Ghostr - Encrypted Messenger

Ghostr is an encrypted messenger built around a simple principle: your privacy is not a compromise. No phone number, no email address, no personal information is required to communicate.

All messages, calls, photos, videos, and files are protected by end-to-end encryption. No one can read your content — not even us.

POST-QUANTUM ENCRYPTION

Ghostr uses the most advanced cryptographic protocols available, including ML-KEM-768 standardized by NIST in 2024. Your communications stay protected against current attacks and against future quantum computers.

- Triple Ratchet for perfect forward secrecy
- PQXDH for post-quantum session establishment
- Sealed Sender to minimize metadata exposure to the server
- OHTTP routing to separate your IP address from content

METADATA MINIMIZATION

Most messengers encrypt content but still expose metadata — when you send a message, how often, and to whom. Ghostr adds an extra layer of network privacy on top of end-to-end encryption:

- Constant-rate traffic patterns that don't reveal your activity timing
- Cover traffic that normalizes overall activity patterns
- Adaptive padding to normalize packet sizes
- Background polling independent of when you actually send messages

NO ACCOUNT REQUIRED

Instead of a phone number or email address, Ghostr generates a random identifier locally on your device when you first launch the app. This identifier acts as your contact handle and is not linked to any personal information.

You add contacts by scanning a QR code or sharing an invitation link — no directory lookup, no upload of your address book.

ROBUST LOCAL LOCK

Your device is the last line of defense. Ghostr protects local access with a password derived through Argon2id (OWASP 2025 standard).

- Configurable auto-lock (immediate or delayed)
- Optional data erase after multiple failed login attempts (the same protection iOS offers natively)
- Fully encrypted local storage (SQLite + Argon2id keys)
- Forced lock on cold start

FEATURES

- Real-time encrypted text messages
- High-quality encrypted voice calls
- Photo, video, and file sharing (encrypted)
- Voice messages
- Push notifications without revealing content
- No ads, no trackers, no behavioral analytics

TRANSPARENT SECURITY

Ghostr is built on open and publicly auditable protocols. The cryptography relies on well-established libraries audited by the community.

No proprietary protocols. No hidden telemetry.

WHAT WE DON'T COLLECT

We cannot read your messages.
We cannot know who you are talking to.
We cannot know when you communicate.
We cannot access your files.
We cannot identify you.

These properties follow from the architecture — guaranteed by cryptography and data minimization, not by promises.

COMPLIANCE

Ghostr complies with the General Data Protection Regulation (GDPR). You can delete your identifier and all associated data at any time from within the app, or simply by uninstalling Ghostr from your device.