Vitalik's 256 ETH gamble declaration: Privacy communication needs more radical solutions

Original Author: David, Deep Tide TechFlow

When you truly support something, the most direct way is to put your money where your mouth is.

On November 26, Vitalik Buterin donated 128 ETH to two privacy communication applications, Session and SimpleX, totaling approximately $760,000.

He wrote in a tweet: Encrypted communication is crucial for protecting digital privacy, and the next key step is to achieve permissionless account creation and metadata privacy.

$760,000 is not a small amount, but what’s even more intriguing is these two applications receiving the funds.

Session and SimpleX have almost no recognition outside the crypto circle. Why did Vitalik choose to invest in them instead of more established privacy communication tools?

The donation amount itself is also quite interesting.

128 is not a convenient number for humans, but in binary, it is 2 to the power of 7. Some community members interpret this as a statement from Vitalik, suggesting that this is a structural investment in privacy, not just a casual tip.

Just a day before the donation, the EU Council reached an agreement on the "Chat Control" proposal. This proposal requires communication platforms to scan users' private messages, which privacy advocates see as a direct threat to end-to-end encryption.

Vitalik chose to make this public donation at this time, making his stance clear: he believes the existing privacy communication solutions are insufficient and that more radical alternatives need support.

The market seems to have understood this signal as well. The token for Session, SESH, surged from under $0.04 to around $0.40 after the news broke, with a weekly increase of over 450%.

Let’s quickly take a look at what these two applications are and why they are worthy of Vitalik's bet.

Session: Privacy Communication with DePIN

Session is a decentralized end-to-end encrypted communication application that officially launched in 2020 and currently has nearly 1 million users.

It was initially developed by the Oxen Privacy Tech Foundation in Australia. In 2024, due to tightening privacy legislation in Australia, the team moved its operations to Switzerland and established the Session Technology Foundation.

The core selling point of this application is "no phone number required."

When registering, Session generates a 66-character random string as your Session ID and provides you with a set of mnemonic words for account recovery. There is no phone number binding, no email verification, and no information that can be linked to your real identity.

Technically, Session uses a structure similar to onion routing to ensure privacy.

Each message you send is encrypted in three layers and passed through three randomly selected nodes. Each node can only decrypt its own layer and cannot see the complete path of the message. This means no single node can know both the sender and the receiver of the message at the same time.

These nodes are not servers operated by Session but come from the community. Currently, there are over 1,500 Session Nodes distributed across more than 50 countries, and anyone can run a node, provided they stake 25,000 SESH tokens.

In May 2025, Session completed an important upgrade, migrating from the previously relied Oxen network to its own Session Network. The new network is based on a proof-of-stake consensus, where node operators participate in network maintenance and earn rewards by staking SESH.

In terms of actual experience, Session's interface is not much different from mainstream communication applications, supporting text, voice messages, images, and file transfers, as well as encrypted group chats of up to 100 people. Voice and video calls are still in the testing phase.

One obvious drawback is notification delays; due to the multi-hop routing of messages, sometimes messages arrive several seconds or even longer than centralized applications. Multi-device synchronization is also not very smooth, which is a common issue with decentralized architectures.

SimpleX: Extreme Privacy Without Even an ID

If Session's selling point is "no phone number required," SimpleX takes it a step further:

It doesn’t even have a user ID.

Almost all communication applications on the market, no matter how much they emphasize privacy, assign some kind of identifier to users. Telegram uses phone numbers, Signal uses phone numbers, and Session uses randomly generated Session IDs.

These identifiers, even if not linked to real identities, leave traces: if you chat with two people using the same account, those two people can theoretically confirm they are communicating with the same person.

SimpleX's approach is to completely eliminate this identifier. Each time you establish a connection with a new contact, the system generates a pair of one-time message queue addresses. The address you use to chat with A is completely different from the address you use to chat with B, leaving no common metadata.

Even if someone monitors both conversations simultaneously, they cannot prove they come from the same person.

Even if someone monitors both conversations simultaneously, they cannot prove they come from the same person.

The registration experience for SimpleX is also unique. After opening the application, you only need to enter a display name; no phone number, no email, and not even a password are required. This profile is stored entirely on your local device, and SimpleX's servers do not have any of your account information.

The way to add contacts is also different. You need to generate a one-time invitation link or QR code and send it to the other party. They can only establish a connection after clicking it. There is no "search for username to add friends" feature because there is simply no username to search for.

In terms of technical architecture, SimpleX uses its own developed SimpleX Messaging Protocol. Messages are transmitted through relay servers, but these servers only temporarily store encrypted messages and do not retain any user records or communicate with each other. Messages are deleted after delivery. The servers cannot see who you are or who you are chatting with.

This design is extreme and fully considers privacy protection.

By the way, the application has already been open-sourced on GitHub, here is more information.

SimpleX was founded by Evgeny Poberezkin in London in 2021. In 2022, it received seed funding led by Village Global, and Jack Dorsey publicly expressed his recognition of the project. The application is fully open-source and has passed a security audit by Trail of Bits.

In terms of actual experience, SimpleX has a relatively simple interface, supporting text, voice messages, images, files, and self-destructing messages. Group chat functionality is also available, but due to the lack of centralized member list management, the experience in large groups is not as good as traditional applications. Voice calls are available, but video calls still have some stability issues.

One notable limitation is that due to the absence of a unified user ID, if you change devices or lose local data, you need to reconnect with each contact. There is no "login account to recover all chat history."

This is also the price of extreme privacy design.

Comparison of Business Models of the Two Applications: Token Incentives vs. Deliberate De-financialization

Both applications are focused on privacy communication, but their choices of business models are completely different.

Session follows a typical Web3 route, using tokens to align the interests of network participants. SESH is the native token of the Session Network, with three main uses:

• Running a node requires staking 25,000 SESH as collateral;
• Node operators earn SESH rewards by providing message routing and storage services;
• In the future, there will also be paid features like Session Pro membership and Session Name Service settled in SESH.

The logic of this model is that node operators have economic incentives to maintain network stability, the staking mechanism increases the cost of malicious behavior, and token circulation provides a sustainable funding source for the project. Currently, SESH has a circulating supply of about 79 million, with a maximum supply of 240 million, and over 62 million SESH locked in the Staking Reward Pool as node reward reserves.

After Vitalik's donation, SESH surged from under $0.04 to over $0.20 within hours, with a market cap briefly exceeding $16 million. This spike certainly has elements of riding the wave, but it also indicates that the market is pricing the narrative of "privacy infrastructure."

SimpleX's choice is completely opposite. Founder Evgeny Poberezkin has explicitly stated that he will not issue tradable tokens because he believes the speculative nature of tokens would divert the project from its original intention.

SimpleX's current funding sources are VC financing and user donations. The seed funding in 2022 was about $370,000, and user donations have totaled over $25,000. The team plans to launch Community Vouchers in 2026 to achieve sustainable operations.

Community Vouchers are a type of limited utility token that can be understood as prepaid server usage vouchers. Users purchase Vouchers to pay for the server costs of their community, and the funds are distributed to server operators and the SimpleX network. The key difference is that these Vouchers are not tradable, have no pre-mining, and are not publicly sold, with fixed prices at the time of purchase.

It seems that SimpleX deliberately blocks the possibility of financial speculation.

Both routes have their pros and cons. Session's token model can quickly attract the attention of node operators and capital, but it also exposes the project to price volatility and regulatory risks. SimpleX's de-financialization design maintains the purity of the project, but funding sources are limited, and expansion will be slower.

This is not just a divergence in business strategy; it also reflects different understandings of "how privacy should be funded."

Common Challenges in Privacy Communication

In his donation tweet, Vitalik did not only say good things. He pointed out clearly:

Both applications are not perfect, and there is still a long way to go to achieve a truly user-friendly experience and security. The challenges he mentioned are actually structural issues in the entire privacy communication sector.

The first is the cost of decentralization itself. Centralized applications have fast, stable, and smooth message delivery because all data goes through the same set of servers, allowing for significant optimization. Once you move towards decentralization, messages must hop between multiple independent nodes, and delays become inevitable.

The second is multi-device synchronization. With Telegram or WhatsApp, if you log in to your account on a new phone, your chat history comes back. But in a decentralized architecture, there is no central server storing your data, and multi-device synchronization relies on end-to-end key synchronization mechanisms, which are much more complex to implement.

The third is protection against Sybil attacks and DoS attacks. Centralized platforms use phone number registration, which naturally provides a barrier to filter out spam accounts and malicious attacks. If you eliminate phone number binding, how do you prevent someone from creating fake accounts in bulk to harass users or attack the network?

To achieve decentralization, you have to sacrifice some experience; to allow permissionless registration, you need to find other ways to prevent abuse; to achieve multi-device synchronization, you have to make trade-offs between privacy and convenience.

Vitalik's choice to donate to these two projects at this time is, to some extent, a statement: These issues are worth solving, and solving them requires funding and attention.

For ordinary users, switching to Session or SimpleX right now may still be premature, as there are indeed shortcomings in the experience. But if you care about your digital privacy, it is at least worth downloading to try and understand to what extent "true privacy" can be achieved.

After all, when Vitalik is willing to put real money into something, it is likely that this matter is not just a geek's self-indulgence.