A messenger designed to leave nothing behind. End-to-end encrypted with the Double Ratchet. No phone number. No cloud. No identity. Constant-size packets, cover traffic, and Tor — so even an observer of the network can't tell who you talk to.
No phone number. No email required to use. No real name. You generate a cryptographic ID on your device. That's your entire identity.
The server logs no IP addresses, no timestamps, no who-talks-to-whom graphs. We can't hand over data we never wrote down.
Messages live only on your devices. Lose your phone, lose your history. That's not a bug — it's the guarantee.
Messages are deleted from the relay the moment they're delivered. The server is a mailbox, never an archive.
No ads. No analytics. Not even anonymous telemetry. We don't want to know things about you.
The relay server code is open source. You can audit exactly what it does — and what it doesn't.
Same protocol Signal uses. Forward secrecy + post-compromise security. Every message has its own key. Compromise one, the rest stay safe — past and future.
The relay can't see who sent a message — only who it's going to. Sender identity is hidden inside the encrypted envelope. Server stripped of from-id at the protocol level.
Reach the app through a .onion address via Tor Browser. The server never sees your IP. ISP can't see what you're doing. Three encrypted hops between you and us.
Every message gets padded to a fixed bucket size before encryption (1KB, 4KB, 16KB, 64KB). Observers can't tell a one-word reply from a long paragraph. Length leaks nothing.
The app continuously sends encrypted dummy packets in the background — indistinguishable from real messages. An observer can't tell when you're actually talking to someone, only that you're online.
Your connection token rotates every 10 minutes. Even if someone is recording network traces, they can't link your morning sessions to your evening ones without breaking into the server itself.
Outbound messages are delayed by a random 30–200 ms before being sent. Defeats fine-grained timing correlation that could otherwise link sender to recipient.
Open Settings → Security and you'll see a SHA-256 of the running app. Compare it with the hash on GitHub. If they match, you're running the exact code we published. No mystery binaries.
ECDH P-256 key exchange, AES-256-GCM per message. Text, voice, images. Messages live only on your devices.
Tap-and-hold voice notes. Disguise your voice with live effects: Normal, Deep, High, Robot. Opus-encoded, tiny file size.
Up to 50 members. Shared AES-256 group key, distributed E2E via each member's public key. Creator owns, can rename.
Auto-delete after read: 10s, 1min, 1h, 1d. Timer starts when recipient opens the chat — not on send.
Lock a message until a specific date/time. Recipient sees only a lock icon with countdown until the moment it unlocks.
Private notes with title, rich text, checklists. Encrypted with AES-GCM using your identity key. Local only, never transmitted.
Set your account to automatically self-destruct after 1 week, 2 weeks, 1 month, 3 months, or 6 months of inactivity.
Send any photo. Auto-compressed on-device for fast delivery. Encrypted like everything else. No server-side copy ever kept.
WebRTC peer-to-peer encrypted voice and video. In-call voice effects, camera flip, draggable PiP. No call logs on the server — signaling only.
Each conversation has a unique safety number. Compare it with your contact in person to confirm the connection is end-to-end encrypted with the right person.
Share your ID via QR code or copyable link. Scan to start an encrypted chat instantly — no phone numbers, no email, no account creation.
Optional read receipts and typing indicators. Toggleable — default on, but you're in control. All signals are E2E encrypted.
Reply to specific messages with preview. Long-press for emoji reactions. In-chat full-text search with highlighting.
Swipe right to pin or mark read. Swipe left to mute or delete. Pinned chats float to the top. Two-sided delete removes the chat for both of you.
Three built-in themes: terminal green (default), pure dark, and clean light. Switch any time from settings.
// Honesty matters more than marketing. Any messenger claiming total privacy is lying.
We can tell you exactly where our protection ends.
| Signal | Telegram | Offline | ||
|---|---|---|---|---|
| End-to-end encryption by default | yes | yes | no | yes |
| Forward secrecy (Double Ratchet) | yes | yes | no | yes |
| Post-compromise security | yes | yes | no | yes |
| Sealed sender (server can't see who sent) | no | yes | no | yes |
| No phone number required | no | no | no | yes |
| No real-world identity at all | no | no | no | yes |
| Constant-size packets (anti-traffic-analysis) | no | no | no | yes |
| Continuous dummy traffic (cover) | no | no | no | yes |
| Rotating session tokens | no | no | no | yes |
| Randomized send delays (anti-timing) | no | no | no | yes |
| Tor hidden service (.onion) | no | no | no | yes |
| No cloud backup at all | no | opt-in | no | yes |
| No metadata persisted | no | partial | no | yes |
| Open source server | no | yes | no | yes |
| Open source client (verifiable hash) | no | yes | partial | yes |
| Encrypted voice & video calls | yes | yes | opt-in | yes |
| Disappearing messages | yes | yes | yes | yes |
| No ad-driven owner | no | yes | yes | yes |
| Works fully anonymously | no | no | no | yes |
Signal is the gold standard for protecting individuals. Offline goes further by also protecting relationships — what an observer of the network can learn about who you talk to and when. The Signal protocol assumes the server knows your phone number; we assume the server knows nothing.
Go-based WebSocket relay. Runs on a single VPS. Handles E2E-encrypted ciphertext. Logs nothing. Sealed sender (server doesn't see who sent). Deletes messages after delivery.
Fully in-browser messenger. Single HTML file. Keys generated locally via Web Crypto API. Works on iPhone & Android as a PWA. No install required.
Forward secrecy + post-compromise security. Each message gets a fresh key. Out-of-order delivery handled. Ephemeral keys destroyed after use.
Constant-size packets (bucket padding). Continuous cover traffic. Rotating session tokens. Randomized send delays. Sealed sender at the protocol level.
Reach the app via .onion through Tor Browser. The relay never sees your IP. Three encrypted hops between you and us.
SHA-256 of running app shown in Settings. Compare with published hash on GitHub to prove no tampering between us and you.
A utility token on Injective that powers the network: pay for relays, unlock Pro features, settle on a fast L1. No pre-sale hype — utility first. See below.
Anyone can run a TURN relay and earn $OFF for the bandwidth they contribute. Decentralizes the call infrastructure away from a single operator.
Third-party cryptographic review by Trail of Bits or Cure53. Findings published publicly. We want adversarial eyes.
Multiple independent relays run by different operators. Multi-hop routing where no single relay knows both sender and recipient. The final layer of metadata protection.
Once the protocol, $OFF utility, and mixnet are battle-tested, native apps for iPhone and Android with background push, hardware keystore, and the full Offline experience. Web app remains canonical.
Built on Injective
Offline is funded by what it actually does — not by hype. $OFF is a utility token on Injective that pays for the network's real costs and unlocks premium features. No promises about price. Just utility.
Calls fall back to TURN relays when peer-to-peer fails. Anyone can run a relay and earn $OFF for the bandwidth they contribute — decentralizing the infrastructure.
Unlock premium features — unlimited devices, larger encrypted storage, custom .onion address, dead-man-switch auto-wipe — using $OFF.
$OFF lives on Injective: fast finality, low fees, and a chain built for finance-grade settlement. Payments and relay rewards clear on-chain.
▲ $OFF is not yet live. This describes planned utility. Nothing here is financial advice or an offer to sell a security.
Your messages, calls, and voice notes are locked on your device with a key that only the recipient's device can unlock. The server in the middle just shuffles bytes around — it physically can't read what you sent, even if a court ordered it to. Same protection for text, voice messages, and live calls.
Every conversation in Offline has a unique safety number — six groups of five digits — generated from both of your encryption keys. Both phones calculate the exact same number from the math. If you compare the digits with your contact (in person, or over another trusted channel) and they match, you've confirmed your connection is genuinely between just the two of you. It's an extra layer of confidence, not something most people need to do every chat — think of it like checking the seal on a package. Useful for sensitive conversations, optional for everyday chats.
Encryption protects what's inside the package, but you also want to know the package is going to the right person. The safety number is how you confirm your messages are reaching exactly who you think they are. If the number changes unexpectedly later, it means your contact reinstalled the app on a new device — Offline will let you know so you can re-verify with them.
Both phones take both public keys, sort them in the same order, and run them through SHA-256 — a standard one-way hash function. The result is split into six 5-digit groups. Same math on both sides means matching numbers. No central server is involved; the calculation happens entirely on your devices.
People who care more about privacy than convenience. Journalists protecting sources. Activists in countries where SIM cards are registered to the state. Anyone who thinks a chat app shouldn't require handing over their phone number, location, and social graph to a corporation in exchange for basic communication.
Signal is the gold standard for protecting individuals — and we use the same core cryptographic protocol they invented (Double Ratchet, sealed sender, ECDH + AES-GCM). The differences:
What Signal does that we don't (yet): independent third-party security audits, decade of production hardening, billions of users worth of attack mitigation.
What we do that Signal doesn't: no phone number required, no real-world identity at all, constant-size packets, continuous cover traffic, rotating session tokens, randomized send delays, Tor hidden service. Signal protects individuals; Offline also protects relationships — the social graph an observer could otherwise reconstruct from network traffic.
Forward secrecy means each message gets its own encryption key, and old keys are destroyed after use. So if someone steals your phone tomorrow and extracts your current keys, they still can't read what you sent last week — those keys no longer exist. Combined with post-compromise security (the Double Ratchet), the inverse also holds: if your keys leak today, your future messages still become unreadable to the attacker as soon as the next key rotation happens.
Even with end-to-end encryption, an observer watching the network can see when you send messages and how often. That alone reveals a lot — whether you're online, whether you're talking to someone, who you're probably talking to. Cover traffic sends realistic-looking encrypted dummy packets in the background, so an observer can't tell when you're actually communicating versus idle. The recipient's app silently drops the dummies after decryption.
If you visit Offline through our .onion address using Tor Browser, your traffic goes through three encrypted hops before reaching us. We can't see your IP. Your ISP can't see what you're doing. It's the strongest network-level anonymity possible without running our own decentralized mixnet (which is on the roadmap). Available now to anyone who wants it; clearnet access stays the default for convenience.
Open Settings → Security & verification inside the app. You'll see a SHA-256 hash of the running app.html. Compare that hash with the one published on our GitHub release. If they match exactly, no one has tampered with the app between us and you. The whole client is one HTML file with no build step — every line is auditable in your browser's DevTools.
The basic messenger is free forever. Later, premium features (larger file transfers, multi-device sync, custom human-readable handles) may cost a small subscription. We will never run ads. We will never sell data. We have nothing to sell.
Your messages are gone. That's the tradeoff for having no cloud backup. If we can't read your messages, we can't restore them either. Your contacts can re-verify you with a new ID via safety-number comparison.
QR code, shared link, or typing someone's ID directly. The web app can generate a QR you scan in person. Your contact list lives only on your device.
Not in the MVP. Multi-device is planned but requires careful key distribution to avoid becoming a security hole. We'd rather launch one device done right than three done poorly.
A small team with backgrounds in smart contract security and cryptography. We've written audit reports on DeFi protocols holding hundreds of millions in user funds. We take privacy seriously because we know exactly what it costs when it fails.
The relay server will be open source at launch. Clients (web / iOS / Android) will be open-sourced in phases as they stabilize. We believe you can't claim to protect privacy with closed-source code.
You shouldn't. Trust the math. Trust the open-source code. Trust the warrant canary. We designed Offline so that trusting us isn't required — the server architecture genuinely cannot leak what it doesn't store.