Privacy First  ·  Open Source  ·  Zero Logs

GHOST
PROTOCOL

The world's most private messenger. End-to-end encrypted, always Tor-routed, and engineered for journalists, dissidents, and anyone who refuses to be the product.

Live encryption plaintext
meet me at the safehouse at 9pm
Download Ghost View Source
E2E
Encrypted — every message
0
Server logs — ever
100%
Open source — AGPL-3.0
Free
Forever — no subscription
What we never collect — by architecture, not by promise
No IP address
The relay never sees where you connect from
No GPS / location
No coordinates, no cell towers, no Wi-Fi names
No phone number
No account tied to your SIM or carrier
No email address
No registration, no verification, no inbox
No real name
Your identity is a 24-word phrase on your device
No device ID
No IMEI, no Android ID, no ad identifier
No contact list
We never learn who you talk to
No analytics
No Firebase, no Sentry, no telemetry of any kind
Capabilities

Engineered for the paranoid

Every feature is designed assuming the network is hostile, the device is compromised, and the adversary is watching.

Built-in Tor & I2P

Route messages through Tor or I2P — two independent anonymity networks, both embedded directly in the app. No Orbot, no third-party router required. You choose; the engine is always ready.

Post-quantum encryption

Hybrid key exchange combines the proven Signal protocol with post-quantum lattice cryptography. Messages are safe against both classical and quantum adversaries — today and in the future.

Ghost Chat

Self-destructing conversations with Double Ratchet forward secrecy. Every message uses a fresh encryption key — past messages stay unrecoverable even if your device is seized tomorrow.

Ghost Signals

Constant-rate cover traffic masks real message patterns using Poisson-distributed dummy messages. Adversaries watching the network cannot distinguish silence from active conversation.

Encrypted voice calls

Real-time voice calls with per-call XChaCha20-Poly1305 frame encryption over WebSocket relay. Keys are ephemeral and never stored. Caller and callee IDs are sealed from the relay.

Duress PIN & panic wipe

Enter a second PIN under coercion to instantly wipe all sensitive data and surface a clean decoy account. StrongBox-backed keys mean wiping is cryptographically irreversible.

Safe link opening

Tapping a URL in any chat never opens your default browser. A dialog appears with "Open via Tor" — routing the request through the embedded Tor engine so the site never sees your real IP address.

The Flow

From keystroke to oblivion

Every message follows the same path — encrypted before it leaves your device, unreadable everywhere in between.

1

You type

Plain message

2

Encrypted

On your device

3

Tor-routed

Onion relays

4

Delivered

Peer decrypts

5

Deleted

Zero trace

Get Ghost

Download Ghost Protocol

Android only for now. Choose the install path that matches your threat model.

Recommended

Direct APK

No Google account, no Play Store, no Firebase. Verify the APK against our public Sigstore attestation before installing. Best for high-threat users.

Download APK Full instructions & verification →

Latest: v0.1.65.0 · AGPL-3.0

Open source store

F-Droid

Built from source on F-Droid's infrastructure. No Firebase, no Google services. Uses UnifiedPush (Ntfy recommended) for instant delivery.

F-Droid instructions →

Submission in progress — direct APK works now

Convenient

Google Play

Same source code, FCM push notifications included. Best for casual users who want auto-updates and don't need Google-free isolation.

Play Store info →

Submission in progress

Trust

Why you can trust it

Trust is earned through transparency, not claims.

Fully open source

Every line of code — app, relay, crypto core — is public on GitHub under AGPL-3.0. Anyone can read, audit, and fork it.

Reproducible builds

The APK you download hashes identically to the APK built from source with the same commit. Verify it yourself — the commands are on the download page.

Warrant canary

We publish a monthly signed statement that we have not received secret legal orders. If the canary stops being updated, treat it as a warning.

Sigstore APK attestation

Every release is signed by GitHub Actions via Sigstore. The signing event is logged in the public Rekor transparency log — you can verify the provenance chain yourself.

Zero telemetry

No Sentry, no Firebase Crashlytics, no Google Analytics, no Mixpanel, no advertising IDs. Adding any of these is a build-time rejected change.

Security audit planned

External audit by a specialist firm (Cure53 / Trail of Bits / Quarkslab) is in procurement. Findings will be published in full when complete.