lokinet is a low-latency onion router that can be used for private browsing, voice and video calls.
The Australian government has passed its new amendments to the Surveillance Legislation Bill, giving the Australian Federal Police (AFP) and the Australian Criminal Intelligence Commission (ACIC) new powers over online accounts and communication. This has spurred various ethics and law groups to comment on the rationality of the bill.
The Surveillance Legislation Amendment (Identify and Disrupt) Bill 2020 was revised and amended earlier this month, giving the AFP and ACIC powers to surveil, intercept data, and alter data online.
Concerns have been raised by various groups and, according to the Human Rights Law Centre, the bill has insufficient safeguards for free speech and press freedom.
Given the powers are unprecedented and extraordinarily intrusive, they should have been narrowed to what is strictly necessary and subject to robust safeguards. That is why the committee unanimously recommended significant changes.
Kieran Pender, senior lawyer, Human Rights Law Centre
New Updates to Surveillance Legislation
Data disruption warrant: gives police the power to “disrupt data” by modifying, copying, adding, or deleting it.
Network activity warrant: allows police to collect intelligence from devices or networks used, or likely to be used, by those subject to the warrant.
Account takeover warrant: allows police to take control of an online account (eg, social media) for the purposes of gathering information for an investigation.
The two Australian law enforcement bodies will soon have the authority to modify, add, copy or delete your data should you become a suspect in the investigation of a serious crime.
It is alarming that, instead of accepting the committee’s recommendations and allowing time for scrutiny of subsequent amendments, the Morrison Government rushed these laws through Parliament in less than 24 hours.
Kieran Pender, senior lawyer, Human Rights Law Centre
The wording enables police to investigate any offence that is punishable by imprisonment of at least three years, including terrorism, sharing child abuse material, violence, acts of piracy, bankruptcy and company violations, and tax evasion.
In fact, refusing to comply could see offenders end up in jail for up to 10 years, according to the new bill.
Australian Privacy Projects Voice Concerns
The Australian surveillance bill has been heavily criticised by Senator Lidia Thorpe, the Greens spokesperson for Justice:
The Richardson review concluded that this bill enables the AFP and ACIC to be ‘judge, jury and executioner’. That’s not how we deliver justice in this country. The bill does not identify or explain why these powers are necessary and our allies in the US, the UK, Canada and New Zealand do not grant law enforcement these rights.
Senator Lidia Thorpe, Greens spokesperson for Justice
Enabling law enforcement agencies to modify potential evidence in a criminal proceeding is also a major issue of concern.
Under the Identify and Disrupt Bill, access can be gained to encrypted data that could be copied, deleted, modified and analysed even before its relevance can be determined. This significantly compromises users’ privacy and digital rights.
What’s more, legal hacking by law enforcement may make it easier for criminal hackers to illegally access computer systems via the same vulnerabilities exploited by the government.
How to Protect Yourself Using Privacy Apps
Due to insufficient safeguards contained within the recently passed Identify and Disrupt Bill, Australia is failing to uphold its commitment to protect the privacy of its citizens. This means that individuals need to find ways to secure their own privacy through the use of technology such as decentralised services.
Many of these already exist, but Melbourne-based Oxen is a private messaging, anonymous web browsing and instant, private transactions project with privacy and security at its core.
A global network of staked Oxen Service Nodes power Oxen’s second-layer privacy tools and services, including Session, the end-to-end encrypted anonymous messenger.
Decentralisation is at the heart of Session’s design. The service has 1,500 community-operated servers that are currently routing Session messages for more than 200,000 users across the globe.
No other app can do what a private messenger does.
Blink, Oxen’s instant anonymous payment mechanism, powers instant transactions with absolutely no privacy or security compromises.
As methods for surveillance become more prevalent through the internet and financial channels, individuals who value their privacy are moving toward technologies such as these to avoid surveillance as far as possible.
This is an independent review of Oxen, a platform powered by privacy-focused cryptocurrency $OXEN and backed by Australian not-for-profit Oxen Privacy Tech Foundation.
At a glance, Oxen is a technology stack – a comprehensive ecosystem of privacy-focused applications supported by the $OXEN cryptocurrency.
Our vision is to provide a range of tools and services powered by the $OXEN cryptocurrency, enabling users and developers all over the world to leverage the power of decentralised blockchain networks to achieve unparalleled privacy and security as they work, play, and live their day-to-day lives on the internet.
Oxen’s mission is also reflected in its tech being open-source on GitHub, “so developers can use what we’ve built as the foundation of a new generation of privacy tools and services”, as stated on the Oxen Build web page. The project covers a range of common use cases with a strong focus on privacy, security and anonymity.
The Oxen team has implemented a couple of applications to showcase the use of its technology stack: Session and Lokinet. Let’s have a closer look at both.
Session – Free Anonymous Secure Messenger App
Session is a messaging system born as a rebranded and more stand-alone version of Loki Messenger (as explained on Loki Network blog). It is currently used “by well over 200,000 people across more than 200 countries”, according to Oxen, and available for both mobile (Android, iOS) and desktop (Mac, Windows, Linux).
Session is best for:
Sending messages anonymously and securely.
Session features include:
Email and phone number are not required to create a Session ID.
End-to-End encryption of conversations with passphrase recovery.
Data stored by Session on the device can also be encrypted with a PIN.
Onion-routing of messages to hide the IP of the user.
It doesn’t collect metadata: your geolocation and device data are not collected.
High transparency: 100% of the code is open-source and the platform has undergone a security audit with publicly available Oxen Session Audit results.
The core principle driving the development of the app is to provide an easy-to-use, secure and privacy-first experience to its users. To deliver on its promises, Session uses a system called onion requests to send messages. It is a decentralised onion routing network (similar to Tor) designed so that no single server ever knows a message’s origin and destination. In layman’s terms, “this makes sure your messaging activities leave no digital trail behind”.
Your data is temporarily stored on multiple service nodes which automatically delete the data once your device picks up the messages.
Noticeably, there is no backup feature currently available – although is reportedly planned as per Session’s FAQ page. Also coming in the future is a subscription service called Session Pro, bringing a set of monetised Session features leveraging $OXEN for the transactions.
Lokinet strives to provide secure, anonymous and censorship-resistant access to the internet. Technically, it is a decentralised onion router that employs Oxen service nodes as relays. This brings together the privacy benefits of onion routers like Tor on one hand with the robust and decentralised nature of blockchain on the other.
Lokinet is best for:
Protecting your personal data while you surf the internet.
Hosting a website (such as WordPress) or web application with a hidden address on a Lokinet service called “SNApps” to avoid censorship, and it can be set up in a 1 click install.
Lokinet features include:
Hides your identity and IP address through the Lokinet onion router.
Lokinet service nodes are incentivised by getting paid in $OXEN token to keep the infrastructure up and running securely.
In practical terms, it requires installing an app currently available only for Windows and Linux. Lokinet allows anyone to access the internet as they would do normally, using their browser of choice but in a more anonymous way. Unlike Tor, it supports more protocols, allowing not only the reading of websites but also media streaming and video conferencing. Be aware, however, that applications requiring WebRTC or BitTorrent protocols will not work within Lokinet, as explained on its FAQ page.
Much like using a VPN service, Internet Service Providers may be able to see the connection but cannot know which websites are being accessed through it. The VPN service, however, would know that, as well as having access to other personal information (such as IP addresses), thus requiring its users to trust it. Lokinet’s decentralised approach results in no node in its network having complete information about a given user, thus defending their privacy.
Under the hood, Lokinet uses the Oxen blockchain and more specifically requires service nodes candidates to stake an amount of $OXEN before being able to register as a service node on the network. Aside from rewarding whoever wants to contribute a node to the network, this also mitigates a cybersecurity risk (more specifically, Sybil attack resistance). Future developments include using $OXEN to allow buying specific Lokinet addresses (rather than long, complicated sequences of letters and numbers) and creating a marketplace for exit nodes.
How to try Lokinet:
Download and install the router.
Click the big red power button on the app and it should turn green.
Visit http://probably.loki and if that works, then you’re running the router.
To browse the clearnet anonymously, type in the Exit node input box “exit.loki” and then click the ‘Enable exit’ toggle (this should turn green).
You can then search for “my IP” and see if it changes to a different location. Note: if it doesn’t work initially, just turn the router on and off again and click the ‘Enable exit’ mode.
At the core of Oxen’s offering is its blockchain and cryptocurrency, $OXEN. A Proof-of-Stake crypto built on a consensus mechanism called Pulse, it was previously known as $LOKI before being rebranded to $OXEN – a name change that has been only “cosmetic”, according to the announcement.
Like the rest of the ecosystem, $OXEN unsurprisingly has a strong focus on privacy and is built on CryptoNote, like Monero. In the words of the Oxen team, total anonymity translates to fungibility, meaning “individual $OXEN coins can’t be traced, tracked or refused based on where they’ve been or what they’ve been used for”.
$OXEN tries to differentiate itself from Monero and other privacy cryptos by striving to provide performance in terms of transaction speed. Rather than having to wait almost 30 minutes for a transaction to be fully completed, $OXEN claims its payment system, called Blink, allows instant transactions by using groups of Oxen Service Nodes.
An Oxen Service Node can join the network when it has a total of 15,000 $OXEN (currently worth around $15k AUD) across no more than four contributors. This seems to be a choice made by design in order to strengthen the network and prevent certain kinds of attacks, which would be unlikely and economically counterproductive.
Oxen was announced at the beginning of 2021 as a rebrand from Loki. The announcement is still available on Oxen blog.
Behind Oxen, there is an Australian not-for-profit organisation called Oxen Privacy Tech Foundation (OPTF website). The goal of the organisation is to support the development of free, open-source, secure and privacy-oriented technologies.
Privacy should have no strings attached – it should be provided by default, and it should be free.
In an age of data mining where users’ behaviours and information are seemingly spied upon by a wide range of entities, it can feel overwhelmingly complex to claim the right to privacy.
Oxen offers a range of tools and promises to deliver a blockchain-based, privacy-focused solution to a range of day-to-day use cases, from payments to messages and overall internet access. Only time will tell, but the increasing adoption of services such as Session looks like an encouraging signal, if not a testament to how much it is needed.
