1. The company is based in Australia which has very unfavorable privacy laws.

2. They push their own cryptocurrency, Oxen, which creates a conflict of interest.

3. They use LokiNet, which requires Oxen to run nodes to route Session traffic, and it costs 15,000 $OXEN or 3,750 $OXEN for a shared node, which is about ~$1,800 US dollars or ~$500 US dollars, respectively.

3-1. The price of running nodes essentially puts their network behind a paywall if you want to run a node, even just to contribute bandwidth to the network like you might with Tor. But there is a stakeless fork of Lokinet.

3-2. Session’s developers claim this to be an attempt to prevent sybil attacks, but many have argued that this only encourages such attacks; by doing so, guaranteeing only governments and other well-funded organizations (the people these networks normally try to protect against) will ever have the financial resources to run nodes. (Eh, it’s all pretty debatable. But $OXEN is privacy-focused.)

4. They dropped critical security features of their protocol (perfect forward secrecy (PFS) and deniability) in favor of long-term message keys and self-deleting cryptographic signatures, which provide much weaker security guarantees.

4-1. This might not be as bad, if the nodes are free to run, but they’re not.

5. Session has been audited with satisfactory results, but that audit does not mention these changes. We also currently lack sufficient information on LokiNet (the onion routing network used by Session) to endorse it. Session is still recommended by some, for example Techlore.

6. Their funding is completely opaque.

https://anonymousplanet.org/guide.html#appendix-b7-caution-about-session-messenger