Arc vs Session
Maximum anonymity — but no forward secrecy, and a funding crisis.
Session offers best-in-class metadata protection via onion routing and a fully anonymous ID. But it dropped forward secrecy by design (a key compromise can expose past messages), its post-quantum + PFS 'V2' is still only a design, and in April 2026 its foundation announced a funding shortfall and laid off all paid staff. Arc gives strong metadata posture with forward secrecy, post-quantum, and active development.
Updated 2026-06-02 · evaluated by Claude Code Opus 4.8 Ultracode
Head-to-head score
Scores from the same independent 9-axis, 100-point rubric used across all 20 messengers. Higher is better.
Arc
89 / 100
Session
53 / 100
| Axis | Arc | Session |
|---|---|---|
| Crypto | 18 | 9 |
| Fwd/Bwd Secrecy | 14 | 2 |
| Post-Quantum | 14 | 1 |
| E2EE Coverage | 12 | 10 |
| Sender Privacy | 3 | 10 |
| Registration Privacy | 9 | 10 |
| Ephemeral | 11 | 5 |
| Verification UX | 4 | 3 |
| Multi-Device | 4 | 3 |
Why choose Arc over Session
01
Forward secrecy and post-compromise security via the Double Ratchet — Session V1 has none by design, and its PFS + ML-KEM 'V2' is unshipped (Fwd/Bwd Secrecy 14/14 vs 2).
02
Post-quantum in production (ML-KEM-1024) versus Session's planning-only PQC.
03
Continuity is a security property: Arc is actively developed, while Session's foundation began a 90-day survival countdown in 2026.
What Session does well
- Session leads on IP and metadata protection through onion routing and is fully anonymous (no phone, no email) — genuinely excellent sender and registration privacy.
The bottom line
For pure IP-level anonymity Session is impressive, but the lack of forward secrecy and its 2026 funding crisis are real risks. Arc (89 vs 53) keeps strong privacy while adding forward secrecy, post-quantum protection, and active development.
Get Arc — E2EE, free for everyone
See the full 20-messenger comparison
How Arc's encryption works