An end-to-end encrypted messenger for text, images, files, and voice messages. Asynchronous and metadata-private by design, free and open source.
Every design decision is measured against these:
- End-to-end always. Every message and attachment is encrypted on the sender's device and decrypted only on the recipient's. No relay ever holds plaintext or long-term keys.
- Minimal metadata. We treat who talks to whom, when, and how much as sensitive as content. Servers store nothing they don't strictly need, and we work to hide social graph and timing even from our own infrastructure.
- No identifiers you didn't choose. Identity is a cryptographic key, not a phone number or email. Trust is established out-of-band (safety numbers / QR).
- Auditable. AGPL-3.0, reproducible builds (goal), audited crypto libraries — never hand-rolled primitives.
- One core, many shells. All security-critical logic lives in a single Rust crate so it is written and reviewed exactly once.
UI shells (egui desktop · WASM web) → core crate (Rust) → relay network
identity · E2E crypto opaque mailbox queues
messages · onion transport (self-hostable)
- E2E crypto: the audited libsignal library — post-quantum X3DH (PQXDH) + Double Ratchet, with sealed sender for metadata privacy. We never reimplement primitives or the ratchet.
- Transport: asynchronous store-and-forward into per-contact mailbox queues that hold only opaque ciphertext, onion-routed so no relay learns who talks to whom. No real-time channels; everything is delivered when the recipient next connects.
- Local storage: encrypted-at-rest (SQLCipher), keys sealed by the OS keychain.
See ARCHITECTURE.md and THREAT_MODEL.md.
| Phase | Scope | State |
|---|---|---|
| 0 | Cryptographic core: identity, PQXDH, Double Ratchet (libsignal) | done |
| 1 | Message protocol: text/image/file/voice-clip types, framing, attachment chunking, all E2E | done |
| 2 | Private mailbox queues, out-of-band invitations, and a networked relay (services/relay) |
done |
| 3 | Onion routing across relays (hide the social graph) | done |
| 4 | Persistent encrypted store (SQLCipher) + safety-number / QR verification UX | next |
| 5 | Desktop (egui) and web (WASM) clients; release binaries; hardening | in progress |
cargo test # run the core test suite
cargo build --release # privacy-minded release profile (stripped, panic=abort, LTO)Requires the pinned Rust toolchain and protoc (libsignal compiles protobuf
definitions at build time). See CONTRIBUTING.md for setup.
Found a vulnerability? Do not open a public issue. See SECURITY.md for coordinated disclosure.
AGPL-3.0-or-later. The network-use clause is deliberate: anyone running a modified server must publish their source, so the privacy guarantees stay verifiable.