Private by design
Messaging that doesn't know who you are
xat2 is an open-source, decentralized messaging app. No phone number, no email, no account. Your Ed25519 keypair is your identity.
xat2 is an open-source, decentralized messaging app. No phone number, no email, no account. Your Ed25519 keypair is your identity.
We build messaging infrastructure that makes surveillance technically impossible, not just legally forbidden. No policy documents, no terms of service loopholes — architecture is the promise.
Zero-knowledge relay. The relay server only sees encrypted blobs. It cannot read content, correlate identities, or build social graphs.
IP protection by default. Tor is compiled directly into the app — no external daemon, no Orbot dependency. Your IP never reaches our servers.
No business model built on data. The product is the product. Users are not inventory.
An Ed25519 keypair generated on your device replaces registration. The public key is your address. No central authority assigns it.
X25519 ECDH key exchange, HKDF-SHA256 derivation, XChaCha20-Poly1305 encryption. Same primitives as Signal, Wire, and libsodium.
Tor is compiled from source as part of our build pipeline. No binary blobs from third parties. Supply chain verified via GPG + SHA256.
Your profile exists only when the app is open. When you disconnect, your presence disappears. No permanent user database.
First contact always happens out-of-band, face to face. No centralized directory makes it impossible to enumerate users.
Built with Kotlin Multiplatform. One shared codebase for all business logic. Feature parity across platforms is non-negotiable.
Every cryptographic primitive is documented, auditable, and chosen for a reason. We write SHA3, HKDF, and Base32 in-house rather than trust opaque dependencies for security-critical paths.
Identity signing and ECDH key exchange via libsodium. Same elliptic curve, different uses: Ed25519 for signatures, X25519 for key agreement.
Authenticated encryption with 24-byte nonces. Preferred over AES-GCM for constant-time guarantees without hardware acceleration.
Hidden service address derived deterministically from the user's Ed25519 identity. Same address on every reinstall, zero server involvement.
WebSocket relay protocol for asynchronous delivery. Challenge-response auth. Relay sees only opaque ciphertext — no routing metadata.
For press enquiries, interviews, or media kit requests. We'll respond within 48 hours.
press@xat2.meSecurity reports, partnerships, or general questions about xat2.
Contact form info@xat2.mePlease report security vulnerabilities responsibly. We acknowledge within 24 hours.
security@xat2.mexat2 is open source. Contributions, audits, and protocol feedback welcome.
github.com/GOOLEMLABS/xat2