# Signal vs SimpleX vs Session — which encrypted messenger in 2026

> Source: https://fuckyc.org/guides/signal-vs-simplex-vs-session/
> Published: 2026-01-23 · Last verified: 2026-01-23

Three end-to-end-encrypted messengers, three different identity models. Signal needs a phone number; SimpleX needs no identifier at all; Session is in between. A 2026 comparison.

## TL;DR

**Signal** has the strongest cryptography and the most-deployed implementation but requires a phone number at registration — that is the dominant privacy caveat. **SimpleX** is architecturally identifier-less (no phone, email, or username globally visible) and is the most metadata-minimizing of the three. **Session** is the no-phone Signal-fork with Lokinet onion routing — usable group chats, smaller anonymity set, smaller team. For most users in 2026, the answer is: **Signal if phone-number registration is acceptable, SimpleX if it is not**.

---

Three end-to-end-encrypted messengers, three different decisions about what identity to require. The trade-offs are well-defined; the right pick depends on whether phone-number registration is part of your threat model.

## At a glance

| Dimension | Signal | SimpleX | Session |
| --- | --- | --- | --- |
| Identity at signup | Phone number (required) | None (one-time invite links) | Random Session ID |
| Encryption | Signal Protocol (reference) | Double Ratchet over per-contact queues | Signal-fork |
| Transport metadata | [Sealed Sender](/glossary/#sealed-sender); server sees recipient | Per-contact unidirectional queues | Lokinet onion routing |
| Network operator | Signal Messenger LLC (USA, non-profit) | SimpleX Chat Ltd (UK; self-hostable) | Session Technology Foundation |
| User base (2026) | ~70M+ | ~1M | ~1M |
| Group chats | Polished, large | Cryptographic membership | Functional |
| Open source | Yes (client + server) | Yes | Yes |
| Self-hostable server | Server is centralized | Yes (SMP + XFTP) | Lokinet is decentralized |
| Push notifications | Standard (Apple/Google) | Per-contact (background polling) | Apple/Google |
| Voice / video | Yes | Yes (newer) | Audio only |
| Cost | Free (donations) | Free (donations) | Free (token funded) |

## How each handles identity

**Signal** uses your phone number as your identity at registration. The 2024+ username feature lets you talk to contacts without revealing your number to them, but the registration still binds to a SIM. The Signal server knows your phone number; what it learns about your messaging is heavily minimized through [Sealed Sender](/glossary/#sealed-sender) and private contact discovery, but the number is the anchoring identifier. For users whose phone number is itself part of the threat model, this is the binding caveat.

**SimpleX** has no global identifier at all. When you want to message someone, one of you generates a one-time invitation link and the other accepts it. From that point on, you have a connection — each side sees the other through a per-contact identifier that no one else can see. There is no profile, no username, no phone. The SimpleX servers (you can run your own) see encrypted message queues and nothing else. This is the most metadata-minimizing model in the category.

**Session** generates a random Session ID at signup — no phone, no email, no SIM. Your contacts find you via the Session ID, which is public. Messages route over Lokinet, an onion network that hides metadata at the network layer. The trade-off is smaller user base and an operator history (Session was originally an Australian project; the foundation has reincorporated since) that warrants reading before betting on it long-term.

## Cryptography

All three use end-to-end encryption derived from the Signal Protocol (the Double Ratchet plus X3DH key agreement). The audited reference implementation is Signal's; SimpleX and Session use ports or derivatives of the same primitives. For the cryptographic question of "can my messages be read by an outside observer," all three are sufficient against any practical adversary.

The differences are in **metadata**: who the server sees you talking to, how often, with what timing. Here:

- **Signal** uses [Sealed Sender](/glossary/#sealed-sender) (the server doesn't see who sent a message, just who it's for) and Private Contact Discovery (the server doesn't see your full contact list). The server does see your phone number on connection, which is the metadata leak everyone in this space discusses.
- **SimpleX** has no centralized server with a complete view of your social graph. Per-contact queues means each connection is independent; correlating two queues to the same person requires breaking the queue model.
- **Session** routes messages through Lokinet, which obscures the network path. The Session server set sees encrypted blobs without knowing the underlying sender.

For most threat models, all three are dramatically more metadata-private than mainstream messengers (WhatsApp, Telegram, iMessage). The differences between them matter at the margin.

## Usability and feature parity

Honest assessment: **Signal** is the most polished. Voice and video are reliable. Group chats scale to thousands. Stickers, reactions, disappearing messages, message editing — all the features users expect from a 2020s messenger are present. The Desktop and iOS/Android clients are stable. Onboarding is friction-free for people who can register a phone number.

**SimpleX** has caught up rapidly. Voice and video work. Groups have cryptographic membership which is technically more interesting than Signal's centralized model, but the user-experience parity for group features is not quite there. Discovery is by design less convenient than Signal's — you cannot find someone by username; you have to exchange an invite link.

**Session** has the rougher edges. Voice exists; video does not. Groups work but are smaller-scale than Signal. The Lokinet routing adds latency. The polish gap is largest here.

## Which to pick

The decision tree:

1. **Can your contacts register a phone number, and is that OK with your threat model?** → Signal.
2. **Does your threat model exclude phone-number registration?** → SimpleX if friction is acceptable; Session if you want a Signal-ish experience without the phone.
3. **Is your environment hostile to network connectivity (censorship, intermittent internet)?** → Briar.
4. **Do you want a paid Swiss messenger you can buy with cash via vouchers?** → Threema.
5. **Do you want an open-standard federated messenger?** → XMPP via Snikket or conversations.im.

For most users who care about this enough to be reading: Signal as the primary, SimpleX as a side channel for contacts who specifically want no-phone-number. This is the portfolio most privacy-aware users settle into.

## What none of them fix

- **What recipients do with your messages.** Forwarding, screenshotting, replying-with-quote — all of these defeat any E2E messenger.
- **Your association with the account.** Signing up over your home IP without Tor links the account to a network identity.
- **Compromised endpoints.** A keylogger or screen-recorder on your device reads everything before encryption.

These are out-of-scope for the messenger. The messenger's job is what happens on the wire.

## See also

- [Signal](https://fuckyc.org/services/signal/), [SimpleX Chat](https://fuckyc.org/services/simplex-chat/), [Session](https://fuckyc.org/services/session/) — directory entries.
- [Briar](https://fuckyc.org/services/briar/), [Threema](https://fuckyc.org/services/threema/), [Snikket](https://fuckyc.org/services/snikket/), [Cwtch](https://fuckyc.org/services/cwtch/) — other messengers in the directory.
- [Best privacy messengers in 2026](https://fuckyc.org/best/privacy-messaging-2026/) — the ranked list.


## FAQ

**Q: Is Signal still the most private messenger in 2026?**

It has the strongest cryptography and the largest anonymity set. The phone-number registration is the binding caveat — if your threat model excludes phone-derived identifiers, SimpleX or Session is the better fit.

**Q: Does SimpleX really have no accounts?**

Yes. There is no user identifier, no username, no profile that the server knows globally. Each contact you talk to has a different identifier for you, generated when you exchanged one-time invitation links.

**Q: Why is Session smaller than Signal?**

It's a younger fork that traded phone-number registration for a random-ID model and routes messages over Lokinet (an onion network). The cost is fewer users and a smaller maintainer team. Useful when no-phone is the requirement and SimpleX's per-contact-link model is too friction-heavy.

**Q: Can I use these for group chats?**

All three support groups. Signal's group chats are the most polished. SimpleX has cryptographic group membership without a trusted server, which is unusual. Session's groups work but are limited compared to Signal's.

**Q: Can I use any of these without my carrier knowing?**

For Signal, no — the phone number is bound to your SIM, which is bound to your carrier (in most jurisdictions). For SimpleX and Session, yes — neither requires any phone-derived identifier. For Signal, a workaround is JMP.chat or a no-KYC eSIM to receive the registration SMS.

## Sources

- [Signal blog](https://signal.org/blog/) — accessed 2026-01-23
- [SimpleX docs](https://simplex.chat/docs/) — accessed 2026-01-23
- [Session FAQ](https://getsession.org/faq) — accessed 2026-01-23