What are the privacy messaging apps Session and SimpleX donated by Vitalik?

Why Did Vitalik Take Action? From Content Encryption to Metadata Privacy

Written by: ChandlerZ, Foresight News

Ethereum co-founder Vitalik Buterin has recently turned his attention to a relatively niche sector: private instant messaging. He posted on X, stating that end-to-end encrypted communication is crucial for privacy protection, and that the next key steps are "permissionless account creation" and "stronger metadata privacy protection." He specifically mentioned two applications moving in this direction—Session and SimpleX—and donated 128 ETH to each of them.

This brings a specific question to the forefront: in an era where WeChat, Telegram, and WhatsApp have already captured users’ minds, what differentiation are these privacy-focused chat tools actually offering? And what technical route is Vitalik betting on?

Why Did Vitalik Take Action: From Content Encryption to Metadata Privacy

Compared to "how much he donated," the issues Vitalik emphasized this time are more worthy of attention.

In his statement, current end-to-end encryption only solves the confidentiality of "message content," but there are still two obvious shortcomings:

Account creation relies on phone numbers/emails, making true "permissionless" impossible

• Mainstream IMs (including many encrypted chat tools) require registration with a phone number.
• This means telecom operators, email service providers, and even regulators in various countries could become the "single point of dependency" for your digital identity.

Metadata remains highly exposed

• Who is chatting with whom, when, for how long, on which device, and over which network—all of these are metadata.
• Even if the message content is encrypted, a sufficiently detailed social graph can still outline a person’s life trajectory and relationship network.

Vitalik clearly pointed out in his tweet that breakthroughs in these two areas almost certainly mean moving toward a higher degree of decentralization. "Metadata privacy protection requires decentralization, and decentralization itself is hard to achieve; users’ expectations for multi-device support make it even harder. In addition, defending against Sybil attacks/denial-of-service attacks in the message routing network and on the user side (without mandatory reliance on phone numbers) also increases the difficulty. These issues need more attention."

Session and SimpleX became the two projects he named and donated to. However, he also stated that neither software is perfect, and there is still a long way to go before achieving the best user experience and security.

What is Session?

In a nutshell, Session is an encrypted chat tool that tries to take Signal half a step further: while maintaining end-to-end encryption, it minimizes the presence of phone numbers, centralized servers, and observable metadata in the system. On the surface, Session’s usage is not much different from ordinary IMs—install the app, create an account, add contacts, create groups, send text and files; all these paths are familiar. But under the hood, it makes several key changes to "accounts" and the "message network."

First is the account system. Session does not require users to provide a phone number or email. When you first enter the app, the system generates a random Session ID for you, which becomes your unique identifier. The platform neither holds your real contact information nor needs to rely on telecom operators or email service providers to vouch for you. This directly bypasses the real-name or semi-real-name registration systems that mainstream IMs generally depend on, making account creation closer to the permissionless model Vitalik described.

Next is the message transmission path. Session does not send all data to a centralized backend for forwarding and storage; instead, it is built on the Oxen blockchain and its Service Node network.

Simply put, these Service Nodes participate in block validation and also serve as message relays and storage in the network, forming a decentralized communication network. When messages are transmitted between nodes, they go through an onion routing mechanism similar to Tor. Each hop only knows the previous and next hop, not the full path, thus minimizing the possibility of any single entity grasping your communication graph by design.

Of course, this architecture comes with practical trade-offs in user experience. Onion routing and decentralized storage naturally result in higher latency and less stability compared to a direct dedicated channel to a central server; for multi-device use and message synchronization, Session currently cannot match the seamless experience of logging into a new device and automatically pulling the full history like Telegram or WhatsApp.

In May this year, Session officially launched its native token SESH and migrated to Arbitrum. This token will be used to incentivize the DePIN network, which consists of more than 2,000 nodes. In terms of tokenomics, the maximum supply of SESH tokens is 240 million, with 80 million unlocked at initial issuance. Node operators must stake 25,000 SESH tokens to participate in network maintenance.

What is SimpleX?

Compared to Session, SimpleX has a more radical goal: instead of enhancing privacy within the existing instant messaging framework, it almost redesigns a communication method from the protocol layer to minimize the generation of aggregatable metadata.

In SimpleX, communication is not two accounts sending messages to each other, but rather sending and receiving through a series of pre-established one-way message queues. You can think of it as: each relationship corresponds to a set of pipelines dedicated to that relationship. Messages are relayed by servers along these pipelines, but the server only sees data flowing from one queue to another, making it difficult to piece together a complete social graph at the protocol level.

Because there is no global user ID in the traditional sense, external observers cannot, as with many centralized IMs, reconstruct who someone has recently chatted with, their intersections, or community structure through server-side metadata analysis.

This design also has a significant impact on user experience. Compared to Session, SimpleX is less likely to give users the familiar feeling of an ordinary chat app right out of the box. You can’t search for a username to add a friend like on Telegram; instead, you rely more on one-time invitation links, QR codes, or other out-of-band channels to establish contact. Multi-device use, data backup, and migration are no longer as simple as entering a phone number or password for automatic synchronization, but require users to understand and cooperate with this privacy-centric workflow.

From the perspective of pursuing ultimate privacy, these extra steps are necessary sacrifices; but from the perspective of the general user, they directly translate into a higher barrier to entry and cognitive load.

For this reason, SimpleX is more like a niche tool for users who are extremely concerned about metadata exposure and are willing to bear the cost in user experience. It may be difficult to gain a large mainstream user base in the short term, but it provides a very clear reference sample for the technical path. If we truly prioritize reducing observable metadata above features, convenience, or user scale, then instant messaging protocols can be transformed in this way.

Vitalik’s decision to donate to it is largely about funding this experiment to erase user IDs and social graphs at the protocol layer, giving this relatively idealistic route more time to refine and iterate.

Back to the Simple Question: Are These Tools Worth the Attention of Ordinary Users?

It’s hard to discuss Session and SimpleX without mentioning Signal, which has been the industry benchmark for "private chat" in recent years. Many encrypted communication protocols on the market today, to varying degrees, adopt or draw from the Signal Protocol, which uses double ratchet, forward secrecy, and other mechanisms to establish a relatively mature engineering standard for end-to-end encryption.

For most users, as long as their chat partners are willing to migrate, Signal already offers a balanced choice between security, usability, and cross-platform support. Its open-source implementation, end-to-end content encryption, interface similar to mainstream IMs, and multi-platform support make it a top choice for journalists, activists, developers, and privacy enthusiasts.

Vitalik Buterin stated at the 2025 Shanghai Blockchain International Week that with the development of ZK technology and cryptography, "Not your key, not your coin" will become "Not your silicon, not your key," and hardware trust will become a focus of cryptography and security. Currently, the marginal cost of cryptographic technology used by encrypted communication apps, including Signal, is already negligible, so users are unaware of it.

He believes that as encryption costs continue to decline, more and more applications will be able to use low-cost encryption technology. The question will shift from "why use ZK" to "why not use ZK," and he looks forward to exploring new use cases with developers worldwide.

But for industry practitioners and privacy-conscious users, the more realistic question is probably not which tool will become the next WeChat, but two more specific choices.

Are you willing to pay a little more in usability for privacy? Are you open to maintaining one or two additional chat entrances for specific relationships or scenarios outside of the default world of WeChat/Telegram? In other words, the issue is not whether to replace your main IM entirely, but whether you can set aside an extra safe room for truly sensitive conversations.

If your answer is yes, then these names are worth paying attention to even before they go mainstream. Even if they are unlikely to become the main chat tools for ordinary users in the short term, the Session and SimpleX projects highlighted by Vitalik have already provided two clear routes: one minimizes metadata and account dependency within the familiar IM paradigm; the other goes straight to the protocol layer to eliminate user IDs and tries not to generate social graphs within the system.

As to whether ordinary people should care about this issue, perhaps these tools don’t need to occupy the most prominent row on your phone, but they are already worth reserving a corner on your desktop for those conversations you don’t want to hand over to big platforms.