Vitalik's 256 ETH high-stakes declaration: Privacy communication needs more radical solutions.

Original author: David, TechFlow

When you truly support something, the most direct way is to donate money to it.

On November 26, Vitalik Buterin donated 128 ETH each to two privacy communication applications, Session and SimpleX, for a total value of approximately $760,000.

In his tweet, he wrote: Encrypted communications are crucial for protecting digital privacy, and the next key step is to achieve permissionless account creation and metadata privacy.

$760,000 is no small sum, but what's even more intriguing are these two apps that charge fees.

Session and SimpleX have almost no recognition outside the crypto community, so why would Vitalik invest in them instead of more mature privacy communication tools?

The amount of the donation itself is also quite interesting.

128 is not a convenient number for humans, but it is 2 to the power of 7 in binary. Some community members interpreted this as a statement from Vitalik, suggesting it's a structural investment in privacy, not a casual donation.

Just one day before the donation, the European Council reached an agreement on the "Chat Control" proposal. This proposal requires communication platforms to scan users' private messages, which privacy advocates see as a direct threat to end-to-end encryption.

Vitalik's decision to publicly donate at this time makes his stance clear: he believes that existing privacy communication solutions are insufficient and that more radical alternatives are needed.

The market seemed to have picked up on this signal. Session's token, SESH, surged from less than $0.04 to around $0.40 after the announcement, a more than 450% increase in a week.

Let's take a quick look at what these two applications are and why Vitalik is willing to bet on them.

Session, using DePIN for private communication

Session is a decentralized, end-to-end encrypted communication application that officially launched in 2020 and currently has nearly 1 million users.

It was originally developed by the Oxen Privacy Tech Foundation in Australia. In 2024, due to stricter privacy legislation in Australia, the team moved its operations to Switzerland and established the Session Technology Foundation.

The core selling point of this app is that "no phone number is required".

During registration, the session will generate a 66-character random string as your Session ID and provide you with a mnemonic phrase for account recovery. There is no phone number binding, no email verification, and no information that can be linked to your real identity.

Technically, Session uses an architecture similar to Onion Router to ensure privacy.

Each message you send is encrypted in three layers and passed through three randomly selected nodes in sequence. Each node can only decrypt its own layer and cannot see the complete path of the message. This means that no single node can know both the sender and the receiver of the message at the same time.

These nodes are not officially operated servers of Session, but rather come from the community. Currently, there are over 1,500 Session Nodes distributed across more than 50 countries worldwide. Anyone can run a node, provided they stake 25,000 SESH tokens.

In May 2025, Session underwent a significant upgrade, migrating from the Oxen network it previously relied on to its own Session Network. The new network is based on Proof-of-Stake consensus, where node operators participate in network maintenance and receive rewards by staking SESH.

In actual use, Session's interface is not much different from mainstream communication applications, supporting text, voice messages, pictures, and file transfers, as well as encrypted group chats for up to 100 people. Voice and video calls are currently in the testing phase.

One significant drawback is notification latency. Because messages have to go through multiple hops, they sometimes arrive several seconds or even longer later than in centralized applications. Multi-device synchronization is also not smooth enough, a common problem with decentralized architectures.

SimpleX, an extreme privacy solution that doesn't even require an ID.

If the selling point of Session is "no phone number required," SimpleX goes even further:

It doesn't even have a user ID.

Almost all communication applications on the market, regardless of how much they emphasize privacy, assign some kind of identifier to users. Telegram uses a phone number, Signal uses a phone number, and Session uses a randomly generated Session ID.

These identifiers leave a trace even if they are not linked to a real identity: if you chat with two people using the same account, those two people can theoretically confirm that they are communicating with the same person.

SimpleX takes a completely different approach, eliminating this identifier altogether. Each time you connect with a new contact, the system generates a one-time message queue address. The address you use to chat with A is entirely different from the address you use to chat with B; they share no metadata.

Even if someone were monitoring both conversations simultaneously, it wouldn't prove they came from the same person.

Even if someone were monitoring both conversations simultaneously, it wouldn't prove they came from the same person.

The SimpleX registration experience is therefore unique. Once you open the app, you only need to enter a display name; no phone number, email address, or even password is required. This profile is stored entirely on your local device; SimpleX's servers contain no information about your account.

The method for adding contacts is also different. You need to generate a one-time invitation link or QR code, send it to the other person, and the connection will be established only after they click on it. There is no "search username to add friend" function because there are no usernames to search for.

In terms of technical architecture, SimpleX uses its own SimpleX Messaging Protocol. Messages are transmitted through relay servers, but these servers only temporarily store encrypted messages, do not save any user records, and do not communicate with each other. Messages are deleted after delivery. The servers cannot see who you are or who you are chatting with.

This design is exceptional, with privacy protection as the top priority.

By the way, the application is open source on GitHub, where you can find more information.

SimpleX was founded in London in 2021 by Evgeny Poberezkin. In 2022, it secured pre-seed funding led by Village Global, and Jack Dorsey has publicly endorsed the project. The application is currently completely open source and has passed the security audit by Trail of Bits.

In actual use, SimpleX has a relatively simple interface and supports text, voice messages, images, files, and self-destructing messages. Group chat is also available, but due to the lack of centralized member list management, the experience in large groups is not as good as traditional applications. Voice calls are available, but video calls still have some stability issues.

One notable limitation is that, due to the lack of a unified user ID, if you switch devices or lose local data, you'll need to reconnect to each contact. There's no way to "log in to your account to restore all chat history."

This is the price of extreme privacy design.

Comparison of the business models of two apps: Token incentives vs. deliberate de-financialization

Both apps are about private communication, but they have chosen completely different business models.

Session follows a typical Web3 approach, using tokens to bind the interests of network participants together. SESH is the native token of Session Network, with three main uses:

• Running a node requires staking 25,000 SESH as collateral;
• Node operators earn SESH rewards by providing message routing and storage services;
• In the future, paid features such as Session Pro membership and Session Name Service will also be settled using SESH.

The logic behind this model is as follows: node operators have economic incentives to maintain network stability, the staking mechanism increases the cost of malicious behavior, and token circulation provides a sustainable source of funding for the project. Currently, the circulating supply of SESH is approximately 79 million, with a maximum supply of 240 million, and over 62 million SESH are locked in the Staking Reward Pool as node reward reserves.

Following Vitalik's donation, SESH's price surged from less than $0.04 to over $0.20 within hours, briefly pushing its market capitalization above $16 million. While this surge certainly had an element of riding the wave of the news, it also demonstrates that the market is pricing in the narrative of "privacy infrastructure."

SimpleX took the exact opposite approach. Founder Evgeny Poberezkin made it clear that he would not issue tradable tokens because he believed that the speculative nature of tokens would cause the project to stray from its original purpose.

SimpleX's current funding comes from VC funding and user donations. It raised approximately $370,000 in its pre-seed round in 2022, and has received over $25,000 in user donations. The team plans to launch Community Vouchers in 2026 to ensure sustainable operation.

Community Vouchers are a type of restricted utility token, which can be understood as prepaid server usage vouchers. Users purchase vouchers to pay for the server costs of their community, with the funds being shared between the server operators and the SimpleX network. The key difference is that these vouchers are non-tradable, not pre-mined, not publicly sold, and have a fixed purchase price.

It appears that SimpleX has deliberately blocked the possibility of financial speculation.

Both approaches have their advantages and disadvantages. Session's token model can quickly attract node operators and capital attention, but it also exposes the project to price volatility and regulatory risks. SimpleX's de-financialization design maintains the project's purity, but its funding sources are limited, resulting in a slower expansion speed.

This is not just a difference in business strategy, but also reflects different understandings of "how privacy should be funded".

Common challenges of privacy-preserving communications

Vitalik didn't just say nice things in his donation tweet. He clearly stated:

Neither of these applications is perfect, and there's still a long way to go to achieve true user experience and security. The challenges he mentioned are actually structural problems within the entire privacy communication field.

The first is the cost of decentralization itself. Centralized applications offer fast, stable, and smooth message delivery because all data passes through the same set of servers, allowing for significant optimization. Once decentralized, messages must jump between multiple independent nodes, making latency unavoidable.

The second is multi-device synchronization. With Telegram or WhatsApp, you can log in to your account on a different phone and your chat history is back. However, in a decentralized architecture, there is no central server storing your data, and multi-device synchronization relies on an end-to-end key synchronization mechanism, which is much more technically complex to implement.

The third point is Sybil attack and DoS protection. Centralized platforms use mobile phone numbers for registration, which naturally creates a barrier to filter spam accounts and malicious attacks. If mobile phone number binding is removed, how can we prevent people from creating fake accounts in bulk to harass users or attack the network?

Decentralization requires sacrificing some user experience; permissionless registration requires finding other ways to prevent abuse; and multi-device synchronization requires a trade-off between privacy and convenience.

Vitalik's decision to fund these two projects at this time is, in a way, a statement that these problems deserve to be solved, and that solving them requires funding and attention.

For the average user, switching to Session or SimpleX right now might be premature, as there are indeed shortcomings in the user experience. However, if you care about your digital privacy, it's at least worth downloading and trying it out to see what "true privacy" can achieve.

After all, when Vitalik is willing to spend real money on something, it's probably not just something for geeks to indulge in.